>> From Cambridge, Massachusetts, it's The Cube, covering MIT Chief data Officer and Information Quality Symposium 2019. Brought to you by SiliconANGLE Media. >> Welcome back to Cambridge, everybody. We're here at Tang building at MIT for the MIT CDOIQ Conference. This is the 13th annual MIT CDOIQ. It started as a information quality conference and grew through the big data era, the Chief Data Officer emerged and now it's sort of a combination of those roles. That governance role, the Chief Data Officer role. Critical for organizations for quality and data initiatives, leading digital transformations ans the like. I'm Dave Vallante with my cohost Paul Gillin, you're watching The Cube, the leader in tech coverage. Mark Chrisco is here, the deputy, sorry, Principle Deputy Director for Enterprise Information at the Department of Defense. Good to see you again, thanks for coming on. >> Oh, thank you for having me. >> So, Principle Deputy Director Enterprise Information, what do you do? >> I do data. I do acquisition data. I'm the person in charge of lining the acquisition data for the programs for the Under Secretary and the components so a strong partnership with the army, navy, and air force to enable the department and the services to execute their programs better, more efficiently, and be efficient in the data management. >> What is acquisition data? >> So acquisition data generally can be considered best in the shorthand of cost schedule performance data. When a program is born, you have to manage, you have to be sure it's resourced, you're reporting up to congress, you need to be sure you have insight into the programs. And finally, sometimes you have to make decisions on those programs. So, cost schedule performance is a good shorthand for it. >> So kind of the key metrics and performance metrics around those initiatives. And how much of that is how you present that data? The visualization of it. Is that part of your role or is that, sort of, another part of the organization you partner with, or? >> Well, if you think about it, the visualization can take many forms beyond that. So a good part of the role is finding the authoritative trusted source of that data, making sure it's accurate so we don't spend time disagreeing on different data sets on cost schedule performance. The major programs are tremendously complex and large and involve and awful lot of data in the a buildup to a point where you can look at that. It's just not about visualizing, it's about having governed authoritative data that is, frankly, trustworthy that you can can go operate in. >> What are some of the challenges of getting good quality data? >> Well, I think part of the challenge was having a common lexicon across the department and the services. And as I said, the partnership with the services had been key in helping define and creating a semantic data model for the department that we can use. So we can have agreement on what it would mean when we were using it and collecting it. The services have thrown all in and, in their perspective, have extended that data model down through their components to their programs so they can better manage the programs because the programs are executed at a service level, not at an OSD level. >> Can you make that real? I mean, is there an example you can give us of what you mean by a common semantic model? >> So for cost schedule, let's take a very simple one, program identification. Having a key number for that, having a long name, a short name, and having just the general description of that, were in various states amongst the systems. We've had decades where, however the system was configured, configured it the way they wanted to. It was largely not governed and then trying to bring those data sets together were just impossible to do. So even with just program identification. Since the majority of the programs and numbers are executed at a service level, we worked really hard to get the common words and meanings across all the programs. >> So it's a governance exercise the? >> Yeah. It is certainly a governance exercise. I think about it as not so much as, in the IT world or the data world will call it governance, it's leadership. Let's settle on some common semantics here that we can all live with and go forward and do that. Because clearly there's needs for other pieces of data that we may or may not have but establishing a core set of common meanings across the department has proven very valuable. >> What are some of the key data challenges that the DOD faces? And how is your role helping address them? >> Well in our case, and I'm certain there's a myriad of data choices across the department. In our place it was clarity in and the governance of this. Many of the pieces of data were required by statute, law, police, or regulation. We came out of eras where data was the piece of a report and not really considered data. And we had to lead our ways to beyond the report to saying, "No, we're really "talking about key data management." So we've been at this for a few years and working with the services, that has been a challenge. I think we're at the part where we've established the common semantics for the department to go forward with that. And one of the challenges that I think is the access and dissemination of knowing what you can share and when you can share it. Because Michael Candolim said earlier that the data in mosaic, sometimes you really need to worry about it from our perspective. Is too much publicly available or should we protect on behalf of the government? >> That's a challenge. Is the are challenge in terms of, I'm sure there is but I wonder if you can describe it or maybe talk about how you might have solved it, maybe it's not a big deal, but you got to serve the mission of the organization. >> Absolutely. >> That's, like, number one. But at the same time, you've got stakeholders and they're powerful politicians and they have needs and there's transparency requirements, there are laws. They're not always aligned, those two directives, are they? >> No, thank goodness I don't have to deal with misalignments of those. We try to speak in the truth of here's the data and the decisions across the organization of our reports still go to congress, they go to congress on an annual basis through the selected acquisition report. And, you know, we are better understanding what we need to protect and how to advice congress on what should be protected and why. I would not say that's an easy proposition. The demands for those data come from the GAO, come from congress, come from the Inspector General and having to navigate that requires good access and dissemination controls and knowing why. We've sponsored some research though the RAND organization to help us look and understand why you have got to protect it and what policies, rules, and regulations are. And all those reports have been public so we could be sure that people would understand what it is. We're coming out of an era where data was not considered as it is today where reports were easily stamped with a little rubber stamp but data now moves at the velocities of milliseconds not as the velocity of reports. So we really took a comprehensive look at that. How do you manage data in a world where it is data and it is on infrastructures like data models. >> So, the future of war. Everybody talks about cyber as the future of war. There's a lot of data associated with that. How does that change what you guys do? Or does it? >> Well, I think from an acquisition perspective, you would think, you know. In that discussion that you just presented us, we're micro in that. We're equipping and acquiring through acquisitions. What we've done is we make sure that our data is shareable, you know? Open I, API structures. Having our data models. Letting the war fighters have our data so they could better understand where information is here. Letting other communities to better help that. By us doing our jobs where we sit, we can contribute to their missions and we've aways been every sharing in that. >> Is technology evolving to the point where, let's assume you could dial back 10 or 15 years and you had the nirvana of data quality. We know how fast technology is changing but is it changing as an enabler to really leverage that quality of data in ways that you might not have even envision 10 or 15 years ago? >> I think technology is. I think a lot of this is not in tools, it's now in technique and management practices. I think many of us find ourselves rethinking of how to do this now that you have data, now that you have tools that you can get them. How can you adopt better and faster? That requires a cultural change to organization. In some cases it requires more advanced skills, in other cases it requires you to think differently about the problems. I always like to consider that we, at some point, thought about it as a process-driven organization. Step one to step two to step three. Now process is ubiquitous because data becomes ubiquitous and you could refactor your processes and decisions much more efficiently and effectively. >> What are some of the information quality problems you have to wrestle with? >> Well, in our case, by setting a definite semantic meaning, we kicked the quality problems to those who provide the authoritative data. And if they had a quality problem, we said, "Here's your data. "We're going to now use it." So it spurs, it changes the model of them ensuring the quality of those who own the data. And by working with the services, they've worked down through their data issues and have used us a bit as the foil for cleaning up their data errors that they have from different inputs. And I like to think about it as flipping the model of saying, "It's not my job to drive quality, "it's my job to drive clarity, "it's their job to drive the quality into the system." >> Let's talk about this event. So, you guys are long-time contributors to the event. Mark, have you been here since the beginning? Or close to it? >> Um... About halfway through I think. >> When the focus was primarily on information quality? >> Yes. >> Was it CDOIQ at the time or was it IQ? >> It was the very beginnings of CDOIQ. It was right before it became CDOIQ. >> Early part of this decade? >> Yes. >> Okay. >> It was Information Quality Symposium originally, is that was attracted you to it? >> Well, yes, I was interested in it because I think there were two things that drew my interest. One, a colleague had told me about it and we were just starting the data journey at that point. And it was talking about information quality and it was out of a business school in the MIT slenton side of the house. And coming from a business perspective, it was not just the providence of IT, I wanted to learn form others because I sit on the business side of the equation. Not a pure IT-ist or technology. And I came here to learn. I've never stopped learning through my entire journey here. >> What have you learned this week? >> Well, there's an awful lot I learned. I think it's been... This space is evolving so rapidly with the law, policy, and regulation. Establishing the CDOs, establishing the roles, getting hear from the CDOs, getting to hear from visions, hear from Michael Conlan and hear from others in the federal agencies. Having them up here and being able to collaborate and talk to them. Also hearing from the technology people, the people that're bringing solutions to the table. And then, I always say this is a bit like group therapy here because many of us have similar problems, we have different start and end points and learning from each other has proven to be very valuable. From the hallway conversations to hearing somebody and seeing how they thought about the products, seeing how commercial industry has implemented data management. And you have a lot of similarity of focus of people dealing with trying to bring data to bring value to the organizations and understanding their transformations, it's proven invaluable. >> Well, what did the appointment of the DOD's first CDO last year, what statement did that make to the organization? >> That data's important. Data are important. And having a CDO in that and, when Micheal came on board, we shared some lessons learned and we were thinking about how to do that, you know? As I said, I function in a, arguably a silo of the institution is the acquisition data. But we were copying CDO homework so it helped in my mind that we can go across to somebody else that would understand and could understand what we're trying to do and help us. And I think it becomes, the CDO community has always been very sharing and collaborative and I hold that true with Micheal today. >> It's kind of the ethos of this event. I mean, obviously you guys have been heavily involved. We've always been thrilled to cover this. I think we started in 2013 and we've seen it grow, it's kind of fire marshal full now. We got to get to a new facility, I understand. >> Fire marshal full. >> Next year. So that's congratulations to all the success. >> Yeah, I think it's important and we've now seen, you know, you hear it, you can read it in every newspaper, every channel out there, that data are important. And what's more important than the factor of governance and the factor of bringing safety and security to the nation? >> I do feel like a lot in, certainly in commercial world, I don't know if it applies in the government, but a lot of these AI projects are moving really fast. Especially in Silicon Valley, there's this move fast and break things mentality. And I think that's part of why you're seeing some of these big tech companies struggle right now because they're moving fast and they're breaking things without the governance injected and many CDOs are not heavily involved in some of these skunk works projects and it's almost like they're bolting on governance which has never been a great formula for success in areas like governance and compliance and security. You know, the philosophy of designing it in has tangible benefits. I wonder if you could comment on that? >> Yeah, I can talk about it as we think about it in our space and it may be limited. AI is a bit high on the hype curve as you might imagine right now, and the question would be is can it solve a problem that you have? Well, you just can't buy a piece of software or a methodology and have it solve a problem if you don't know what problem you're trying to solve and you wouldn't understand the answer when it gave it to you. And I think we have to raise our data intellectualism across the organization to better work with these products because they certainly represent utility but it's not like you give it with no fences on either side or you open up your aperture to find basic solution on this. How you move forward with it is your workforce has got to be in tune with that, you have to understand some of the data, at least the basics, and particularly with products when you get the machine learning AI deep learning, the models are going to be moving so fast that you have to intellectually understand them because you'll never be able to go all the way back and stubby pencil back to an answer. And if you don't have the skills and the math and the understanding of how these things are put together, it may not bring the value that they can bring to us. >> Mark, thanks very much for coming on The Cube. >> Thank you very much. >> Great to see you again and appreciate all the work you guys both do for the community. All right. And thank you for watching. We'll be right back with our next guest right after this short break. You're watching The Cube from MIT CDOIQ.

(upbeat music) >> From Cambridge, Massachusetts, it's the CUBE. Covering MIT Chief Data Officer and Information Quality Symposium 2019. Brought to you by SiliconANGLE Media. (upbeat music) >> Welcome back to MIT in Cambridge Massachusetts everybody you're watching the CUBE the leader in live tech coverage. We go out to the events and extract the signal from the noise we hear at the MIT CDOIQ. It's the MIT Chief Data Officer event the 13th annual event. The CUBE started covering this show in 2013. I'm Dave Vellante with Paul Gillin, my co-host, and Michael Conlin is here as the chief data officer of the Department of Defense, Michael welcome, thank you for coming on. >> Thank you, it's a pleasure to be here. >> So the DoD is, I think it's the largest organization in the world, what does the chief data officer of the DoD do on a day to day basis? >> A range of things because we have a range of challenges at the Department of Defense. We are the single largest organization on the planet. We have the greatest scope and scale and complexity. We have the most dangerous competitors of anybody on the planet, it's not a trivial issue for us. So, I've a range of challenges. Challenges around, how do I lift the overall performance of the department using data effectively? How do I help executives make better decisions faster, using more recent, more common data? More common enterprise data is the expression we use. How do I help them become more sophisticated consumers of data and especially data analytics? And, how do we get to the point where, I can compare performance over here with performance over there, on a common basis? And compared to commercial benchmark? Which is now an expectation for us, and ask are we doing this as well as we should, right across the patch? Knowing, that all that data comes from multiple different places to start with. So we have to overcome all those differences and provide that department wide view. That's the essence of the role. And now with the recent passage of the Foundations for Evidenced-Based Policymaking Act, there are a number of additional expectations that go on top of that, but this is ultimately about improving affordability and performance of the department. >> So overall performance of the organization... >> Overall performance. >> ...as well, and maybe that comes from supporting various initiatives, and making sure you're driving performance on that basis as well. >> It does, but our litmus test is are we enabling the National Defense Strategy to succeed? Only reason to touch data is to enable the National Defense Strategy to be more successful than without it. And so we're always measuring ourselves against that. But it is, can we objectively say we're performing better? Can we objectively say that we are more affordable? In terms of the way we support the National Defense Strategy. >> I'm curious about your motivations for taking on this assignment because your background, as I see, is primarily in the private sector. A year ago you joined the US Department of Defense. A huge set of issues that you're tackling now, why'd you do it? >> So I am a capitalist, like most Americans, and I'm a serial entrepreneur. This was my first opportunity to serve government. And when I looked at it, knowing that I could directly support national defense, knowing that I could make a direct meaningful contribution, let me exercise that spirit of patriotism that many of us have, but we just not found ourselves an opportunity. When this opportunity came along I just couldn't say no to it. There's so much to be done and so much appetite for improvement that I just couldn't walk away for this. Now I've to tell you, when you start you take an oath of office to protect and defend the constitution. I don't know, it's maybe a paragraph or maybe it's two paragraphs. It felt like it took an hour to choke it out, because I was suddenly struck with all of this emotion. >> The gravity of what you were doing. >> Yeah, the gravity of what I'm doing. And that was just a reinforcement of the choice I'd already made, obviously right. But the chance to be the first chief data officer of the entire Department of Defense, just an enormous privilege. The chance to bring commercial sector best practices in and really lift the game of the department, again enormous privilege. There's so many people who could do this, probably better than me. The fact that I got the opportunity I just couldn't say no. Just too important, to many places I could see that we could make things better. I think anybody with a patriotic bone in their body would of jumped at the opportunity. >> That's awesome, I love that congratulations on getting that role and seemingly thrive in it. A big part of preserving that capitalist belief, defending the constitution and the American way, it sounds corny, but... >> It's real. >> I'm a patriot as well, is security. And security and data are intertwined. And just the whole future of warfare is dramatically changing. Can you talk about in a format like this, security, you're thinking on that, the department's thinking on that from a CDO's perspective? >> So as you know we have a number of swimlanes within the department and security is very clear swimlane, it's aligned under our chief information officer, but security is everybody's responsibility, of course. Now the longstanding criticism of security people is that they think they best way to secure anything is to permit nobody to touch it. The clear expectation for me as chief data officer is to make sure that information is shared to the right people as rapidly as possible. And, that's a different philosophy. Now I'm really lucky. Lieutenant General Denis Crall our principal cyber advisor, Dana Deasy our CIO, these people understand how important it is to get information in the right place at the right time, make it rapidly available and secure it every step along the way. We embrace the zero trust mantra. And because we embrace the zero trust mantra we're directly concerned with defending the data itself. And as long as we defend the data and the same mechanisms are the mechanisms we use to let people share it, suddenly the tension goes away. Suddenly we all have the same goal. Because the goal is not to prevent use of data, it's to enable use of data in a secure way. So the traditional tension that might be in that place doesn't exist in the department. Very productive, very professional level of collaboration with those folks in this space. Very sophisticated people. >> When we were talking before we went live you mentioned that the DoD has 10,000 plus operational systems... >> That's correct. >> A portfolio of that magnitude just overwhelming, I mean how did you know what to do first when you moved into this job, or did you have a clear mandate when you were hired? >> So I did have a clear mandate when I was hired and luckily that was spelled out. We knew what to do first because we sat down with actual leaders of the department and asked them what their goals were for improving the performance of the department. And everything starts from that conversation. You find those executives that what to improve performance, you understand what those goals are, and what data they need to manage that improvement. And you capture all the critical business questions they need answers to. From that point on they're bought in to everything that happens, right. Because they want those answers to those critical business questions. They have performance targets of their own, this is now aligned with. And so you have the support you need to go down the rest of the path of finding the data, standardizing it, et cetera. In order to deliver the answers to those questions. But it all starts which either the business mission leaders or the warfighting mission leaders who define the steps they're taking to implement the National Defense Strategy. Everything gets lined up against that, you get instant support and you know you're going after the right thing. This is not, an if you build it they will come. This is not, a driftnet the organization try to gather up all the data. This is spear fishing for specific answers to materially important questions, and everything we do is done on that basis. >> We hear Mark Ramsey this morning talk about the... He showed a picture of stove pipes and then he complicated that picture by showing multiple copies within each of those stove pipes, and says this is organizations that we've all lived in. >> That's my organization too. >> So talk about some of those data challenges at the DoD and how you're addressing those, specifically how you're enabling soldiers in the field to get the right data to the field when they need it. >> So what we'll be delicate when we talk about what we do for soldiers in the field. >> Understood, yeah. >> That tends to be sensitive. >> Understand why, sure. >> But all of those dynamics that Mark described in that presentation are present in every large cooperation I've ever served. And that includes the Department of Defense. That heterogeneity and sprawl of IT that what I would refer to, he showed us a hair ball of IT. Every large organization has a hair ball of IT. And data scattered all over the place. We took many of the same steps that he described in terms of organizing and presenting meaningful answers to questions, in almost exactly the same sequence. The challenge as you heard me use the statistics that our CIO's published digital monetization strategies, which calls out that we have roughly 10,000 operational systems. Well, every one of them is different. Every one's put in place by a different group of people at a different time, with a different set of requirements, and a different budget, and a different focus. You know organizational scope. We're just like he showed. We're trying to blend all that in to a common view. So we have to find what's the real authoritative piece of data, cause it's not all of those systems. It's only a subset of those systems. And you have to do all of the mapping and translations, to make the result add up. Otherwise you double count or you miss something. This is work in progress. This will always be a work in progress to any large organization. So I don't want to give you impression it's all sorted. Definitely not all sorted. But, the reality is we're trying to get to the point where people can see the data that's available and that's a requirement by the way under the Foundations Act that we have a data catalog, an authoritative data catalog so people can see it and they have the ability to then request access to that through automation. This is what's critical, you need to be able to request access and have it arbitraged on the basis of whether you should directly have access based on your role, your workflow, et cetera, but it should happen in real time. You don't want to wait weeks, or months, or however long for some paperwork to move around. So this all has to become highly automated. So, what's the data, who can access it under what policy, for what purpose? Our roles and responsibilities? Identity management? All this is a combined set of solutions that we have to put in place. I'm mostly worried about a subset of that. My colleagues in these other swimlanes are working to do the rest. Most people in the department have access to data they need in their space. That hasn't been a problem. The problem is you go from space to space, you have to learn a new set of systems and a new set of techniques for a new set of data formats which means you have to be retrained. That really limits our freedom of maneuver of human beings. In the ideal world you'd be able to move from any job in any part of the department to the same job in another part of the department with no retraining whatsoever. You'd be instantly able to make a contribution. That's what we're trying to get to. So that's a different kind of a challenge, right. How do we get that level of consistency in the user experience, a modern user experience. So that if I'm a real estate manager, or I'm a medical business manager, or I'm a clinical professional, or I'm whatever, I can go from this location in this part of the department to that location in that part and my experience is the same. It's completely modern, and it's completely consistent. No retraining. >> How much of that challenge pie is people, process and technology? How would you split that opportunity? >> Well everything starts for a process perspective. Because if you automate a bad process, you just make more mistakes in less time at greater costs. Obviously that's not the ideal. But the biggest single challenge is people. It's talent, it's culture. Both on the demand side and on the supply side. If fact a lot of what I talked about in my remarks, was the additional changes we need to put in place to bring people into a more modern approach to data, more modern consumption. And look, we have pockets of excellence. And they can hold their own against any team, any place on the planet. But they are pockets of excellence. And what we're trying to do is raise the entire organization's performance. So it's people, people, and people and then the other stuff. But the products, don't care about (laughs). >> We often here about... >> They're going to change in 12 to 18 months. I'm a technologist, I'm hands on. The products are going to change rapidly, I make no emotional commitment to products. But the people that's a different story. >> Well we know that in the commercial world we often hear that cultural resistance is what sabotages modernization efforts. The DoD is sort of the ultimate top-down organization. It is any easier to get buy-in because the culture is sort of command and control oriented? >> It's hard in the DoD, it's not easier in the DoD. Ultimately people respond to their performance incentives. That's the dirty secrets performance incentives, they work every time. So unless you restructure performance measures and incentives for people their behavior's never going to change. They need to see their personal future in the future you're prescribing. And if they don't see it, you're going to get resistance every time. They're going to do what they believe they're incented to do. Making those changes, cascading those performance measures down, has been difficult because much of the decision-making processes in the department have been based on slow-moving systems and slow-moving data. I mean think about it, our budget planning process was created by Robert McNamara, as the Secretary of Defense. It requires you to plan everything for five years. And it takes more than a year to plan a single year's worth of activities, it's slow-moving. And we have regulation, we have legislation, we're a law-abiding organization, we do what we have to do. All of those things slow things down. And there's a culture of expecting macro-level consensus building. Which means everybody feels they can say no. If everybody can say no, then change becomes peanut butter spread across an organization. When you peanut butter spread across something our size and scale, the layer's pretty thin. So we have the same problem that other organizations have. There is clearly a perception of top-down change and if the Secretary or the Deputy Secretary issue an instruction people will obey it. It just takes some time to work it's way down into all the detailed combinations and permutations. Cause you have to make sophisticated decisions now. How am I going to change for my performance measures for that group to that group? And that takes time and energy and thought. There's a natural sort of pipeline effect in this. So there's real tension I think in between this perception of top-down and people will obey the orders their given. But when you're trying to integrate those changes into a board set of policy and process and people, that takes time and energy. >> And as a result the leaders have to be circumspect about the orders they give because they want to see success. They want to make sure that what they say is actually implemented or it reflects poorly on the organization. >> I think that out leaders are absolutely concerned about accomplishing the outcomes that they set out. And I think that they are rightfully determined to get the change as rapidly as possible. I would not expect them to be circumspect. I would anticipate that they would be firm and clear in the direction that they set and they would set aggressive targets because you need aggressive targets to get aggressively changed outcomes. Now. >> But they would have to choose wisely, they can't just fire off orders and expect everything to be done. I would think that they got to really think about what they want to get done, and put all the wood behind the arrow as you... >> I think that they constantly balance all those considerations. I must say, I did not appreciate before I joined the department the extraordinary caliber of leadership we enjoy. We have people with real insight and experience, and high intellectual horsepower making the decisions in the department. We've been blessed with the continuing stream of them at all of the senior ranks. These people could go anywhere, or do anything that they wanted in the economy and they've chosen to be in the department. And they bring enormous intellectual firepower to bear on challenges. >> Well you mentioned the motivation at the top of the segment, that's largely pretty powerful. >> Yeah, oh absolutely. >> I want to ask you, we have to break, but the organizational structure, you talked about the CIO, actually the responsibility for security within the CIO. >> Sure. >> To whom do you report. What's the organization look like? >> So I report to the Chief Management Officer of the Department of Defense. So if you think about the order of precedents, there's the Secretary of Defense, the Deputy Secretary of Defense and third in order is the Chief Management Officer. I report to the Chief Management Officer. >> As does the CIO, is that right? >> As does the CIO, as does the CIO. And actually this is quite typical in large organizations, that you don't have the CDO and the CIO in the same space because the concerns are very different. They have to collaborate but very different concerns. We used to see CDOs reporting to CIOs that's fallen dramatically in terms of the frequency you see that. Cause we now recognize that's just a failure mode. So you don't want to go down that path. The number one most common reporting relationship is actually to a CEO, the chief executive officer, of an organization. It's all about, what executive is driving performance for the organization? That's the person the CDO should report to. And I'm blessed in that I do find myself reporting to the executive driving organizational improvement. For me, that's a critical thing. That would make the difference between whether I could succeed or whether I'm doomed to fail. >> COO would be common too in a commercial organization. >> Yeah, in certain commercial organizations, it's a COO. It just depends on the nature of the business and their maturity with data. But if you're in the... If data's the business, CDO will report to the CEO. There are other organizations where it'll be the COO or CFO, it just depends on the nature of that business. And in our case I'm quite fortunate. >> Well Michael, thank you for, not only the coming to the CUBE but the service you're providing to the country, we really appreciate your insights and... >> It's a pleasure meeting you. >> It's a pleasure meeting you. All right, keep it right there everybody we'll be right back with our next guest. You're watching the CUBE live from MIT CDOIQ, be right back. (upbeat music)

>> Narrator: theCUBE's live coverage is made possible by funding from Dell Technologies, creating technologies that drive human progress. (bright upbeat music plays) >> Welcome back to Barcelona, everybody. You're watching theCUBE's coverage of MWC '23, my name is Dave Vellante. Just left a meeting with the CEO of Cisco, Chuck Robbins, to meet with Jeetu Patel, who's our Executive Vice President and General Manager of security and collaboration at Cisco. Good to see you. >> You never leave a meeting with Chuck Robbins to meet with Jeetu Patel. >> Well, I did. >> That's a bad idea. >> Walked right out. I said, hey, I got an interview to do, right? So, and I'm excited about this. Thanks so much for coming on. >> Thank you for having me. It's a pleasure. >> So, I mean you run such an important part of the business. I mean, obviously the collaboration business but also security. So many changes going on in the security market. Maybe we could start there. I mean, there hasn't been a ton of security talk here Jeetu, because I think it's almost assumed. It was 45 minutes into the keynote yesterday before anybody even mentioned security. >> Huh. >> Right? And so, but it's the most important topic in the enterprise IT world. And obviously is important here. So why is it you think that it's not the first topic that people mention. >> You know, it's a complicated subject area and it's intimidating. And actually that's one of the things that the industry screwed up on. Where we need to simplify security so it actually gets to be relatable for every person on the planet. But, if you think about what's happening in security, it's not just important for business it's critical infrastructure that if you had a breach, you know lives are cost now. Because hospitals could go down, your water supply could go down, your electricity could go down. And so it's one of these things that we have to take pretty seriously. And, it's 51% of all breaches happen because of negligence, not because of malicious intent. >> It's that low. Interesting. I always- >> Someone else told me the same thing, that they though it'd be higher, yeah. >> I always say bad user behavior is going to trump good security every time. >> Every single time. >> You can't beat it. But, you know, it's funny- >> Jeetu: Every single time. >> Back, the earlier part of last decade, you could see that security was becoming a board level issue. It became, it was on the agenda every quarter. And, I remember doing some research at the time, and I asked, I was interviewing Robert Gates, former Defense Secretary, and I asked him, yeah, but we're getting attacked but don't we have the best offense? Can't we have the best technology? He said, yeah but we have so much critical infrastructure the risks to United States are higher. So we have to be careful about how we use security as an offensive weapon, you know? And now you're seeing the future of war involves security and what's going on in Ukraine. It's a whole different ballgame. >> It is, and the scales always tip towards the adversary, not towards the defender, because you have to be right every single time. They have to be right once. >> Yeah. And, to the other point, about bad user behavior. It's going now beyond the board level, to it's everybody's responsibility. >> That's right. >> And everybody's sort of aware of it, everybody's been hacked. And, that's where it being such a complicated topic is problematic. >> It is, and it's actually, what got us this far will not get us to where we need to get to if we don't simplify security radically. You know? The experience has to be almost invisible. And what used to be the case was sophistication had to get to a certain level, for efficacy to go up. But now, that sophistication has turned to complexity. And there's an inverse relationship between complexity and efficacy. So the simpler you make security, the more effective it gets. And so I'll give you an example. We have this great kind of innovation we've done around passwordless, right? Everyone hates passwords. You shouldn't have passwords in 2023. But, when you get to passwordless security, not only do you reduce a whole lot of friction for the user, you actually make the system safer. And that's what you need to do, is you have to make it simpler while making it more effective. And, I think that's what the future is going to hold. >> Yeah, and CISOs tell me that they're, you know zero trust before the pandemic was like, yeah, yeah zero trust. And now it's like a mandate. >> Yeah. >> Every CISO you talk to says, yes we're implementing a zero trust architecture. And a big part of that is that, if they can confirm zero trust, they can get to market a lot faster with revenue generating or critical projects. And many projects as we know are being pushed back, >> Yeah. >> you know? 'Cause of the macro. But, projects that drive revenue and value they want to accelerate, and a zero trust confirmation allows people to rubber stamp it and go faster. >> And the whole concept of zero trust is least privileged access, right? But what we want to make sure that we get to is continuous assessment of least privileged access, not just a one time at login. >> Dave: 'Cause things change so frequently. >> So, for example, if you happen to be someone that's logged into the system and now you start doing some anomalous behavior that doesn't sound like Dave, we want to be able to intercept, not just do it at the time that you're authenticating Dave to come in. >> So you guys got a good business. I mentioned the macro before. >> Yeah. >> The big theme is consolidating redundant vendors. So a company with a portfolio like Cisco's obviously has an advantage there. You know, you guys had great earnings. Palo Alto is another company that can consolidate. Tom Gillis, great pickup. Guy's amazing, you know? >> Love Tom. >> Great respect. Just had a little webinar session with him, where he was geeking out with the analyst and so- >> Yeah, yeah. >> Learned a lot there. Now you guys have some news, at the event event with Mercedes? >> We do. >> Take us through that, and I want to get your take on hybrid work and what's happening there. But what's going on with Mercedes? >> Yeah so look, it all actually stems from the hybrid work story, which is the future is going to be hybrid, people are going to work in mixed mode. Sometimes you'll be in the office, sometimes at home, sometimes somewhere in the middle. One of the places that people are working more and more from is their cars. And connected cars are getting to be a reality. And in fact, cars sometimes become an extension of your home office. And many a times I have found myself in a parking lot, because I didn't have enough time to get home and I was in a parking lot taking a conference call. And so we've made that section easier, because we have now partnered with Mercedes. And they aren't the first partner, but they're a very important partner where we are going to have Webex available, through the connected car, natively in Mercedes. >> Ah, okay. So I could take a call, I can do it all the time. I find good service, pull over, got to take the meeting. >> Yeah. >> I don't want to be driving. I got to concentrate. >> That's right. >> You know, or sometimes, I'll have the picture on and it's not good. >> That's right. >> Okay, so it'll be through the console, and all through the internet? >> It'll be through the console. And many people ask me like, how's safety going to work over that? Because you don't want to do video calls while you're driving. Exactly right. So when you're driving, the video automatically turns off. And you'll have audio going on, just like a conference call. But the moment you stop and put it in park, you can have video turned on. >> Now, of course the whole hybrid work trend, we, seems like a long time ago but it doesn't, you know? And it's really changed the security dynamic as well, didn't it? >> It has, it has. >> I mean, immediately you had to go protect new endpoints. And those changes, I felt at the time, were permanent. And I think it's still the case, but there's an equilibrium now happening. People as they come back to the office, you see a number of companies are mandating back to work. Maybe the central offices, or the headquarters, were underfunded. So what's going on out there in terms of that balance? >> Well firstly, there's no unanimous consensus on the way that the future is going to be, except that it's going to be hybrid. And the reason I say that is some companies mandate two days a week, some companies mandate five days a week, some companies don't mandate at all. Some companies are completely remote. But whatever way you go, you want to make sure that regardless of where you're working from, people can have an inclusive experience. You know? And, when they have that experience, you want to be able to work from a managed device or an unmanaged device, from a corporate network or from a Starbucks, from on the road or stationary. And whenever you do any of those things, we want to make sure that security is always handled, and you don't have to worry about that. And so the way that we say it is the company that created the VPN, which is Cisco, is the one that's going to kill it. Because what we'll do is we'll make it simple enough so that you don't, you as a user, never have to worry about what connection you're going to use to dial in to what app. You will have one, seamless way to dial into any application, public application, private application, or directly to the internet. >> Yeah, I got a love, hate with my VPN. I mean, it's protecting me, but it's in the way a lot. >> It's going to be simple as ever. >> Do you have kids? >> I do, I have a 12 year old daughter. >> Okay, so not quite high school age yet. She will be shortly. >> No, but she's already, I'm not looking forward to high school days, because she has a very, very strong sense of debate and she wins 90% of the arguments. >> So when my kids were that age, I've got four kids, but the local high school banned Wikipedia, they can't use Wikipedia for research. Many colleges, I presume high schools as well, they're banning Chat GPT, can't use it. Now at the same time, I saw recently on Medium a Wharton school professor said he's mandating Chat GPT to teach his students how to prompt in progressively more sophisticated prompts, because the future is interacting with machines. You know, they say in five years we're all going to be interacting in some way, shape, or form with AI. Maybe we already are. What's the intersection between AI and security? >> So a couple very, very consequential things. So firstly on Chat GPT, the next generation skill is going to be to learn how to go out and have the right questions to ask, which is the prompt revolution that we see going on right now. But if you think about what's happening in security, and there's a few areas which are, firstly 3,500 hundred vendors in this space. On average, most companies have 50 to 70 vendors in security. Not a single vendor owns more than 10% of the market. You take out a couple vendors, no one owns more than 5%. Highly fractured market. That's a problem. Because it's untenable for companies to go out and manage 70 policy engines. And going out and making sure that there's no contention. So as you move forward, one of the things that Chat GPT will be really good for is it's fundamentally going to change user experiences, for how software gets built. Because rather than it being point and click, it's going to be I'm going to provide an instruction and it's going to tell me what to do in natural language. Imagine Dave, when you joined a company if someone said, hey give Dave all the permissions that he needs as a direct report to Chuck. And instantly you would get all of the permissions. And it would actually show up in a screen that says, do you approve? And if you hit approve, you're done. The interfaces of the future will get more natural language kind of dominated. The other area that you'll see is the sophistication of attacks and the surface area of attacks is increasing quite exponentially. And we no longer can handle this with human scale. You have to handle it in machine scale. So detecting breaches, making sure that you can effectively and quickly respond in real time to the breaches, and remediate those breaches, is all going to happen through AI and machine learning. >> So, I agree. I mean, just like Amazon turned the data center into an API, I think we're now going to be interfacing with technology through human language. >> That's right. >> I mean I think it's a really interesting point you're making. Now, from a security standpoint as well, I mean, the state of the art today in my email is be careful, this person's outside your organization. I'm like, yeah I know. So it's a good warning sign, but it's really not automated in any way. So two part question. One is, can AI help? You know, with the phishing, obviously it can, but the bad guys have AI too. >> Yeah. >> And they're probably going to be smarter than I am about using it. >> Yeah, and by the way, Talos is our kind of threat detection and response >> Yes. >> kind of engine. And, they had a great kind of piece that came out recently where they talked about this, where Chat GPT, there is going to be more sophistication of the folks that are the bad actors, the adversaries in using Chat GPT to have more sophisticated phishing attacks. But today it's not something that is fundamentally something that we can't handle just yet. But you still need to do the basic hygiene. That's more important. Over time, what you will see is attacks will get more bespoke. And in order, they'll get more sophisticated. And, you will need to have better mechanisms to know that this was actually not a human being writing that to you, but it was actually a machine pretending to be a human being writing something to you. And that you'll have to be more clever about it. >> Oh interesting. >> And so, you will see attacks get more bespoke and we'll have to get smarter and smarter about it. >> The other thing I wanted to ask you before we close is you're right on. I mean you take the top security vendors and they got a single digit market share. And it's like it's untenable for organizations, just far too many tools. We have a partner at ETR, they do quarterly survey research and one of the things they do is survey emerging technology companies. And when we look at in the security sector just the number of emerging technology companies that are focused on cybersecurity is as many as there are out there already. And so, there's got to be consolidation. Maybe that's through M & A. I mean, what do you think happens? Are company's going to go out of business? There's going to be a lot of M & A? You've seen a lot of companies go private. You know, the big PE companies are sucking up all these security companies and may be ready to spit 'em out and go back public. How do you see the landscape? You guys are obviously an inquisitive company. What are your thoughts on that? >> I think there will be a little bit of everything. But the biggest change that you'll see is a shift that's going to happen with an integrated platform, rather than point solution vendors. So what's going to happen is the market's going to consolidate towards very few, less than a half a dozen, integrated platforms. We believe Cisco is going to be one. Microsoft will be one. There'll be others over there. But these, this platform will essentially be able to provide a unified kind of policy engine across a multitude of different services to protect multiple different entities within the organization. And, what we found is that platform will also be something that'll provide, through APIs, the ability for third parties to be able to get their technology incorporated in, and their telemetry ingested. So we certainly intend to do that. We don't believe, we are not arrogant enough to think that every single new innovation will be built by us. When there's someone else who has built that, we want to make sure that we can ingest that telemetry as well, because the real enemy is not the competitor. The real enemy is the adversary. And we all have to get together, so that we can keep humanity safe. >> Do you think there's been enough collaboration in the industry? I mean- >> Jeetu: Not nearly enough. >> We've seen companies, security companies try to monetize private data before, instead of maybe sharing it with competitors. And so I think the industry can do better there. >> Well I think the industry can do better. And we have this concept called the security poverty line. And the security poverty line is the companies that fall below the security poverty line don't have either the influence or the resources or the know how to keep themselves safe. And when they go unsafe, everyone else that communicates with them also gets that exposure. So it is in our collective interest for all of us to make sure that we come together. And, even if Palo Alto might be a competitor of ours, we want to make sure that we invite them to say, let's make sure that we can actually exchange telemetry between our companies. And we'll continue to do that with as many companies that are out there, because actually that's better for the market, that's better for the world. >> The enemy of the enemy is my friend, kind of thing. >> That's right. >> Now, as it relates to, because you're right. I mean I, I see companies coming up, oh, we do IOT security. I'm like, okay, but what about cloud security? Do you that too? Oh no, that's somebody else. But, so that's another stove pipe. >> That's a huge, huge advantage of coming with someone like Cisco. Because we actually have the entire spectrum, and the broadest portfolio in the industry of anyone else. From the user, to the device, to the network, to the applications, we provide the entire end-to-end story for security, which then has the least amount of cracks that you can actually go out and penetrate through. The biggest challenges that happen in security is you've got way too many policy engines with way too much contention between the policies from these different systems. And eventually there's a collision course. Whereas with us, you've actually got a broad portfolio that operates as one platform. >> We were talking about the cloud guys earlier. You mentioned Microsoft. They're obviously a big competitor in the security space. >> Jeetu: But also a great partner. >> So that's right. To my opinion, the cloud has been awesome as a first line of defense if you will. But the shared responsibility model it's different for each cloud, right? So, do you feel that those guys are working together or will work together to actually improve? 'Cause I don't see that yet. >> Yeah so if you think about, this is where we feel like we have a structural advantage in this, because what does a company like Cisco become in the future? I think as the world goes multicloud and hybrid cloud, what'll end up happening is there needs to be a way, today all the CSPs provide everything from storage to computer network, to security, in their own stack. If we can abstract networking and security above them, so that we can acquire and steer any and all traffic with our service providers and steer it to any of those CSPs, and make sure that the security policy transcends those clouds, you would actually be able to have the public cloud economics without the public cloud lock-in. >> That's what we call super cloud Jeetu. It's securing the super cloud. >> Yeah. >> Hey, thanks so much for coming to theCUBE. >> Thank you for having me. >> Really appreciate you coming on our editorial program. >> Such a pleasure. >> All right, great to see you again. >> Cheers. >> All right, keep it right there. Dave Vellante with David Nicholson and Lisa Martin. We'll be back, right after this short break from MWC '23 live, in the Fira, in Barcelona. (bright music resumes) (music fades out)

>> Welcome back to the program. My name is Dave Valante and in this session, we're going to explore one of the more interesting topics of the day. IoT for Smart Factories. And with me are, Todd Edmunds,the Global CTO of Smart Manufacturing Edge and Digital Twins at Dell Technologies. That is such a cool title. (chuckles) I want to be you. And Dr. Aditi Banerjee, who's the Vice President, General Manager for Aerospace Defense and Manufacturing at DXC Technology. Another really cool title. Folks, welcome to the program. Thanks for coming on. >> Thanks Dave. >> Thank you. Great to be here. >> Nice to be here. >> Todd, let's start with you. We hear a lot about Industry 4.0, Smart Factories, IIoT. Can you briefly explain, what is Industry 4.0 all about and why is it important for the manufacturing industry? >> Yeah. Sure, Dave. You know, it's been around for quite a while and it's gone by multiple different names, as you said. Industry 4.0, Smart Manufacturing, Industrial IoT, Smart Factory. But it all really means the same thing, its really applying technology to get more out of the factories and the facilities that you have to do your manufacturing. So, being much more efficient, implementing really good sustainability initiatives. And so, we really look at that by saying, okay, what are we going to do with technology to really accelerate what we've been doing for a long, long time? So it's really not- it's not new. It's been around for a long time. What's new is that manufacturers are looking at this, not as a one-of, two-of individual Use Case point of view but instead they're saying, we really need to look at this holistically, thinking about a strategic investment in how we do this. Not to just enable one or two Use Cases, but enable many many Use Cases across the spectrum. I mean, there's tons of them out there. There's Predictive maintenance and there's OEE, Overall Equipment Effectiveness and there's Computer Vision and all of these things are starting to percolate down to the factory floor, but it needs to be done in a little bit different way and really to really get those outcomes that they're looking for in Smart Factory or Industry 4.0 or however you want to call it. And truly transform, not just throw an Industry 4.0 Use Case out there but to do the digital transformation that's really necessary and to be able to stay relevant for the future. I heard it once said that you have three options. Either you digitally transform and stay relevant for the future or you don't and fade into history. Like, 52% of the companies that used to be on the Fortune 500 since 2000. Right? And so, really that's a key thing and we're seeing that really, really being adopted by manufacturers all across the globe. >> Yeah. So, Aditi, it's like digital transformation is almost synonymous with business transformation. So, is there anything you'd add to what Todd just said? >> Absolutely. Though, I would really add that what really drives Industry 4.0 is the business transformation. What we are able to deliver in terms of improving the manufacturing KPIs and the KPIs for customer satisfaction, right? For example, improving the downtime or decreasing the maintenance cycle of the equipments or improving the quality of products, right? So, I think these are lot of business outcomes that our customers are looking at while using Industry 4.0 and the technologies of Industry 4.0 to deliver these outcomes. >> So, Aditi, I wonder if I could stay with you and maybe this is a bit esoteric but when I first first started researching IoT and Industrial IoT 4.0, et cetera, I felt, well, there could be some disruptions in the ecosystem. I kind of came to the conclusion that large manufacturing firms, Aerospace Defense companies the firms building out critical infrastructure actually had kind of an incumbent advantage and a great opportunity. Of course, then I saw on TV somebody now they're building homes with 3D printers. It like blows your mind. So that's pretty disruptive. But, so- But they got to continue, the incumbents have to continue to invest in the future. They're well-capitalized. They're pretty good businesses, very good businesses but there's a lot of complexities involved in kind of connecting the old house to the new addition that's being built, if you will, or this transformation that we're talking about. So, my question is, how are your customers preparing for this new era? What are the key challenges that they're facing in the the blockers, if you will? >> Yeah, I mean the customers are looking at Industry 4.0 for Greenfield Factories, right? That is where the investments are going directly into building the factories with the new technologies, with the new connectivities, right? For the machines, for example, Industrial IoT having the right type of data platforms to drive computational analytics and outcomes, as well as looking at Edge versus Cloud type of technologies, right? Those are all getting built in the Greenfield Factories. However, for the Install-Based Factories, right? That is where our customers are looking at how do I modernize these factories? How do I connect the existing machine? And that is where some of the challenges come in on the legacy system connectivity that they need to think about. Also, they need to start thinking about cybersecurity and operation technology security because now you are connecting the factories to each other. So, cybersecurity becomes top of mind, right? So, there is definitely investment that is involved. Clients are creating roadmaps for digitizing and modernizing these factories and investments in a very strategic way. So, perhaps they start with the innovation program and then they look at the business case and they scale it up, right? >> Todd, I'm glad you did brought up security, because if you think about the operations technology folks, historically they air-gaped the systems, that's how they created security. That's changed. The business came in and said, 'Hey, we got to connect. We got to make it intelligence.' So, that's got to be a big challenge as well. >> It absolutely is, Dave. And, you know, you can no longer just segment that because really to get all of those efficiencies that we talk about, that IoT and Industrial IoT and Industry 4.0 promise, you have to get data out of the factory but then you got to put data back in the factory. So, no longer is it just firewalling everything is really the answer. So, you really have to have a comprehensive approach to security, but you also have to have a comprehensive approach to the Cloud and what that means. And does it mean a continuum of Cloud all the way down to the Edge, right down to the factory? It absolutely does. Because no one approach has the answer to everything. The more you go to the Cloud the broader the attack surface is. So, what we're seeing is a lot of our customers approaching this from kind of that hybrid right ones run anywhere on the factory floor down to the Edge. And one of the things we're seeing too, is to help distinguish between what is the Edge and bridge that gap between, like, Dave, you talked about IT and OT and also help what Aditi talked about is the Greenfield Plants versus the Brownfield Plants that they call it, that are the legacy ones and modernizing those. It's great to kind of start to delineate what does that mean? Where's the Edge? Where's the IT and the OT? We see that from a couple of different ways. We start to think about really two Edges in a manufacturing floor. We talk about an Industrial Edge that sits... or some people call it a Far Edge or a Thin Edge, sits way down on that plant, consists of industrial hardened devices that do that connectivity. The hard stuff about how do I connect to this obsolete legacy protocol and what do I do with it? And create that next generation of data that has context. And then we see another Edge evolving above that, which is much more of a data and analytics and enterprise grade application layer that sits down in the factory itself; that helps figure out where we're going to run this? Does it connect to the Cloud? Do we run Applications On-Prem? Because a lot of times that On-Prem Application it needs to be done. 'Cause that's the only way that it's going to work because of security requirements, because of latency requirements performance and a lot of times, cost. It's really helpful to build that Multiple-Edge strategy because then you kind of, you consolidate all of those resources, applications, infrastructure, hardware into a centralized location. Makes it much, much easier to really deploy and manage that security. But it also makes it easier to deploy new Applications, new Use Cases and become the foundation for DXC'S expertise and Applications that they deliver to our customers as well. >> Todd, how complex are these projects? I mean, I feel like it's kind of the the digital equivalent of building the Hoover Dam. I mean, its.. so yeah. How long does a typical project take? I know it varies, but what are the critical success factors in terms of delivering business value quickly? >> Yeah, that's a great question in that we're- you know, like I said at the beginning, this is not new. Smart Factory and Industry 4.0 is not new. It's been, it's people have been trying to implement the Holy Grail of Smart Factory for a long time. And what we're seeing is a switch, a little bit of a switch or quite a bit of a switch to where the enterprises and the IT folks are having a much bigger say and they have a lot to offer to be able to help that complexity. So, instead of deploying a computer here and a Gateway there and a Server there, I mean, you go walk into any manufacturing plant and you can see Servers sitting underneath someone's desk or a PC in a closet somewhere running a critical production application. So, we're seeing the enterprise have a much bigger say at the table, much louder voice at the table to say, we've been doing this enterprise all the time. We know how to really consolidate, bring Hyper-Converged Applications, Hyper-Converged Infrastructure to really accelerate these kind of applications. Really accelerate the outcomes that are needed to really drive that Smart Factory and start to bring that same capabilities down into the Mac on the factory floor. That way, if you do it once to make it easier to implement, you can repeat that. You can scale that. You can manage it much easily and you can then bring that all together because you have the security in one centralized location. So, we're seeing manufacturers that first Use Case may be fairly difficult to implement and we got to go down in and see exactly what their problems are. But when the infrastructure is done the correct way when that- Think about how you're going to run that and how are you going to optimize the engineering. Well, let's take that what you've done in that one factory and then set. Let's make that across all the factories including the factory that we're in, then across the globe. That makes it much, much easier. You really do the hard work once and then repeat. Almost like cookie cutter. >> Got it. Thank you. >> Aditi, what about the skillsets available to apply these to these projects? You got to have knowledge of digital, AI, Data, Integration. Is there a talent shortage to get all this stuff done? >> Yeah, I mean, definitely. Lot different types of skillsets are needed from a traditional manufacturing skillset, right? Of course, the basic knowledge of manufacturing is important. But the digital skillsets like IoT, having a skillset in in different Protocols for connecting the machines, right? That experience that comes with it. Data and Analytics, Security, Augmented Virtual Reality Programming. Again, looking at Robotics and the Digital Twin. So, the... It's a lot more connectivity software, data-driven skillsets that are needed to Smart Factory to life at scale. And, you know, lots of firms are recruiting these types of resources with these skill sets to accelerate their Smart Factory implementation, as well as consulting firms like DXC Technology and others. We recruit, we train our talent to provide these services. >> Got it. Aditi, I wonder if we could stay on you. Let's talk about the partnership between DXC and Dell. What are you doing specifically to simplify the move to Industry 4.0 for customers? What solutions are you offering? How are you working together, Dell and DXC to bring these to market? >> Yeah, Dell and DXC have a very strong partnership and we work very closely together to create solutions, to create strategies and how we are going to jointly help our clients, right? So, areas that we have worked closely together is Edge Compute, right? How that impacts the Smart Factory. So, we have worked pretty closely in that area. We're also looked at Vision Technologies. How do we use that at the Edge to improve the quality of products, right? So, we have several areas that we collaborate in and our approaches that we want to bring solutions to our client and as well as help them scale those solutions with the right infrastructure, the right talent and the right level of security. So, we bring a comprehensive solution to our clients. >> So, Todd, last question. Kind of similar but different, you know. Why Dell, DXC, pitch me? What's different about this partnership? Where are you confident that you're going to be to deliver the best value to customers? >> Absolutely. Great question. You know, there's no shortage of Bespoke Solutions that are out there. There's hundreds of people that can come in and do individual Use Cases and do these things and just, and that's where it ends. What Dell and DXC Technology together bring to the table is we do the optimization of the engineering of those previously Bespoke Solutions upfront, together. The power of our scalable enterprise grade structured industry standard infrastructure, as well as our expertise in delivering package solutions that really accelerate with DXC's expertise and reputation as a global trusted advisor. Be able to really scale and repeat those solutions that DXC is so really, really good at. And Dell's infrastructure and our, 30,000 people across the globe that are really, really good at that scalable infrastructure to be able to repeat. And then it really lessens the risk that our customers have and really accelerates those solutions. So it's again, not just one individual solutions it's all of the solutions that not just drive Use Cases but drive outcomes with those solutions. >> Yeah, you're right. The partnership has gone, I mean I first encountered it back in, I think it was 2010. May of 2010. We had guys both on the, I think you were talking about converged infrastructure and I had a customer on, and it was actually the manufacturing customer. It was quite interesting. And back then it was how do we kind of replicate what's coming in the Cloud? And you guys have obviously taken it into the digital world. Really want to thank you for your time today. Great conversation and love to have you back. >> Thank you so much. It was a pleasure speaking with you. I agree. >> All right, keep it right there for more discussions that educate and inspire on "The Cube."

>> Welcome back to the program. My name is Dave Vellante and in this session we're going to explore one of the more interesting topics of the day. IoT for smart factories and with me are Todd Edmunds, the global CTO of Smart Manufacturing, Edge and Digital Twins, at Dell Technologies. That is such a cool title. (Todd laughs) I want to be you. And Dr. Aditi Banerjee, who's the Vice President General Manager for Aerospace Defense and Manufacturing at DXC Technology. Another really cool title. Folks, welcome to the program. Thanks for coming on. >> Thanks Dave. >> Thank you. Great to be here. >> Well- >> Nice to be here. >> Todd, let's start with you. We hear a lot about Industry 4.0, smart factories, IIoT. Can you briefly explain, like, what is Industry 4.0 all about and why is it important for the manufacturing industry? >> Yeah, sure Dave. You know, it's been around for quite a while and it's got, it's gone by multiple different names. As you said, Industry 4.0, smart manufacturing, industrial IoT, smart factory. But it all really means the same thing. It's really applying technology to get more out of the factories and the facilities that you have to do your manufacturing. So being much more efficient. Implementing really good sustainability initiatives. And so we really look at that by saying, "Okay, what are we going to do with technology to really accelerate what we've been doing for a long, long time"? So it's really not, it's not new. It's been around for a long time. What's new is that manufacturers are looking at this, not as a one-off, two off individual use case point of view, but instead they're saying, "We really need to look at this holistically, thinking about a strategic investment in how we do this." Not to just enable one or two use cases, but enable many, many use cases across the spectrum. I mean, there's tons of 'em out there. There's predictive maintenance and there's OEE, overall equipment effectiveness, and there's computer vision. And all of these things are starting to percolate down to the factory floor, but it needs to be done in a little bit different way. And really to to really get those outcomes that they're looking for in smart factory, or Industry 4.0, or however you want to call it. And truly transform. Not just throw an Industry 4.0 use case out there, but to do the digital transformation that's really necessary and to be able to stay relevant for the future. You know, I heard it once said that you have three options. Either you digitally transform and stay relevant for the future or you don't and fade into history like 52% of the companies that used to be on the Fortune 500 since 2000, right. And so really that's a key thing and we're seeing that really, really being adopted by manufacturers all across the globe. >> Yeah, so Aditi, that's like digital transformation is almost synonymous with business transformation. So is there anything you'd add to what Todd just said? >> Absolutely, though, I would really add that what really drives Industry 4.0 is the business transformation. What we are able to deliver in terms of improving the manufacturing KPIs and the KPIs for customer satisfaction, right. For example, improving the downtime, you know, or decreasing the maintenance cycle of the equipments or improving the quality of products, right. So I think these are lot of business outcomes that our customers are looking at while using Industry 4.0 and the technologies of Industry 4.0 to deliver these outcomes. >> So Aditi, one, if I could stay with you and maybe this is a bit esoteric, but when I first started researching IoT and Industrial IoT 4.0, et cetera, I felt, you know, while there could be some disruptions in the ecosystem, I kind of came to the conclusion that large manufacturing firms, aerospace defense companies, the firms building out critical infrastructure, actually had kind of an incumbent advantage and a great opportunity. Of course, then I saw on TV, somebody now, they're building homes with 3D printers. It like blows your mind. So that's pretty disruptive. But. So, but they got to continue, the incumbents have to continue to invest in the future. They're well capitalized. They're pretty good businesses. Very good businesses. But there's a lot of complexities involved in kind of connecting the old house to the new addition that's being built, if you will. Or there's transformation that we're talking about. So my question is how are your customers preparing for this new era? What are the key challenges that they're facing in the blockers, if you will? >> Yeah, I mean the customers are looking at Industry 4.0 for greenfield factories, right. That is where the investments are going directly into building the factories with the new technologies with the new connectivities, right, for the machines, for example. Industry IoT, Having the right type of data platforms to drive computational analytics and outcomes, as well as looking at edge versus cloud type of technologies, right. Those are all getting built in the greenfield factories. However, for the install-based factories, right, that is where our customers are looking at how do I modernize, right. These factories. How do I connect the existing machine? And that is where some of the challenges come in on, you know, the legacy system connectivity that they need to think about. Also, they need to start thinking about cybersecurity and operation technology security, right, because now you are connecting the factories to each other, right. So cybersecurity becomes top of mind, right. So there is definitely investment that is involved. Clients are creating roadmaps for digitizing and modernizing these factories and investments in a very strategic way, right. So perhaps they start with the innovation program. And then they look at the business case and they scale it up, right. >> Todd, I'm glad Aditi brought up security because if you think about the operations technology, you know folks, historically they air gapped, you know, the systems. That's how they created security. That's changed. The business came in and said, "Hey, we got to connect. We got to make it intelligent." So that's got to be a big challenge as well. >> It absolutely is Dave. And, you know, you can no longer just segment that because really to get all of those efficiencies that we talk about, that IOT and industrial IoT and Industry 4.0 promise, you have to get data out of the factory but then you got to put data back in the factory. So no longer is it just firewalling everything is really the answer. So you really have to have a comprehensive approach to security, but you also have to have a comprehensive approach to the cloud and what that means. And does it mean a continuum of cloud all the way down to the edge, right down to the factory? It absolutely does because no one approach has the answer to everything. The more you go to the cloud, the broader the attack surface is. So what we're seeing is a lot of our customers approaching this from, kind of, that hybrid, you know, write once, run anywhere on the factory floor down to the edge. And one of things we're seeing too is to help distinguish between what is the edge and that. And bridge that gap between, like Dave, you talked about IT and OT, and also help that what Aditi talked about is the greenfield plants versus the brownfield plants, that they call it, that are the legacy ones and modernizing those, is it's great to kind of start to delineate. What does that mean? Where's the edge? Where's the IT and the OT? We see that from a couple of different ways. We start to think about, really, two edges in a manufacturing floor. We talk about an industrial edge that sits, or some people call it a far edge or a thin edge, sits way down on that plant. Consists of industrial hardened devices that do that connectivity, the hard stuff, about how do I connect to this obsolete legacy protocol and what do I do with it? And create that next generation of data that has context. And then we see another edge evolving above that which is much more of a data and analytics and enterprise grade application layer that sits down in the factory itself that helps figure out where we're going to run this. Is... Does it connect to the cloud? Do we run applications on-prem? Because a lot of times that on-prem application is needs to be done because that's the only way it's going to work. Because of security requirements. Because of latency requirements, performance, and a lot of times, cost. It's really helpful to build that multiple edge strategy because then you consolidate all of those resources, applications, infrastructure, hardware, into a centralized location. Makes it much, much easier to really deploy and manage that security. But it also makes it easier to deploy new applications, new use cases, and become the foundation for DXC's expertise in applications that they deliver to our customers as well. >> Todd, how complex are these projects? I mean, I feel like it's kind of the digital equivalent of building the Hoover Dam. I mean, it... So, yeah, how long does a typical project take? I know it varies, but what, you know, what are the critical success factors in terms of delivering business value quickly? >> Yeah, that's a great question in that we're, you know, like I said at the beginning, this is not new smart factory and Industry 4.0 is not new. It's been... It's people have been trying to implement the holy grail of smart factory for a long time. And what we're seeing is a switch, a little bit of a switch or quite a bit of a switch, to where the enterprise and the IT folks are having a much bigger say and have a lot to offer to be able to help that complexity. So instead of deploying a computer here and a gateway there and a server there. I mean, you go walk into any manufacturing plant and you can see servers sitting underneath someone's desk or a PC in a closet somewhere running a a critical production application. So we're seeing the enterprise have a much bigger say at the table. Much louder voice at the table to say, "We've been doing this enterprise all the time. We know how to really consolidate, bring hyper-converged applications, hyper-converged infrastructure, to really accelerate these kind of applications. Really accelerate the outcomes that are needed to really drive that smart factory." And start to bring that same capabilities down into the Mac on the factory floor. That way, if you do it once to make it easier to implement you can repeat that. You can scale that. You can manage it much easily. And you can then bring that all together because you have the security in one centralized location. So we're seeing manufacturers... Yeah, that first use case may be fairly difficult to implement and we got to go down in and see exactly what their problems are. But when the infrastructure is done the correct way, when that... Think about how you're going to run that and how are you going to optimize the engineering. Well, let's take that what you've done in that one factory and then set. Let's that, make that across all the factories including the factory that we're in, but across the globe. That makes it much, much easier. You really do the hard work once and then repeat almost like a cookie cutter. >> Got it, thank you. Aditi, what about the skillsets available to apply these to these projects? You got to have knowledge of digital, AI, data, integration. Is there a talent shortage to get all this stuff done? >> Yeah, I mean, definitely. Different types of skillsets are needed from a traditional manufacturing skillset, right. Of course, the basic knowledge of manufacturing is important. But the digital skillsets, like, you know, IoT. Having a skillset in different protocols for connecting the machines, right. That experience that comes with it. Data and analytics, security, augmented virtual reality, programming. You know, again, looking at robotics and the digital twin. So, you know, it's a lot more connectivity software data-driven skillsets that are needed to smart factory to life at scale. And, you know, lots of firms are, you know, recruiting these types of resources with these skillsets to, you know, accelerate their smart factory implementation as well as consulting firms like DXC technology and others. We recruit. We train our talent to provide these services. >> Got it. Aditi, I wonder if we could stay on you. Let's talk about the partnership between DXC and Dell. What are you doing specifically to simplify the move to industry 4.0 for customers? What solutions are you offering? How are you working together, Dell and DXC, to bring these to market? >> Yeah, I... Dell and DXC have a very strong partnership, you know, and we work very closely together to create solutions, to create strategies, and how we are going to jointly help our clients, right. So. Areas that we have worked closely together is edge compute, right. How that impacts the smart factory. So we have worked pretty closely in that area. We're also looked at vision technologies, you know. How do we use that at the edge to improve the quality of products, right. So we have several areas that we collaborate in and our approach is that we want to bring solutions to our client and as well as help them scale those solutions with the right infrastructure, the right talent, and the right level of security. So we bring a comprehensive solution to our clients. >> So, Todd, last question. Kind of similar but different. You know, why Dell DXC? Pitch me. What's different about this partnership? You know, where are you confident that, you know, you're going to deliver the best value to customers? >> Absolutely, great question. You know, there's no shortage of bespoke solutions that are out there. There's hundreds of people that can come in and do individual use cases and do these things and just... And that's where it ends. What Dell and DXC Technology together bring to the table is we do the optimization of the engineering of those previously bespoke solutions upfront, together. Right. The power of our scalables, enterprise grade, structured, you know, industry standard infrastructure as well as our expertise in delivering package solutions that really accelerate with DXC's expertise and reputation as a global trusted advisor. Be able to really scale and repeat those solutions that DXC is so really, really good at. And Dell's infrastructure and our, what, 30,000 people across the globe that are really, really good at that scalable infrastructure to be able to repeat. And then it really lessens the risk that our customers have and really accelerates those solutions. So it's, again, not just one individual solutions. It's all of the solutions that not just drive use cases but drive outcomes with those solutions. >> Yeah, you're right. The partnership has gone... I mean, I first encountered it back in, I think, it was 2010, May of 2010. We had you guys both on the queue... I think we were talking about converged infrastructure and I had a customer on, and it was actually manufacturing customer. Was quite interesting. And back then it was how do we kind of replicate what's coming in the cloud? And you guys have obviously taken it into the digital world. Really want to thank you for your time today. Great conversation. And love to have you back. >> Thank you so much. >> Absolutely. >> It was a pleasure speaking with you. >> I agree. >> All right, keep it right there for more discussions that educate and inspire on theCUBE.

(upbeat music) >> Hello, beautiful cloud community, and welcome back to AWS reInvent. It is day four here in fabulous Las Vegas, Nevada. My voice can feel it, clearly. I'm Savannah Peterson with my co-host Paul Gillin. Paul, how you doing? >> Doing fine, Savannah. >> Are your feet about where my voice is? >> Well, getting little rest here as we have back to back segments. >> Yeah, yeah, we'll keep you off those. Very excited about this next segment. We get to have a chat with one of our very favorite analysts, Keith Townsend. Welcome back to theCUBE. >> Savannah Page. I'm going to use your south names, Savannah Page. Thank you for having me, Paul. Good to see you again. It's been been too long since CubeCon Valencia. >> Valencia. >> Valencia. >> Well at that beautiful lisp, love that. Keith, how's the show been for you so far? >> It has been great. I tweeted it a couple of days ago. Amazon reInvent is back. >> Savannah: Whoo! Love that. >> 50, 60 thousand people, you know? After 40 thousand, I stop countin'. It has been an amazing show. I don't know if it's just the assignment of returning, but easily the best reInvent of the four that I've attended. >> Savannah: Love that. >> Paul: I love that we have you here because, you know, we tend to get anchored to these desks, and we don't really get a sense of what's going on out there. You've been spending the last four days traversing the floor and talking to people. What are you hearing? Are there any mega themes that are emerging? >> Keith: So, a couple of mega themes is... We were in the Allen session with Adam, and Adam bought up the idea of hybrid cloud. At the 2019 show, that would be unheard of. There's only one cloud, and that's the AWS cloud, when you're at the Amazon show. Booths, folks, I was at the VMware booth and there's a hybrid cloud sign session. People are talking about multicloud. Yes, we're at the AWS show, but the reality that most customers' environments are complex. Adam mentioned that it's hybrid today and more than likely to be hybrid in the future in Amazon, and the ecosystem has adjusted to that reality. >> Paul: Now, is that because they want sell more outposts? >> You know, outpost is definitely a part of the story, but it's a tactile realization that outposts alone won't get it. So, you know, from Todd Consulting, to Capgemini, to PWC, to many of the integrations on the show floor... I even saw company that's doing HP-UX in the cloud or on-prem. The reality is these, well, we've deemed these legacy systems aren't going anywhere. AWS announced the mainframe service last year for converting mainframe code into cloud workloads, and it's just not taking on the, I think, the way that the Amazon would like, and that's a reality that is too complex for all of it to run in the cloud. >> Paul: So it sounds like the strategy is to envelop and consume then if you have mainframe conversion services and HP-UX in the cloud, I mean, you're talking about serious legacy stuff there. >> Keith: You're talking about serious legacy stuff. They haven't de-emphasized their relationship with VMware. You know, hybrid is not a place, it is a operating model. So VMware cloud on AWS allows you to do both models concurrently if you have those applications that need layer two. You have these workloads that just don't... SAP just doesn't... Sorry, AWS, SAP in the cloud and EC2 just doesn't make financial sense. It's a reality. It's accepting of that and meeting customers where they're at. >> And all the collaboration, I mean, you've mentioned so many companies in that answer, and I think it's very interesting to see how much we're all going to have to work together to make the cloud its own operating system. Cloud as an OS came up on our last conversation here and I think it's absolutely fascinating. >> Keith: Yeah, cloud is the OS I think is a thing. This idea that I'm going to use the cloud as my base layer of abstraction. I've talked to a really interesting startup... Well actually it's a open source project cross plane of where they're taking that cloud model and now I can put my VMware vsphere, my AWS, GCP, et cetera, behind that and use that operating model to manage my overall infrastructure. So, the maturity of the market has fascinated me over the past year, year and a half. >> It really feels like we're at a new inflection point. I totally agree. I want to talk about something completely different. >> Keith: Okay. >> Because I know that we both did this challenge. So one of the things that's really inspiring quite frankly about being here at AWS reInvent, and I know you all at home don't have an opportunity to walk the floor and get the experience and get as many steps as Paul gets in, but there's a real emphasis on giving back. This community cares about giving back and AWS is doing a variety of different activations to donate to a variety of different charities. And there's a DJ booth. I've been joking. It kind of feels like you're arriving at a rave when you get to reInvent. And right next to that, there is a hydrate and help station with these reusable water bottles. This is actually firm. It's not one of those plastic ones that's going to end up in the recycled bin or the landfill. And every single time that you fill up your water bottle, AWS will donate $3 to help women in Kenya get access to water. One of the things that I found really fascinating about the activation is women in sub-Saharan Africa spend 16 million hours carrying water a day, which is a wild concept to think about, and water is heavy. Keith, my man, I know that you did the activation. They had you carrying two 20 pound jugs of water. >> Keith: For about 15 feet. It's not the... >> (laughs) >> 20 pound jugs of water, 20 gallons, whatever the amount is. It was extremely heavy. I'm a fairly sizeable guy. Six four, six five. >> You're in good shape, yeah. >> Keith: Couple of a hundred pounds. >> Yeah. >> Keith: And I could not imagine spending that many hours simply getting fresh water. We take it for granted. Every time I run the water in the sink, my family gets on me because I get on them when they leave the sink water. It's like my dad's left the light on. If you leave the water on in my house, you are going to hear it from me because, you know, things like this tickle in my mind like, wow, people walk that far. >> Savannah: That's your whole day. >> Just water, and that's probably not even enough water for the day. >> Paul: Yeah. We think of that as being, like, an 18th century phenomenon, but it's very much today in parts of Sub-Saharan Africa. >> I know, and we're so privileged. For me, it was just, we work in technology. Everyone here is pretty blessed, and to do that activation really got my head in the right space to think, wow I'm so lucky. The team here, the fabulous production team, can go refill my water bottle. I mean, so simple. They've also got a fitness activation going on. You can jump on a bike, a treadmill, and if you work out for five minutes, they donate $5 to Fred Hutch up in Seattle. And that was nice. I did a little cross-training in between segments yesterday and I just, I really love seeing that emphasis. None of this matters if we're not taking care of community. >> Yeah, I'm going to go out and google Fred Hutch, and just donate the five bucks. 'Cause I'm not, I'm not. >> (laughs) >> I'll run forever, but I'm not getting on a bike. >> This from a guy who did 100 5Ks in a row last year. >> Yeah. I did 100 5Ks in a row, and I'm not doing five minutes on a bike. That's it. That's crazy, right? >> I mean there is a treadmill And they have the little hands workout thing too if you want. >> About five minutes though. >> Savannah: I know. >> Like five minutes is way longer than what you think it is. >> I mean, it's true. I was up there in a dress in sequence. Hopefully, I didn't scar any anyone on the show floor yesterday. It's still toss up. >> I'm going to take us back to back. >> Take us back Paul. >> Back to what we were talking about. I want to know what you're hearing. So we've had a lot of people on this show, a lot of vendors on the show who have said AWS is our most important cloud partner, which would imply that AWS's lead is solidifying its lead and pulling away from the pack as the number one. Do you hear that as well? Or is that lip service? >> Keith: So I always think about AWS reInvent as the Amazon victory lap. This is where they come and just thumb their noses at all the other cloud providers and just show how far ahead they're are. Werner Vogels, CTO at Amazon's keynotes, so I hadn't watched it yet, but at that keynote, this is where they literally take the victory lap and say that we're going to expose what we did four or five years ago on stage, and what we did four or five years ago is ahead of every cloud provider with maybe the exception of GCP and they're maybe three years behind. So customers are overwhelmingly choosing Amazon for these reasons. Don't get me wrong, Corey Quinn, Gardner folks, really went at Adam yesterday about Amazon had three majors outages in December last year. AWS has way too many services that are disconnected, but from the pure capability, I talked to a born in the cloud data protection company who could repatriate their data protection and storage on-prem private data center, save money. Instead, they double down on Amazon. They're using, they modernize their application and they're reduced their cost by 60 to 70%. >> Massive. >> This is massive. AWS is keeping up with customers no matter where they're at on the spectrum. >> Savannah: I love that you use the term victory lap. We've had a lot of folks from AWS here up on the show this week, and a couple of them have said they live for this. I mean, and it's got to be pretty cool. You've got 70 thousand plus people obsessed with your product and so many different partners doing so many different things from the edge to hospital to the largest companies on earth to the Israeli Ministry of Defense we were just talking about earlier, so everybody needs the cloud. I feel like that's where we're at. >> Keith: Yeah, and the next step, I think the next level opportunity for AWS is to get to that analyst or that citizen developer, being able to enable the end user to use a lambda, use these data services to create new applications, and the meanwhile, there's folks on the show floor filling that gap that enable develop... the piece of owner, the piece of parlor owner, to create a web portal that compares his prices and solutions to other vendors in his area and adjust dynamically. You go into a restaurant now and there is no price menu. There's a QR code that Amazon is powering much of that dynamic relationship between the restaurateur, the customer, and even the menu and availability. It's just a wonderful time. >> I always ask for the print menu. I'm sorry. >> Yeah. You want the printed menu. >> Look down, my phone doesn't work. >> Gimme something I could shine my light on. >> I know you didn't have have a chance to look at Vogel's keynote yet, but I mean you mentioned citizen developer. One of the things they announced this morning was essentially a low code lambda interface. So you can plug, take your lamb dysfunctions and do drag and drop a connection between them. So they are going after that market. >> Keith: So I guess I'll take my victory lap because that was my prediction. That's where Amazon's next... >> Well done, Keith. >> Because Lambda is that thing when you look at what server list was and the name of the concept of being, not having to have to worry about servers in your application development, the logical next step, I won't take too much of a leap. That logical first step is, well, code less code. This is something that Kelsey Hightower has talked about a lot. Low code, no code, the ability to empower people without having these artificial barriers, learning how to code in a different language. This is the time where I can go to Valencia, it's pronounced, where I can go to Valencia and not speak Spanish and just have my phone. Why can't we do, at business value, for people who have amazing ideas and enable those amazing ideas before I have to stick a developer in between them and the system. >> Paul: Low-code market is growing 35% a year. It's not surprising, given the potential that's out there. >> And as a non-technical person, who works in technology, I've been waiting for this moment. So keep predicting this kind of thing, Keith. 'Cause hopefully it'll keep happening. Keith, I'm going to give you the challenge we've been giving all of our guests this week. >> Keith: Okay. >> And I know you're going to absolutely crush this. So we are looking for your 32nd Instagram real, sizzle hot take, biggest takeaway from this year's show. >> So 32nd Instagram, I'll even put it on TikTok. >> Savannah: Heck yeah. >> Hybrid cloud, hybrid infrastructure. This is way bigger than Amazon. Whether we're talking about Amazon, AWS, I mean AWS's solutions, Google Cloud, Azure, OCI, on-prem. Customers want it all. They want a way to manage it all, and they need the skill and tools to enable their not-so-growing work force to do it. That is, that's AWS reInvent 2019 to 2022. >> Absolutely nailed it. Keith Townsend, it is always such a joy to have you here on theCUBE. Thank you for joining us >> Savannah Page. Great to have you. Paul, you too. You're always a great co-host. >> (laughs) We co-hosted for three days. >> We've got a lot of love for each other here. And we have even more love for all of you tuning into our fabulous livestream from AWS reInvent Las Vegas, Nevada, with Paul Gillin. I'm Savannah Peterson. You're watching theCUBE, the leader in high tech coverage. (upbeat music)

(gentle music) >> Good morning, fellow cloud nerds, and welcome back to day four of AWS re:Invent. We are here in fabulous Las Vegas, Nevada. I'm joined by my cohost Paul Gillin. I'm Savannah Peterson. We're on theCUBE. Paul, how you doing? You doing well? >> We're staggering to the conclusion. >> (laughing) It's almost the end then. >> And I say that only talking about my feet. This event is still going strong. The great keynote this morning by Werner Vogels about system architecture and really teaching 70,000 people how to design systems. AWS really taking advantage of this event to educate its customer base and- >> So much education here. >> Yeah, and that was a fantastic sort of cap to the keynotes we've seen this week. >> Yeah, I'm impressed Paul, our first AWS re:Invent. I think we're doing pretty good all things considered. >> Well, we're still alive. >> And our next guest actually looks like he's been sleeping this week, which is remarkable. Please welcome Ayal to the show. Ayal, how you doing today? >> I'm good, I'm good. Thank you for having me. >> It's our pleasure. You're with Anjuna. >> Yes. >> Just in case the audience isn't familiar, what's Anjuna? >> Anjuna is an enterprise security company. We focus in the space of confidential computing. And essentially we enable people to run anything they want in any environment with complete security and privacy. >> Which is a top priority for pretty much every single person here. >> Ayal: That is true. >> Now, confidential computing, I keep hearing that term. >> Yeah, let's go there. >> Is it, I mean, is there a trademark associated with it? Is there a certification? Is the concept or is it actually a set of principles and frameworks? >> Savannah: Give us the scoop. >> Yeah, so confidential computing is essentially a set of technologies that were added to the hardware itself, to the CPU, and now to GPUs by the hardware vendors. So Intel, AMD, Arm, Nvidia AWS with their own hardware solution for this. And essentially what it allows you to do is to run workloads on top of the CPU and the GPU in a way that even if somebody gets full access to the infrastructure, you know, root access, physical access, they're not going to have any access to the data and the code running on top of it. And as you can imagine in cloud environments, this is extremely, extremely (indistinct). >> And this done through encryption? >> It involves encryption. If you go one step deeper, it involves protecting the data while it's running, data and memory, when the application is processing it. Which is always been the missing piece in terms of where you protect data. >> So I got excited when I looked at the show notes because you are serving some of the most notoriously security strict customers in the market. Can you tell us about the Israeli Ministry of Defense? >> Sure. So essentially what we do with the Israel Ministry of Defense and other customers, especially on the on the government side, one of the challenges government has is that they have to, if they want security and privacy in the cloud, they have to use something like a gov cloud. And sometimes that makes sense, but sometimes either the gov cloud is not ready because of legal battles or just it takes time to set it up. In some countries, it's just not going to make financial sense for the clouds to create a gov cloud. So what we do is we enable them to run in the commercial cloud with the security and privacy of a gov cloud. >> Was that, I can imagine, so you took them to the public cloud, correct? >> Ayal: Yes. >> Was that a challenging process? When I think of national security, I can imagine a business transformation like that would be a little nerve-wracking. >> Oh, definitely. It was a long process and they went like, "This is probably one of the best security experts on the planet." And they went extremely deep in making sure that this aligns with what they would be able to do to actually move sensitive data to the commercial cloud. Which, obviously, that the requirements are higher than anything I've ever seen from anybody else. And the fact that they were willing to publicly talk about this and be a public reference for us shows the level of confidence that they have in the underlying technology, in the security and privacy that this allows them to achieve. >> We still hear reservations, particularly from heavily regulated industries, about moving into the cloud. Concerns about security, data ownership, shared responsibility. >> Ayal: Yes. >> Are those real, are those valid? Or is the technology foundation now strong enough that they should not be worried about those things? >> Yeah, this is an excellent question, because the the shared responsibility model, is exactly sort of the core of what this is about. The shared responsibility model essentially means the cloud's, sort of by definition, the cloud is somebody else managing the infrastructure for you, right? And if somebody's managing the infrastructure for you they have full access to what you do on top of that infrastructure. That's almost the definition. And that's always been sort of one of the core security problems that was never solved. Confidential computing solves this. It means that you can use the cloud without the clouds having any access to what you do on top of their infrastructure. And that means that if the clouds get hacked, your data is safe. If an employee of the cloud decides to get access to your data, they can't. They just don't have any access. Or if the government comes to the cloud with a subpoena, the clouds can't give them access to your data, which is obviously very important for European customers and other customers outside of the US. So this is essentially what confidential computing does and it allows to break that shared responsibility model, where you as the customer get full control of your data back. >> Now, do you need the hardware foundation to do that? Or are you solving this problem in software? >> No. So we do need a hardware foundation for this which is now available in every cloud. And it's part of every server CPU that Intel ship, that AMD ship. This is part of almost every data center in AWS. But what we bring to the table at Anjuna, is every time there was a fundamental shift in computer architecture, you needed a software stack on top of it to essentially make it usable. And I think the best last example was VMware, right? But virtualization was extremely powerful technology that nobody was using until VMware built a software stack to make it super simple to virtualize anything. And to some extent that was the birth of the public cloud. We would never have a public cloud without virtualization. We're seeing the same level of shift now with confidential computing on the hardware side. And all the large players are behind this. They're all part of the confidential computing consortium that pushes this. But the challenge customers are running into, is for them to go use this they have to go refactor and rebuild every application. >> Why? >> And nobody's going to go do that. And that's exactly what we help them with. >> Yeah. >> In terms of why, as part of confidential computing, what it essentially means is that the operating system is outside the cross cycle. You, you don't want to cross the operating system because you don't want somebody with root access to have any access to your data. And what this means is every application obviously communicates with the operating system pretty often, right? To send something to the network or some, you know, save something to the file system, which means you have to re-architect your application and break it into two: a confidential piece and a piece that's communicating with the operating system and build some channel for the two sides to communicate. Nobody's going to go do that for every application. We allow you to essentially do something like Anjuna run application and it just runs in a confidential computing environment. No changes. >> Let's talk a little bit more about that. So when we're thinking about, I think we've talked a little bit about it, but I think there's a myth of control when we're talking about on-prem. Everybody thinks that things are more secure. >> Right. >> It's not the case. Tell us how enterprise security changes once when a customer has adopted Anjuna. >> Yeah, so I think you're absolutely right. I think the clouds can put a lot more effort and expertise into bringing security than the data center. But you definitely have this sort of more sense of security in your data center because you own the full stack, right? It's your people, it's your servers, it's your networks in the cloud >> Savannah: It's in your house, so to speak. Yeah. >> Exactly. And the cloud is the third party managing all that for you. And people get very concerned about that, and to some extent for a good reason. Because if a breach happens regardless of whose fault it is, the customer's going to be the one sort of left holding the bag and dealing with the aftermath of the breach. So they're right to be concerned. In terms of what we do, once you run things in confidential computing, you sort of solve the core problem of security. One of the core problems of security has always been when somebody gets access to the infrastructure especially root access to the infrastructure, it's game over. They have access to everything. And a lot of how security's been built is almost like these bandaid solutions to try to solve. Like perimeter security is how do I make sure nobody gets access to the infrastructure if they don't need to, right? All these detection solutions is once they're in the infrastructure, how do I detect that they've done something they shouldn't have? A lot of the vulnerability management is how do I make sure everything is patched? Because if somebody gets access how do I make sure they don't get root access? And then they really get access to everything. And conversation computing solves all of that. It solves the root cause, the root problem. So even if somebody gets root access, even if somebody has full access to the infrastructure, they don't have access to anything, which allows you to one, essentially move anything you want to the public cloud regardless, of the sensitivity of it, but also get rid of a lot of these other sort of bandaid solutions that you use today to try to stop people from getting that access because it doesn't matter anymore. >> Okay. So cyber security is a one and a half trillion dollar industry, growing at over 10% a year. Are you saying that if organizations were to adopt confidential computing universally that industry would not be necessary? >> No, I think a lot of it will have to change with confidential computing. Exactly, like the computer industry changed with virtualization. If you had asked when VMware just got started if the data centers are going to like, "Oh, this is going to happen," I don't think anybody could have foreseen this. But this is exactly what virtualization did. Confidential computing will change the the security industry in a massive way, but it doesn't solve every security problem. What it essentially does is it moves the perimeter from the machine itself, which used to be sort of the smallest atom, to be around the workload. And what happens in the machine doesn't matter anymore. You still need to make sure that your workload is protected. So companies that make sure that you write secure code are still going to be needed. Plus you're going to need security for things like denial of service. Because if somebody runs, you know, gets access to their infrastructure, they can stop you from running but your data is going to be protected. You're not going to need any of these data protection solutions around the box anymore. >> Let's hang out there for a second. Where do you see, I mean what an exciting time to be you, quite frankly, and congratulations on all of your success so far. Where are we going in the next two to five years? >> Yeah, I think with confidential computing the first thing that this is going to enable is essentially moving everything to the public cloud. I think the number one concern with the cloud kind of like you mentioned, is security and privacy. >> Savannah: Right. >> And this essentially eliminates that need. And that's why the clouds are so excited about this. That's why AWS talks about it. And I think Steve Schmidt, the of CISO of Amazon, used to be the CISO of AWS, talks about confidential computing as the future of data security and privacy. And there's a reason why he does that. We've seen other clouds talk about this and push this. That's why the clouds are so excited about this. But even more so again, I think over time this will allow you to essentially remove a lot of the security tools that exist there, kind of reimagine security in a better way. >> Savannah: Clean it up a little bit. Yeah. >> Exactly. And over time, I think it's going to change the world of compute even more because one of the things this allows you to do is the closer you get to the edge, the more security and privacy problems you have. >> Savannah: Right. And so many variables. >> Exactly. And it's basically out there in the wild, and people can get physical access. >> Quite literally a lot of the time, yeah. >> Exactly. And what confidential computing does, it provides that complete security and privacy regardless of even if somebody has physical access, which will allow you to move workloads much closer to the edge or to the edge itself instead of sending everything back to your backend to process things. >> We have interviewed a number of security companies here during this event, and I have to say, confidential computing has never come up. They don't talk about it. Why is that? Is there an awareness problem? >> Savannah: Are they threatened? >> Yeah, so I think the biggest, and to some extent, this is exactly like I kept bringing up VMware. Like VMware's, you can think of Salesforce, when they talked about SaaS, they sort of embedded the concept of SaaS. No other company on the planet was talking about SaaS. They created a new category and now almost everything is SaaS. VMware with virtualization, right? Nobody was using it, and now, almost everything is virtualized. Confidential computing is a new way of doing things. It's basically a kind have to shift the way of how you think about security and how you think about privacy. And this is exactly what we're seeing. I don't expect other security companies to talk about this. And to some extent, one of the things I've realized that we're almost more of an infrastructure company than a security company, because we bake security to be part of the infrastructure. But we're seeing more and more the clouds talk about this. The CPU vendors talk about this. We talk to customers more and more. Like almost every large bank I talk to now has a confidential computing strategy for 2023. This is now becoming part of the mainstream. And yeah, security companies will have to adopt or die if they don't fit into that new world that it is going to create >> This is the new world order, baby, get on the train or get left behind. >> Ayal: Exactly. >> I love it. This is a really fascinating conversation and honestly what you're doing makes so much sense. Yeah, you don't need me to validate your business model, but I will, just for the sake of that. >> Thank you. >> We have a new challenge here at re:Invent on theCUBE where we are looking for your 30 second Instagram reel hot take, thought leadership. What's the biggest theme, key takeaway from the show or experience this year for you? >> Yeah, so for me, obviously focusing on confidential computing. I think this is just going to be similar to how no network was encrypted 10 years ago and today every network is encrypted with TLS and HTTPS. And how five years ago no disc was encrypted, and today every disc is encrypted with disc encryption. The one missing piece is memory. Memory is where data is exposed now. I think within a few years all memory is going to be encrypted and it's just going to change two industries: the security industry as well as the computer industry. >> Paul: Does that include cache memory? >> What's that? >> Does that include cache memory? >> That is encrypting the RAM essentially. So everything, this is the one last place where data is not encrypted, and that's exactly what confidential computing brings to the table. >> Are there any performance concerns with encrypting memory? >> That's a phenomenal question. One of the really nice things about confidential computing is that the heavy lifting is done by the hardware vendors themselves as part of the hardware and not part of the critical path in the CPU. It's very similar to the TLS acceleration cards, if you remember those, which allows us to be extremely, extremely performant. And that's why I think this is going to be for everything. Because every time we had a security solution that had no performance impact and was super simple to use it just became the default, because why wouldn't you use it for everything? >> Ayal, this has been absolutely fascinating. We could talk to you all day. Unfortunately, we're out of time. But really thank you so much for coming on the show. Now, we feel more confident in terms of our confidential computing knowledge and definitely learned a lot. Thank all of you for tuning in to our fantastic four day live stream at AWS re:Invent here in Sin City with Paul Gillin. I'm Savannah Peterson. You're watching theCUBE, the leader in high tech coverage. (gentle music)

>>Welcome back here on the Cube. I'm John Walls. We are in Las Vegas at the Venetian, and this is Reinvent 22 in the Executive Summit sponsored by Accenture. Glad to have you with us here as we continue our conversations. I'm joined by Paul Puckett, who's the former director of the Enterprise Cloud Management Services at the US Army. Paul, good to see you sir. Hey, you as well, John. Thank you. And Justin, she who is managing director and cloud go to market lead at Accenture Federal Services. Justin, good morning to you. Good morning, John. Yeah, glad to have you both here on the cube. First time too, I believe, right? Yes sir. Well, welcome. I wish we had some kind of baptism or indoctrination, but I'll see what I can come up with in the next 10 minutes for you. Let's talk about the Army, Paul. So enterprise cloud management, US Army. You know, I can't imagine the scale we're talking about here. I can't imagine the solutions we're talking about. I can't imagine the users we're talking about. Just for our folks at home, paint the picture a little bit of what kind of landscape it is that you have to cover with that kind of title. >>Sure. The United States Army, about 1.4 million people. Obviously a global organization responsible for protecting and defending the United States as part of our sister services in the Department of Defense. And scale often comes up a lot, right? And we talk about any capability to your solution for the United States Army scale is the, the number one thing, but oftentimes people overlook quality first. And actually when you think of the partnership between the Army and Accenture Federal, we thought a lot when it came to establishing the enterprise Cloud management agency that we wanted to deliver quality first when it came to adopting cloud computing and then scale that quality and not so much be afraid of the, the scale of the army and the size that forces us to make bad decisions. Cuz we wanted to make sure that we proved that there was opportunity and value in the cloud first, and then we wanted to truly scale that. And so no doubt, an immense challenge. The organization's been around for now three years, but I think that we've established irreversible momentum when it comes to modernization, leveraging cloud computing >>For the army. So let's back up. You kind of threw it in there, the ecma. So this agency was, was your a collaboration, right? To create from the ground up and it's in three years in existence. So let's just talk about that. What went into that thinking? What went into the planning and then how did you actually get it up and run into the extent that it is today? >>Sure. Well, it was once the enterprise cloud management office. It was a directorate within the, the CIO G six of the United States Army. So at the headquarters, the army, the chief information Officer, and the G six, which is essentially the military arm for all IT capability were once a joint's organization and the ECMO was created to catalyze the adoption of cloud computing. The army had actually been on a, a cloud adoption journey for many years, but there wasn't a lot of value that was actually derived. And so they created the ecma, well, the ECMO at the time brought me in as the director. And so we were responsible for establishing the new strategy for the adoption of cloud. One of the components of that strategy was essentially we needed an opportunity to be able to buy cloud services at scale. And this was part of our buy secure and build model that we had in place. And so part of the buy piece, we put an acquisition strategy together around how we wanted to buy cloud at scale. We called it the cloud account management optimization. OTA >>Just rolls right off the >>Tongue, it just rolls right off the tongue. And for those that love acronyms, camo, >>Which I liked it when I was say cama, I loved that. That was, that was, >>You always have to have like a tundra, a little >>Piece of that. Very good. It was good. >>But at the time it was novetta, no, Nevada's been bought up by afs, but Novea won that agreement. And so we've had this partnership in place now for just about a year and a half for buying cloud computing net scale. >>So let's talk about, about what you deal with on, on the federal services side here, Justin, in terms of the army. So obviously governance, a major issue, compliance, a major issue, security, you know, paramount importance and all that STEM leads up to quality that Paul was talking about. So when you were looking at this and keeping all those factors in, in your mind, right? I mean, how many, like, oh my God, what kind of days did you have? Oh, well, because this was a handful. >>Well, it was, but you could see when we were responding to the acquisition that it was really, you know, forward thinking and forward leaning in terms of how they thought about cloud acquisition and cloud governance and cloud management. And it's really kind of a sleepy area like cloud account acquisition. Everyone's like, oh, it's easy to get in the cloud, you know, run your credit card on Amazon and you're in, in 30 seconds or less. That's really not the case inside the federal government, whether it's the army, the Air Force or whoever, right? Those, those are, they're real challenges in procuring and acquiring cloud. And so it was clear from, you know, Paul's office that they understood those challenges and we were excited to really meet them with them. >>And, and how, I guess from an institutional perspective, before this was right, I I assume very protective, very tight cloistered, right? You, you, in terms of being open to or, or a more open environment, there might have been some pushback was they're not. Right? So dealing with that, what did you find that to be the case? Well, so >>There's kind of a few pieces to unpacking that. There's a lot of fear in trepidation around something you don't understand, right? And so part of it is the teaching and training and the, and the capability and the opportunity in the cloud and the ability to be exceptionally secure when it comes to no doubt, the sensitivity of the information of the Department of Defense, but also from an action acquisition strategy perspective, more from a financial perspective, the DOD is accustomed to buying hardware. We make these big bets of these big things to, to live in today's centers. And so when we talk about consuming cloud as a utility, there's a lot of fear there as well, because they don't really understand how to kind of pay for something by the drink, if you will, because it incentivizes them to be more efficient with their utilization of resources. >>But when you look at the budgeting process of the d od, there really is not that much of incentive for efficiency. The p PPE process, the planning program, budgeting, execution, they care about execution, which is spending money and you can spend a lot of money in the cloud, right? But how are you actually utilizing that? And so what we wanted to do is create that feedback loop and so the utilization is actually fed into our financial systems that help us then estimate into the future. And that's the capability that we partnered with AFS on is establishing the closing of that feedback loop. So now we can actually optimize our utilization of the cloud. And that's actually driving better incentives in the PPE >>Process. You know, when you think about these keywords here, modernized, digitized, data driven, so on, so forth, I, I don't think a lot of people might connect that to the US government in general just because of, you know, it's a large intentionally slow moving bureaucratic machine, right? Is that fair to characterize it that way? It >>Is, but not in this case. Right? So what we done, >>You you totally juxtapose that. Yeah. >>Yeah. So what we've done is we've really enabled data driven decision making as it relates to cloud accounts and cloud governance. And so we have a, a tool called Cloud Tracker. We deployed for the army at a number of different classifications, and you get a full 360 view of all of your cloud utilization and cloud spend, you know, really up to date within 24 hours of it occurring, right? And there a lot of folks, you know, they didn't never went into the console, they never looked at what they were spending in cloud previously. And so now you just go to a simple web portal and see the entire entirety of the army cloud spend right there at your fingertips. So that really enables like better decision making in terms of like purchasing savings plans and reserved instances and other sorts of AWS specific tools to help you save money. >>So Paul, tell me about Cloud Tracker then. Yeah, I mean from the client side then, can you just say this dashboard lays it out for you right? In great detail about what kind of usage, what kind of efficiencies I assume Yeah. What's working, what's not? >>Absolutely. Well, and, and I think a few things to unpack that's really important here is listen, any cloud service provider has a concept. You can see what you're actually spending. But when it comes to money in the United States government, there are different colors of money. There's regulations when it comes to how money is identified for different capabilities or incentives. And you've gotta be very explicit in how you track and how you spend that money from an auditability perspective. Beyond that, there is a move when it comes to the technology business management, which is the actual labeling of what we actually spend money on for different services or labor or software. And what Cloud Tracker allows us to do is speak the language of the different colors of money. It allows us to also get very fine grain in the actual analysis of, from a TBM perspective, what we're spending on. >>But then also it has real time hooks into our financial systems for execution. And so what that really does for us is it allows us to complete the picture, not just be able to see our spend in the cloud, but also be able to able to see that spending context of all things in the P P P E process as well as the execution process that then really empowers the government to make better investments. And all we're seeing is either cost avoidance or cost savings simply because we're able to close that loop, like I said. Yep. And then we're able to redirect those funds, retag them, remove them through our actual financial office within the headquarters of the army, and be able to repurpose that to other modernization efforts that Congress is essentially asking us to invest >>In. Right. So you know how much money you have, basically. Exactly. Right. You know how much you've already spent, you know how you're spending it, and now you how much you have left, >>You can provide a reliable forecast for your spend. >>Right. You know, hey, we're, we're halfway through this quarter, we're halfway through the, the fiscal year, whatever the case might be. >>Exactly. And the focus on expenditures, you know, the government rates you on, you know, how much have you spent, right? So you have a clear total transparency into what you're going to spend through the rest of the fiscal. Sure. >>All right. Let's just talk about the relationship quickly then about going forward then in terms of federal services and then what on, on the, the US Army side. I mean, what now you've laid this great groundwork, right? You have a really solid foundation where now what next? >>We wanna be all things cloud to the army. I mean, we think there's tremendous opportunity to really aid the modernization efforts and governance across the holistic part of the army. So, you know, we just, we want to, we wanna do it all with the Army as much as we can. It's, it's, it's a fantastic >>Opportunity. Yeah. AFS is, is in a very kind of a strategic role. So as part of the ecma, we own the greater strategy and execution for adoption of cloud on behalf of the entire army. Now, when it comes to delivery of individual capabilities for mission here and there, that's all specific to system owners and different organizations. AFS plays a different role in this instance where they're able to more facilitate the greater strategy on the financial side of the house. And what we've done is we've proven the ability to adopt cloud as a utility rather than this fixed thing, kind of predict the future, spend a whole bunch of money and never use the resource. We're seeing the efficiency for the actual utilization of cloud as a utility. This actually came out as one of the previous NDAs. And so how we actually address nda, I believe it was 2018 in the adoption of cloud as a utility, really is now cornerstone of modernization across all of the do d and really feeds into the Jo Warfighting cloud capability, major acquisition on behalf of all of the D O D to establish buying cloud as just a common service for everyone. >>And so we've been fortunate to inform that team of some of our lessons learned, but when it comes to the partnership, we just see camo moving into production. We've been live for now a year and a half. And so there's another two and a half years of runway there. And then AFS also plays a strategic role at part of our cloud enablement division, which is essentially back to that teaching part, helping the Army understand the opportunity of cloud computing, align the architectures to actually leverage those resources and then deliver capabilities that save soldier's >>Lives. Well, you know, we've, we've always known that the Army does its best work on the ground, and you've done all this groundwork for the military, so I'm not surprised, right? It's, it's a winning formula. Thanks to both of you for being with us here in the executive summit. Great conversation. Awesome. Thanks for having us. A good deal. All right. Thank you. All right. You are watching the executive summit sponsored by Accenture here at Reinvent 22, and you're catching it all on the cube, the leader in high tech coverage.

(lighthearted music) >> Hey all. Welcome back to theCube's coverage of Kubecon North America '22 CloudNativeCon. We're in Detroit. We've been here all day covering day one of the event from our perspective. Three days of coverage coming at you. Lisa Martin here with John Furrier. John, a lot of buzz today. A lot of talk about the maturation of Kubernetes with different services that vendors are offering. We talked a little bit about security earlier today. One of the things that is a hot topic is national security. >> Yeah, this is a huge segment we got coming up. It really takes that all that nerd talk about Kubernetes and puts it into action. We actually see demonstrable results. This is about advanced artificial intelligence for tactical decision making at the edge to support our military operations because a lot of the deaths are because of bad technology. And this has been talked about. We've been covering Silicon Angle, we wrote a story there now on this topic. This should be a really exciting segment so I'm really looking forward to it. >> Excellent, so am I. Please welcome back one of our alumni, Nick Barcet senior director, customer led open innovation at Red Hat. Great to have you back. Greg Forrest joins us as well from Lockheed Martin Director of AI Foundations. Guys, great to have you on the program. Nick, what's been your perception before we dig into the news and break that open of KubeCon 2022? >> So, KubeCon is always a wonderful event because we can see people working with us in the community developing new stuff, people that we see virtually all year. But it's the time at which we can really establish human contact and that's wonderful. And it's also the moments where we can make big topic move forward and the topics have been plenty at this KubeCon from MicroShift to KCP, to AI, to all domains have been covered. >> Greg, you're the director of AI foundations at Lockheed Martin. Obviously well known, contractors to the military lot of intellectual property, storied history. >> Greg: Sure. >> Talk about this announcement with Red Hat 'cause I think this is really indicative of what's happening at the edge. Data, compute, industrial equipment, and people, in this case lives are in danger or to preserve peace. This is a killer story in terms of understanding what this all means. What's your take on this relationship with Red Hat? What's the secret sauce? >> Yeah, it's really important for us. So part of our 21st century security strategy as a company is to partner with companies like Red Hat and Big Tech and bring the best of the commercial world into the Department of Defense for our soldiers on the ground. And that's exactly what we announced today or Tuesday in our partnership. And so the ability to take commercial products and utilize them in theater is really important for saving lives on the ground. And so we can go through exactly what we did as part of this demonstration, but we took MicroShift at the edge and we were able to run our AI payloads on that. That provided us with the ability to do things like AI based RF sensing, so radio frequency sensing. And we were also able to do computer vision based technologies at the edge. So we went out, we had a small UAV that went out and searched for a target on the ground. It found a target using its radio frequency capabilities, the RF capabilities. Then once we're able to hone in on that target, what Red Hat device edge and MicroShift enables us to do is actually then switch sensing modalities. And then we're able to look at this target via the camera and use computer vision-based technologies to actually more accurately locate the target and then track that target in real time. So that's one of the keys to be able to actually switch modalities in real time on one platform is really important for our joint all domain operations construct. The idea of how do you actually connect all of these assets in the environment, in the battle space. >> Talk about the challenge and how hard it is to do this. The back haul, you'll go back to the central server, bring data back, connecting things. What if there's insecurity around connectivity? I mean there's a lot of things going, can you just scope the magnitude of how hard it's to actually deploy something at a tactical edge? >> It is. There's a lot of data that comes from all of these sensors, whether they're RF sensors or EO or IR. We're working across multiple domains, right? And so we want to take that data back and train on that and then redeploy to the edge. And so with MicroShift, we're able to do that in a way that's robust, that's repeatable, and that's automated. And that really instills trust in us and our customers that when we deploy new software capabilities to the edge over the air, like we did in this demonstration that they're going to run right on the target hardware. And so that's a huge advantage to what we're doing here that when we push software to the edge in real time we know it's going to run. >> And in realtime is absolutely critical. We talk about it in so many different industries. Oh, it's customers expect realtime access whether it's your banking app or whatnot. But here we're talking about literally life and death situations on the battlefield. So that realtime data access is literally life and death. >> It's paramount to what we're doing. In this case, the aircraft started with one role which was to go find a radio frequency admitter and then switch roles to then go get cameras and eyes on that. So where is that coming from? Are there people on the ground? Are there dangerous people on the ground? And it gives the end user on the ground complete situational awareness of what is actually happening. And that is key for enhanced decision making. Enhanced decision making is critical to what we're doing. And so that's really where we're advancing this technology and where we can save lives. >> I read a report from General Mattis when he was in service that a lot of the deaths are due to not having enough information really at the edge. >> Greg: Friendly fire. >> Friendly fire, a lot of stuff that goes on there. So this is really, really important. Nick, you're sitting there saying this is great. My customer's talking about the product. This is your innovation, Red Hat device edge in action. This is real. This is industrial- >> So it's more than real. Actually this type of use case is what convinced us to transform a technology we had been working on which is a small form factor of Kubernetes to transform it into a product. Because sometimes, US engineers have a tendency to invent stuff that are great on paper, but it's a solution trying to find a problem. And we need customers to work with us to make sure that do solution do solve a real problem. And Lockheed was great. Worked with us upstream on that project. Helped us prove out that the concept was actually worth it and we waited until Lockheed had tested the concept in the air. >> Okay, so Red Hat device edge and MicroShift, explain that, how that works real quick for the folks that don't know. So one of the thing we learned is that Kubernetes is great but it's only part of the journey. In order to get those workloads on those aircraft or in order to get those workloads in a factory, you also need to consider the full life cycle of the device itself. And you don't handle a device that is inside of a UAV or inside of a factory the same way you handle a server. You have to deal with those devices in a way that is much more akin to a setup box. So we had to modify how the OS was behaving to deal with devices and we reduced what we had built in real for each edge aspect and combined it with MicroShift and that's what became with that Red Hat device edge. >> We're in a low SWAP environment, space, weight and power, right? Or very limited, We're on a small UAS in this demonstration. So the ability to spool up and spool down containers and to save computing power and to do that on demand and orchestrate that with MicroShift is paramount to what we're doing. We wouldn't be able to do it without that capability. >> John: That's awesome. >> I want to get both of your opinions. Nick, we'll start with you and then Greg we'll go to you. In terms of MicroShift , what is its superpower? What differentiates it from other competing solutions in the market? >> So MicroShift is Kubernetes but reduced to the strict minimum of a runtime version of Kubernetes so that it takes a minimal footprint so that we maximize the space available for the workload in those very constraints environments. On a board where you have eight or 16 gig of RAM, if you use only two gig of that to run the infrastructure component, you leave the rest for the AI workload that you need on the drone. And that's what is really important. >> And these AI payloads, the inference that we're doing at the edge is very compute intensive. So again, the ability to manage that and orchestrate that is paramount to running on these very small board computers. These are small drones that don't have a lot of weight that don't allow a lot of space. >> John: Got to be efficient >> And be efficient with it. >> How were you guys involved? Talk about the relationship. So you guys were tightly involved. Talk about the roles you guys played together. Was it co-development? Was it customer/partner? Talk about the relationship. >> Yeah, so we started actually with satellite. So you can think of small cube sets in a very similar environment to a low powered UAV. And it started there. And then in the last, I would say year or so, Nick we have worked together to develop MicroShift. We work closely on Slack channels together like we're part of the same team. >> John: That's great. >> And hey Red Hat, this is what we need, this is what we're looking for. These are the constraints that we have. And this team has been amazing and just delivered on everything that we've asked for. >> I mean this is really an example of the innovation at the edge, industrial edge specifically. You got an operating system, you got form factor challenges, you got operating parameters. And just to having that flex, you can't just take this and put it over there. >> But it's what really is a community applied to an industrial context. So what happened there is we worked as part of the MicroShift community together with a real time communication channel, the same slack that anybody developing Kubernetes uses we've been using to identify where the problems were, how to solve them, bring new ideas and that's how we tackle these problems. >> Yeah, a true open source model I mean the Red Hat and the Lockheed teams were in it together on a daily basis communicating like we were part of the same company. And and that's really how you move these things forward. >> Yeah, and of course open source is great but also you got to lock down the security. How did you guys handle that? What's going on with the security? 'Cause you got to make sure no take over the devices. >> So the funny thing is that even though what we produce is highly inclusive of security concern, our development model is completely open. So it's not security biopurification, it's security because we apply the best practices. >> John: You see everything. >> Absolutely. >> Yes. >> And then you harden it in the joint development, there it is. >> Yeah, but what we support, what we offer as a product is the same for Lockheed or for any other customer because there is no domain where security is not important. When you control the recognition on a drone or where you control the behavior of a robot in a factory, security is paramount because you can't immobilize a country by infecting a robot the same way you could immobilize a military operation- >> Greg: That's right. >> By infecting a UAV. >> Not to change the subject, but I got to go on a tangent here cause it pops in my head. You mentioned cube set, not related to theCUBE of course. Where theCube for the video. Cube sets are very powerful. People can launch space right now very inexpensively. So it's a highly contested and congested environment. Any space activity going on around the corner with you guys? 'Cause remember the world's not around, it's edge is now in space. Mars is the edge. >> That's right. >> Our first prototype for MicroShift was actually a cube set. >> Greg: That's where it started. >> And IBM project, the project called Endurance. That's the first time we actually put MicroShift into use. And that was a very interesting project, very early version of MicroShift . And now we have talks with many other people on reproducing that at more industrial level this was more like a cool high school project. >> But to your point, the scalability across different platforms is there. If we're running on top of MicroShift on this common OS, it just eases the development. Behind the scenes, we have a whole AI factory at Lockheed Martin where we have a common ecosystem for how we actually develop and deploy these algorithms to the edge. And now we've got a common ecosystem at the edge. And so it helps that whole process to be able to do that in automated ways, repeatable ways so we can instill trust in our DRD customer that the validation of verification of this is a really important aspect. >> John: Must be a fun place to work. >> It is, it's exciting. There's endless opportunities. >> You must get a lot of young kids applying for those jobs. They're barely into the whole. I mean, AI's a hot feel and people want to get their hands on real applications. I was serious about space. Is there space activity going on with you guys or is it just now military edge, not yet military space? Or is that classified? >> Yeah, so we're working across multiple fronts, absolutely. >> That's awesome. >> What excite, oh, sorry John. What excites you most, never a dull moment with what you're doing, but just the potential to enable a safer, a more secure world, what excites you most about this partnership and the direction and the we'll say the trajectory it's going on? >> Yeah, I think, for me, the safer insecure world is paramount to what we're doing. We're here for national defense and for our allies and that's really critical to what we're doing. That's what motivates me. That's what gets me up in the morning to know that there is a soldier on the ground who will be using this technology and we will give be giving that person the situational awareness to make the right decisions at the right time. So we can go from small UAVs to larger aircraft or we can do it in a small confined edge device like a stalker UAV. We can scale this up to different products different platforms and they don't even have to be Lockheed Martin >> John: And more devices that are going to be imagined. >> More devices that we haven't even imagined yet. >> Right, that aren't even on the frontier yet. Nick, what's next from your perspective? >> In the domain we are in, next is always plenty of things. Sustainability is a huge domain right now on which we're working. We have lots of things going on in the AI space, stuff going on with Lockheed Martin. We have things going on in the radio network domain. We've been very heavily involved in telecommunication and this is constantly evolving. There is not one domain that, in terms of infrastructure Red Hat is not touching >> Well, this is the first of multiple demonstrations. The scenarios will get more complex with multiple aircraft and in the future, we're also looking at bringing a lot of the 5G work. Lockheed has put a large focus on 5G.mil for military applications and running some of those workloads on top of MicroShift as well is things to come in the future that we are already planning and looking at. >> Yeah, and it's needed in theater to have connectivity. Got to have your own connectivity. >> It's paramount, absolutely. >> Absolutely, it's paramount. It's game-changing. Guys, thank you so much for joining John and me on theCube talking about how Red Hat and Lockheed Martin are working together to leverage AI to really improve decision making and save more lives. It was a wonderful conversation. We're going to have to have you back 'cause we got to follow this. >> Yeah, of course. >> This was great, thank you so much. >> Thank you very much for having us. >> Lisa: Our pleasure, thank you. >> Greg: Really appreciate it. >> Excellent. For our guests and John Furrier, I'm Lisa Martin. You're watching theCUBE Live from KubeCon CloudNativeCon '22 from Detroit. Stick around. Next guest is going to join John and Savannah in just a minute. (lighthearted music)

>>We're back with Jerome West, product management security lead at for HCI at Dell Technologies Hyper-converged infrastructure. Jerome, welcome. >>Thank you, David. >>Hey, Jerome, In this series, A blueprint for trusted infrastructure, we've been digging into the different parts of the infrastructure stack, including storage, servers and networking, and now we want to cover hyperconverged infrastructure. So my first question is, what's unique about HCI that presents specific security challenges? What do we need to know? >>So what's unique about Hyperconverge infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system, so like a server or a storage system or a virtualization piece of software. I mean, HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft, and internal partners like the Dell Power Edge team, the Dell storage team, the Dell networking team, and on and on. These partnerships, in these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past, we're seeing growing scope and sophistication in supply chain attacks. This mean an attacker is going to attack your software supply chain upstream so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short term solutions and we need long term solutions as well. >>So for the short term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio. We build our software on VMware, so we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily, VX Rail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle so that VMware will produce a patch and within 14 days we will integrate our own code. With the VMware release, we will have tested and validated the update and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, Vxl had over 40 releases of software updates last year for a longer term solution. We're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest, including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co engineer with effective collaborations with our, with our partners. >>Great, Thank you for that. That description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, and to me my takeaway was you gotta have a short term instant patch solution and then you gotta do an integration in a very short time, you know, two weeks to then have that integration done. And then longer term you have to have a software bill of materials so that you can ensure the providence of all the components help us. Is that a right way to think about cybersecurity resilience? Do you have, you know, a additives to that definition? >>I do. I really think that site cybersecurity and resilience for hci, because like I said, it has sort of unprecedented breadth across our portfolio. It's not a single thing, it's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me, let me give you an example. So hci, it's a, basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtual virtualizing hardware functionality, like say a storage controller, you could implement it in a hardware, but for hci, for example, in our VX rail portfolio, we, or our vxl product, we integrate it into a product called vsan, which is provided by our partner VMware. So that portfolio strength is still, you know, through our, through our partnerships. >>So what we do, we integrate these, these security functionality and features in into our product. So our partnership grows to our ecosystem through products like VMware, products like nsx, Verizon, Carbon Black and Bsphere. All of them integrate seamlessly with VMware. And we also leverage VMware's software, par software partnerships on top of that. So for example, VX supports multifactor authentication through bsphere integration with something called Active Directory Federation services for adfs. So there is a lot of providers that support adfs, including Microsoft Azure. So now we can support a wide array of identity providers such as Off Zero or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my my answer, we consume all of the security advantages of our partners, but we also expand on that to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >>Great. I mean that's super helpful. You've mentioned nsx, Horizon, Carbon Black, all the, you know, the VMware component OTH zero, which the developers are gonna love. You got Azure identity, so it's really an ecosystem. So you may have actually answered my next question, but I'm gonna ask it anyway cuz you've got this software defined environment and you're managing servers and networking and storage with this software led approach, how do you ensure that the entire system is secure end to end? >>That's a really great question. So the, the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example, the xra is the market's only co engineered solution with VMware, other vendors sell VMware as a hyperconverged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code and their process dovetails with ours because we have a secure development life cycle, which other products might talk about in their discussions with you that we integrate into our engineering life cycle. So because we follow the same framework, all of the, all of the codes should interoperate from a security standpoint. And so when we do our final validation testing when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >>That's great. All right, let's, let's close pitch me, what would you say is the strong suit summarize the, the strengths of the Dell hyperconverged infrastructure and converged infrastructure portfolio specifically from a security perspective? Jerome? >>So I talked about how hyper hyper-converged infrastructure simplifies security management because basically you're gonna take all of these features that are abstracted in in hardware, they're now abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be, say, you know, in for VX rail would be b be center, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the, the key to making it to hci. Now, what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co engineered, it's not bolted on. So I gave the example of, I gave the example of how we, we modify our software release process with VMware to make it very responsive. >>A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell that's not done through a partnership. So we digitally sign our software updates so you, the user can be sure that the, the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for, for example, the benefit to the customer is you don't have to create a complicated security framework that's hard for your users to use and it's hard for your system administrators to manage. It all comes in a package. So it, it can be all managed through vCenter, for example, or, and then the specific hyper, hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few pains of glass that the, the administrator or user ever has to worry about. It's all self contained and manageable. >>That makes a lot of sense. So you got your own infrastructure, you're applying your best practices to that, like the digital signatures, you've got your ecosystem, you're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason Jerome, this is so important is because SecOps teams, you know, they gotta deal with cloud security, they gotta deal with multiple clouds. Now they have their shared responsibility model going across multiple, They got all this other stuff that they have to worry, they gotta secure containers and the run time and, and, and, and, and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the, the securities is gonna get worse. So what my takeaway is, you're removing that infrastructure piece and saying, Okay guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners to, and your own teams to really nail that. Is that a fair summary? >>I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define, to define and develop a new security feature, the thing I keep foremost in mind is, will this be something our users want to use in our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user friendly and practical. And this is a challenge sometimes because we are, our products operate in highly regulated environments and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I, I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and, and other highly regulated environments, and we're very successful >>There. Excellent. Okay, Jerome, thanks. We're gonna leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry and so would appreciate that. >>I would look forward to it. Thank you very much, Dave. >>You're really welcome. In a moment I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. I wanna thank our guests for their contributions and helping us understand how investments by a company like Dell can both reduce the need for dev sec up teams to worry about some of the more fundamental security issues around infrastructure and have greater confidence in the quality providence and data protection designed in to core infrastructure like servers, storage, networking, and hyper-converged systems. You know, at the end of the day, whether your workloads are in the cloud, OnPrem or at the edge, you are responsible for your own security. But vendor r and d and vendor process must play an important role in easing the burden faced by security devs and operation teams. And on behalf of the cube production content and social teams as well as Dell Technologies, we want to thank you for watching a blueprint for trusted infrastructure. Remember part one of this series as well as all the videos associated with this program, and of course, today's program are available on demand@thecube.net with additional coverage@siliconangle.com. And you can go to dell.com/security solutions dell.com/security solutions to learn more about Dell's approach to securing infrastructure. And there's tons of additional resources that can help you on your journey. This is Dave Valante for the Cube, your leader in enterprise and emerging tech coverage. We'll see you next time.

>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges. And I'm not saying that SecOps pros are not talented, They are. There just aren't enough of them to go around and the adversary is also talented and very creative, and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante and I'm your host now. Previously we looked at what trusted infrastructure means and the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. >>Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that dev sec op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies. And after that we're gonna bring on Mahesh Nagar oim, who was consultant in the networking product management area at Dell. And finally, we're close with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program. Deepak Arage shoes powered security product manager at Dell Technologies. Deepak, great to have you on the program. Thank you. >>Thank you for having me. >>So we're going through the infrastructure stack and in part one of this series we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection in, in security in a manner that both secures infrastructure and minimizes organizational friction. We also hit on the storage part of the portfolio. So now we want to dig into servers. So my first question is, what are the critical aspects of securing server infrastructure that our audience should be aware of? >>Sure. So if you look at compute in general, right, it has rapidly evolved over the past couple of years, especially with trends toward software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds, public cloud locations, remote offices, and also remote workers. So on top of this, there's also an increase in the complexity of the supply chain itself, right? There are companies who are dealing with hundreds of suppliers as part of their supply chain. So all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked, and attacks are becoming more frequent, more severe and more sophisticated. And this has also triggered around in the regulatory and mandates around the security needs. >>And these regulations are not just in the government sector, right? So it extends to critical infrastructure and eventually it also get into the private sector. In addition to this, organizations are also looking at their own internal compliance mandates. And this could be based on the industry in which they're operating in, or it could be their own security postures. And this is the landscape in which servers they're operating today. And given that servers are the foundational blocks of the data center, it becomes extremely important to protect them. And given how complex the modern server platforms are, it's also extremely difficult and it takes a lot of effort. And this means protecting everything from the supply chain to the manufacturing and then eventually the assuring the hardware and software integrity of the platforms and also the operations. And there are very few companies that go to the lens that Dell does in order to secure the server. We truly believe in the notion and the security mentality that, you know, security should enable our customers to go focus on their business and proactively innovate on their business and it should not be a burden to them. And we heavily invest to make that possible for our customers. >>So this is really important because the premise that I set up at the beginning of this was really that I, as of security pro, I'm not a security pro, but if I were, I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I gotta deal with. I want a company like Dell who has the resources to build that security in to deal with the supply chain to ensure the providence, et cetera. So I'm glad you you, you hit on that, but so given what you just said, what does cybersecurity resilience mean from a server perspective? For example, are there specific principles that Dell adheres to that are non-negotiable? Let's say, how does Dell ensure that its customers can trust your server infrastructure? >>Yeah, like when, when it comes to security at Dell, right? It's ingrained in our product, so that's the best way to put it. And security is nonnegotiable, right? It's never an afterthought where we come up with a design and then later on figure out how to go make it secure, right? Our security development life cycle, the products are being designed to counter these threats right from the big. And in addition to that, we are also testing and evaluating these products continuously to identify vulnerabilities. We also have external third party audits which supplement this process. And in addition to this, Dell makes the commitment that we will rapidly respond to any mitigations and vulnerability, any vulnerabilities and exposures found out in the field and provide mitigations and patches for in attacking manner. So this security principle is also built into our server life cycle, right? Every phase of it. >>So we want our products to provide cutting edge capabilities when it comes to security. So as part of that, we are constantly evaluating what our security model is done. We are building on it and continuously improving it. So till a few years ago, our model was primarily based on the N framework of protect, detect and rigor. And it's still aligns really well to that framework, but over the past couple of years, we have seen how computers evolved, how the threads have evolved, and we have also seen the regulatory trends and we recognize the fact that the best security strategy for the modern world is a zero trust approach. And so now when we are building our infrastructure and tools and offerings for customers, first and foremost, they're cyber resilient, right? What we mean by that is they're capable of anticipating threats, withstanding attacks and rapidly recurring from attacks and also adapting to the adverse conditions in which they're deployed. The process of designing these capabilities and identifying these capabilities however, is done through the zero press framework. And that's very important because now we are also anticipating how our customers will end up using these capabilities at there and to enable their own zero trust IT environments and IT zero trusts deployments. We have completely adapted our security approach to make it easier for customers to work with us no matter where they are in their journey towards zero trust option. >>So thank you for that. You mentioned the, this framework, you talked about zero trust. When I think about n I think as well about layered approaches. And when I think about zero trust, I think about if you, if you don't have access to it, you're not getting access, you've gotta earn that, that access and you've got layers and then you still assume that bad guys are gonna get in. So you've gotta detect that and you've gotta response. So server infrastructure security is so fundamental. So my question is, what is Dell providing specifically to, for example, detect anomalies and breaches from unauthorized activity? How do you enable fast and easy or facile recovery from malicious incidents, >>Right? What is that is exactly right, right? Breachers are bound to happen and given how complex our current environment is, it's extremely distributed and extremely connected, right? Data and users are no longer contained with an offices where we can set up a perimeter firewall and say, Yeah, everything within that is good. We can trust everything within it. That's no longer true. The best approach to protect data and infrastructure in the current world is to use a zero trust approach, which uses the principles. Nothing is ever trusted, right? Nothing is trusted implicitly. You're constantly verifying every single user, every single device, and every single access in your system at every single level of your ID environment. And this is the principles that we use on power Edge, right? But with an increased focus on providing granular controls and checks based on the principles of these privileged access. >>So the idea is that service first and foremost need to make sure that the threats never enter and they're rejected at the point of entry, but we recognize breaches are going to occur and if they do, they need to be minimized such that the sphere of damage cost by attacker is minimized so they're not able to move from one part of the network to something else laterally or escalate their privileges and cause more damage, right? So the impact radius for instance, has to be radius. And this is done through features like automated detection capabilities and automation, automated remediation capabilities. So some examples are as part of our end to end boot resilience process, we have what they call a system lockdown, right? We can lock down the configuration of the system and lock on the form versions and all changes to the system. And we have capabilities which automatically detect any drift from that lockdown configuration and we can figure out if the drift was caused to authorized changes or unauthorized changes. >>And if it is an unauthorize change can log it, generate security alerts, and we even have capabilities to automatically roll the firm where, and always versions back to a known good version and also the configurations, right? And this becomes extremely important because as part of zero trust, we need to respond to these things at machine speed and we cannot do it at a human speed. And having these automated capabilities is a big deal when achieving that zero trust strategy. And in addition to this, we also have chassis inclusion detection where if the chassis, the box, the several box is opened up, it logs alerts, and you can figure out even later if there's an AC power cycle, you can go look at the logs to see that the box is opened up and figure out if there was a, like a known authorized access or some malicious actor opening and chain something in your system. >>Great, thank you for that lot. Lot of detail and and appreciate that. I want to go somewhere else now cuz Dell has a renowned supply chain reputation. So what about securing the, the supply chain and the server bill of materials? What does Dell specifically do to track the providence of components it uses in its systems so that when the systems arrive, a customer can be a hundred percent certain that that system hasn't been compromised, >>Right? And we've talked about how complex the modern supply chain is, right? And that's no different for service. We have hundreds of confidence on the server and a lot of these form where in order to be configured and run and this former competence could be coming from third parties suppliers. So now the complexity that we are dealing with like was the end to end approach and that's where Dell pays a lot of attention into assuring the security approach approaching and it starts all the way from sourcing competence, right? And then through the design and then even the manufacturing process where we are wetting the personnel leather factories and wetting the factories itself. And the factories also have physical controls, physical security controls built into them and even shipping, right? We have GPS tagging of packages. So all of this is built to ensure supply chain security. >>But a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any tapper. And we have a feature called the secure component verification, which is capable of doing this. What the feature does this, when the system gets built in a factory, it generates an inventory of all the competence in the system and it creates a cryptographic certificate based on the signatures presented to this by the competence. And this certificate is stored separately and sent to the customers separately from the system itself. So once the customers receive the system at their end, they can run out to, it generates an inventory of the competence on the system at their end and then compare it to the golden certificate to make sure nothing was changed. And if any changes are detected, we can figure out if there's an authorized change or unauthorize change. >>Again, authorized changes could be like, you know, upgrades to the drives or memory and ized changes could be any sort of temper. So that's the supply chain aspect of it and bill of metal use is also an important aspect to galing security, right? And we provide a software bill of materials, which is basically a list of ingredients of all the software pieces in the platform. So what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulner which have been discovered out in the wild affected platform. So that's a quick way of figuring out if the platform has any known vulnerabilities and it has not been patched. >>Excellent. That's really good. My last question is, I wonder if you, you know, give us the sort of summary from your perspective, what are the key strengths of Dell server portfolio from a security standpoint? I'm really interested in, you know, the uniqueness and the strong suit that Dell brings to the table, >>Right? Yeah. We have talked enough about the complexity of the environment and how zero risk is necessary for the modern ID environment, right? And this is integral to Dell powered service. And as part of that like you know, security starts with the supply chain. We already talked about the second component verification, which is a beneath feature that Dell platforms have. And on top of it we also have a silicon place platform mode of trust. So this is a key which is programmed into the silicon on the black service during manufacturing and can never be changed after. And this immutable key is what forms the anchor for creating the chain of trust that is used to verify everything in the platform from the hardware and software integrity to the boot, all pieces of it, right? In addition to that, we also have a host of data protection features. >>Whether it is protecting data at risk in news or inflight, we have self encrypting drives which provides scalable and flexible encryption options. And this couple with external key management provides really good protection for your data address. External key management is important because you know, somebody could physically steam the server walk away, but then the keys are not stored on the server, it stood separately. So that provides your action layer of security. And we also have dual layer encryption where you can compliment the hardware encryption on the secure encrypted drives with software level encryption. Inion to this we have identity and access management features like multifactor authentication, single sign on roles, scope and time based access controls, all of which are critical to enable that granular control and checks for zero trust approach. So I would say like, you know, if you look at the Dell feature set, it's pretty comprehensive and we also have the flexibility built in to meet the needs of all customers no matter where they fall in the spectrum of, you know, risk tolerance and security sensitivity. And we also have the capabilities to meet all the regulatory requirements and compliance requirements. So in a nutshell, I would say that you know, Dell Power Service cyber resident infrastructure helps accelerate zero tested option for customers. >>Got it. So you've really thought this through all the various things that that you would do to sort of make sure that your server infrastructure is secure, not compromised, that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about, which are numerous. Thanks Deepak, appreciate you coming on the cube and participating in the program. >>Thank you for having >>You're welcome. In a moment I'll be back to dig into the networking portion of the infrastructure. Stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies on the cube, your leader in enterprise and emerging tech coverage. We're back with a blueprint for trusted infrastructure and partnership with Dell Technologies in the cube. And we're here with Mahesh Nager, who is a consultant in the area of networking product management at Dell Technologies. Mahesh, welcome, good to see you. >>Hey, good morning Dell's, nice to meet, meet to you as well. >>Hey, so we've been digging into all the parts of the infrastructure stack and now we're gonna look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective, what's unique and challenging about securing network infrastructure that we should know about? >>Yeah, so few years ago IT security and an enterprise was primarily putting a wrapper around data center out because it was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a rapid around it like a parameter or a firewall was a sufficient response because you could basically control the environment and data small enough control today with the distributed data, intelligent software, different systems, multi-cloud environment and asset service delivery, you know, the infrastructure for the modern era changes the way to secure the network infrastructure In today's, you know, data driven world, it operates everywhere and data has created and accessed everywhere so far from, you know, the centralized monolithic data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent with automation enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >>Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed. There is no perimeter anymore, so you can't just, as you say, put a rapper around it. I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >>So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic, they need to be integrated, scalable, one that span the entire enterprise and with a co and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application, whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles, right? You know, in order to prevent the threat actors from accessing changing best destroy or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective, it's the ability to protect from and withstand attacks on the networking systems as we continue to evolve. This will also include the ability to adapt and recover from these attacks, which is what cyber resilience aspect is all about. So cybersecurity best practices, as you know, is continuously changing the landscape primarily because the cyber threats also continue to evolve. >>Yeah, got it. So I like that. So it's gotta be integrated, it's gotta be scalable, it's gotta be comprehensive, comprehensive and adaptable. You're saying it can't be static, >>Right? Right. So I think, you know, you had a second part of a question, you know, that says what do we, you know, what are the basic principles? You know, when you think about securing network infrastructure, when you're looking at securing the network infrastructure, it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control, it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to based on their user level. Now accessing a network platform like a switch or a rotor for example, is typically used for say, configuration and management of the networking switch. So user access is based on say roles for that matter in a role based access control, whether you are a security admin or a network admin or a storage admin. >>And it's imperative that logging is enable because any of the change to the configuration is actually logged and monitored as that. Talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And, and you know, this is important because it could actually, you know, get hold of the system and you know, you could get UND desire results in terms of say validation of the images. It's, it needs to be done through say digital signature. So, so it's important that when you're talking about say, software integrity, a, you are ensuring that the platform is not compromised, you know, is not compromised and be that any upgrades, you know, that happens to the platform is happening through say validated signature. >>Okay. And now, now you've now, so there's access control, software integrity, and I think you, you've got a third element which is i I think response, but please continue. >>Yeah, so you know, the third one is about civil notability. So we follow the same process that's been followed by the rest of the products within the Dell product family. That's to report or identify, you know, any kind of a vulnerability that's being addressed by the Dell product security incident response team. So the networking portfolio is no different, you know, it follows the same process for identification for tri and for resolution of these vulnerabilities. And these are addressed either through patches or through new reasons via networking software. >>Yeah, got it. Okay. So I mean, you didn't say zero trust, but when you were talking about access control, you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but, but you I think gave it, you know, some clarity there. Software integrity, it's about assurance validation, your digital signature you mentioned and, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description, thank you for that. But then the next question is, how does Dell networking fit into the construct of what we've been talking about Dell trusted infrastructure? >>Okay, so networking is the key element in the Dell trusted infrastructure. It provides the interconnect between the service and the storage world. And you know, it's part of any data center configuration for a trusted infrastructure. The network needs to have access control in place where only the authorized nels are able to make change to the network configuration and logging off any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between say the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network and now you have things like segmentation isolated segments and via VRF or, or some micro segmentation via partners, this allows various level of security for each of those segments. So it's important you know, that, that the network infrastructure has the ability, you know, to provide all this, this services from a Dell networking security perspective, right? >>You know, there are multiple layer of defense, you know, both at the edge and in the network in this hardware and in the software and essentially, you know, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality, and accessibility of the network assets. So each network security layer, it implements policies and controls as I said, you know, including send network segmentation. We do have capabilities sources, centralized management automation and capability and scalability for that matter. Now you add all of these things, you know, with the open networking standards or software, different principles and you essentially, you know, reach to the point where you know, you're looking at zero trust network access, which is essentially sort of a building block for increased cloud adoption. If you look at say that you know the different pillars of a zero trust architecture, you know, if you look at the device aspect, you know, we do have support for security for example, we do have say trust platform in a trusted platform models tpms on certain offer products and you know, the physical security know plain, simple old one love port enable from a user trust perspective, we know it's all done via access control days via role based access control and say capability in order to provide say remote authentication or things like say sticky Mac or Mac learning limit and so on. >>If you look at say a transport and decision trust layer, these are essentially, you know, how do you access, you know, this switch, you know, is it by plain hotel net or is it like secure ssh, right? And you know, when a host communicates, you know, to the switch, we do have things like self-signed or is certificate authority based certification. And one of the important aspect is, you know, in terms of, you know, the routing protocol, the routing protocol, say for example BGP for example, we do have the capability to support MD five authentication between the b g peers so that there is no, you know, manages attack, you know, to the network where the routing table is compromised. And the other aspect is about second control plane is here, you know, you know, it's, it's typical that if you don't have a control plane here, you know, it could be flooded and you know, you know, the switch could be compromised by city denial service attacks. >>From an application test perspective, as I mentioned, you know, we do have, you know, the application specific security rules where you could actually define, you know, the specific security rules based on the specific applications, you know, that are running within the system. And I did talk about, say the digital signature and the cryptographic check that we do for authentication and for, I mean rather for the authenticity and the validation of, you know, of the image and the BS and so on and so forth. Finally, you know, the data trust, we are looking at, you know, the network separation, you know, the network separation could happen or VRF plain old wheel Ls, you know, which can bring about sales multi 10 aspects. We talk about some microsegmentation as it applies to nsx for example. The other aspect is, you know, we do have, with our own smart fabric services that's enabled in a fabric, we have a concept of c cluster security. So all of this, you know, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >>Yeah. So thank you for that. There's a, there's a lot to unpack there. You know, one of the premise, the premise really of this, this, this, this segment that we're setting up in this series is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team. And, and the premise that we're putting forth is that because security teams are so stretched thin, you, you gotta shift the vendor community. Dell specifically is shifting a lot of those tasks to their own r and d and taking care of a lot of that. So, cuz scop teams got a lot of other stuff to, to worry about. So my question relates to things like automation, which can help and scalability, what about those topics as it relates to networking infrastructure? >>Okay, our >>Portfolio, it enables state of the automation software, you know, that enables simplifying of the design. So for example, we do have, you know, you know the fabric design center, you know, a tool that automates the design of the fabric and you know, from a deployment and you know, the management of the network infrastructure that are simplicities, you know, using like Ansible s for Sonic for example are, you know, for a better sit and tell story. You know, we do have smart fabric services that can automate the entire fabric, you know, for a storage solution or for, you know, for one of the workloads for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, you know, we have those capabilities using Sonic or Smart Traffic services. If you look at Sonic for example, right? >>It delivers automated intent based secure containerized network and it has the ability to provide some network visibility and Avan has and, and all of these things are actually valid, you know, for a modern networking infrastructure. So now if you look at Sonic, you know, it's, you know, the usage of those tools, you know, that are available, you know, within the Sonic no is not restricted, you know, just to the data center infrastructure is, it's a unified no, you know, that's well applicable beyond the data center, you know, right up to the edge. Now if you look at our north from a smart traffic OS 10 perspective, you know, as I mentioned, we do have smart traffic services which essentially, you know, simplifies the deployment day zero, I mean rather day one, day two deployment expansion plans and the lifecycle management of our conversion infrastructure and hyper and hyper conversion infrastructure solutions. And finally, in order to enable say, zero touch deployment, we do have, you know, a VP solution with our SD van capability. So these are, you know, ways by which we bring down the complexity by, you know, enhancing the automation capability using, you know, a singular loss that can expand from a data center now right to the edge. >>Great, thank you for that. Last question real quick, just pitch me, what can you summarize from your point of view, what's the strength of the Dell networking portfolio? >>Okay, so from a Dell networking portfolio, we support capabilities at multiple layers. As I mentioned, we're talking about the physical security for examples, say disabling of the unused interface. Sticky Mac and trusted platform modules are the things that to go after. And when you're talking about say secure boot for example, it delivers the authenticity and the integrity of the OS 10 images at the startup. And Secure Boot also protects the startup configuration so that, you know, the startup configuration file is not compromised. And Secure port also enables the workload of prediction, for example, that is at another aspect of software image integrity validation, you know, wherein the image is data for the digital signature, you know, prior to any upgrade process. And if you are looking at secure access control, we do have things like role based access control, SSH to the switches, control plane access control that pre do tags and say access control from multifactor authentication. >>We do have various tech ads for entry control to the network and things like CSE and PRV support, you know, from a federal perspective we do have say logging wherein, you know, any event, any auditing capabilities can be possible by say looking at the clog service, you know, which are pretty much in our transmitter from the devices overts for example, and last we talked about say network segment, you know, say network separation and you know, these, you know, separation, you know, ensures that are, that is, you know, a contained say segment, you know, for a specific purpose or for the specific zone and, you know, just can be implemented by a, a micro segmentation, you know, just a plain old wheel or using virtual route of framework VR for example. >>A lot there. I mean I think frankly, you know, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for, for coming on the cube and explaining that in in quite some depth. Really appreciate it. >>Thank you indeed. >>Oh, you're very welcome. Okay, in a moment I'll be back to dig into the hyper-converged infrastructure part of the portfolio and look at how when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you could be sure that your infrastructure is trusted and secure. You're watching a blueprint for trusted infrastructure made possible by Dell Technologies and collaboration with the cube, your leader in enterprise and emerging tech coverage, your own west product management security lead at for HCI at Dell Technologies hyper-converged infrastructure. Jerome, welcome. >>Thank you Dave. >>Hey Jerome, in this series of blueprint for trusted infrastructure, we've been digging into the different parts of the infrastructure stack, including storage servers and networking, and now we want to cover hyperconverged infrastructure. So my first question is, what's unique about HCI that presents specific security challenges? What do we need to know? >>So what's unique about hyper-converge infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system. So like a server or storage system or a virtualization piece of software, software. I mean HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft, and internal partners like the Dell Power Edge team, the Dell storage team, the Dell networking team, and on and on. These partnerships in these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past we're seeing growing scope and sophistication in supply chain attacks. This mean an attacker is going to attack your software supply chain upstream so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short term solutions and we need long term solutions as well. >>So for the short term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio. We build our software on VMware, so we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily VX rail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle so that VMware would produce a patch and within 14 days we will integrate our own code with the VMware release we will have tested and validated the update and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, VHA had over 40 releases of software updates last year for a longer term solution. We're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest, including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co engineer with effective collaborations with our, with our partners. >>Great, thank you for that. That description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, and to me my takeaway was you gotta have a short term instant patch solution and then you gotta do an integration in a very short time, you know, two weeks to then have that integration done. And then longer term you have to have a software bill of materials so that you can ensure the providence of all the components help us. Is that a right way to think about cybersecurity resilience? Do you have, you know, a additives to that definition? >>I do. I really think that's site cybersecurity and resilience for hci because like I said, it has sort of unprecedented breadth across our portfolio. It's not a single thing, it's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me, let me give you an example. So hci, it's a, basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtual virtualizing hardware functionality, like say a storage controller, you could implement it in hardware, but for hci, for example, in our VX rail portfolio, we, our Vxl product, we integrated it into a product called vsan, which is provided by our partner VMware. So that portfolio of strength is still, you know, through our, through our partnerships. >>So what we do, we integrate these, these security functionality and features in into our product. So our partnership grows to our ecosystem through products like VMware, products like nsx, Horizon, Carbon Black and vSphere. All of them integrate seamlessly with VMware and we also leverage VMware's software, part software partnerships on top of that. So for example, VX supports multifactor authentication through vSphere integration with something called Active Directory Federation services for adfs. So there's a lot of providers that support adfs including Microsoft Azure. So now we can support a wide array of identity providers such as Off Zero or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my my answer, we consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >>Great, I mean that's super helpful. You've mentioned nsx, Horizon, Carbon Black, all the, you know, the VMware component OTH zero, which the developers are gonna love. You got Azure identity, so it's really an ecosystem. So you may have actually answered my next question, but I'm gonna ask it anyway cuz you've got this software defined environment and you're managing servers and networking and storage with this software led approach, how do you ensure that the entire system is secure end to end? >>That's a really great question. So the, the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example, VxRail is the market's only co engineered solution with VMware, other vendors sell VMware as a hyper converged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code and their process dovetails with ours because we have a secure development life cycle, which other products might talk about in their discussions with you that we integrate into our engineering life cycle. So because we follow the same framework, all of the, all of the codes should interoperate from a security standpoint. And so when we do our final validation testing when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >>That's great. All right, let's, let's close pitch me, what would you say is the strong suit summarize the, the strengths of the Dell hyper-converged infrastructure and converged infrastructure portfolio specifically from a security perspective? Jerome? >>So I talked about how hyper hyper-converged infrastructure simplifies security management because basically you're gonna take all of these features that are abstracted in in hardware, they're now abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be, say, you know, in for VX rail would be b be center, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the, the key to making it to hci. Now, what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co engineered, it's not bolted on. So I gave the example of spo, I gave the example of how we, we modify our software release process with VMware to make it very responsive. >>A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell that's not done through a partnership. So we digitally signed our software updates so the user can be sure that the, the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own a specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for, for example, the benefit to the customer is you don't have to create a complicated security framework that's hard for your users to use and it's hard for your system administrators to manage it all comes in a package. So it, it can be all managed through vCenter, for example, or, and then the specific hyper, hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few pains of glass that the, the administrator or user ever has to worry about. It's all self contained and manageable. >>That makes a lot of sense. So you've got your own infrastructure, you're applying your best practices to that, like the digital signatures, you've got your ecosystem, you're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason Jerome, this is so important is because SecOps teams, you know, they gotta deal with cloud security, they gotta deal with multiple clouds. Now they have their shared responsibility model going across multiple cl. They got all this other stuff that they have to worry, they gotta secure the containers and the run time and and, and, and, and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the, the securities is gonna get worse. So what my takeaway is, you're removing that infrastructure piece and saying, Okay guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners to and your own teams to really nail that. Is that a fair summary? >>I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define, to define and develop a new security feature, the thing I keep foremost in mind is, will this be something our users want to use and our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user friendly and practical. And this is a challenge sometimes because we are, our products operate in highly regulated environments and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I, I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and, and other highly regulated environments and we're very successful there. >>Excellent. Okay, Jerome, thanks. We're gonna leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry and so would appreciate that. >>I would look forward to it. Thank you very much, Dave. >>You're really welcome. In a moment I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. I wanna thank our guests for their contributions in helping us understand how investments by a company like Dell can both reduce the need for dev sec up teams to worry about some of the more fundamental security issues around infrastructure and have greater confidence in the quality providence and data protection designed in to core infrastructure like servers, storage, networking, and hyper-converged systems. You know, at the end of the day, whether your workloads are in the cloud, on prem or at the edge, you are responsible for your own security. But vendor r and d and vendor process must play an important role in easing the burden faced by security devs and operation teams. And on behalf of the cube production content and social teams as well as Dell Technologies, we want to thank you for watching a blueprint for trusted infrastructure. Remember part one of this series as well as all the videos associated with this program and of course today's program are available on demand@thecube.net with additional coverage@siliconangle.com. And you can go to dell.com/security solutions dell.com/security solutions to learn more about Dell's approach to securing infrastructure. And there's tons of additional resources that can help you on your journey. This is Dave Valante for the Cube, your leader in enterprise and emerging tech coverage. We'll see you next time.

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

(upbeat music) >> Welcome back to Fal.Con 2022. My name is Dave Vallante. We're here with my co-host Dave Nicholson. On the last earnings call George Kurts made a really big emphasis on the relationship with managed service providers. CrowdStrike has announced a new service provider capability. The powered service provider program. Jason Cook is here. He is the president of cyber defense labs. He's joined by Mike Riolo. Who's the vice president of global system integrators and service providers at CrowdStrike gents. Welcome to TheCube. Good to see you. >> Thank you very much. >> Thank you >> Jason, tell us about cyber defense labs. What do you guys do? Give us the bumper sticker, please. >> Cyber defense labs uses the best technology in the world to put together services that help protect our clients >> Simple. Like it. What's XDR? (people laughing) >> I've not heard of that before, sorry. >> So Mike, we've seen the rise of service providers. I saw a stat, I don't know, six, seven months ago that 50% of us companies don't even have a SOC. We're talking about mid to large companies. So service providers are crucial. What's the CrowdStrike powered service provider program all about? >> Well, it's an evolution for us. We've been dealing with this market for some time. And the idea is, is like how do we expand the opportunity to stop reaches? I mean, that's what it's all about. Like how more routes to market, more partners like cyber defense labs that can really go in and bring our technology coupled with their services to power their offerings to their customers and just help us reach every end user out there, to stop reaches. >> So Jason, how do you guys differentiate? Cause I see, you know, as an analyst, I'll look back, I'll read the press releases and they'll see, okay. They just look so similar. So how do you differentiate from the competition? What do you tell customers? >> So when it comes to our selection of technology we test it, we work it, we literally put it into real world situations with our clients. And then we differentiate ourselves with expert services. It's a white glove service from us. We embed ourselves right in with our clients. That's why we call 'em our client partners. And they see us as part of their team and extension of their team. They don't have the time to play with technology and work out what's best. They don't know the time to select it or even then the expertise to use it effectively in the environment. So that's where the trust comes in with us. And then for us, likewise, we are the technology provider such as CrowdStrick, we need to know the technology works and it does what it says. >> I always ask CISOs; What's your number one challenge? And they'll say lack of talent. The only time I didn't get that answer was at... The Mongo DB CISO at reinforced. I'm like yeah, it's cause you're Mongo, I guess reinforced or AWS doesn't have the same problem, but do you... Obviously you see that problem. And you compliment that, is that a fair? >> Yeah, absolutely. Many, many companies mid-market enterprises are really struggling to find talent and then retain the talent. So for us where that's all we are about and then we are there to enable your business to do what your business does. It is just working and I think more and more so you're going to see an industry clearly CrowdStrike's going in that direction. That it's the service provider that becomes a critical element of that trusted circle. >> Does that translate into a market segment by size of organization typically or? You mentioned the ever never ending quest for talent which is critical regardless of size but what does your target market look like? >> So I, I think the biggest gap in the market frankly, is still the mid-market. Many smaller companies still are really just struggling with 'what is the problem.' At least in the mid-market, in the enterprises they really beginning to understand the problem and want to invest and lean in. And here's the irony. They now want to partner to solve the problem cause they recognize they can't do it on their own. >> So Mike, what are the critical aspects of this program? I mean, got the press release out there, but put some meat on the bone for us. >> So if you look at what we were doing to enable managed service providers to go in and, and be powered by CrowdStrike before it was in a corporate market segment it was a specific set of product from us to really enable MDR, you know, sort of that, that generation of services that a lot of customers looked at MSPs for. And what the big message about this is is we are now expanding that. We're taking it out of corporate, we're going upmarket, we're going enterprise. We can leverage partners like cyber defense labs to package our software into their offering and help them power them more than just endpoint. Right? We've had a lot of exciting announcements and probably more to come around identity, you know XDR, the new buzz, right? Like what does it mean? And in, if you look at our approach, it's a very platform centric approach and that's something that partners can monetize. That's something that partners can really help clients grow with is that it's not just about endpoint. It's more about how do I make sure that I'm in a position with a partner that allows me to grow as a market decides it's necessary. So things like identity, cloud on and on and on, that we're investing in and continuing to grow. We are making that available to the CrowdStrike powered service about our marketplace. >> So Jason, service providers historically outsourcing, okay. And it used to be a lot of; 'okay, you know, I'll take over your mess for less kind of thing.' Right? And so the pattern was you would have one of everything and then, that limited your scale. The bigger you got, you had this economies of scale. So am I hearing that, like how do you partner with CrowdStrike? Are you kind of standardizing on that platform or not necessarily cause you have to be agnostic. What's your posture on that? >> So there's a level of, you have to be technology agnostic. We pride ourselves in just using the best technology that's out there. But at the same time, very much with the Fal.Con platform they're building out and maturing in a way that's making significant risk mitigation abilities for a solution provider like us to say we'll take one of those, one of those and put our service around it because that's the best fit service to reduce the risk of this particular client. And having that flexibility for us to do that really allows us then to stay within the same sort of product suite rather than going outside when integration is still one of the biggest challenges that you have. >> So you're one of those organizations that's consolidating a bevy of point tools. Is that right? I mean, you're going through that transformation now. Have you already gone through that? What's your journey look like there? >> Oh, we help companies do that. That's how they mitigate and reduce their risk. >> Okay. But you're using tools as, as well. Are you not? So I mean, you've got to also I mean you're like an extension of those clients. >> Absolutely. So it comes down to a lot of the time do you have the right team? We have a team of experts that deliver expert services. You get to a level of skillset and experience, which goes what's just the best tool out there. And it becomes that's our insight. So one of the reasons why we like the Fal.Con product is because regardless of what the mess is, that's happening you can rapidly deploy stuff to make a difference. And then you then work out how to fix the mess which is quite a change from how traditionally things are done, which is let's analyze the problem. Let's look at options around it. And by the time you've done that time has passed and you can't afford to just allow time to pass these days. So having the right technology allows you to rapidly deploy. Of course, we use what we sell. So we are proud to say that we use a number of the Fal.Con products to protect ourselves and consolidate onto that technology as we then offer that out as a service to our clients. >> So Mike, I'm thinking about the program in general and specifically how you are implementing this program thinking about the path to bringing the customer on board. There are a finite number of strategic seats at any customer's table. So who is at the customer's table? Is it CDL saying; 'Hey, I'm going to bring in my folks from CrowdStrike to have a conversation with you.' Is it CrowdStrike saying; 'Hey, it looks like a service provider might be the best solution for you. Let's go talk to CDL.' How does that work? >> It's a great question. And I think we talk a lot about how there's a gap in people to support cyber efforts inside of companies. But we don't talk about the gap in like experts that can go in and actually sit down with CISOs, with CIOs, with CFOs. And so for us, like it's all about the flexibility. It's it's what do you need in the moment? Because at the end of the day, it comes down to the people. If Jason has a great trusted relationship, he's like; 'Hey I just need some content.' 'Help me push why we're powered by CrowdStrike in this moment.' Great, go run. If we have an opportunity where we know that cyber defense labs has a presence then we go in together, right? Like that flexibility is there. We've done a lot. When you build a program like this, like it's easy to tell the market what they need. It's easy to tell everybody, but it's also you're looking at a cultural shift and how CrowdStrike goes to market, right? Like this is all about how do we get every possible route to market to stop reaches for customers of all size. >> I would echo that. there's three ways that that's working for our two companies at the moment. Many times a lot of the relationships that we have are trusted advisor at the owner or board level of these mid-market and enterprise companies. They're looking to ask for a number of things. And one of the things that we then say is, Hey for your technology roadmap, hey we want to bring in co-present coded us, co-discuss co-strategize with you what your roadmap is. And so we often bring CrowdStrike into the conversations that cyber defense lab is having at the board level. Then on the other side, CrowdStrike obviously has a significant sales force and trusted advisors. They go in with the product and then it's apparent that the you know, the client wants way more than just the product. They say, this is great. I love it. I've made my decision, but I can't operate it effectively. And so we then get pulled in from that perspective >> You get to all the time from product companies, right? It's like, okay, now what? How do I do this? And you go, oh, I'll call somebody. So this is going to accelerate. You go to market. >> Well, and everybody looks at it like, you know how does your sales play with their sales, right? Everyone's going after the same thing. And I'm, you know, that's important, but you have to look at CrowdStrike as more than sales, right? We have an amazing threat intel group that are helping clients understand the risk factors and what bad people are trying to do to them. We can bring so many experts to the side of a cyber defense labs in, in that realm. You know, we've been doing this a long time. >> This is what's interesting to me when I think about your threat hunting, because you guys are experts and you guys are experts. But the... Correct me if I'm wrong. But the advantage I see at the CrowdStrike has is your cloud platform allows you to have such a huge observation space. You got a ton of data and you bring that to the relationship as well and then you benefit from that? >> It's two way. It's absolutely two way. CrowdStrike has a whole bunch of experts and expertise in this space. So do cyber defense labs. We call it for us because we're providing a service to multiple clients. Many of them have a global presence. We call it our global threat view. And absolutely we are exchanging real time threat telemetry data with, with our friends at CrowdStrike Which is impacting the value that we have and the ability to respond extremely quickly when something's happening to one of our clients. >> Well, I just add to that, you know if you look at all of our alliances, right? We've got solution providers, tech reliant, everything. The one thing that's really interesting about the CrowdStrike powered service provider program; it lives in alliances, It's a partnership program, but they're our customer. They have chosen to standardize on our platform, right. To help drive the best results for their customers. And so we treat them like a partner because it's not for internal use. There's unlimited aspect to it. And so as that treating like partnership we have to enable them with more than just product. Right? We want to bring the right experts. We want to bring the right, you know, vision of where the market's going the threats out there, things of that nature. And that's something that we do every day with you guys. >> And it was even expressed earlier with the keynote speech that George gave. Look there's an ecosystem of very good technologies, very good providers. And there there's that sort of friend-of-me view here. You put the best thing together for the client at the end of the day. And if we all acknowledge, which I think is the maturity of our partnership, that one plus one equals, I always say at 51 now, if you play it right, then the partner sees... That the client sees the value of the partnership. And so they want more of that. >> So it sounds like... We got to wrap, but I wonder if we could close on this. It sounds like this was happening just organically in the field. Now you've codified it. So my question to each of you is; What's your vision for the future? Where do you guys want to take this thing? >> What a wrap question right there. I love it. Honestly, like we look at it in... Look at what does it mean to be a CrowdStrike powered service provider. It is more than just the platform. It's the program in general, offering them tools to go in and do early assessments. One thing about service providers, they're in there before vendors, right? We're still a vendor at the end of the day. And so they have that relationship, like how do we enable them to leverage our platform leverage our tools, leverage our programs in order to help a client understand, like, what is your risk factor Could a breach come, things of that nature. And so it's really building in really enabling a partner like cyber defense labs to take on the full suite of programs, services, platform that we can provide to them as a customer, treated them like a partner. >> And Jason, from your perspective, bring us on if you would. >> So our partnership with CrowdStrike is really enabling cyber defense labs to increase our share of wallet, our presence in very specific market segments; The mid-market to enterprise especially around banking, financial services auto dealerships, healthcare, manufacturing, where last year we saw a significant progress there. And we think we're going to double it between this year and next year. >> Jason Cook, Mike Riolo. thanks for coming in TheCube. Great story. >> Thank you for having us >> Alright, thank you for watching. Keep it right there. Dave Vallante and Dave Nicholson will be back right after this short break from Fal.Con 22. You're watching TheCube. (soft electronic music)

(upbeat music) >> We're back with Jerome West, the Product Management Security Lead for HCI at Dell Technologies Hyper-Converged Infrastructure. Jerome, welcome. >> Thank you, Dave. >> Hey, Jerome, in this series "A Blueprint for Trusted Infrastructure," we've been digging into the different parts of the infrastructure stack, including storage servers and networking, and now we want to cover hyper-converged infrastructure. So my first question is what's unique about HCI that presents specific security challenges? What do we need to know? >> So what's unique about hyper-converged infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system, so like a server or a storage system or a virtualization piece of software. I mean, HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft and internal partners, like the Dell Power Edge Team, the Dell Storage Team, the Dell Networking Team, and on and on. These partnerships and these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past, we're seeing growing scope and sophistication in supply chain attacks. This means an attacker is going to attack your software supply chain upstream, so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or a Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short-term solutions and we need long-term solutions as well. So for the short-term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio, we build our software on VMware. So we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily, VxRail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle, so that VMware will produce a patch, and within 14 days we will integrate our own code with the VMware release. We will have tested and validated the update, and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, VxRail had over 40 releases of software updates last year. For a longer term solution, we're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability, and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co-engineer with effective collaborations with our partners. >> Great, thank you for that description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, to me, my takeaway was you got to have a short-term instant patch solution and then you got to do an integration in a very short time, you know, two weeks to then have that integration done. And then longer-term, you have to have a software bill of materials so that you can ensure the provenance of all the components. Help us, is that a right way to think about cybersecurity resilience? Do you have, you know, additives to that definition? >> I do. I really think that cybersecurity and resilience for HCI, because like I said it has sort of unprecedented breadth across our portfolio. It's not a single thing. It's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me give you an example. So HCI, it's a basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtualizing hardware functionality, like say a storage controller. You could implement it in the hardware, but for HCI, for example, in our VxRail portfolio, our VxRail product, we integrated it into a product called vSan which is provided by our partner VMware. So that portfolio strength is still, you know, through our partnerships. So what we do, we integrate these security functionality and features into our product. So our partnership grows through our ecosystem through products like VMware products, like NSX, Horizon, Carbon Black and vSphere. All of them integrate seamlessly with VMware. And we also leverage VMware's software partnerships on top of that. So for example, VxRail supports multifactor authentication through vSphere's integration with something called Active Directory Federation Services or ADFS. So there is a lot of providers that support ADFS, including Microsoft Azure. So now we can support a wide array of identity providers such as Auth0, or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners' partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my answer, we consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >> Great, I mean, that's super helpful. You've mentioned NSX, Horizon, Carbon Black, all the you know, the VMware component, Auth0, which the developers are going to love. You got Azure Identity. So it's really an ecosystem. So you may have actually answered my next question, but I'm going to ask it anyway cause you've got this software-defined environment, and you're managing servers and networking and storage with this software-led approach. How do you ensure that the entire system is secure end to end? >> That's a really great question. So the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example VxRail is the market's only co-engineered solution with VMware. Other vendors sell VMware as a hyper-converged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code, and their process dovetails with ours because we have a secure development lifecycle which other products might talk about in their discussions with you, that we integrate into our engineering lifecycle. So because we follow the same framework, all of the code should inter-operate from a security standpoint. And so when we do our final validation testing, when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >> That's great. All right, let's close. Pitch me. What would you say is the strong suit, summarize the the strengths of the Dell hyper-converged infrastructure and converged infrastructure portfolio, specifically from a security perspective, Jerome? >> So I talked about how hyper-converged infrastructure simplifies security management because basically you're going to take all of these features that are abstracted in hardware. They're not abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be say, you know, for VxRail it would be vCenter, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the key to making, to HCI. Now what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co-engineered. It's not bolted on. So I gave the example of SBOM. I gave the example of how we modify our software release process with VMware to make it very responsive. A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell. It's not done through a partnership. So we digitally sign our software updates. So the user can be sure that the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for example, the benefit to the customer is you don't have to create a complicated security framework. That's hard for your users to use, and it's hard for your system administrators to manage. It all comes in a package, so it can be all managed through vCenter, for example. And then the specific hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few panes of glass that the administrator or user ever has to worry about. It's all self-contained and manageable. >> That makes a lot of sense. So you've got your own infrastructure. You're applying your best practices to that like the digital signatures. You've got your ecosystem. You're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason, Jerome, this is so important is because SecOps teams, you know, they got to deal with Cloud security. They got to deal with multiple Clouds. Now they have their shared responsibility model going across multiple. They got all this other stuff that they have to worry. They got to secure the containers and the run time and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the security is just going to get worse. So my takeaway is you're removing that infrastructure piece and saying, okay, guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners and your own teams to really nail that. Is that a fair summary? >> I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define and develop a new security feature, the thing I keep foremost in mind is will this be something our users want to use and our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user-friendly and practical. And this is a challenge sometimes because our products operate in highly regulated environments, and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and other highly regulated environments. And we're very successful there. >> Excellent, okay, Jerome, thanks. We're going to leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry, and so would appreciate that >> I would look forward to it. Thank you very much, Dave. >> You're really welcome. In a moment, I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. (upbeat music)

(upbeat music) >> Hey, everyone. Welcome to theCUBE's presentation of the AWS Startup Showcase, season two, episode four. I'm your host, Lisa Martin. This topic is cybersecurity detect and protect against threats. Very excited to welcome a CUBE alumni back to the program. Snehal Antani, the co-founder and CEO of Horizon3 joins me. Snehal, it's great to have you back in the studio. >> Likewise, thanks for the invite. >> Tell us a little bit about Horizon3, what is it that you guys do? You were founded in 2019, got a really interesting group of folks with interesting backgrounds, but talk to the audience about what it is that you guys are aiming to do. >> Sure, so maybe back to the problem we were trying to solve. So my background, I was a engineer by trade, I was a CIO at G Capital, CTO at Splunk and helped grow scale that company. And then took a break from industry to serve within the Department of Defense. And in every one of my jobs where I had cyber security in my responsibility, I suffered from the same problem. I had no idea I was secure or that we were fixing the right vulnerabilities or logging the right data in Splunk or that our tools and processes and people worked together well until the bad guys had showed up. And by then it was too late. And what I wanted to do was proactively verify my security posture, make sure that my security tools were actually effective, that my people knew how to respond to a breach before the bad guys were there. And so this whole idea of continuously verifying my security posture through security testing and pen testing became a passion project of mine for over a decade. And through my time in the DOD found the right group of an early people that had offensive cyber experience, that had defensive cyber experience, that knew how to build and ship and deliver software at scale. And we came together at the end of 2019 to start Horizon3. >> Talk to me about the current threat landscape. We've seen so much change in flux in the last couple of years. Globally, we've seen the threat actors are just getting more and more sophisticated as is the different types of attacks. What are you seeing kind of horizontally across the threat landscape? >> Yeah, the biggest thing is attackers don't have to hack in using Zero-days like you see in the movies. Often they're able to just log in with valid credentials that they've collected through some mechanism. As an example, if I wanted to compromise a large organization, say United Airlines, one of the things that an attacker's going to go off and do is go to LinkedIn and find all of the employees that work at United Airlines. Now you've got say, 7,000 pilots. Of those pilots, you're going to figure out quickly that their user IDs and passwords or their user IDs at least are first name, last initial @united.com. Cool, now I have 7,000 potential logins and all it takes is one of them to reuse a compromised password for their corporate email, and now you've got an initial user in the system. And most likely, that initial user has local admin on their laptops. And from there, an attacker can dump credentials and find a path to becoming a domain administrator. And what happens oftentimes is, security tools don't detect this because it looks like valid behavior in the organization. And this is pretty common, this idea of collecting information on an organization or a target using open source intelligence, using a mix of credential spraying and kind of low priority or low severity exploitations or misconfigurations to get in. And then from there, systematically dumping credentials, reusing those credentials, and finding a path towards compromise. And less than 2% of CVEs are actually used in exploits. Most of the time, attackers chain together misconfigurations, bad product defaults. And so really the threat landscape is, attackers don't hack in, they log in. And organizations have to focus on getting the basics right and fundamentals right first before they layer on some magic easy button that is some security AI tools hoping that that's going to save their day. And that's what we found systemically across the board. >> So you're finding that across the board, probably pan-industry that a lot of companies need to go back to basics. We talk about that a lot when we're talking about security, why do you think that is? >> I think it's because, one, most organizations are barely treading water. When you look at the early rapid adopters of Horizon3's pen testing product, autonomous pen testing, the early adopters tended to be teams where the IT team and the security team were the same person, and they were barely treading water. And the hardest part of my job as a CIO was deciding what not to fix. Because the bottleneck in the security process is the actual capacity to fix problems. And so, fiercely prioritizing issues becomes really important. But the tools and the processes don't focus on prioritizing what's exploitable, they prioritize by some arbitrary score from some arbitrary vulnerability scanner. And so we have as a fundamental breakdown of the small group of folks with the expertise to fix problems tend to be the most overworked and tend to have the most noise to need to sift through. So they don't even have time to get to the basics. They're just barely treading water doing their day jobs and they're often sacrificing their nights and weekends. All of us at Horizon3 were practitioners at one point in our career, we've all been called in on the weekend. So that's why what we did was fiercely focus on helping customers and users fix problems that truly matter, and allowing them to quickly reattack and verify that the problems were truly fixed. >> So when it comes to today's threat landscape, what is it that organizations across the board should really be focused on? >> I think, systemically, what we see are bad password or credential policies, least access privileged management type processes not being well implemented. The domain user tends to be the local admin on the box, no ability to understand what is a valid login versus a malicious login. Those are some of the basics that we see systemically. And if you layer that with it's very easy to say, misconfigure vCenter, or misconfigure a piece of Cisco gear, or you're not going to be installing, monitoring security observability tools on that HPE Integrated Lights Out server and so on. What you'll find is that you've got people overworked that don't have the capacity to fix. You have the fundamentals or the basics not well implemented. And you have a whole bunch of blind spots in your security posture. And defenders have to be right every time, attackers only have to be right once. And so what we have is this asymmetric fight where attackers are very likely to get in, and we see this on the news all the time. >> So, and nobody, of course, wants to be the next headline, right? Talk to me a little bit about autonomous pen testing as a service, what you guys are delivering, and what makes it unique and different than other tools that have been out, as you're saying, that clearly have gaps. >> Yeah. So first and foremost was the approach we took in building our product. What we set upfront was, our primary users should be IT administrators, network engineers, and that IT intern who, in three clicks, should have the power of a 20-year pen testing expert. So the whole idea was empower and enable all of the fixers to find, fix, and verify their security weaknesses continuously. That was the design goal. Most other security products are designed for security people, but we already know they're task saturated, they've got way too many tools under the belt. So first and foremost, we wanted to empower the fixers to fix problems that truly matter. The second part was, we wanted to do that without having to install credentialed agents all over the place or writing your own custom attack scripts, or having to do a bunch of configurations and make sure that it's safe to run against production systems so that you could test your entire attack surface. Your on-prem, your cloud, your external perimeter. And this is where AWS comes in to be very important, especially hybrid customers where you've got a portion of your infrastructure on AWS, a portion on-prem, and you use Horizon3 to be able to attack your complete attack surface. So we can start on-prem and we will find say, the AWS credentials file that was mistakenly saved on a shared drive, and then reuse that to become admin in the cloud. AWS didn't do anything wrong, the cloud team didn't do anything wrong, a developer happened to share a password or save a password file locally. That's how attackers get in. So we can start from on-prem and show how we can compromise the cloud, start from the cloud and show how we can compromise on-prem. Start from the outside and break in. And we're able to show that complete attack surface at scale for hybrid customers. >> So showing that complete attack surface sort of from the eyes of the attacker? >> That's exactly right, because while blue teams or the defenders have a very specific view of their environment, you have to look at yourself through the eyes of the attacker to understand what are your blind spots, what do they see that you don't see. And it's actually a discipline that is well entrenched within military culture. And that's also important for us as the company. We're about a third of Horizon3 served in US special operations or the intelligence community with the United States, and then DOD writ large. And a lot of that red team mindset, view yourself through the eyes of the attacker, and this idea of training like you fight and building muscle memory so you know how to react to the real incident when it occurs is just ingrained in how we operate, and we disseminate that culture through all of our customers as well. >> And at this point in time, every business needs to assume an attacker's going to get in. >> That's right. There are way too many doors and windows in the organization. Attackers are going to get in, whether it's a single customer that reused their Netflix password for their corporate email, a patch that didn't get applied properly, or a new Zero-day that just gets published. A piece of Cisco software that was misconfigured, not buy anything more than it's easy to misconfigure these complex pieces of technology. Attackers are going to get in. And what we want to understand as customers is, once they're in, what could they do? Could they get to my crown jewel's data and systems? Could they borrow and prepare for a much more complicated attack down the road? If you assume breach, now you want to understand what can they get to, how quickly can you detect that breach, and what are your ways to stifle their ability to achieve their objectives. And culturally, we would need a shift from talking about how secure I am to how defensible are we. Security is kind of a point in time state of your organization. Defensibility is how quickly you can adapt to the attacker to stifle their ability to achieve their objective. >> As things are changing constantly. >> That's exactly right. >> Yeah. Talk to me about a typical customer engagement. If there's, you mentioned folks treading water, obviously, there's the huge cybersecurity skills gap that we've been talking about for a long time now, that's another factor there. But when you're in customer conversations, who are you talking to? Typically, what are they coming to you for help? >> Yeah. One big thing is, you're not going to win and win a customer by taking 'em out to steak dinners. Not anymore. The way we focus on our go to market and our sales motion is cultivating champions. At the end of the proof of concept, our internal measure of successes is, is that person willing to get a Horizon3 tattoo? And you do that, not through steak dinners, not through cool swag, not through marketing, but by letting your results do the talking. Now, part of those results should not require professional services or consulting. The whole experience should be self-service, frictionless, and insightful. And that really is how we've designed the product and designed the entire sales motion. So a prospect will learn or discover about us, whether it's through LinkedIn, through social, through the website, but often because one of their friends or colleagues heard about us, saw our result, and is advocating on our behalf when we're not in the room. From there, they're going to be able to self-service, just log in to our product through their LinkedIn ID, their Google ID. They can engage with a salesperson if they want to. They can run a pen test right there on the spot against their home without any interaction with a sales rep. Let those results do the talking, use that as a starting point to engage in a more complicated proof of value. And the whole idea is we don't charge for these, we let our results do the talking. And at the end, after they've run us to find problems, they've gone off and fixed those issues, and they've rerun us to verify that what they've fixed was properly fixed, then they're hooked. And we have a hundred percent technical win rate with our prospects when they hit that find-fix-verify cycle, which is awesome. And then we get the tattoo for them, at least give them the template. And then we're off to the races. >> Sounds like you're making the process more simple. There's so much complexity behind it, but allowing users to be able to actually test it out themselves in a simplified way is huge. Allowing them to really focus on becoming defensible. >> That's exactly right. And the value is, especially now in security, there's so much hype and so much noise. There's a lot more time being spent self-discovering and researching technologies before you engage in a commercial discussion. And so what we try to do is optimize that entire buying experience around enabling people to discover and research and learn. The other part, remember is, offensive cyber and ethical hacking and so on is very mysterious and magical to most defenders. It's such a complicated topic with many nuance tools that they don't have the time to understand or learn. And so if you surface the complexity of all those attacker tools, you're going to overwhelm a person that is already overwhelmed. So we needed the experience to be incredibly simple and optimize that find-fix-verify aha moment. And once again, be frictionless and be insightful. >> Frictionless and insightful. Excellent. Talk to me about results, you mentioned results. We love talking about outcomes. When a customer goes through the PoC, PoV that you talked about, what are some of the results that they see that hook them? >> Yeah, the biggest thing is, what attackers do today is they will find a low from machine one plus a low from machine two equals compromised domain. What they're doing is they're chaining together issues across multiple parts of your system or your organization to opone your environment. What attackers don't do is find a critical vulnerability and exploit that single machine. It's always a chain, always multiple steps in the attack. And so the entire product and experience in, actually, our underlying tech is around attack paths. Here is the path, the attack path an attacker could have taken. That node zero our product took. Here is the proof of exploitation for every step along the way. So you know this isn't a false positive. In fact, you can copy and paste the attacker command from the product and rerun it yourself and see it for yourself. And then here is exactly what you have to go fix and why it's important to fix. So that path, proof, impact, and fix action is what the entire experience is focused on. And that is the results doing the talking, because remember, these folks are already overwhelmed, they're dealing with a lot of false positives. And if you tell them you've got another critical to fix, their immediate reaction is "Nope, I don't believe you. This is a false positive. I've seen this plenty of times, that's not important." So you have to, in your product experience and sales process and adoption process, immediately cut through that defensive or that reflex. And it's path, proof, impact. Here's exactly what you fix, here are the exact steps to fix it, and then you're off to the races. What I learned at Splunk was, you win hearts and minds of your users through amazing experience, product experience, amazing documentation. >> Yes. >> And a vibrant community of champions. Those are the three ingredients of success, and we've really made that the core of the product. So we win on our documentation, we win on the product experience, and we've cultivated pretty awesome community. >> Talk to me about some of those champions. Is there a customer story that you think really articulates the value of node zero and what it is that you are doing? >> Yeah, I'll tell you a couple. Actually, I just gave this talk at Black Hat on war stories from running 10,000 pen tests. And I'll try to be gentle on the vendors that were involved here, but the reality is, you got to be honest and authentic. So a customer, a healthcare organization ran a pen test and they were using a very well-known managed security services provider as their security operations team. And so they initiate the pen test and they wanted to audit their response time of their MSSP. So they run the pen test and we're in and out. The whole pen test runs two hours or less. And in those two hours, the pen test compromises the domain, gets access to a bunch of sensitive data, laterally maneuvers, rips the entire environment apart. It took seven hours for the MSSP to send an email notification to the IT director that said, "Hey, we think something suspicious is going on." >> Wow. >> Seven hours! >> That's a long time. >> We were in and out in two, seven hours for notification. And the issue with that healthcare company was, they thought they had hired the right MSSP, but they had no way to audit their performance. And so we gave them the details and the ammunition to get services credits to hold them accountable and also have a conversation of switching to somebody else. >> Accountability is key, especially when we're talking about the threat landscape and how it's evolving day to day. >> That's exactly right. Accountability of your suppliers or your security vendors, accountability of your people and your processes, and not having to wait for the bad guys to show up to test your posture. That's what's really important. Another story that's interesting. This customer did everything right. It was a banking customer, large environment, and they had Fortinet installed as their EDR type platform. And they initiate us as a pen test and we're able to get code execution on one of their machines. And from there, laterally maneuver to become a domain administrator, which in security is a really big deal. So they came back and said, "This is absolutely not possible. Fortinet should have stopped that from occurring." And it turned out, because we showed the path and the proof and the impact, Fortinet was misconfigured on three machines out of 5,000. And they had no idea. >> Wow. >> So it's one of those, you want to don't trust that your tools are working, don't trust your processes, verify them. Show me we're secure today. Show me we're secure tomorrow. And then show me again we're secure next week. Because my environment's constantly changing and the adversary always has a vote. >> Right, the constant change in flux is huge challenge for organizations, but those results clearly speak for themselves. You talked about speed in terms of time, how quickly can a customer deploy your technology, identify and remedy problems in their environment? >> Yeah, this find-fix-verify aha moment, if you will. So traditionally, a customer would have to maybe run one or two pen tests a year. And then they'd go off and fix things. They have no capacity to test them 'cause they don't have the internal attack expertise. So they'd wait for the next pen test and figure out that they were still exploitable. Usually, this year's pen test results look identical than last year's. That isn't sustainable. So our customers shift from running one or two pen tests a year to 40 pen tests a month. And they're in this constant loop of finding, fixing, and verifying all of the weaknesses in their infrastructure. Remember, there's infrastructure pen testing, which is what we are really good at, and then there's application level pen testing that humans are much better at solving. >> Okay. >> So we focus on the infrastructure side, especially at scale. But can you imagine, 40 pen tests a month, they run from the perimeter, the inside from a specific subnet, from work from home machines, from the cloud. And they're running these pen tests from many different perspectives to understand what does the attacker see from each of these locations in their organization and how do they systemically fix those issues? And what they look at is, how many critical problems were found, how quickly were they fixed, how often do they reoccur. And that third metric is important because you might fix something, but if it shows up again next week because you've got bad automation, you're in a rat race. So you want to look at that reoccurrence rate also. >> The reoccurrence rate. What are you most excited about as, obviously, the threat landscape continues to evolve, but what are you most excited about for the company and what it is that you're able to help organizations across industries achieve in such tumultuous times? >> Yeah. One of the coolest things is, because I was a customer for many of these products, I despised threat intelligence products. I despised them. Because there were basically generic blog posts. Maybe delivered as a data feed to my Splunk environment or something. But they're always really generic. Like, "You may have a problem here." And as a result, they weren't very actionable. So one of the really cool things that we do, it's just part of the product is this concept of flares, flares that we shoot up. And the idea is not to cause angst or anxiety or panic, but rather we look at threat intelligence and then because all of the insights we have from your pen test results, we connect those two together and say, "Your VMware Horizon instance at this IP is exploitable. You need to fix it as fast as possible, or is very likely to be exploited. And here is the threat intelligence and in the news from CSAI and elsewhere that shows why it's important." So I think what is really cool is we're able to take together threat intelligence out in the wild combined with very precise understanding of your environment to give you very accurate and actionable starting points for what you need to go fix or test or verify. And when we do that, what we see is almost like, imagine this ball bouncing, that is the first drop of the ball, and then that drives the first major pen test. And then they'll run all these subsequent pen tests to continue to find and fix and verify. And so what we see is this tremendous amount of excitement from customers that we're actually giving them accurate, detailed information to take advantage of, and we're not causing panic and we're not causing alert and fatigue as a result. >> That's incredibly important in this type of environment. Last question for you. If autonomous pen testing is obviously critical and has tremendous amount of potential for organizations, but it's only part of the equation. What's the larger vision? >> Yeah, we are not a pen testing company and that's something we decided upfront. Pen testing is a sensor. It collects and understands a tremendous amount of data for your attack surface. So the natural next thing is to analyze the pen test results over time to start to give you a more accurate understanding of your governance, risk, and compliance posture. So now what happens is, we are able to allow customers to go run 40 pen tests a month. And that kind of becomes the initial land or flagship product. But then from there, we're able to upsell or increase value to our customers and start to compete and take out companies like Security Scorecard or RiskIQ and other companies like that, where there tended to be, I was a user of all those tools, a lot of garbage in, garbage out. Where you can't fill out a spreadsheet and get an accurate understanding of your risk posture. You need to look at your detailed pen test results over time and use that to accurately understand what are your hotspots, what's your recurrence rate and so on. And being able to tell that story to your auditors, to your regulators, to the board. And actually, it gives you a much more accurate way to show return on investment of your security spend also. >> Which is huge. So where can customers and those that are interested go to learn more? >> So horizonthree.ai is the website. That's a great starting point. We tend to very much rely on social channels, so LinkedIn in particular, to really get our stories out there. So finding us on LinkedIn is probably the next best thing to go do. And we're always at the major trade shows and events also. >> Excellent. Snehal, it's been a pleasure talking to you about Horizon3, what it is that you guys are doing, why, and the greater vision. We appreciate your insights and your time. >> Thank you, likewise. >> All right. For my guest, I'm Lisa Martin. We want to thank you for watching the AWS Startup Showcase. We'll see you next time. (gentle music)

(upbeat music) >> Hi, everyone. Welcome to theCUBE's presentation of the AWS Startup Showcase. This is season two, episode four of our ongoing series, where we're talking with exciting partners in the AWS ecosystem. This topic on this episode is cybersecurity. Detect and protect against threats. I have two guests here with me today from Hunters. Please welcome Lital Asher-Dotan, the CMO. And Ofer Gayer, the VP of product management. Thank you both so much for joining us today. >> Thank you for having us, Lisa. >> Our pleasure. Lital, let's go ahead and start with you. Give the audience an overview of Hunters. What does it do, when was it founded, what's the vision? All that good stuff. >> So Hunters was founded in 2018. Two co-founders coming out of Unit 8200 in the Israeli Defense Force. The founders and our people in engineering and R&D are mostly coming from both offensive cybersecurity as well as defensive threat hunting, advanced operations, or being able to see and response to advance attack. And with the knowledge that they came with, they wanted to enable security teams in organizations, not just those that are coming from, you know, military background but those that actually need to defend day in and day out against the growing cyber-attacks that are growing in sophistication, in the numbers of attacks. And we all know that every organization nowaday is being targeted, is it ransomware, more sophisticated attacks. So this thing has become a real challenge. And we all know those challenges that the industry is facing with talent scarcity, with lack of the knowledge and expertise needed to address this. So came in with this mindset of we want to bring our expertise into the field, build it into a platform, into a tool that will actually serve security teams in organizations around the world to defend against cyber attacks. So born and raised in Tel Aviv, became a global company. Recently raised a serious CO funding. Funded by the world's greatest VCs, from Stripes, Wild Ventures, supported by Snowflake data breaks and Microsoft M12, also as strategic partners. And we now have broad variety of customers from all industries around the world, from tech to retail to e-commerce to banks that we work closely with. So very exciting times. And we're very excited to share today how we work with AWS customers to support the environments. >> Yeah, we're going to unpack that. So really solid foundation the company was built on, only a few years ago. Lital was there, why a new approach? Was there a compelling event? Obviously, we've seen dramatic changes in the threat landscape in recent years. Ransomware becoming a, when it happens to us, not if. But any sort of compelling event that really led the founders to go, "Ah! This new approach, we got to go this direction." >> Absolutely. We've seen a tremendous shift of organizations from cloud adoption to adoption of more security tools. Both create a scenario which the toolsets that are currently being used by security organizations, the security teams are not efficient anymore. They cannot deal with the plethora of a variety of data. They cannot deal with the scale that is needed. And the security teams are really under a tremendous burden of tweaking tools that they have in their environment without too much of automation, with a lot of manual work processes. So we've seen a lot of points where the current technology is not supporting the people and the processes that need to support security operations. And with that, Ofer, and his product team kind of set a vision of what a new platform should come to replace and enhance what teams are using these days. >> Excellent. Ofer, that's a perfect segue to bring you into the conversation. Talk about that vision and some of those really key challenges and problems that Hunters is solving for organizations across any industry. >> Yeah. So as Lital mentioned, it was very rightful. The problem with the SIM space, that the space that we're disrupting is the well-known secret around is it's a broken space. There's a lot of competitors. There's a lot of vendors out there. It's one of the most mature, presumably mature markets in cybersecurity. But it seems like that every single customer and organization we talk to, they don't really like their existing solution. It doesn't really fit what they need. It's a very painful process and it's painful all across their workflow from the time they ingest the data. Everybody knows if you ever had a SIM solution or a SOC platform, just getting the data into your environment can take the most amount of your time, the lion's share of whatever your engineers are working on will go to getting the data into the system, and then keeping it there. It's this black hole that you have to keep feeding with more and more resources as you go along. It's an endless task with a lot of moving pieces, and it's very very painful before you even get a single moment of value of security use case from your product. That's a big, painful piece. What you then see is, once they set it up, their detection engineering is so far behind the curve because of all the different times of things they need to take care of. It used to be a limited attack surface. We all know the attack surface here today is enormous, especially when you talk about something like AWS, there's new services, new things all the time, more accounts, more things. It keeps moving a lot, and keeping track of that and having someone that can actually look into a new threat when it's released, look into a new attack surface, analyze it, deploying the detections in time, test and tweak, and all those things. Most organizations don't even how to start approaching this problem, and that's a big pain for them. When they finally get to investigating something, there lacks the context and the knowledge of how to investigate. They have very limited information coming to them and they go on this hunting chase of not hunting the attackers but hunting the data, looking for the bits and pieces they're missing to complete the picture. It's like this bad boss that gives you very little instructions or guidelines, and then you need to kind of try to figure out what is it that they asked, right? That's the same thing with trying to do triaging with very minimal context. You look at the IP and then you try to figure out, you look at the Hash, you look at all these different artifacts and you try to figure out yourself. You have very limited insights. And the worst is when you're under the gun, when there's a new emerging threat that happens like a Log4Shell, and now you're under the gun and the entire company's looking at you and saying, "Are we impacted? What's going on? What should we doing?" So from start to finish, it's a very painful process that impacts everybody in the security organization. A lot of cumbersome work with a lot of frustration. >> And it's companies in any industry, Ofer, don't have time. You talked about some of the time involved here in the lag. And there isn't time in the very dynamic threat landscape that customers are living in. Lital, question for you, is your primary target audience existing SIM customers? 'Cause Ofer mentioned the disruption of the SIM market. I'm just wanting to understand in terms of who you're targeting, what does that look like? >> Definitely looking for customers that have a SIM and don't like it, don't find that it helps them improve the security posture. We also have organizations that are young, emerging, have a lot of data, a lot of tech companies that have grown in the last 10, 15 years, or even five years. With Snowflake as a customer, they're booming. They have so much data that going the direction of traditional tools to aggregate the logs, cross-correlate them doesn't make any sense with the scale that they need. They need the cloud-based approach, SaaS approach that is capable of taking care of the environment. So we both cater to those organizations that we're shifting from on-prem to cloud and need visibility into those two environments and into those cloud natives. Born to the cloud don't want to even think of a traditional SIM. >> You mentioned Snowflake. We were just at Snowflake Summit a couple of months ago, I think that was. And tremendous company that massive growth, massive growth in data across the board though. So I'm curious, Ofer, if we go back to you, if we can dig into some of these data challenges. Obviously, data volume and variety, it's only going to continue to grow and proliferate and expand. Data in silos is still a problem. What are some of those main data challenges that Hunters helps customers to just eliminate? >> Definitely. So the data challenge starts with getting the right data in. The fact that you have so many different products across so many different environments and you need to try to get them in some location to try to use them for running your queries, your rules, your correlation. It's a big prompt. There's no unified standard for anyone, even if there was, you would have a lot of legacy things on-premises, as well as your AWS environment. You need to combine all these. You can keep things only on-prem. You can own... Mostly a lot of, most organizations are still in hybrid mode. They have, they're shifting most of their things to AWS. You still have a lot of things on-prem that they're going to shift in the next 3, 4, 5 years. So that hybrid approach is definitely a problem for gathering the data. And when they gather the data, a lot of the times their existing solutions are very cost prohibitive and scale prohibitive from pushing all the data in essential location. So they have these data silos. They'll put some of it there, some of it here, some of that in a different location, hot storage, cold storage, long-term storage. They don't really, they end up not knowing really where the data is especially when they need it the most becomes a huge problem for them. Now with analytics, it's very hard to know upfront what data I'll need not tomorrow, but maybe in three months to look back and query. Making these decisions is very hard. Changing them later is even harder. Keeping track of all these moving pieces. You know, you have a device, you have some vendor sending you some logs, they changed their APIs. Who's in charge of fixing it? Who's in charge of changing your schema? You move from one EDR vendor to the other. How are you making sure that you keep the same level of protection? All these data challenges are very problematic for most customers. The most important thing is to be able to gather as much data as possible, putting it in a centralized location, and having good monitoring in a continuous flow of, I know what data I'm getting in. I know how much I'm using, and I'm making sure that it's working and flowing. It's going to a central place where I can use it at any time that I want. >> We've seen, if I can add- >> So, Lital- >> Sorry. >> Yes, please. >> You wanted to add on that? We've seen too much compromise on data that because of prohibitive costs, structure of tools, or because of inability to manage the scale, teams are compromising or making choices and are paying a price of the latency of being able to then go search if an incident happened, that if you are impacted by something. It all means money and time at the end of the day when you actually need to answer yourself, am I breached or not? We want to break out from this compromise. We think that data is something that should not be compromised. It's a commodity today. Everything should be retained, kept, and used as appropriately without the team needing to ration what they're going to use versus what they're not going to use. >> Correct (faintly speaking). >> That's a great point. >> Go ahead. >> Yeah. And we've seen customers either having entire teams dedicated to just doing this and, or leveraging products and companies that actually build a business around helping you filter the data that you need to put in different data silos, which to me is, shows how much problem, pain, and how much this space is broken with what it provides with customers that you have these makeshift solutions to go around the problem instead of facing it head on and saying, "Okay, let's build something that you're put all your data as much as you want, not have to compromise on security." >> You both bring up such a great point where data and security is concerned. No business can afford to compromise. Usually compromise is a good thing, but in that case, it's really not. Companies can't afford that. We know with the threat landscape, the risk, all of the incentives for bad actors that companies need to ensure that they're doing the right things in a timely manner. Lital, I'm curious, you mentioned the target markets that you're going after. Where were customer conversations? Is this a C-suite conversation from a data security perspective? I would this is more than the CISO. >> It's a CISO conversation, as well as we talk on a daily basis with those that lead security operations, head of SOCs. Those that actually see how the analyst are being overworked, are tired, have so many false positives that they need to deal with, noise day in, day out, becoming enslaved with the tools that they need to work on and tweak. So we have seen that the ones that are most enlightened by a solution like Hunters are actually the ones that have the SOC reporting to them. They know the daily pain and how much the process is broken. And this is probably one of the... We all talk about, you know, job satisfaction or dissatisfaction, the greatest, the great resignation, people are living. This is the real problem in security. And the SOC is one of these places that we see this alert, fatigue, people are struggling. It's a stressful work. And if there is anything that we can do to offload the work that is less appealing and have them work on what they sign up for, which is dealing with real threat, solving them, instead of dealing with false positives. This is where we can actually help. >> Can you add a little bit on that, Lital? And you mentioned the cybersecurity skills gap, which is massive. We talked about that a lot because it's a huge problem. How is Hunters a facilitator of companies that might be experiencing that? >> Absolutely. So we come with approach of, we call it the 80/20 of detection and response. Basically, there are about 80%, probably more, it's actually something like 95% of the threats are shared across all organizations in the world. Also, 80 to 90% of the environments are similar. People are using similar tools. They're on similar cloud services. We think that everything that goes around detection of threats, around those common attacks, scenarios in common attack landscape should come out of the box from the vendor like Hunters. So we automate, we write the rules, we cross-correlate. We provide those services out of the box once you sign in to use our solution. Your data flows in and we basically do the processing and the analysis of all the data, so that your team can actually focus on the 20%, or the 15, or the 5% that are very unique to your organization. If you are developing a specific app and you have the knowledge about the DevSecOps that needs to take place to defend it. Great, have your team focus on that. If you are a specific actor in a specific space and specific threats that are unique to you, you build your own detections into our tool. But the whole idea that we have the knowledge, we see attacks across industries and across industries we have the researchers and the capabilities to be on top of those things, so your team doesn't need to do it on a daily basis because new attacks come almost on a daily basis. Now, we read them in the news, we see them. So we do it, so your team doesn't have to. >> And nobody wants to be that next headline where a breach is concerned. Lital, close this out here with outcomes. I noticed some big stats on your website. I always gravitate towards that. What are some of the key outcomes that Hunters customers are achieving and then specifically AWS customers? >> Absolutely. Well, we already talked a lot about data and being able to ingest it. So we give our customers the predictability, the ability to ingest the data knowing what the cost is going to be in a very simple cost model. So basically you can ingest everything that you have across all IT tools that you have in your environment. And that helped companies reduce up to 75% of the data cost. We've seen with large customer, how much it change when they moved from traditional SIMs to using Hunters. Specifically, AWS customers can actually use the AWS Credits to buy Hunters if they're interested. Just go to AWS Marketplace, search for Hunters and come to a website, you can use your credits for that. I think we talked also about the security burden, the time spent on writing rules plus correlating incidents. We have seen sometimes a change in, instead of investigating an incident for two days, it is being cut for 20 minutes because we give them the exact story of the entire attack. What are the involved assets? What are the users that are involved, that they can just go see what's happening and then immediately go and remediate it. So big shift in meantime to detect meantime to respond. And I'm sure Ofer has a more kind of insights that he's seen with some of our customers around that. >> Yeah. So some great examples recently there. So there's two things that I've been chatting to customers about. One thing they really get a benefit of is we talked about the problem with talent. And where that really matters the most is that under the gun mode, we have a service that is, we see it as the natural progression of the service that we provide called Team Axon. What Team Axon does for you is when you're under the gun, when something like Log4Shell happens and everybody's looking at you, and time is ticking, instead of trying to figure out on yourself, Team Axon will come in, figure out the threat, will devise a report for all the customers, run queries on your behalf on your data, and give it to you within 24 hours. You'll have something to show your CEO or your executive team, your board even, this is where we got impacted or not impacted. This is what we did. Here's the mitigation thing, step that we need to take from world-class experts that you might not get access to for every single attack out there. That really helps customers kind of feel like they're safe. There's someone there to help them. There's a big brother there. I call it sometimes the Bat-Signal when we need it the most. The other thing is on the day-to-day, a lot of solution, we'll kind of talk about out-of-the-box security. Now, the problem with out-of-the-box security is keeping it up to date, that's what a lot of people miss. You have to think that you installed a year ago, but security doesn't stay put, you need to keep updating it. And you need to keep the updated pretty pretty frequently to stay ahead of the curve. If you're behind couple of months on your security updates, you know what happens. Same thing with your SOC platform on your SIM rule base. The reason that customers don't update is because if they usually do, then it might blow up the amount of alerts they're getting 'cause they need to tweak them. With the approach that we take that we tested on our customer's data transparently for them, and make sure to release them without false positives. We're just allowing them to push the updates transparently directly to their account. They don't need to do anything. And one customer, one of our biggest accounts, they have dozens of subsidiaries and multiple SOCs and one of the largest e-commerce companies in the world. And the person running security, he said, "If I had to do what Hunters gives me out of the box myself, I have to hire 20 people and put them to work for 18 months for what you give me out of the box." So for me, it's a very- >> That's huge. >> What we give customers and the kind of challenges that we're able to solve for them. >> Big challenges. Lital and Ofer, thank you so much for joining us on theCUBE today as part of this AWS Startup Showcase, talking about what Hunters does, why the vision and the value in it for customers. We appreciate your time and your insights. >> Thank you so much. >> For having us. >> My pleasure. For my guests, I'm Lisa Martin. Thank you for watching this episode of the AWS Startup Showcase. We'll see you soon. (cheerful music)