>>We're back at Supercomputing 22 in Dallas, winding down day four of this conference. I'm Paul Gillan, my co-host Dave Nicholson. We are talking, we've been talking super computing all week and you hear a lot about what's going on in the United States, what's going on in China, Japan. What we haven't talked a lot about is what's going on in Europe and did you know that two of the top five supercomputers in the world are actually from European countries? Well, our guest has a lot to do with that. Florian, bearish, I hope I pronounce that correctly. My German is, German is not. My strength is the operations director for price, ais, S B L. And let's start with that. What is price? >>So, hello and thank you for the invitation. I'm Flon and Price is a partnership for Advanced Computing in Europe. It's a non-profit association with the seat in Brussels in Belgium. And we have 24 members. These are representatives from different European countries dealing with high performance computing in at their place. And we, so far, we provided the resources for our European research communities. But this changed in the last year, this oral HPC joint undertaking who put a lot of funding in high performance computing and co-funded five PET scale and three preis scale systems. And two of the preis scale systems. You mentioned already, this is Lumi and Finland and Leonardo in Bologna in Italy were in the place for and three and four at the top 500 at least. >>So why is it important that Europe be in the top list of supercomputer makers? >>I think Europe needs to keep pace with the rest of the world. And simulation science is a key technology for the society. And we saw this very recently with a pandemic, with a covid. We were able to help the research communities to find very quickly vaccines and to understand how the virus spread around the world. And all this knowledge is important to serve the society. Or another example is climate change. Yeah. With these new systems, we will be able to predict more precise the changes in the future. So the more compute power you have, the better the smaller the grid and there is resolution you can choose and the lower the error will be for the future. So these are, I think with these systems, the big or challenges we face can be addressed. This is the climate change, energy, food supply, security. >>Who are your members? Do they come from businesses? Do they come from research, from government? All of the >>Above. Yeah. Our, our members are public organization, universities, research centers, compute sites as a data centers, but But public institutions. Yeah. And we provide this services for free via peer review process with excellence as the most important criteria to the research community for free. >>So 40 years ago when, when the idea of an eu, and maybe I'm getting the dates a little bit wrong, when it was just an idea and the idea of a common currency. Yes. Reducing friction between, between borders to create a trading zone. Yes. There was a lot of focus there. Fast forward to today, would you say that these efforts in supercomputing, would they be possible if there were not an EU super structure? >>No, I would say this would not be possible in this extent. I think when though, but though European initiatives are, are needed and the European Commission is supporting these initiatives very well. And before praise, for instance 2008, there were research centers and data centers operating high performance computing systems, but they were not talking to each other. So it was isolated praise created community of operation sites and it facilitated the exchange between them and also enabled to align investments and to, to get the most out of the available funding. And also at this time, and still today for one single country in Europe, it's very hard to provide all the different architectures needed for all the different kind of research communities and applications. If you want to, to offer always the latest technologies, though this is really hardly possible. So with this joint action and opening the resources for other research groups from other countries, you, we, we were able to, yeah, get access to the latest technology for different communities at any given time though. And >>So, so the fact that the two systems that you mentioned are physically located in Finland and in Italy, if you were to walk into one of those facilities and meet the people that are there, they're not just fins in Finland and Italians in Italy. Yeah. This is, this is very much a European effort. So this, this is true. So, so in this, in that sense, the geography is sort of abstracted. Yeah. And the issues of sovereignty that make might take place in in the private sector don't exist or are there, are there issues with, can any, what are the requirements for a researcher to have access to a system in Finland versus a system in Italy? If you've got a EU passport, Hmm. Are you good to go? >>I think you are good to go though. But EU passport, it's now it becomes complicated and political. It's, it's very much, if we talk about the recent systems, well first, let me start a praise. Praise was inclusive and there was no any constraints as even we had users from US, Australia, we wanted just to support excellence in science. And we did not look at the nationality of the organization, of the PI and and so on. There were quotas, but these quotas were very generously interpreted. So, and if so, now with our HPC joint undertaking, it's a question from what European funds, these systems were procured and if a country or being country are associated to this funding, the researchers also have access to these systems. And this addresses basically UK and and Switzerland, which are not in the European Union, but they were as created to the Horizon 2020 research framework. And though they could can access the systems now available, Lumi and Leono and the Petascale system as well. How this will develop in the future, I don't know. It depends to which research framework they will be associated or not. >>What are the outputs of your work at price? Are they reference designs? Is it actual semiconductor hardware? Is it the research? What do you produce? >>So the, the application we run or the simulation we run cover all different scientific domains. So it's, it's science, it's, but also we have industrial let projects with more application oriented targets. Aerodynamics for instance, for cars or planes or something like this. But also fundamental science like the physical elementary physics particles for instance or climate change, biology, drug design, protein costa, all these >>Things. Can businesses be involved in what you do? Can they purchase your, your research? Do they contribute to their, I'm sure, I'm sure there are many technology firms in Europe that would like to be involved. >>So this involving industry though our calls are open and is, if they want to do open r and d, they are invited to submit also proposals. They will be evaluated and if this is qualifying, they will get the access and they can do their jobs and simulations. It's a little bit more tricky if it's in production, if they use these resources for their business and do not publish the results. They are some, well, probably more sites who, who are able to deal with these requests. Some are more dominant than others, but this is on a smaller scale, definitely. Yeah. >>What does the future hold? Are you planning to, are there other countries who will be joining the effort, other institutions? Do you plan to expand your, your scope >>Well, or I think or HPC joint undertaking with 36 member states is quite, covers already even more than Europe. And yeah, clearly if, if there are other states interest interested to join that there is no limitation. Although the focus lies on European area and on union. >>When, when you interact with colleagues from North America, do you, do you feel that there is a sort of European flavor to supercomputing that is different or are we so globally entwined? No. >>So research is not national, it's not European, it's international. This is also clearly very clear and I can, so we have a longstanding collaboration with our US colleagues and also with Chap and South Africa and Canada. And when Covid hit the world, we were able within two weeks to establish regular seminars inviting US and European colleagues to talk to to other, to each other and exchange the results and find new collaboration and to boost the research activities. So, and I have other examples as well. So when we, we already did the joint calls US exceed and in Europe praise and it was a very interesting experience. So we received applications from different communities and we decided that we will review this on our side, on European, with European experts and US did it in US with their experts. And you can guess what the result was at the meeting when we compared our results, it was matching one by one. It was exactly the same. Recite >>That it, it's, it's refreshing to hear a story of global collaboration. Yeah. Where people are getting along and making meaningful progress. >>I have to mention you, I have to to point out, you did not mention China as a country you were collaborating with. Is that by, is that intentional? >>Well, with China, definitely we have less links and collaborations also. It's also existing. There, there was initiative to look at the development of the technologies and the group meet on a regular basis. And there, there also Chinese colleagues involved. It's on a lower level, >>Yes, but is is the con conversations are occurring. We're out of time. Florian be operations director of price, European Super Computing collaborative. Thank you so much for being with us. I'm always impressed when people come on the cube and submit to an interview in a language that is not their first language. Yeah, >>Absolutely. >>Brave to do that. Yeah. Thank you. You're welcome. Thank you. We'll be right back after this break from Supercomputing 22 in Dallas.

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

(light music) >> Hello, and welcome to theCUBE's special presentation with Horizon3.ai with Rainer Richter, Vice President of EMEA, Europe, Middle East and Africa, and Asia Pacific, APAC Horizon3.ai. Welcome to this special CUBE presentation. Thanks for joining us. >> Thank you for the invitation. >> So Horizon3.ai, driving global expansion, big international news with a partner-first approach. You guys are expanding internationally. Let's get into it. You guys are driving this new expanse partner program to new heights. Tell us about it. What are you seeing in the momentum? Why the expansion? What's all the news about? >> Well, I would say in international, we have, I would say a similar situation like in the US. There is a global shortage of well-educated penetration testers on the one hand side. On the other side, we have a raising demand of network and infrastructure security. And with our approach of an autonomous penetration testing, I believe we are totally on top of the game, especially as we have also now starting with an international instance. That means for example, if a customer in Europe is using our service, NodeZero, he will be connected to a NodeZero instance, which is located inside the European Union. And therefore, he doesn't have to worry about the conflict between the European GDPR regulations versus the US CLOUD Act. And I would say there, we have a total good package for our partners that they can provide differentiators to their customers. >> You know, we've had great conversations here on theCUBE with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company. And obviously, I can just connect the dots here, but I'd like you to weigh in more on how that translates into the go-to-market here because you got great cloud scale with the security product you guys are having success with. Great leverage there, I'm seeing a lot of success there. What's the momentum on the channel partner program internationally? Why is it so important to you? Is it just the regional segmentation? Is it the economics? Why the momentum? >> Well, there are multiple issues. First of all, there is a raising demand in penetration testing. And don't forget that in international, we have a much higher level number or percentage in SMB and mid-market customers. So these customers, typically, most of them even didn't have a pen test done once a year. So for them, pen testing was just too expensive. Now with our offering together with our partners, we can provide different ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with a traditional manual pen test, and that is because we have our Consulting PLUS package, which is for typically pen testers. They can go out and can do a much faster, much quicker pen test at many customers after each other. So they can do more pen test on a lower, more attractive price. On the other side, there are others or even the same one who are providing NodeZero as an MSSP service. So they can go after SMP customers saying, "Okay, you only have a couple of hundred IP addresses. No worries, we have the perfect package for you." And then you have, let's say the mid-market. Let's say the thousand and more employees, then they might even have an annual subscription. Very traditional, but for all of them, it's all the same. The customer or the service provider doesn't need a piece of hardware. They only need to install a small piece of a Docker container and that's it. And that makes it so smooth to go in and say, "Okay, Mr. Customer, we just put in this virtual attacker into your network, and that's it and all the rest is done." And within three clicks, they can act like a pen tester with 20 years of experience. >> And that's going to be very channel-friendly and partner-friendly, I can almost imagine. So I have to ask you, and thank you for calling out that breakdown and segmentation. That was good, that was very helpful for me to understand, but I want to follow up, if you don't mind. What type of partners are you seeing the most traction with and why? >> Well, I would say at the beginning, typically, you have the innovators, the early adapters, typically boutique-size of partners. They start because they are always looking for innovation. Those are the ones, they start in the beginning. So we have a wide range of partners having mostly even managed by the owner of the company. So they immediately understand, okay, there is the value, and they can change their offering. They're changing their offering in terms of penetration testing because they can do more pen tests and they can then add others ones. Or we have those ones who offered pen test services, but they did not have their own pen testers. So they had to go out on the open market and source pen testing experts to get the pen test at a particular customer done. And now with NodeZero, they're totally independent. They can go out and say, "Okay, Mr. Customer, here's the service. That's it, we turn it on. And within an hour, you are up and running totally." >> Yeah, and those pen tests are usually expensive and hard to do. Now it's right in line with the sales delivery. Pretty interesting for a partner. >> Absolutely, but on the other hand side, we are not killing the pen tester's business. We are providing with NodeZero, I would call something like the foundational work. The foundational work of having an ongoing penetration testing of the infrastructure, the operating system. And the pen testers by themselves, they can concentrate in the future on things like application pen testing, for example. So those services, which we are not touching. So we are not killing the pen tester market. We are just taking away the ongoing, let's say foundation work, call it that way. >> Yeah, yeah. That was one of my questions. I was going to ask is there's a lot of interest in this autonomous pen testing. One because it's expensive to do because those skills are required are in need and they're expensive. (chuckles) So you kind of cover the entry-level and the blockers that are in there. I've seen people say to me, "This pen test becomes a blocker for getting things done." So there's been a lot of interest in the autonomous pen testing and for organizations to have that posture. And it's an overseas issue too because now you have that ongoing thing. So can you explain that particular benefit for an organization to have that continuously verifying an organization's posture? >> Certainly. So I would say typically, you have to do your patches. You have to bring in new versions of operating systems, of different services, of operating systems of some components, and they are always bringing new vulnerabilities. The difference here is that with NodeZero, we are telling the customer or the partner the package. We're telling them which are the executable vulnerabilities because previously, they might have had a vulnerability scanner. So this vulnerability scanner brought up hundreds or even thousands of CVEs, but didn't say anything about which of them are vulnerable, really executable. And then you need an expert digging in one CVE after the other, finding out is it really executable, yes or no? And that is where you need highly-paid experts, which where we have a shortage. So with NodeZero now, we can say, "Okay, we tell you exactly which ones are the ones you should work on because those are the ones which are executable. We rank them accordingly to risk level, how easily they can be used." And then the good thing is converted or in difference to the traditional penetration test, they don't have to wait for a year for the next pen test to find out if the fixing was effective. They run just the next scan and say, "Yes, closed. Vulnerability is gone." >> The time is really valuable. And if you're doing any DevOps, cloud-native, you're always pushing new things. So pen test, ongoing pen testing is actually a benefit just in general as a kind of hygiene. So really, really interesting solution. Really bringing that global scale is going to be a new coverage area for us, for sure. I have to ask you, if you don't mind answering, what particular region are you focused on or plan to target for this next phase of growth? >> Well, at this moment, we are concentrating on the countries inside the European Union plus United Kingdom. And of course, logically, I'm based in the Frankfurt area. That means we cover more or less the countries just around. So it's like the so-called DACH region, Germany, Switzerland, Austria, plus the Netherlands. But we also already have partners in the Nordic, like in Finland and Sweden. So we have partners already in the UK and it's rapidly growing. So for example, we are now starting with some activities in Singapore and also in the Middle East area. Very important, depending on let's say, the way how to do business. Currently, we try to concentrate on those countries where we can have, let's say at least English as an accepted business language. >> Great, is there any particular region you're having the most success with right now? Sounds like European Union's kind of first wave. What's the most- >> Yes, that's the first. Definitely, that's the first wave. And now with also getting the European INSTANCE up and running, it's clearly our commitment also to the market saying, "Okay, we know there are certain dedicated requirements and we take care of this." And we are just launching, we are building up this one, the instance in the AWS service center here in Frankfurt. Also, with some dedicated hardware, internet, and a data center in Frankfurt, where we have with the DE-CIX, by the way, the highest internet interconnection bandwidth on the planet. So we have very short latency to wherever you are on the globe. >> That's a great call out benefit too. I was going to ask that. What are some of the benefits your partners are seeing in EMEA and Asia Pacific? >> Well, I would say, the benefits for them, it's clearly they can talk with customers and can offer customers penetration testing, which they before even didn't think about because penetration testing in a traditional way was simply too expensive for them, too complex, the preparation time was too long, they didn't have even have the capacity to support an external pen tester. Now with this service, you can go in and even say, "Mr. Customer, we can do a test with you in a couple of minutes. We have installed a Docker container. Within 10 minutes, we have the pen test started. That's it and then we just wait." And I would say we are seeing so many aha moments then. On the partner side, when they see NodeZero the first time working, it's like they say, "Wow, that is great." And then they walk out to customers and show it to their typically at the beginning, mostly the friendly customers like, "Wow, that's great, I need that." And I would say the feedback from the partners is that is a service where I do not have to evangelize the customer. Everybody understands penetration testing, I don't have to describe what it is. The customer understanding immediately, "Yes. Penetration testing, heard about that. I know I should do it, but too complex, too expensive." Now for example, as an MSSP service provided from one of our partners, it's getting easy. >> Yeah, and it's great benefit there. I mean, I got to say I'm a huge fan of what you guys are doing. I like this continuous automation. That's a major benefit to anyone doing DevOps or any kind of modern application development. This is just a godsend for them, this is really good. And like you said, the pen testers that are doing it, they were kind of coming down from their expertise to kind of do things that should have been automated. They get to focus on the bigger ticket items. That's a really big point. >> Exactly. So we free them, we free the pen testers for the higher level elements of the penetration testing segment, and that is typically the application testing, which is currently far away from being automated. >> Yeah, and that's where the most critical workloads are, and I think this is the nice balance. Congratulations on the international expansion of the program, and thanks for coming on this special presentation. I really appreciate it. Thank you very much. >> You're welcome. >> Okay, this is theCUBE special presentation, you know, checking on pen test automation, international expansion, Horizon3.ai. A really innovative solution. In our next segment, Chris Hill, Sector Head for Strategic Accounts, will discuss the power of Horizon3.ai and Splunk in action. You're watching theCUBE, the leader in high tech enterprise coverage. (steady music)

>>The cube presents HPE discover 2022 brought to you by HPE. >>Hey everyone. Welcome back to the Cube's coverage of HPE. Discover 22 live from the Sans expo center in Las Vegas. Lisa Martin, here with Dave Velante. We've an alumni back joining us to talk about high performance computing and AI, Justin ARD, EVP, and general manager of HPC and AI at HPE. That's a mouthful. Welcome back. >>It is no, it's great to be back and wow, it's great to be back in person as well. >>It's it's life changing to be back in person. The keynote this morning was great. The Dave was saying the energy that he's seen is probably the most out of, of any discover that you've been at and we've been feeling that and it's only day one. >>Yeah, I, I, I agree. And I think it's a Testament to the places in the market that we're leading the innovation we're driving. I mean, obviously the leadership in HPE GreenLake and, and enabling as a service for, for every customer, not just those in the public cloud, providing that, that capability. And then obviously what we're doing at HPC and AI breaking, uh, you know, breaking records and, uh, advancing the industry. So >>I just saw the Q2 numbers, nice revenue growth there for HPC and AI. Talk to us about the lay of the land what's going on, what are customers excited about? >>Yeah. You know, it's, it's a, it's a really fascinating time in this, in this business because we're, you know, we just, we just delivered the first, the world's first exo scale system. Right. And that's, uh, you know, that's a huge milestone for our industry, a breakthrough, you know, 13 years ago, we did the first Petta scale system. Now we're doing the first exo scale system, huge advance forward. But what's exciting too, is these systems are enabling new applications, new workloads, breakthroughs in AI, the beginning of being able to do proper quantum simulations, which will lead us to a much, you know, brighter future with quantum and then actually better and more granular models, which have the ability to really change the world. >>I was telling Lisa that during the pandemic we did, uh, exo scale day, it was like this co yep. You know, produce event. And we weren't quite at exo scale yet, but we could see it coming. And so it was great to see in frontier and, and the keynote you guys broke through that, is that a natural evolution of HPC or is this we entering a new era? >>Yeah, I, I think it's a new era and I think it's a new era for a few reasons because that, that breakthrough really, it starts to enable a different class of use cases. And it's combined with the fact that I think, you know, you look at where the rest of the enterprises data set has gone, right? We've got a lot more data, a lot more visibility to data. Um, but we don't know how to use it. And now with this computing power, we can start to create new insights and new applications. And so I think this is gonna be a path to making HPC more broadly available. And of course it introduces AI models at scale. And that's, that's really critical cause AI is a buzzword. I mean, lots of people say they're doing AI, but when you know, to, to build true intelligence, not, not effectively, you know, a machine that learns data and then can only handle that data, but to build true intelligence where you've got something that can continue to learn and understand and grow and evolve, you need this class of system. And so I think we're at, we're at the forefront of a lot of exciting innovation. H how, >>In terms of innovation, how important is it that you're able to combine as a service and HPC? Uh, what does that mean for, for customers for experimentation and innovation? >>You know, a couple things I've been, I've actually been talking to customers about that over the last day and a half. And, you know, one is, um, you think about these, these systems are, they're very large and, and they're, they're pretty, you know, pretty big bets if you're a customer. So getting early access to them right, is, is really key, making sure that they're, they can migrate their software, their applications, again, in our space, most of our applications are custom built, whether you're a, you know, a government or a private sector company, that's using these systems, you're, you're doing these are pretty specialized. So getting that early access is important. And then actually what we're seeing is, uh, with the growth and explosion of insight that we can enable. And some of the diversity of, you know, new, um, accelerator partners and new processors that are on the market is actually the attraction of diversity. And so making things available where customers can use multimodal systems. And we've seen that in this era, like our customer Lumi and Finland number, the number three fastest system in the world actually has two sides to their system. So there's a compute side, dense compute side and a dense accelerator side. >>So Oak Ridge national labs was on stage with Antonio this morning, the, the talking about frontier, the frontier system, I thought what a great name, very apropo, but it was also just named the number one to the super computing, top 500. That's a pretty big accomplishment. Talk about the impact of what that really means. >>Yeah. I, I think a couple things, first of all, uh, anytime you have this breakthrough of number one, you see a massive acceleration of applications. And if you really, if you look at the applications that were built, because when the us department of energy funded these Exoscale products or platforms, they also funded app a set of applications. And so it's the ability to get more accurate earth models for long term climate science. It's the ability to model the electrical grid and understand better how to build resiliency into that grid. His ability is, um, Dr. Te Rossi talked about a progressing, you know, cancer research and cancer breakthroughs. I mean, there's so many benefits to the world that we can bring with these systems. That's one element. The other big part of this breakthrough is actually a list, a lesser known list from the top 500 called the green 500. >>And that's where we measure performance over power consumption. And what's a huge breakthrough in this system. Is that not only to frontier debut at number one on the top 500, it's actually got the top two spots, uh, because it's got a small test system that also is up there, but it's got the top two spots on the green 500 and that's actually a real huge breakthrough because now we're doing a ton more computation at far lesser power. And that's really important cuz you think about these systems, ultimately you can, you can't, you know, continue to consume power linearly with scaling up performance. There's I mean, there's a huge issue on our impact on our environment, but it's the impact to the power grid. It's the impact to heat dissipation. There's a lot of complexities. So this breakthrough with frontier also enables us no pun intended to really accelerate, you know, the, the capacity and scale of these systems and what we can deliver. >>It feels like we're entering a new Renaissance of HPC. I mean, I'm old enough to remember. I, it was, it wasn't until recently my wife, not recently, maybe five, six years ago, my wife threw out my, my green thinking machines. T-shirt that Danny Hillis gave you guys probably both too young to remember, but you had thinking machines, Ken to square research convex tried to mini build a mini computer HPC. Okay. And there was a lot of innovation going on around that time and then it just became too expensive and, and, and other things X 86 happened. And, and, but it feels like now we're entering a, a new era of, of HPC. Is that valid or is it true? What's that mean for HPC as an industry and for industry? >>Yeah, I think, I think it's a BR I think it's a breadth. Um, it's a market that's opening and getting much more broader the number of applications you can run, you know, and we've traditionally had, you know, scientific applications, obviously there's a ton in energy and, and you know, physics and some of the traditional areas that obviously the department of energy sponsor, but, you know, we saw this with, with even the COVID pandemic, right? Our, our supercomputers were used to identify the spike protein to, to help and validate and test these vaccines and bring them to market and record time. We saw some of the benefits of these breakthroughs. And I think it's this combination of that, that we actually have the data, you know, it's, it's digital, it's captured, um, we're capturing it at, you know, at the edge, we're capturing it and, and storing it obviously more broadly. So we have the access to the data and now we have the compute power to run it. And the other big thing is the techniques around artificial intelligence. I mean, what we're able to do with neural networks, computer vision, large language models, natural language processing. These are breakthroughs that, um, one require these large systems, but two, as you give them a large systems, you can actually really enable acceleration of how sophisticated these, these applications can get. >>Let's talk about the impact of the convergence of HPC and AI. What are some of the things that you're seeing now and what are some of the things that we're gonna see? >>Yeah. So, so I, one thing I like to talk about is it's, it's really, it's not a convergence. I think it's it. Sometimes it gets a little bit oversimplified. It's actually, it's traditional modeling and simulation leveraging machine learning to, to refine the simulation. And this is a, is one of the things we talk about a lot in AI, right? It's using machine learning to actually create code in real time, rather than humans doing it, that ability to refine the model as you're running. So we have an example. We did a, uh, we, we actually launched an open source solution called smart SIM. And the first application of that was climate science. And it's what it's doing is it's actually learning the data from the model as the simulation is running to provide more accurate climate prediction. But you think about that, that could be run for, you know, anything that has a complex model. >>You could run that for financial modeling, you can use AI. And so we're seeing things like that. And I think we'll continue to see that the other side of that is using modeling and simulation to actually represent what you see in AI. So we were talking about the grid. This is one of the Exoscale compute projects you could actually use once you actually get, get the data and you can start modeling the behavior of every electrical endpoint in a city. You know, the, the meter in your house, the substation, the, the transformers, you can start measuring the FX of that. You can then build equations. Well, once you build those equations, you can then take a model, cuz you've learned what actually happens in the real world, build the equation. And then you can provide that to someone who doesn't need a extra scale supercomputer to run it, but that, you know, your local energy company can better understand what's happening and they'll know, oh, there's a problem here. We need to shift the grid or respond more, more dynamically. And hopefully that avoids brownouts or, you know, some of the catastrophic outages we've >>Seen so they can deploy that model, which, which inherently has that intelligence on sort of more cost effective systems and then apply it to a much broader range. Do any of those, um, smart simulations on, on climate suggest that it's, it's all a hoax. You don't have to answer that question. <laugh> um, what, uh, >>The temperature outside Dave might, might give you a little bit of an argument to that. >>Tell us about quantum, what's your point of view there? Is it becoming more stable? What's H HPE doing there? >>Yeah. So, so look, I think there's, there's two things to understand with quantum there's quantum hardware, right? Fundamentally, um, how, um, how that runs very differently than, than how we run traditional computers. And then there's the applications. And ultimately a quantum application on quantum hardware will be far more efficient in the future than, than anything else. We, we see the opportunity for, uh, much like we see with, you know, with HPC and AI, we just talked about for quantum to be complimentary. It runs really well with certain applications that fabricate themselves as quantum problems and some great examples are, you know, the, the life sciences, obviously quantum chemistry, uh, you see some, actually some opportunities in, in, uh, in AI and in other areas where, uh, quantum has a very, very, it, it just lends itself more naturally to the behavior of the problem. And what we believe is that in the short term, we can actually model quantum effectively on these, on these super computers, because there's not a perfect quantum hardware replacement over time. You know, we would anticipate that will evolve and we'll see quantum accelerators much. Like we see, you know, AI accelerators today in this space. So we think it's gonna be a natural evolution in progression, but there's certain applications that are just gonna be solved better by quantum. And that's the, that's the future we'll we'll run into. And >>You're suggesting if I understood it correctly, you can start building those applications and, and at least modeling what those applications look like today with today's technology. That's interesting because I mean, I, I think it's something rudimentary compared to quantum as flash storage, right? When you got rid of the spinning disc, it changed the way in which people thought about writing applications. So if I understand it, new applications that can take advantage of quantum are gonna change the way in which developers write, not one or a zero it's one and virtually infinite <laugh> combinations. >>Yeah. And I actually, I think that's, what's compelling about the opportunity is that you can, if you think about a lot of traditional the traditional computing industry, you always had to kind of wait for the hardware to be there, to really write, write, and test the application. And we, you know, we even see that with our customers and HPC and, and AI, right? They, they build a model and then they, they actually have to optimize it across the hardware once they deploy it at scale. And with quantum what's interesting is you can actually, uh, you can actually model and, and, and make progress on the software. And then, and then as the hardware becomes available, optimize it. And that's, you know, that's why we see this. We talk about this concept of quantum accelerators as, as really interesting, >>What are the customer conversations these days as there's been so much evolution in HPC and AI and the technology so much change in the world in the last couple of years, is it elevating up the CS stack in terms of your conversations with customers wanting to become familiar with Exoscale computing? For example? >>Yeah. I, I think two things, uh, one, one is we see a real rise in digital sovereignty and Exoscale and HPC as a core fund, you know, fundamental foundation. So you see what, um, you know, what Europe is doing with the, the, the Euro HPC initiative, as one example, you know, we see the same kind of leadership coming out of the UK with the system. We deployed with them in Archer two, you know, we've got many customers across the globe deploying next generation weather forecasting systems, but everybody feels, they, they understand the foundation of having a strong supercomputing and HPC capability and competence and not just the hardware, the software development, the scientific research, the, the computational scientists to enable them to remain competitive economically. It's important for defense purposes. It's important for, you know, for helping their citizens, right. And providing, you know, providing services and, and betterment. >>So that's one, I'd say that's one big theme. The other one is something Dave touched on before around, you know, as a service and why we think HP GreenLake will be, uh, a beautiful marriage with our, with our HPC and AI systems over time, which is customers also, um, are going to scale up and build really complex models. And then they'll simplify them and deploy them in other places. And so there's a number of examples. We see them, you know, we see them in places like oil and gas. We see them in manufacturing where I've gotta build a really complex model, figure out what it looks like. Then I can reduce it to a, you know, to a, uh, certain equation or application that I can then deploy. So I understand what's happening and running because you, of course, as much as I would love it, you're not gonna have, uh, every enterprise around the world or every endpoint have an exit scale system. Right. So, so that ability to, to, to really provide an as a service element with HP GreenLake, we think is really compelling. >>HP's move into HPC, the acquisitions you've made it really have become a differentiator for the company. Hasn't it? >>Yeah. And I, and I think what's unique about us today. If you look at the landscape is we're, we're really the only system provider globally. Yeah. You know, there are, there are local players that we compete with. Um, but we are the one true global system provider. And we're also the only, I would say the only holistic innovator at the system level to, to, you know, to credit my team on the work they're doing. But, you know, we're, we're also very committed to open standards. We're investing in, um, you know, in a number of places where we contribute the dev the software assets to open source, we're doing work with standards bodies to progress and accelerate the industry and enable the ecosystem. And, uh, and I think that, you know, ultimately the, the, the last thing I'd say is we, we are so connected in, um, with, through our, through the legacy or the, the legend of H Hewlett Packard labs, which now also reports into me that we have these really tight ties into advanced research and that some of that advanced research, which isn't just, um, around kind of core processing Silicon is really critical to enabling better applications, better use cases and accelerating the outcomes we see in these systems going forward. >>Can >>You double click on that? I, I, I wasn't aware that kind of reported into your group. Yeah. So, you know, the roots of HP are invent, right? Yeah. HP labs are, are renowned. It kinda lost that formula for a while. And now it's sounds like it's coming back. What, what, what are some of the cool things that you guys are working on? Well, >>You know, let me, let me start with a little bit of recent history. So we just talked about the exo scale program. I mean, that was a, that's a great example of where we had a public private partnership with the department of energy and it, and it wasn't just that we, um, you know, we built a system and delivered it, but if you go back a decade ago, or five years ago, there were, there were innovations that were built, you know, to accelerate that system. One is our Slingshot fabric as an example, which is a core enable of, of acceler, you know, of, of this accelerated computing environment, but others in software applications and services that allowed us to, you know, to really deliver a, a complete solution into the market. Um, today we're looking at things around trustworthy and ethical AI, so trustworthy AI in the sense that, you know, the models are accurate, you know, and that's, that's a challenge on two dimensions, cuz one is the, model's only as good as the data it's studying. >>So you need to validate that the data's accurate and then you need to really study how, you know, how do I make sure that even if the data is accurate, I've got a model that then, you know, is gonna predict the right things and not call a, a dog, a cat, or a, you know, a, a cat, a mouse or whatever that is. But so that's important. And, uh, so that's one area. The other is future system architectures because, um, as we've talked about before, Dave, you have this constant tension between the fabric, uh, you know, the interconnect, the compute and the, and the storage and, you know, constant, constantly balancing it. And so we're really looking at that, how do we do more, you know, shared memory access? How do we, you know, how do we do more direct rights? Like, you know, looking at some future system architectures and thinking about that. And we, you know, we think that's really, really critical in this part of the business because these heterogeneous systems, and not saying I'm gonna have one monolithic application, but I'm gonna have applications that need to take advantage of different code, different technologies at different times. And being able to move that seamlessly across the architecture, uh, we think is gonna be the, you know, a part of the, the hallmark of the Exoscale era, including >>Edge, which is a completely different animal. I think that's where some disruption is gonna gonna bubble up here in the next decade. >>So, yeah know, and, and that's, you know, that's the last thing I'd say is, is we look at AI at scale, which is another core part of the business that can run on these large clusters. That means getting all the way down to the edge and doing inference at scale, right. And, and inference at scale is, you know, I, I was, um, about a month ago, I was at the world economic forum. We were talking about the space economy and it's a great, you know, to me, it's the perfect example of inference, because if you get a set of data that you know, is, is out at Mars, it doesn't matter whether, you know, whether you wanna push all that data back to, uh, to earth for processing or not. You don't really have a choice, cuz it's just gonna take too long. >>Don't have that time. Justin, thank you so much for spending some of your time with Dave and me talking about what's going on with HBC and AI. The frontier just seems endless and very exciting. We appreciate your time on your insights. >>Great. Thanks so much. Thanks. >>Yes. And don't call a dog, a cat that I thought I learned from you. A dog at no, Nope. <laugh> Nope. <laugh> for Justin and Dave ante. I'm Lisa Martin. You're watching the Cube's coverage of day one from HPE. Discover 22. The cube is, guess what? The leader, the leader in live tech coverage will be right back with our next guest.

(bright intro music) >> Hello and welcome to theCUBE coverage of AnsibleFest 2021, virtual, hybrid, all online now. It's been a hell of a year. It's been going great with all the interactions. AnsibleFest 2021, Carol Chen is here. She's the Principal Community Architect for Ansible Community with Red Hat. Carol, thanks for coming on the AnsibleFest 2021 virtual coverage. >> Thanks for having me here, John. >> You know, one of the things about the pandemic I was mentioning, there's the online communities have been really, that have been online, have thrived. Developers know how to do virtual, and virtual, first, now is becoming a norm for developers. So the pandemic, although it's been a really big inconvenience for many, developers, actually, haven't been truly impacted other than the face to face interactions around hallway conversations and events. You're seeing a lot more community open conversations happening more than ever before, just the trend itself was hot. Now you have more people collaborating. What's the state of the Ansible Community right now? Because you know, online content at an all-time high, I'm seeing videos hit. I've seen a lot of content flowing. All around the internet seems to be more action. What's the state of the Ansible Community? >> Yeah, definitely. And actually, from the very start Ansible Community is a very much online community because of the diverse nature in terms of, you know, geographical distribution and just people from all of the world coming together. So initially, I mean, of course we do have like in-person meet-ups, which were a popular thing before the pandemic. That kind of took a little backseat and while it turned virtual, initially, people were like wondering what to do, but, you know, we are used to video conferences and online chats. So virtual meet-ups became quite a popular thing in the first half of the pandemic. So pretty much most of last year, we actually saw a slight rise in the number of, the median number of attendees at these meet-ups, because it's more accessible. You can attend from home, you can, you know, you don't have to go to a physical place to attend these meet-ups. However, this year we are starting to see some virtual fatigue and, you know, the numbers are dropping a little bit, but, you know, hopefully with the, some parts of the world are opening up and we are seeing some meet-ups coming into, in person again, depending on the region, of course, because it's not the same around the world. But I think that the need for people to connect socially is always there, whether it's online or in person. And the Ansible Community is pretty strong in that. And I want to stress that a lot of these meet-ups are organized by the community members, not necessarily by Red Hat or the Ansible team. So, you know, the desire to connect with other people in the community has always there and it's going on strong. >> Yeah, that's a good call out on the community side. I think that the affinity groups around the communities, self forming these meet-ups. >> Right. >> People want to meet in person, that's going to come back. You're starting to see that hybrid. But it's also, you're starting to see again, a fatigue for being like attending these virtual events. But at the same time, you're seeing the asynchronous consumption still go high, too. You're seeing, "Okay, I can do a fly by the event." Or if it's in person, "I'd prefer that." But there's still a lot more asynchronous going on, and a lot more opportunities to contribute. And you guys have done this contributor summits virtually. Can you talk about that trend? Tell me about the virtual contributor summits. >> Sure. So of course we have our regular community meetings, weekly, in fact. But the contributor summit is a place where we can actually gather, previously it was face-to-face, usually part of AnsibleFest, like the day before or after, depending. And, you know, to really, you know, hash out different discussions and more in-depth technical analyses of different parts of the project that we were working on. Even though, virtually, we are still able to do that, and we are, actually, able to increase in frequency of these events. Usually, it used to be once or twice a year, depending on whether or not we have, when we have the AnsibleFest. But last year we had three contributors summits. And this year, the third one will happen along with AnsibleFest in September, end of September, so in this week. So yeah, you know, there's definitely the advantage of making things easier to, for participants. But um... >> Talk about the vibe- Talk about the vibe of the summit. I mean, these contributors. I mean, what's it like and what are people experiencing? Are they just contributing code? They working on projects? Is it hackathons? Is it more, >> Right. >> What's the format of, what are people preferring? What's the best practice? >> So, what we want to encourage is not just one person giving presentations and like a one-way thing, but actually a dialogue. So a lot of these discussions are kind of interactive. So we use tools that allow people, not just like streaming one direction, but people can also appear on video and talk and express their opinions and join the discussions or in chat if they prefer not to show their face. But in any case, it's a lot of times it's not a full presentation, but perhaps an introduction for 5, 10 minutes. And then we go to discussion of a certain topic in-depth. So it's a very, I would say discussion-based, and also we are introducing a hackathon at this contributor summit, because I think it's quite a popular thing for people to get hands-on experience or work on something right away with people to support them then and there. So, you know, you can get results in real-time. So in actual fact, even before the pandemic, our contributor summits have had like, a virtual online component. So we were doing hybrid events before they were, you know, called popular hybrid events, but... >> Before they were necessary, it was cool. >> Right, Right. Exactly. So, because like I said, our contributors are from around the world, so we always made sure that they had a way of participating in the contributor summit as well. >> Yeah. I think that's really important to point out. I mean, I won't say it's cool to do hybrids necessary now because of the pandemic, but that format actually is interesting because you got a linear event that's physical face to face. Certainly that's super valuable when that comes back. But now that the online side has kind of been tied together with the simulated live asynchronous capability, you have this new format. Talk about how you guys are taking that to the next level around trust. Because one of the things about being face-to-face and then being online and knowing people is working together and getting a feeling of trusting each other, right? So, this is a- >> Right. huge part of community. >> How are you guys, now that we're more dispersed than ever, how are you guys handling, or facilitating and nurturing that trust equation? >> Right. So as a open source project, one of the key things is we do a lot of the things in the open. We, you know, the pull request, the development of the code is all done in the open. That's, you know, a very kind of implicit trust that you can have through that. And also the community meetings are open up to the public. Anybody can join if they're interested in. And even if you're not able to join the meetings because time zones or whatever, we share the meeting minutes after the meetings to everyone. Which brings me to, we actually started a newsletter for the community called the Bullhorn, since last April, I think. Because, you know, again, we are trying to explore more channels to be able to reach to different people who may not be able to attend in person, or even during the same time as the community meetings. So they can have this bi-weekly newsletter every two weeks that, you know, shares the meeting minutes. What has been discussed, the new developments in the community, the new collections, updates, new tools and so on. So definitely we see, like, we want to improve the communication to the community and ways that they can provide feedback to us as well. >> And that's called the Bullhorn? That's just getting the word out? >> Yeah, Bullhorn. Yes. Thank you. >> It's like the updates, like it's like, you know, a quick, quick executive summary of kind of what's happening. Is that kind of the vibe? >> Right, Right. >> Okay. Well, I want to ask you specifically, I heard about this new Community Steering Committee. What's the purpose of this? What's this evolving into? Can you give us some background on the purpose and the objective of the community? >> Yeah Sure. Yeah. We established the Ansible Community Steering Committee earlier this year, and as we were saying that the Ansible project is growing, so of course the user community, and also, they're very happy to say that the contributor community is growing. So, you know, we want to provide a better structure for the upstream Ansible project. And a lot of changes are taking place that we want to have some, a group of people to be able to facilitate that. For example, people are, want to make, create new collections, Ansible collections, for automated technologies that they are, you know, working on, or even contribute to existing collections that they have invested interest in. So what are some of the procedures and policies that are needed? Right? So the Steering Committee defines these procedures and make sure that the new content coming in are in compliance to the policies and so on. I mean, this kind of decision-making and stuff has been happening in the committee, I mean the community in an ad hoc manner, to a large extent, even before this. But having the Steering Committee will provide, to add more structure, like I said, and also guidance and accountability for the Ansible Community. >> That's awesome. You know, I love, first of all, I love your title, Principal Community Architect. And you know, one of the things I've always been a big fan of with Ansible, and now as part of Red Hat, is one, Red Hat didn't screw up Ansible. They let it become what it was and became really big with the combination. But the community has always been content driven. And now you've got recipes, you've got collections, you've got content, but the community piece is key. And right now, more than ever with the pandemic, community is more important than ever before. Open source is more important than ever before. How do you look at the architecture of how to sustain and evolve communities to be more inclusive and to grow and to survive and thrive post pandemic? What's your learnings? What's your vision on architecting community for the future? >> I think the key thing is to really find channels and ways to listen to the community. We talk about how to reach our newsletter or whatever, meetings to the community, but it's also what's coming from them. If we don't listen to what they have to say, we don't know what they want and how we can make the community better, the process better for them. I mean, I've been managing different open source communities before Ansible, but every community is different, right? I cannot say what worked for the previous community works for this. So I always try to reach out to the current members in the Ansible Community and hear what they have to say, their complaints, their criticisms, good and bad, because, you know, without those feedback, we cannot grow and we cannot improve. So, and I myself, I've lived in three different continents. So I know the struggle of whether it's like language barriers or time zone restrictions. So, you know, we keep all these in mind as we, you know, build our relationships with the community. >> And I think there's, I think there's a real opportunity with this new virtual standards that not yet emerged. I mean, you mentioned you've been doing hybrid, which has always been part of a physical event, which is going to become normal. But I think there's an opportunity that we're learning in this past a year and a half, where there are new, there are new things and there's, it's good, bad and ugly. I mean, there's been some really ugly conferences. Virtual's a bit painful. But there's also been some really nice moments where people are seeing interaction. So is there any learnings that you've taken away from this past year and a half that you can point to that you might want to share with folks watching around how to tap into the magical moments that could be enabled by, you know, the virtual and or bringing people together? >> You know, I myself, I'm a lover of technology, anything new I like to try. So definitely in this pandemic there's been lots of opportunities to try different technologies. What works, what doesn't work. I think, you know, just trying things out helps. I know sometimes people are resistant to change. I myself sometimes find it hard to change my ways in, in certain, you know, I'm used to this too. I want to use it most of the time, but. But anyway, you know, give, things a chance, but most, I think most importantly, is focus on the people. Because technology aside, it is the people you are reaching out to. Right? So again, listen what they have to say. You know? If this doesn't work for them, find out what they prefer, or you know, what, how we can make things better to improve things for them. So I always keep the focus on the people, on the community and, you know, give new technology a chance. And you know sometimes it works out, sometimes it doesn't, but you don't know 'til try and yeah, just- >> Jump in the water is warm. >> Hope for the best. >> Come on in, water is fine. So the meet-ups are happening. >> Right. >> People are getting together where there, where there's a geography opportunity where there's not a lot of scaring, too much scare going on with the meet-ups. So that's cool. What, what is the current AnsibleFest 2021 key thing that you'd like people to walk away with Carol? Because obviously the momentum is continuing. The world needs to go on. We are seeing hybrid, and then we're going to end up coming out of this soon. What's the, what's the key message this year from the AnsibleFest 2021, from the community. >> That, Ansible is open, Ansible is, you know, open to contributions from anyone. And especially the Ansible Community team is working very hard to make things easy and accessible. So please feel free to visit Ansible.com/community for ways of reaching us. And, you know, use Ansible to automate your stuff, and then use the free time that you have from that to spend more time for your family and friends. >> That's great. Be open. Listen. Now you've got a Steering Committee to steer that ship in the right direction. Congratulations. Thanks for coming on theCUBE and for the update, really appreciate it. Again, props to the community at the Ansible part of Red Hat. You guys do a great job. And again, we'll see you on the other side of the pandemic and thanks for coming in remotely all the way in Finland. >> Thank you so much for having me. Its been my pleasure. Thanks. >> Thank you, Carol. I'm John Furrier for AnsibleFest 2021 coverage. This is theCUBE. Thanks for watching. (bright exit music)

(upbeat music) >> Announcer: Live from San Diego, California, it's theCUBE, covering KubeCon and CloudNativeCon. Brought to you by Red Hat, the Cloud Native Computing Foundation, and its ecosystem partners. >> Welcome back, this is theCUBE's coverage of KubeCon, CloudNativeCon 2019. And a special segment, we're actually going to doing our 2020 predictions. I am Stu Miniman, joining me, my two co-hosts of the week. To my left is Justin Warren, who I believe's been to, you went to the first one? >> I've been to all four, yeah. >> All four of the North America shows. >> Yep. >> I personally have been now to three of the North American, as well as one in the Barcelona. And we have a first time KubeConner, but long time host of theCUBE and things, John Troyer to my right. Gentlemen, thanks so much for joining us. So first thing, the rapid fire. 12,000 in attendance. Last year 8,000, the year before 4,000. So, my math says that it will be 16,000 when we come next year to beautiful November in Boston, Massachusetts, which I can drive to. We've had snow in Austin, rain in San Diego. So, I'm predicting 60 to 70 degree weather in Boston, 'cause that never happens in Boston. Number of attendees next year, Justin? >> Well, it was doubling and now they have dropped it to 50%, so I reckon another 50%, I'll reckon 18 to 20,000. >> Stu: Oh, John? >> Yeah, I'll go higher. That many plus one. >> Okay, I feel like we'll do, I bet $1, $1. But, okay-- >> We have not hit peak Kubernetes yet. >> No. >> We definitely have not hit peak Kubernetes. One of the things, I keep looking for the theme of the show, and one of the things, we've been talking in some of the segments, is there needs to be simplification. When we talk about where we're at with cloud adoption, when we talk about some of these environments, there is a broad ecosystem. So, there needs to be some winnowing down of the technologies. We've seen some areas where things like MicroK8s and K3s to be able to be able to put Kubernetes at the edge. It's not that, that will replace Kubernetes, but things need to get simpler in some environments. Justin, I'll throw it to you first. Is simplification the theme of the show, is there something else that's grabbing you? >> The theme for me is that the money has arrived. We saw a little bit of that last year but this year it is definitely just the number of sponsors that we have here, the number of startups that we have here, the ecosystem, the number of parties, the VCs are here. This feels like a lot of other technology shows that we've been to before in their hay day. We are right here in the hay day of Kubernetes. So, I can see it getting bigger. Will there be consolidation? Yes, I think there will. But I think that this is going to broaden out further first. I don't think that we're quite at the point where things need to start collapsing in. I think we're still going to be exploring all the different options that we have. I think the theme is simplification, yes, I agree. But it's now going to be people trying to solve that problem by creating these higher-level services, managed-Kubernetes offerings. A lot of the different component projects that are there, we're going to see a lot of options where they try to manage that for you and make it easier to consume. But there will be several different attempts at that and not all of them are going to survive. >> Yeah, I'll go with you. Simplification's going to be an issue. Has to happen, we saw a lot of different stacks here at the show, if you go out on the show floor. A lot of people are trying to give you a generic platform. A general-purpose platform, maybe it has its own opinionated view of networking, or storage, or management, or security. But at the end of the day we need things on top of the platform. So, I'm hoping next year we see more things on top of the platform, more applications. We saw some big data applications this year. But people are still building engines and I want them to build cars, because not everybody can build the engine. >> Justin: Yes! >> Well, and actually, Justin, a question for you is when we talk about Kubernetes, there's so many people I interview here and they're like, "Well, no, "we know how to build it better than others "and when you want to go across all environments "we should do it." Is that, are we still going to see that for awhile? Or, can we all hold hands, and talk about open source and be able to just manage across all of these environments? >> Well, one of the key founding principles of Kubernetes is that you can operate it the same everywhere. If it's certified Kubernetes, it should function the same, no matter who's build of it it is. So, that just provides us a common platform that we then build on top of. So, I think the main differentiation's going to be on things like the tooling and the services that allow you to operate that base layer of Kubernetes. But that base layer of Kubernetes is about interesting as Ethernet. It's extremely pluggable and it's just ubiquitous, but no one really cares which brand of Ethernet you happen to be giving me. I care about all the stuff that I run on it. And that's what I think that we're going to see a lot more, I'm with you, John. We're going to see a lot more of those services. I'm seeing a bunch of startups at this show that are starting on that journey, they're providing a lot of things like database services, very highly-tuned monitoring and measurement telemetry systems. There's a big push to make sure that there is a certain amount of interoperability between these different services. Things like having open telemetry be the standard for sending telemetry information around. Because everyone knows that if we all build to Ethernet we're all going to have a much better time of it, than if we all start trying to come up with our own version of it and call it Banyan VINES, and FidoNet, and God knows what. >> Okay, I'm glad you brought up the example of Ethernet. First of all, I have no problem watching a 45-minute discussion of what 400 Gig's going to look like, and the challenge and the opportunities. And if you are talking Ethernet in someone's data center, for the most part they're going to run that on a single vendor because while there is interoperability, it's not until I go to the Internet, because layer two, I want to keep it single vendor, when I go layer three I want to do that. Is that, maybe it's not the best analogy but Kubernetes-- >> No, I think that's reasonable. And if you're trying to operate something across different environments then it's much easier if the two environments can talk to each other. Simple example that people tend to forget about is M&A. If one company goes and buys another one and I run Banyan VINES and you run, I don't know, FinLand or something, then we can't talk to each other, and integrating those two companies becomes impossible. But at least if we both have, you might have Juniper, I might have Cicso, those two network sets can still talk to each other. You might be running, I don't know ,Mesosphere, and someone else might be running Mirantis or Rantia, and that's their system for operating Kubernetes. Turns out, actually if you can operate it much the same, one of you can decide, you know what, we're going to operate everything with Rantia, 'cause we think that that's going to be the best thing for the holistic company. You may keep them separate. As long as you get the same outcome then it doesn't really matter. >> Yeah, that's why I think we aren't yet at peak Kubernetes. Those Kubernetes skills that are in high demand from a job market that people are being upskilled on, they're actually still going to be useful. Now, these stacks that these opinions that people are doing. I mean, they want us to talk about people over projects, right? That's a great philosophy, this is a very friendly community, it's very open source. But, cynically, I think, and sometimes people swap your company T-shirt for your project T-shirt that your company is the one that's behind. And that's kind of a, that's a little bit of a bait and switch. Yes, it's an open source stack. Yes, all the major vendors have open source, 100% open source stacks around Kubernetes. But they're all with different projects and they all pick their own projects. So, I think that is yet to be resolved. >> Well, it's interesting 'cause the thing that I heard is it used to be open source was something that people contribute to it. Now, the majority of people that contribute to open source do it as part of their job. So, there is some of that. Yes, I'm paid by company X, but my job is to participate in the community. There is a large company that got bought by $34 billion. They have a lot of contributors out there. Their job is open source, they are on those projects, they might switch from one project to another. We had Kelsey Hightower on today, he's like, "Hey, right, "but we need to think of people above project. "It's okay for them to move from one to the other "between projects or between companies." But, right, it is very much often companies that are behind the scenes and pushing people and dollars into these projects. One thing I like about the CNCF here is we do have, there's 129 end-user companies participating here, so we've reached a certain maturity level that they are driving it, not just companies driving it for the dollars. So, I guess the thing I want to ask though is, there's so many companies here, we started off the conversation this week, John, talking about Docker. And the cautionary tale of how many companies, when I asked, "What is your business model, what do you do?" Is, I created some cool new project. What does that mean? You look at the business model. You live right with Silicon Valley there. What are you seeing as you look forward? What do you expecting to see consistently? >> Oh sure, I mean, half the logos will be gone but they'll be swapped out for other logos, so that's all fine, right? If you have a point solution, as I was kind of pointing out, things are kind of stackifying. So, things need to consolidate from a buyer's perspective. A lot of the sessions here were about custom projects that people did, either in-house or for a customer. So, I think that's okay, that's the natural, it's the natural Cambrian explosion and then die off. >> Yep, creative destruction. (John laughing) That's the general point of how we do things. There's a lot of things that are basically a feature and you can't really build a company behind a feature. They're hoping that they will find some sort of pathway to money, we've seen some big acquisitions where they didn't really find a good route to money. That's fine, people will figure that out. And how you fund this development, Stu, I mean that's the perennial problem. At the moment it's possibly not the perfect solution but it's a pretty good one, in that we have developers are employed by a company that pays them to develop open source software. So, anyone can go and grab that software and then use it. So, we don't actually really depend on that company sticking around. >> And enterprise sales, it's still very expensive to have even a small booth here, and three or four people and nice T-shirts, and all of your swag, and you flew them here. And fly them all around the country to company after company, conference room after conference room. That is an expensive model to sell things. I mean, you need to have a fair amount of revenue. >> All right, so, Justin, a lot of progress, a lot of projects. >> Yeah. >> What's missing? Look out for 2020, is there an area or a space that needs to mature or needs work? What's your advice for this ecosystem? >> Well, for me it's all about the data. So, we've seen a lot of evolution in stateful sets and being able to manage state-based data within the Kubernetes ecosystem, a lot of progress on that, but there's still a long, long, long way to go. Also, just on the general operational tooling. So, the things that we are used to and have taken for granted in other traditional, like vSphere, or we've come from the VMware ecosystem. Simple things like higher availability. So, I need my data to always be available and I need to be able to have this managed. There's a lot of stuff in there but there's still a lot more stuff that needs to happen. Service mesh and that service discovery and making that easy enough for normal mortal humans to deal with, that still really isn't there. You kind of have to be a bit of a super genius to configure that and get it working and operating. So, there's still a lot of very hard work on these quite hard problems, to then make it look simple. >> Yeah, so, John, the one I want to throw to you is Dan Kohn came out on the keynote stage yesterday and he said, "Kubernetes has crossed the chasm, "yet most enterprises are still worried "about software failure." We know many people that are coming in new and shell-shocked when they come to look. What does the industry as a whole and this ecosystem, specifically, need to do to make sure that we don't come a year from now and say, "Wow, things slowed down "because we kind of couldn't get "the vast majority of people on board?" >> Well, I mean, we're going back to, I guess then the same thing, things have to be simpler. In times of uncertainty people either stop or they go to a trusted provider. There is, probably, although there's a high value on Kubernetes skills right now, that also means there's not enough folks. So, if you can't get the engineers. That was a problem in previous generations of some of these stacks, in that if you couldn't get enough engineers, or if the stack, if everybody had their own snowflake version of it and the skills were not transferable you could not move forward. So, I'm hoping we'll see more managed service providers. I'm hoping that we'll see more startups and services built on top of these existing infrastructures, I think we're seeing more of those. I see a lot of stuff in the operations space and kind of the SRE space, the incident management space. Kind of all the tooling you'll need to actually run these things in day two and beyond. And then, hopefully, the industry keeps pounding on digital transformation and process transformation. One project at a time, you start with one, you start small, you start tooling, you start tooling up, you get some small things under your belt and start to learn. But that's enterprise timeline. So, at a certain speed. >> All right, last thing, any aha moments, surprises, cool things as you've been going around the show? Justin? >> Oh, just walking into the show surprised me. Just how big it has gotten and how much energy there is here. It's amazing to me and I can just only see it getting bigger and, I hope, better. I am surprised by the reaction from people who haven't come into the Kubernetes ecosystem, I think. There's still a lot of people out there for whom this is a big surprise. That it's as big a show as this is, there are lots and lots of people out there who can't actually spell Kubernetes. So, there's a lot of work for us to go and do to figure out how we get those people to come into this ecosystem in a way that doesn't shock them and scare them away. >> Yeah, absolutely. Welcome to the party, those of you that had been joined. John? >> Hey, the thing that surprised me was this is both a multicloud show and a non-cloud show. This is the only show where people working in multiple public clouds can come together. So, that's one of the systemic forces causing it to grow. On the other hand, this is not a public cloud-only show. Over and over again, we talk to people here on theCUBE, I talk to people on the show floor, and most of their workloads, or many of their workloads, are on-premises, right? Kubernetes is fully functional and fully up to speed in private cloud, in people's data centers because it is useful. And they're starting to do that process tooling and process re-engineering, even on-site. And then they may be using a portfolio of different clouds. So, I think that was one of the surprising things to me is this was not 100% public cloud show. >> Yeah, and a little bit of caution I'll give there is we want to make sure we don't become complacent and say, oh, well, we could just kind of slide in what we were doing before and not make some change because the driver here, we've been talking about for decades now, was really kind of that application modernization. And Kubernetes and this whole, it is about cloud-native. It's not the Kubernetes, it's the cloud-native piece. >> You know what I didn't hear? I did not hear putting legacy apps on Kubernetes as much this year. Much quieter this year. >> So, and I'll just say, I'll highlight, we did an interview yesterday with the American Red Cross. Tech For Good, it's something that we've been highlighting, John, for especially helping lead the charge and make sure we highlight that. The Microsoft show, they very much talked about that this year. American Red Cross is saying, hey, we always want your dollars but we'd also love your skillset. So, if this community, and specifically Kubernetes, cloud-native ecosystem makes it easier. There's common tooling, something that I've been hearing a lot this year is when I go through that modernization I can hire the next-generation workforce. There's too many of those, oh, I'm doing it the old way. If I don't have somebody with 30 or 40 years experience in the industry, you won't understand our systems and we need that next generation of workforce to be able to get involved. So, love future jobs, Tech For Good, all good things. This community's always been strong on diversity and inclusion. And so, I guess final word I'll say, big shout-out to, of course, the CNCF, this event, they have a large menagerie that they need to take in here and manage, and they're doing a good job. There's always things to work on. They are listening and open. We have really appreciated the partnership. A huge shout-out, of course, to our sponsors that make it possible for us to do this. So, for Justin Warren, for John Troyer, I'm Stu Miniman, thanks so much. We definitely are excited for one more day. Tomorrow, as well as next year in 2020, Amsterdam and Boston. Please reach out always if you have any questions. And thank you so much for watching theCUBE. (upbeat music)

>> Announcer: Live from Orlando, Florida it's theCUBE! Covering Microsoft Ignite, brought to you by Cohesity. >> Hello, and happy taco Tuesday CUBE viewers! You are watching theCUBE's live coverage of Microsoft's Ignite here in Orlando, Florida. I'm your host Rebecca Knight, along with Stu Miniman. We're joined by Scott Hanselman, he is the partner program manager at Microsoft. Thank you so much for coming on theCUBE! >> Absolutely, my pleasure! >> Rebecca: And happy taco Tuesday to you! Will code for tacos. >> Will code for tacos. >> I'm digging it, I'm digging it >> I'm a very inexpensive coder. >> So you are the partner program manager, but you're really the people's programmer at Microsoft. Satya Nadella up on the main stage yesterday, talking about programming for everyone, empowering ordinary citizen developers, and you yourself were on the main stage this morning, "App Development for All", why is this such a priority for Microsoft at this point in time? >> Well there's the priority for Microsoft, and then I'll also speak selfishly as a priority for me, because when we talk about inclusion, what does that really mean? Well it is the opposite of exclusion. So when we mean inclusion, we need to mean everyone, we need to include everyone. So what can we do to make technology, to make programming possible, to make everyone enabled, whether that be something like drag and drop, and PowerApps, and the Power platform, all the way down to doing things like we did in the keynote this morning with C# on a tiny micro-controller, and the entire spectrum in between, whether it be citizen programmers in Excel using Power BI to go and do machine learning, or the silly things that we did in the keynote with rock, paper scissors that we might be able to talk about. All of that means including everyone and if the site isn't accessible, if Visual Studio as a tool isn't accessible, if you're training your AI in a non-ethical way, you are consciously excluding people. So back to what Satya thinks is why can't everyone do this? SatyaSacha thinks is why can't everyone do this? Why are we as programmers having any gate keeping, or you know, "You can't do that you're not a programmer, "you know, I'm a programmer, you can't have that." >> So what does the future look like, >> Rebecca: So what does the future look like, if everyone knows how to do it? I mean, do some imagining, visioning right now about if everyone does know how to do this, or at least can learn the building blocks for it, what does technology look like? >> Well hopefully it will be ethical, and it'll be democratized so that everyone can do it. I think that the things that are interesting, or innovative today will become commoditized tomorrow, like, something as simple as a webcam detecting your face, and putting a square around it and then you move around, and the square, we were like, "Oh my God, that was amazing!" And now it's just a library that you can download. What is amazing and interesting today, like AR and VR, where it's like, "Oh wow, I've never seen augmented reality work like that!" My eight-year-old will be able to do it in five years, and they'll be older than eight. >> So Scott, one of the big takeaways I had from the app dev keynote that you did this morning was in the past it was trying to get everybody on the same page, let's move them to our stack, let's move them to our cloud, let's move them on this programming language, and you really talked about how the example of Chipotle is different parts of the organization will write in a different language, and there needs to be, it's almost, you know, that service bus that you have between all of these environments, because we've spent, a lot of us, I know in my career I've spent decades trying to help break down those silos, and get everybody to work together, but we're never going to have everybody doing the same jobs, so we need to meet them where they are, they need to allow them to use the tools, the languages, the platforms that they want, but they need to all be able to work together, and this is not the Microsoft that I grew up with that is now an enabler of that environment. The word we keep coming back to is trust at the keynote. I know there's some awesome, cool new stuff about .net which is a piece of it, but it's all of the things together. >> Right, you know I was teaching a class at Mesa Community College down in San Diego a couple of days ago and they were trying, they were all people who wanted jobs, just community college people, I went to community college and it's like, I just want to know how to get a job, what is the thing that I can do? What language should I learn? And that's a tough question. They wonder, do I learn Java, do I learn C#? And someone had a really funny analogy, and I'll share it with you. They said, well you know English is the language, right? Why don't the other languages just give up? They said, you know, Finland, they're not going to win, right? Their language didn't win, so they should just give up, and they should all speak English, and I said, What an awful thing! They like their language! I'm not going to go to people who do Haskell, or Rust, or Scala, or F#, and say, you should give up! You're not going to win because C won, or Java won, or C# won. So instead, why don't we focus on standards where we can inter-operate, where we can accept that the reality is a hybrid cloud things like Azure Arc that allows us to connect multiple clouds, multi-vendor clouds together. That is all encompassing the concept of inclusion, including everyone means including every language, and as many standards as you can. So it might sound a little bit like a Tower of Babel, but we do have standards and the standards are HTTP, REST, JSON, JavaScript. It may not be the web we deserve, but it's the web that we have, so we'll use those building block technologies, and then let people do their own thing. >> So speaking of the keynote this morning, one of the cool things you were doing was talking about the rock, paper, scissors game, and how it's expanding. Tell our viewers a little bit more about the new elements to rock, paper, scissors. >> So folks named Sam Kass, a gentleman named Sam Kass many, many years ago on the internet, when the internet was much simpler web pages, created a game called Rock, Paper, Scissors, Lizard, Spock, and a lot of people will know that from a popular TV show on CBS, and they'll give credit to that show, in fact it was Sam Kass and Karen Bryla who created that, and we sent them a note and said, "Hey can I write a game about this?" And we basically built a Rock, Paper, Scissors, Lizard, Spock game in the cloud containerized at scale with multiple languages, and then we also put it on a tiny device, and what's fun about the game from a complexity perspective is that rock, paper, scissors is easy. There's only three rules, right? Paper covers rock, which makes no sense, but when you have five, it's hard! Spock shoots the Rock with his phaser, and then the lizard poisons Spock, and the paper disproves, and it gets really hard and complicated, but it's also super fun and nerdy. So we went and created a containerized app where we had all different bots, we had node, Python, Java, C#, and PHP, and then you can say, I'm going to pick Spock and .net, or node and paper, and have them fight, and then we added in some AI, and some machine learning, and some custom vision such that if you sign in with Twitter in this game, it will learn your patterns, and try to defeat you using your patterns and then, clicking on your choices and fun, snd then, clicking on your choices and fun, because we all want to go, "Rock, Paper, Scissors shoot!" So we made a custom vision model that would go, and detect your hand or whatever that is saying, this is Spock and then it would select it and play the game. So it was just great fun, and it was a lot more fun than a lot of the corporate demos that you see these days. >> All right Scott, you're doing a lot of different things at the show here. We said there's just a barrage of different announcements that were made. Love if you could share some of the things that might have flown under the radar. You know, Arc, everyone's talking about, but some cool things or things that you're geeking out on that you'd want to share with others? >> Two of the things that I'm most excited, one is an announcement that's specific to Ignite, and one's a community thing, the announcement is that .net Core 3.1 is coming. .net Core 3 has been a long time coming as we have began to mature, and create a cross platform open source .net runtime, but .net Core 3.1 LTS Long Term Support means that that's a version of .net core that you can put on a system for three years and be supported. Because a lot of people are saying, "All this open source is moving so fast! "I just upgraded to this, "and I don't want to upgrade to that". LTS releases are going to happen every November in the odd numbered years. So that means 2019, 2021, 2023, there's going to be a version of .net you can count on for three years, and then if you want to follow that train, the safe train, you can do that. In the even numbered years we're going to come out with a version of .net that will push the envelope, maybe introduce a new version of C#, it'll do something interesting and new, then we tighten the screws and then the following year that becomes a long term support version of .net. >> A question for you on that. One of the challenges I hear from customers is, when you talk about hybrid cloud, they're starting to get pulled apart a little bit, because in the public cloud, if I'm running Azure, I'm always on the latest version, but in my data center, often as you said, I want longer term support, I'm not ready to be able to take that CICD push all of the time, so it feels like I live, maybe call it bimodal if you want, but I'm being pulled with the am I always on the latest, getting the latest security, and it's all tested by them? Or am I on my own there? How do you help customers with that, when Microsoft's developing things, how do you live in both of those worlds or pull them together? >> Well, we're really just working on this idea of side-by-side, whether it be different versions of Visual Studio that are side-by-side, the stable one that your company is paying for, and then the preview version that you can go have side-by-side, or whether you could have .net Core 3, 3.1, or the next version, a preview version, and a safe version side-by-side. We want to enable people to experiment without fear of us messing up their machine, which is really, really important. >> One of the other things you were talking about is a cool community announcement. Can you tell us a little bit more about that? >> So this is a really cool product from a very, very small company out of Oregon, from a company called Wilderness Labs, and Wilderness Labs makes a micro-controller, not a micro-processor, not a raspberry pie, it doesn't run Linux, what it runs is .net, so we're actually playing Rock, Paper, Scissors, Lizard, Spock on this device. We've wired it all up, this is a screen from our friends at Adafruit, and I can write .net, so somehow if someone is working at, I don't know, the IT department at Little Debbie Snack Cakes, and they're making WinForms applications, they're suddenly now an IOT developer, 'cause they can go and write C# code, and control a device like this. And when you have a micro-controller, this will run for weeks on a battery, not hours. You go and 3D print a case, make this really tiny, it could become a sensor, it could become an IOT device, or one of thousands of devices that could check crops, check humidity, moisture wetness, whatever you want, and we're going to enable all kinds of things. This is just a commodity device here, this screen, it's not special. The actual device, this is the development version, size of my finger, it could be even smaller if we wanted to make it that way, and these are our friends at Wilderness Labs. and they had a successful Kickstarter, and I just wanted to give them a shout out, and I just wanted to give them a shoutout, I don't have any relationship with them, I just think they're great. >> Very cool, very cool. So you are a busy guy, and as Stu said, you're in a lot of different things within Microsoft, and yet you still have time to teach at community college. I'm interested in your perspective of why you do that? Why do you think it's so important to democratize learning about how to do this stuff? >> I am very fortunate and I think that we people, who have achieved some amount of success in our space, need to recognize that luck played a factor in that. That privilege played a factor in that. But, why can't we be the luck for somebody else, the luck can be as simple as a warm introduction. I believe very strongly in what I call the transitive value of friendship, so if we're friends, and you're friends, then the hypotenuse can be friends as well. A warm intro, a LinkedIn, a note that like, "Hey, I met this person, you should talk to them!" Non-transactional networking is really important. So I can go to a community college, and talk to a person that maybe wanted to quit, and give a speech and give them, I don't know, a week, three months, six months, more whatever, chutzpah, moxie, something that will keep them to finish their degree and then succeed, then I'm going to put good karma out into the world. >> Paying it forward. >> Exactly. >> So Scott, you mentioned that when people ask for advice, it's not about what language they do, is to, you know, is to,q you know, we talk in general about intellectual curiosity of course is good, being part of a community is a great way to participate, and Microsoft has a phenomenal one, any other tips you'd give for our listeners out there today? >> The fundamentals will never go out of style, and rather than thinking about learning how to code, why not think about learning how to think, and learning about systems thinking. One of my friends, Kishau Rogers, talked about systems thinking, I've hade her on my podcast a number of times, and we were giving a presentation at Black Girls Code, and I was talking to a fifteen-year-old young woman, and we were giving a presentation. It was clear that her mom wanted her to be there, and she's like, "Why are we here?" And I said, "All right, let's talk about programming "everybody, we're talking about programming. "My toaster is broken and the toast is not working. "What do you think is wrong?" Big, long, awkward pause and someone says, "Well is the power on?" I was like, "Well, I plugged a light in, "and nothing came on" and they were like, "Well is the fuse blown?" and then one little girl said "Well did the neighbors have power?", And I said, "You're debugging, we are debugging right?" This is the thing, you're a systems thinker, I don't know what's going on with the computer when my dad calls, I'm just figuring it out like, "Oh, I'm so happy, you work for Microsoft, "you're able to figure it out." >> Rebecca: He has his own IT guy now in you! >> Yeah, I don't know, I unplug the router, right? But that ability to think about things in the context of a larger system. I want toast, power is out in the neighborhood, drawing that line, that makes you a programmer, the language is secondary. >> Finally, the YouTube videos. Tell our viewers a little bit about those. you can go to D-O-T.net, so dot.net, the word dot, you can go to d-o-t.net, so dot.net, the word dot, slash videos and we went, and we made a 100 YouTube videos on everything from C# 101, .net, all the way up to database access, and putting things in the cloud. A very gentle, "Mr. Rodgers' Neighborhood" on-ramp. A lot of things, if you've ever seen that cartoon that says, "Want to draw an owl? "Well draw two circles, "and then draw the rest of the fricking owl." A lot of tutorials feel like that, and we don't want to do that, you know. We've got to have an on-ramp before we get on the freeway. So we've made those at dot.net/videos. >> Excellent, well that's a great plug! Thank you so much for coming on the show, Scott. >> Absolutely my pleasure! >> I'm Rebecca Knight, for Stu Miniman., stay tuned for more of theCUBE's live coverage of Microsoft Ignite. (upbeat music)

>> fly from San Francisco. It's the Cube covering Google Club next nineteen Tio by Google Cloud and its ecosystem partners. >> Welcome back to the Cubes live Google next nineteen coverage. I'm General Dave Violante. We're here for three days of wall to wall coverage, breaking down all the content from Google Clouds. Big conference here, Google next twenty nineteen or next gas joke of a vice president. Google Data Centers spans all the data centers that Google and Google Cloud deploy. He's the man in charge of thousands of full time employees, thousands of contractors, tens of thousands of construction worker. He's building out the infrastructure and footprint to make the cloud work for Joe. Welcome to the Cube. >> Thank you both Very much. >> So. Sin DARPA Kai, the CEO of Google, kicked off the Kino, the new CEO of Google Cloud. Thomas Korean came on always ten weeks into the job. Clearly, the investment in Google cloud new building on separate from campus. So Google and Google Cloud or two separate groups, has been reported clearly by us and others. But at the end of the day, you're gonna run all the stuffs on somewhere. So you know, you guys have deep, deep experience. I know personally and following Google and covering Google thie excellence and engineering the excellence in building on data centers. What is the status of just quickly Take a minute to explain how it's organized? Get Google proper, Which is where Ron knows Google, Google Search, etcetera, Gmail and Google Cloud. How's that? How's that operate? What's some of the data points? >> Okay, um so, as you know, the head of the teams that do everything from procuring land and writing energy contracts and buying renewable energy to designing, building and operating all the data centers. Cloud is one of my largest customers. But my other customers air search and ads and Gmail and G sweetened. So, really, our data centers I Google are built for the entire Google enterprise, and cloud happens to be one of our largest internal customers in that enterprise. >> How about some of stats countries, regions, data centers? What's the new one? Because you have regions, you availability zones. Talk about some of the stats inside the numbers >> s o what the starting at the Google level, we have data centers in four continents. So we're in North America South America, Asia and Europe. Of course, we have a probably one of the world's largest global private networks with, you know, thirteen undersea cables that are our own and hundreds of thousands of miles of dark fiber and lit fiber that way operate like I said, probably one of the world's largest networks we have in in Europe were in five countries in Europe, were in two countries in Asia. We're in one country in South America, and that's at the Google and North America. Of course, we have many, many, many sites across all of North America. That's it. The Google level now Cloud has nineteen regions that they operate in and fifty eight zones. So each region, of course, has multiple zones in it. You know, we we cover. Google has presence in over two hundred countries worldwide, so really, it is truly global operations. >> So the two hundred countries is Google wide nineteen cloud regions and fifty eight availability zones. That's Google Cloud. That's great. Okay, so do you not sort of mix infrastructure for cloud and things like Gmail and maps and search is that is that correct? This their separate infrastructures or >> it's It's not so separate infrastructure. So when when my team builds a data center, any one of our internal customers could be in that day this up. In addition to the Google owned and operated data centers, we also have some sites that are least in certain regions, and Cloud may be occupying those. But regardless of whether it's owned or leased, its the same hardware in there, it's the same operation staff that Aeryn they're the same expertise, the same deep knowledge about operating cloud environments. And so, regardless of whether we built it or we leased it >> from a CEO Syrian from a CEO's perspective, it's the same cell A nobody availabilities owners. I mean, that's what really matters, right? Okay, >> talk about the scale because one of the things I liked in the Kino Sundar is awesome. And Chris, Great keynote, You scale multiple times. He also had a clever comin around steal, she's said before publicly, amount of steel that goes into building this. This gives you guys large scale. Your guys are building on massive. It's like smart cities almost cause of your own like country, pretty much on the infrastructure. What are some of the key learning that you guys had because you have to be very efficient. Google likes to solve hard problems. You guys have done some things with sustainability. Specifically, talk about some of the learnings. As you guys have been building out these data centers for years with cloud on a massive expansion, you gotta watch the environment. You got to do some things. What if some of the learnings with some of the notable accomplishments you guys air forging on and what are some of the goals? >> So I googled we've been We've been at this for two decades. For more than twenty years we've been building and innovating on hyper efficiency, hyper scale, basically trying to build infrastructure that was more sustainable than had ever been thought possible. And then as our cloud business started to expand and boom, frankly, we set apart Teo build the world's most sustainable cloud. And really, what that means is that you know, we were the first company to announce that we were buying one hundred percent renewable energy, new renewable P P A's to match one hundred percent of our consumption and in twenty seventeen, we achieve that. That was after being carbon neutral for ten years before that. So going all the way back to two thousand seven were a carbon neutral company by mostly buying, buying high quality carbon offsets. Then we decided that no, we want to advance the transition, Teo renewable and sustainable energy. So we started buying direct power purchase agreements for wind and solar on DH. And then in twenty seventeen, we announced that we had matched one hundred percent. What that means is that we've acquired over three gigawatts of new solar and wind power purchase agreements, Mom. And now we're taking it a step further. We have a very ambitious kind of moonshot. Arguably, too, not only match our consumption, but match it twenty four hours a day, seven days a week, three sixty five. So you can imagine the complexity with this because the wind doesn't always blow, the sun doesn't always shine. And so that's going to take moonshot thinking in order for us to get there. But we feel so strongly about it were so committed to this cause that we've got a dedicated team working on this right now. >> So it's not just squeezing tea. You'ii out of the data center I'm sure you're doing that, but absolutely doing >> that. Since the earliest days I've been at Google for over eleven years. From the very first day I got there, I was completely blown away with the numbers that I was seeing about the Peewee and for maybe your audience. Pee Wee's a measure of efficiency in the data center, and and at the time, like back two thousand eight, Cooper was achieving numbers that the EPA thought wouldn't be achieved until, like, twenty twenty. And so I started to dig in and look how, and it was astounding to me the lengths that the company had gone tio toe optimize every single step of the way from the high voltage transformers in our own dedicated substations. Excuse me that that are much more efficient than typical. You know, utility transformers all the way through, minimizing the number of transformations going from grid level like three hundred forty five thousand bolts down to server voltage level, minimising the number of transformations reinventing the way people think about cooling. When we when I got to Google, I was also amazed. Our data centers are running it like roughly about eighty degrees Fahrenheit most data centers run it like sixty five degrees are data centers consume about half of the energy of a traditional enterprise data center at the same size. And in addition to that, we're producing about seven times the computer capacity for the same amount of Watts that enterprise data >> centers comes from. A from a practice of engineering really purpose engineering from day one into the overall holistic plan of the building. >> It's a relentless focus on efficiency and innovation. Right from Day one, when I got there, it had already been well in motion, but it's optimizing across the entire stack. It's optimizing software to be efficient, optimizing the server architecture er, to be more efficient, optimizing the power supplies in the server's optimizing the racks. You know, designing the racks to be working with the cooling equipment, specifically, are cooling systems are unique to Google. There they're not traditional air conditioning units that you would buy for traditional data centers. Sometimes, you know, we'll sight data centers where we can use natural environment in Finland. Our data centers right on the Gulf of Finland, and we use cold seawater from the Gulf of Finland to cool the data center. >> So to be clear, you're doing quite a bit of vertical integration, whether it's your own transformers of power supplies and other equipment, right? Try >> fiberoptic across the K Atlantica, Sundar pointed out. That's what I was doing your own stuff, absolutely officious as you pass on in savings to the customers and society with the sustainability piece. That's right. You have two angles on that. >> Really, it's you know it's good business, of course, because the bottom line. But more importantly, it's also the right thing for us to do. We feel very strongly that we need to be responsible for our impact on the environment and to minimize that impact and to be accountable for it. And we realized that the only way we can truly be accountable for our impact on the environment and for our energy consumption is to have it matched with renewable energy twenty four hours a day, seven days a week, >> not take a side track you. But you know, we've been covering the tech business for many, many decades, and certainly recently tech kind of got a bad name headlines. But I always look for tech stories that you know there was a text bad for people. There's always a good story. I think this is an example of tech for good. You guys have taken real engineering, building large scale systems and facilities, have software running on it. It's really a tech for good story. Congratulations on that. That's awesome work. Now I want to kind of asked you put you on the spot here because I think one conversation we're hearing a lot and I want him Get your expert opinion on this could be Google and also a CZ a person in the industry. Security in the supply chain has come up a lot in terms of whether chips have been hacked. Wave heard things like that in the story. Some of them have proved to be misinformation. Fake news. But you gotta watch security. Google's really hard core on security because you you lived that. How do you look at the supply chain? Is if you're not just throwing contractors at this, you could thinking of a realistic ground zero engineering approach to a holistic picture. How do you guys manage security challenge in the supply chain? Throughout the facilities from chips Teo, access things of that nature. >> So there's two aspects. There's always the logical and the physical security aspect from the physical security aspect in our warehouses that we manage. Of course, we apply the same rigorous standards for physical security. That way, do it their data centers. And that's multi layer in various different types of security technologies that we apply. And but on the logical side, you know, I think you're probably familiar with our Titan chips that way developed and those tightened ships are put in all of our servers, and from the time that they're built to the time that they're in the facility, you know those those chips that's our are securing the servers and your logical side. Though the you know, my colleagues on our information security team are truly the experts that could address that. >> That's where the software shines. That's right, and this is not just one. It's not a silo. You gotta deal physical build. It's kind of a bigger is It's a holistic, any rated model >> it is, and this is, you know, from from the data center industry perspective for us. Long as there's been it, there's always been the debate between facilities and I t right. When I got to Google, I was also so relieved to see that was all technical infrastructure and the systems. The software that runs on those those data centers are all under the same technical infrastructure group. And so you know it all. The buck stops at *** >> For years, there was a discussion and generalize about those groups coming together, and I think the way they come together is the cloud. Frankly, because you haven't seen a lot of change within organizations of ight and facilities really working together, that's right. >> Well, Joe, thanks for coming on the Q. Thanks for sharing your insight. Final word. What's the thoughts folks watching out there who were trying to understand how to bring technology into facilities? In general, people still have data centers they still have on premise activity, from lightbulbs to whatever any, any learnings in parting wisdom. Folks watching there in the facilities and or physical building space on howto build out these, whether it's smart cities with its construction and experiences, you could share with folks out there looking to build a ballistic long term plan. >> Yeah, there's a there's a few things first of all, we've published all of our energy efficiency, best practices. And so I encourage everyone to take a look at those best practices because the best you know, energy savings is the energy not consumed in the first place. So do all the right things to reduce the overall energy consumption in the first place to we want to help further the transition to renewable energy. And so we've published a lot about our power purchase agreements and a lot of the policy work that enables us to do. Those is also set in place for other large energy consumers that want to do the same thing. So our policy work can help Teo allow others to do the same thing. The third part of our sustainability aspect is really a circular economy. You know, we want Teo. I have zero waste to a landfill. We've currently achieved ninety one percent diversion of all of our data center operations, so ninety one percent is diverted to landfill. But we have a objective of one hundred percent note note no waste to a landfill. And then that means you have to do smart things like better re use better recycling better reselling of products that are still good but maybe out of date for for your use and then just ended off. We've really invested in our machine learning and a intelligence both on the data center operations. We have now ml running our some of our cooling systems in fully autonomous mode and doing a much better job of matching the cooling needs to the workloads at the time. And we took that same learning with our deepmind group, partnered with them, and we've applied that Teo are a wind farm now as well, so that they can better predict what the output of wind farm is going to be thirty six hours in advance. That allows the operators of the grid to better bring on more more energy and get higher value Out of that that win dinner. >> Great engineering story at scale. Congratulations. Love the societal impact tech for good. Congratulations. Love to have you back talk about the impact of a i ot Joe, Thanks for coming on the Yeah, it's all coming together with our arms. Jean. A center is not going away. House in the cloud needs to run on servers and has to be done in a engine engineered fashion. Google's leading the charge there. It's Cube Live coverage day, one of three days of coverage will be right back after this short break.

>> Live from Washington, D.C., it's theCUBE. Covering Inforum, DC 2018. Brought to you by Infor. >> We are back this afternoon here in Washington, D.C., at the Walter Washington Convention Center. As we continue our coverage here of Inforum 2018 along with Dave Vellante, I'm John Walls, and we now welcome Mr. Cormack Watters to the program today, EVP of Emea and APAC at Infor. Cormack, good to see you sir. >> Nice to be here. >> So, we're going to talk about Guinness, over in Ireland (chuckling). Cormack's from Dublin, so we had a little conversation. We're getting a primer here. >> It's actually the best conversation we should have, right? >> Right, we'll save that for the end. How about that? So, you're fairly new, right? About a year or so. >> Ten months or so, not that I'm counting it by the day >> No no no, always going forward, never backward. But a big plate you have, right, with EMEA and APAC? Different adoptions, different viewpoints, different perspectives... We've talked a lot really kind of focusing domestically here for the past couple of days. Your world's a little different than that though, right? >> It is. It is. And it's very good that you've actually recognized it because that's actually the biggest challenge that we have. To be a little bit humble about it, I think we've got world-class products and solutions. I actually fundamentally believe that. But we have lots of different languages, cultures, and localization requirements in the multiple Countries that we look after. So, it's great to have great products, but it needs to be in French, Spanish, Portuguese, Italian, Swedish, Norwegian, Finish, Arabic, which most of them are. Customers realize that we are actually international and localized for many, many markets. But now we've become an intriguing option for them, if you're a multi-national business, with subsidiaries all over the world. So, it's good that Infor is big enough to do that. We need to do a better job of letting everybody know that we've done that, if that makes any sense. >> Sure. >> So what's happening in Europe? Europe's always pockets, there's no..I mean.. Yes, EU but there's really still no one Europe. What's going on? Obviously, we have Brexit hanging over our head. I felt like U.S. markets are maybe a little bit overheated in Europe has potential upside. >> Yeah >> And it seems like others seem to agree with that. What happening on the ground? Any specific, interesting areas? Is Southern Europe still a concern? Maybe you can give us an update? >> Yeah, so Brexit is quite a dominant conversation. I am from Ireland. I live in Dublin, but I'm working all over Europe, the Middle East, Africa and the Far East. So, I don't get to be at home very often, except the weekends. London is really our regional headquarters from a European perspective, and Brexit is on everybody's mind. Interestingly, when you go outside the UK, Brexit is not such a big topic because... That's Europe. And they kind of go, "Well if you don't want to be here, then you don't need to be here." Right? So it's a little bit of that, and they're saying, "Well, we'd like for them to stay, but if they don't want to stay, well, don't wait around." But in the UK, it's causing a lot of uncertainty. And the UK's one of our biggest markets. It's a lot of uncertainty, and what would be best is if we just knew what was going to happen, and then we could deal with it. And actually, once we know what's going to happen, that's going to bring a degree of change. And change, from our industry perspective means there's going to be some requirements that emerge. So, we need to be ready to serve those, which is opportunity. But the uncertainty is just slowing down investment. So, we need that to be resolved. >> So, clarity obviously is a good thing obviously a good thing in any market. Are there any hotspots? >> Yeah, actually for us, we're doing, for us the Hotspots right now, we're doing incredibly well in Germany. Which, one of our lesser known competitors is a small Company called SAP. And they're headquartered in Germany. It's quite interesting to see that we're actually taking a lot of market there in Germany, which is fantastic. That's a little bit unexpected, but it's going very well right now. We're seeing a ton of activity in the Asia Pacific, I would say that region is probably our fastest growing in all of Infor. And consistently so for several quarters and maybe past a year at this point. So Asia Pacific, Germany, U.K., and then as it happens, we are doing very well in Southern Europe, which is a combination of countries really. France, Italy, Spain, Portugal and Greece. Hard to put it down to which particular Country is doing well, but there seems to be a general uplift in that region. Because they were hit the hardest, arguably, by the crash back in 2008. So they've definitely come out of that now. >> And when they come out, excuse me I'm sorry John, but, they come out, Cloud becomes more important to them, Right? >> Yeah, I mean, absolutely. Anyone who's been delaying investment for years, can actually leapfrog what's been happening and jump straight to what you might call the future. So lots of Companies, lots of our Customers, are trying to simplify their Business. So Cloud is a great equalizer. We believe in your, what we call Last Mile of Functionality per industry. And that should make the projects shorter, more compact more predictable and the infrastructure worries go away, because that's our responsibility to the Customers. >> We definitely so that in the U.S., 2008-2009, CFO's came in said shift to the Cloud, because we want to shift Capx to Opx, and when we came out of the downturn, they said "wow this stuff works pretty well, double down on it" and then there were other business benefits that they wanted to accelerate, and so maybe Southern Europe was a little bit behind >> I think that may be the case right, and they are picking up. And what we're seeing are a lot of other advantages. Not to make this a sale's pitch, but, I am here so >> Go for it >> You've got a microphone >> I've got a microphone and I'm Irish, so I've got to talk right? What the Cloud is actually doing is, lots of Companies have put in big ERP over the years, the decades. And then they get stuck at various points and maybe years behind, because upgrades become painful and really want to avoid them. So what they're seeing is, if they can get onto the Cloud, they never need to upgrade again. Because it's always current, because we upgrade it every week, or every month and they're never falling behind. So they want to be ready to take advantage of the innovations that they know about and those that they don't even know about. So by keeping on the latest version, that opportunities open to them. Also, there's a big issue in Europe specifically about a thing called GDPR, which is data protection. Security. So we believe that we can do a better job of providing that, than any individual Company. Because we provide it for everybody, our resources can be deployed once and then deployed many times. Where as if you're an individual customer, you've got to have that speciality and put it in place. So GDPR is a genuine issue in Europe, because, the fines are absolutely huge if a Company is found to breach it. >> It's become a template for the globe now, California's started moving in that direction, GDPR has set the frame work. >> Well and just to follow up on that, and now you're dealing with a very different regulatory climate, then certainly here in the United States. And many U.S. Companies are finding that out, as we know. Overseas right now. So how do you deal with that in terms of, this kind of balkanized approach that you have, that you know that what's working here doesn't necessarily translate to overseas, and plus you have, you know, you're serving many masters and not just one or two. >> What's happening is the guys in our RND have done very well, is they understand the requirement of, in this instance, GDPR. They look at the other regulatory requirements, lets say in Australia, which is subtly different, but it is different, and they can take, well what do we have to do? What's the most extreme we have to achieve? And if we do that across our suite into our platform suite, the N4RS, that can then be applied to all the applications. And then becomes relevant to the U.S. So it's almost like some requirement across the seas, being deployed then becoming really relevant back here because over here you do need to be aware of the data protection, as well, it's just not as formalized yet. >> It's coming >> A Brewing issue right? >> What about Asia Pacific? So you have responsibility for Japan, and China, and the rest of the region. >> Right >> Which you are sort of re-distinct... >> Really are right? There are several sub regions in the one region. The team down there, as I say, arguably the most successful team in Infor right now, so Helen and the crew. So you see Australia, New Zealand then you see Southeast Asia, then you see China, Japan and so on. So different dynamics and different markets, some more mature than others, Japan is very developed by very specific. You do need very specialized local skills to succeed. Arguably Australia, New Zealand is not that similar from say some of the European Countries. Even though there are differences and I would never dream to tell an Australian or a New Zealander that they are the same as Europeans, cuz I get it. I smile when people say "you're from the U.K and you're not from Ireland?" I understand the differentiation. (laugher) And Southeast Asia, there's a ton of local custom, local language, local business practice that needs to be catered for. We seem to be doing okay down there. As I say, fastest growing market at scale. It's not like it's growing ridiculously fast but from a small base. It's as a big market already and growing the fastest. >> And China, what's that like? You have to partner up? >> Oh yeah >> To the JV in China? >> You have to partner up, there are several of the key growth markets that it's best to go in with partners. Customers like to see we've got a presence. So that they can touch and feel that Infor entity. We can't achieve the scale we need, and the growth we want fast enough without partnering. So we have to go with partners to get us the resources that we need. >> And in the Middle East, so my business partner, Co-Host, John Furrier, is on a Twenty Hour flight to Bahrain. The Cube Bahrain. Bahrain was the first Country in the Middle East to declare Cloud first. AWS is obviously part of that story, part of your story. So what's going on over there? Is it a growing market? Is it sort of something you're still cracking? >> No, no, again it's growing. We have several key markets down there, big in hospitality in that part of the world. Hotels, tourism obviously. Shopping, very interesting markets, and Healthcare, interestingly enough. I think arguably some of the worlds best Hospitals are in that region. Definitely the best funded Hospitals. >> Probably the most comfortable. (laughter) >> So again part of our stent is the number of industries we serve, so if you can put in our platform as it were, then you could have multiple of the industry flavors applied. Because what's interesting in that part of World, there seem to be a number of, I guess we call them conglomerates. So maybe family owned, or region owned, and they have just a different array of businesses all under the one ownership. So you would have a retailer that's also doing some tourism, that's also doing some manufacturing. So we can put our platform in, and then those industry flavors they can get one solution to cover it all. Which is a little bit unusual, and works for us. >> Your scope is enormous. I mean essentially you're the head of Non-U.S. I mean is that right? >> Yeah, and Latin America as well. >> That's part of it? That's not... >> Excluding the Americas. So there's Americas and then everything else, and you're everything else. >> I missed a meeting you see so they just gave it to me >> What you raised your hand at the wrong time? >> I wasn't there (laughter) >> So how do you organize to be successful? You obviously have to have strong people in the region. >> Right. So the key is people, right. We organize somewhat differently to over here. We've gone for a regional model, so I have six sub-regions, that I worry about. So four in Europe, the Nordic Countries. Scandinavian, Sweden, Norway, Finland, Denmark. We call Western, which is Ireland, U.K. and the Benelux. Germany is Central and East, and then Southern is the Latin Country, Spain, Portugal, Greece and so. Then we've got the Middle East, and Africa, and then we got Asia Pacific. I've got six regional teams, all headed by a regional leader, and each of them are trying to be as self contained as they can. And where we see we've got an opportunity to move into something new, we've got one team working with me directly as an incubator. For example, we're driving a specific focus on Healthcare, in our part of the world, because it's very big over here. We haven't quite cracked the code over there. When we get some scale, then it'll move into the regions, but for now that's incubating under me. >> And, what about in Country? Do you have Country Managers? One in the U.K., one in France, one in Germany. >> We have what we call local leaders, right? So in some cases it could be a sales oriented individual, it could be consulting, others it could be the local HR guy. So that's more for us to make sure we're building a sense of community within Infor. Rather than it being more customer facing. We're still trying to make sure that there is a reasonably scarcity of senior skills. So regionalizing lets us deploy across several Countries, and that works with the customer base, but for employees we need local leaders to give them a sense of feeling home and attached. >> So the regions are kind of expertise centers if you will? >> Yes >> So I was going to ask about product expertise, where does that come from? It's not parachuted in from the U.S. I presume? >> No, we're pretty much self-sufficient actually, which is great. So from both what we call solution consulting, which is the product expertise, and then consulting which is the product deployment. And we're doing more and more of our deployments with Partners. As I say, we need to really rapidly embrace that partner ecosystem to give us the growth opportunity. RND, is all over the World. That's not under my direct control. So for a major suites, take for example, LN, happens to be headquartered out of Barneveld, in the Netherlands. From a Historic perspective, which is great. And Stockholm, which is also great. But a lot of the development resource room in Nila and in India. So we work closely with the guys, even though they don't actually report to me. >> And out of the whole area, the area of your responsibility what's the best growth opportunity? We all think of China, but that's been fits and starts for a lot of people. >> Yeah, yeah I think we've got multiple opportunities, you can look at it a few ways. You can look at it geographically, and you would say China. You can look at Eastern Europe, and you can look at Africa. There's a ton of opportunity in those regions, geographically. Interestingly we are also at a point where I think the Nordics, and we've got a very solid base Historically, and so on. But we probably haven't put enough focus on there in recent times, that the opportunities are really scaled in Nordics is really quite significant. And then they can look at it from a Product Perspective. So for example, we have, what we believe to be World Leading, and actually a Company called Gartner would equally agree with us. Enterprise Asset Management, EAM, that's a product suite that can fit across all of our industries. I think that could well be the significant growth area for us across the entire six regions. And it's a huge focus for us here at the conference actually. So we can do it by product, EAM, Healthcare, or by Region. I think Eastern Europe, China, and Africa, as well as the Nordics. >> And the other big opportunity is just share gains, market share gains, particularly in Europe, I would think, with your background. >> Yup. Completely, I mean, that's why I said, it's really interesting that we are winning market share in Germany. Who'd of thought that a few years ago? That's a big market, I mean, Germany, U.K., France, Italy. They're huge. Right, I mean U.K., is what, Sixty-Five Million People? It's a big economy, so we've got many of the worlds G7, in our backyard. So we just really need to double down on those, and give them the opportunities to grow that we need. >> And just back to Japan for a second. Japan has traction, it takes a long time to crack Japan. I know it first from personal experiences. >> Yeah, Okay, Interesting. >> Yeah you just got to go many many times and meet people. >> That's it, Right. And it's a different culture, of when you think they're saying yes and you think they're there, that's just yes to the next step. (laughter) >> Alright, so it does take time to get there. We've actually cracked it to some extent, that we've now got some solid referenceability, and some good wind. We need local leaders in Japan, to really crack the code there. >> And then once you're in, you're in. >> I think that once you've proven yourself, it's a lot of word of mouth and referencing. >> Well I hope you get home this weekend. Are you headed home? >> Yes! Actually I'm lucky enough. My Wife is originally from Chicago. So she and our Daughter have come over for the weekend, to go sight seeing in Washington. So that'll be fun. So we'll be going home on Sunday. >> Your adopted home for the weekend then. >> That's exactly right. >> Well we'll talk Guinness in just a bit. Thanks for the time though, we appreciate it. >> Thank you Gentlemen. >> Good to see you, Sir. Alright, back with more here from Inforum 2018, and you're watching Live, on theCube, here in D.C. (electronic music)

(synth music) >> Announcer: Live from Atlanta, Georgia, it's the Cube. Covering IFS World Conference 2018, brought to you by IFS. >> Welcome back to the Cube's live coverage of IFS World here at Georgia World Conference here in Atlanta, Georgia. I'm you host Rebecca Knight, along with my cohost Jeff Frick. We're joined by Tobias Persson. He is the IoT Services lead here at IFS. Thanks so much for joining us, Tobias. >> Thank you, it feels really nice to be here. >> So, I want to start out by having you explain to our viewers what you do at IFS as an Innovation Service Lead. >> Yes, I'm heading up the IFS Innovation Services Team that came to official existence in May last year. It's there because of the fact if we want to get the IoT message out there, we want to be out there to mission about IoT. Actually helping our sales and presales to do the business discussions with people, with our customers, that is. As well as actually implementing solutions, rolling them out. So, we're kind of like from idea, talk to the customer, to real roll out, that's what my team does. >> So, you said you want to get the IoT message out there. >> Yeah. >> And what is the IoT message, from the IFS vantage point? >> Well, coming from a tech background myself, I've been involved in IoT space for quite some years, and the biggest challenge or difference between normal IoT and IFS IoT is the fact that you can actually do something with the data itself. Typically, when you're talking about IoT historically, it's driven by R and D. It's not a strategic effort at all. It's mainly done to figure it out. And IoT has taken some steps since then. And we're providing a way to actually short cut your IoT data directly into your most business critical system. And doing something with it, providing huge efforts and benefits off the bat. >> And you guys are really integrating IoT into the existing applications, existing workflow, so trying to grab that value, not as a stand alone science project, or something that's on the side-- >> Tobias: Yeah. >> But really integrating it into your existing applications and the existing work-- >> Tobias: Correct. >> That those existing applications are managing. >> Tobias: Yeah, that's true. >> What are some of the impacts that you've seen? Or, I guess, some of the customer impacts that they've seen? >> Well, it's all about automate step, in a sense. At least, that's the first step. I mean, we have seen customers just taking the data out and getting the running rs out, for example. That has huge implications on the amount of time you spend entering stuff, as well as having the data with quality so you can do something with it. But the biggest thing is, really, to automate stuff. Like send out a work order, for example, automate that. Or send out the replenishment for some consumable or whatever it is. So, anything you can run or post or trigger in IFS applications, field service management is actually triggerable by IFT observation. >> So, can you describe to our viewers how the process works. I mean, I know that IFS really prides itself on being so customer centric. >> Tobias: Yeah. >> So, how do you work closely with customers, from the very beginning, from the idea to the actual product and implementation. >> Well, taking it from the start and from the top, we obviously have a full set of IoT industry directors that are really skilled and seeing what's next for the market, being out there to communicate the message. Serve the station is obviously one. Digitalization is another one. So, we're talking about this in all kinds of places, right? My team comes in, kind of like the second stage, where the sales and presales have done a demo with the generic tools that we're providing them with and taking the discussion from there. And we're usually building something that is quite specific for the customer, using their data, really any kind of data to prove the point. Some kind of power BI dashboard, some kind of of actual IT observation going out. And the thing is, when we do that, they tend to really get it when they see things coming in from the physical world into their, this will be your FSM or applications environment. And they see an observation comes in and suddenly, boom, that's an action going on. So, that's what we're trying to do. And we're involving ourselves quite heavily in how to define what's your IT use cases, running workshops with customers, and pinning it down. It's not rocket science or anything, but it's kind of our own methodology to pin down what's your first step? What's your IoT use case that you aim for? And how do you plan to get there? That's what we're trying to achieve with our team. >> Has it been an integration challenge to go to devices and sensors and kind of the IoT world and to plug that back into the application? >> Well, that depends a bit. I mean, our application, our solution is really dependent that it's getting sent the data. Or actually picking up the data from a API or a database. We haven't seen a project yet where we're actually picking up stuff directly from the assets. >> Jeff: Okay. >> What we usually see, though, is that the customer has taken that step already, so they're getting data into some kind of... It could be a printer management system, it could be a whatever management system, and we're getting it from there. We are talking to partners that would allow us to get the data strictly from an industrial context, and industrial protocol, a specific machine, whatever it is. But as of now, we are reliant on the fact that somebody is sending stuff to the IoT hub-- >> Jeff: Right. >> Which is the official usher component. >> So, you're just really taking advantage of that data flow that's already there and really adding an extra layer of value-- >> Tobias: Yeah. >> That they can extract by pumping that into your application. >> Operation allows the whole thing, yes. >> But that is really the key-- >> Yeah. >> The differentiation, is that you're not just seeing the data, you're now saying, okay, what is this data telling us and now what do we do next? What do we do with it? >> Tobias: Yeah. >> So, can you give us a real specific example with Anticimex, and what-- And this is the rodent control, pest control company. And how this company is using your product. >> Yeah, I mean. >> Rebecca: And seeing a real return. >> Yeah, from what I know, Anticimex Finland has deployed this, they have about 3,300 traps in effect out there, at the moment. And they're using this for, well, the traps are connected, obviously, so they send the data, for shots fired, how full it is, battery levels, stuff like that, to do the IoT solution. >> Rebecca: Shots fired, I love it. >> Shots fired, yes. (laughs) So, it's not like a single off, you have to empty it directly, it's kind of a pressurized air container, doing all kinds of killings in a row, if you will. And you need to know how are my traps doing? >> So, it's really, again, just a another layer of efficiency improvement-- >> Yeah. >> By, not just setting and coming back after so much time, but actually having the data for the activity in those traps. >> Yeah, no, they are really, in a sense, they have opened their eyes. They know how their assets are doing. They know when they're full, they know when to pick it up and even if they don't have to go there today. That's also good information for which they need. >> Jeff: Right, right. >> So, they're doing this to optimize their service visits and doing like a full automated work order flow. I think the statements from Jussi Ylinen, the managing director of Anticimex Finland that will be here as well later on, they have been doing something like 6,000 automated work orders in the last six months. Which is a huge productivity advantage. >> Jeff: 6,000 automated ones. >> Yes. >> So these are ones coming directly out of the system, based on the feedback from the IoT. >> Tobias: Yeah, not passing any employee at all. >> Wow, that's a huge number. >> How revelatory is that, for a company to have all of the service visits be automated? How much of a change is that? >> I think it's huge, actually. I think it's quite easy to imagine that would be a good idea. However, until now, it's been kind of a hassle to get there. I personally do think that there our solution provides that gap and services as a short cut, as I mentioned before, to get there. >> But I'd imagine, too, it's a process flow on the customer's side, too. Because they got to, now, accept the fact that they don't know exactly what the schedules are going to be for the next several weeks or for those days because they have to allocate some portion to the automated process, or they're feeding that in at some level, upstream, to make sure that gets integrated into all the rest of the activity. >> Well, you could have, if you wanted to, manual intervention in all stages, if you want to. You need to, probably, if you need, if you're on an oil rig or something, that you have a critical part, automated order coming in, that should be accepted by someone along the way, that's perfectly fine, as well. So, it doesn't have to be fully automated if you don't want to. >> Jeff: Right, right. >> But it can be. >> So, I know that you're not only an IoT evangelist within IFS, you're an IoT evangelist in general and in your professional life. >> Yeah I hope so. (all laughing) >> So, can you talk to us, big picture, big strategy, where you see IoT going in the world but then also as it relates to IFS? What does the future hold? >> Well, the easy answer is, you may have seen the old commercial where they state, well, we need to be on the web. Why? It doesn't say. Well, that kind of, you know that you need to consider this. But you don't really know how to get there. That kind of approach is somewhere along the line where we are right now with IoT. I mean, we used to be something like a buzz word. People tried to figure it out. Nowadays, it's more like people have taken steps, they have the data somewhere. It's usually stored somewhere in some database or some system or whatever. But it's the actionable part that's missing. I don't think people actually tend to look for the actionable part in a ERP company. But that's actually what we're providing. So, I think in a few years to come, it will be seen as suspicious not to have your stuff connected, not to have your open data. Instead of being the other way around. I think this will be a very natural part of not being blind to how your assets are doing. >> Jeff: Right. >> Why would you like that? That's the old fashioned style. So, I think this will be a very natural step in any kind of of product development of all service centric company in years to come. >> And do you think it's indicative of people accepting a lot more data sources into their decision making processing? >> Yeah. >> And adding that layer of automation? 'Cause a piece you didn't talk about, that's obviously part of that, is AI in some point in time, right? >> Yeah. >> 'Cause now, you got the automation, you got all this stuff coming in, you can't send the entire fleet out tomorrow if you only have x number of vans and you got x number, 6,000 service requests. So, then you add that AI component, the machine learning component, the prioritization component in, again, moving more of this manual scheduling process or routine, scheduled maintenance-- >> Yeah. >> Into a much smarter way to execute the details. >> Yeah, it's all in the step of going from data collection, data acquisition, figuring out the technical stuff behind connectivity, getting the data out. And now with the next step when the revolution comes. How do we approach that? With AI, with machine learning, with actionable insights, whatever. And to be quite frank, I don't think people necessarily don't want to see that. They want to see what comes out of it, but they don't want to see behind the curtains on that. >> Jeff: Right, right. >> So maybe, just maybe, in the near future, people will need to bring in someone that knows machine learning from A to Z in the companies. Or at least use someone that does their insights for them. >> Jeff: Right. >> So, how will IFS expand it's IoT offering, at the next World Congress next year? >> Well, as you know, we have had a few early adopters adopt the program for IoT, yeah. And they seem excellent and they're actually being the first ones out, they're live right now. They have a really good story to tell. So, that's good. In a sense, we are taking it from the heavy asset centric, from our rig, that's one part. We have taken some steps. Service is the next one, being Anticimex in Kucera. We believe that connected field service is the main thing to go for. The real good IoT use cases is for connected field service with assets, or sending data throughout. And, to me, the next strategic step, since we are having a whole lot of revenue coming from manufacturing, is actually connected manufacturing, or connected manufacturing lines. Industry four point zero, whatever you like to call it. That's our next strategic move with IoT, as I see it. >> The lines have been connected for giving data, but not necessarily for actionable data back into the lines, right? That's where the really big change is. >> Yeah. >> For the automation, automation back into it. >> Yeah. Automation, you have the full scale automation, pyramid where you have the POC that runs the low level control system. Then you have the scale down, the many systems as well. The thing with IoT is not only do you get the data for specific assets, you also get the full picture of like, how are my factories doing? On this level to this level? So, we come small, like a less operator, more kind of strategic view on the whole thing. >> Jeff: Right, right. >> But you need to be able to get the data out from different levels. And actually access it and make sense of it. >> Jeff: Right. >> Which factory is doing best? For example. >> Jeff: Right, and what are you managing, too? You're managing to the device you're managing to the whole output. >> Yeah. >> So, maybe based on economic factors, you want to run things hard, which is maybe not optimal for maintenance but because of the economic situation-- >> Yeah. >> You're going to press it. So it's really, that variable management opportunity-- >> Absolutely. >> Is a very different way of kind of looking at your output. >> And one way, one view really-- >> Jeff: Right. >> A scalable view, really. There is a stand just behind us, where we'll show a an industrial demo, together with Accenture, which will actually trigger a service request from a physical device, an engine, in this case. That goes into the system, the IFS system, that is actually scheduled, sent the repair guy that comes out, wearing a whole lens and fix the issue. >> Jeff: Right. >> So, that's an end to end thing. It's actually manageable and doable with our solution. >> Jeff: Great. >> And that was one of the things that the CEO talked about during the keynote too, is that it is automating certain tasks, but then really leaving the more unique tasks up to the human and the human connecting. With machines and also with other humans. >> Tobias: Hmm. >> So, tell me a little bit about differences that you've seen in the market. So, IFS, based in Sweden, many of its senior leaders in London, but of course, you have places all over the world. Do you see any differences, in terms of the customers in Europe versus the US? And how you're thinking about maybe making a bigger push into the US? >> That's a really good question. I'll have to think about that for a while. (All three laugh) I think what we are seeing in my team, at least, that's kind of on our horizon, is that Germany in general are heading toward industry four point zero, that's kind of a really hard driving fact. That's stated even by the government. So, we need to get into that, as well as pushing for field service management as a solution. US, I think, we should be doing more in. Let's put it that way. >> Great, great. Well, we look forward to hearing more about what you are doing in the US. (All three laugh) >> Jeff: More. >> Exactly. >> Jeff: That's a good thing. >> Tobias, thank you so much for coming on the Cube. We've had a great time with you. >> Thanks for having me. >> Jeff: Thank you. >> It was a pleasure. >> I'm Rebecca Knight for Jeff Frick. We will have more from IFS World here in Atlanta, Georgia just after this. (low energy techno)

>> Announcer: Live from Orlando, Florida. It's TheCUBE covering PentahoWorld 2017. Brought to you by Hitachi Ventara. >> Welcome back to TheCUBE's live coverage of PentahoWorld brought to you by Hitachi Ventara, we are wrapping up day one. I'm your host Rebecca Knight along with my cohosts today James Kobielus and Dave Vellante. Guys, day one is done what have we learned? What's been the most exciting thing that you've seen at this conference? >> The most exciting thing is that clearly Hitachi Ventara which of course, Pentaho is a centerpiece is very much building on their strong background and legacy and open analytics, and pushing towards open analytics in the Internet of things, their portfolio, the whole edge to outcome theme, with Brian Householder doing a sensational Keynote this morning, laying out their strategic directions now Dave had a great conversation with him on TheCUBE earlier but I was very impressed with the fact that they've got a dynamic leader and a dynamic strategy, and just as important Hitachi, the parent company, has clearly put together three product units that make sense. You got strong data integration, you got a strong industrial IOT focus, and you got a really strong predictive and machine learning capability with Pentaho for the driving the entire pipeline towards the edge. Now that to me shows that they've got all the basic strategic components necessary to seize the future, further possibilities. Now, they brought a lot of really good customers on, including our latest one from IMS, Hillove, to discuss exactly what they're doing in that area. So I was impressed with the amount of solid substance of them seizing the opportunity. >> Well so I go back two years, when TheCUBE first did PentagoWorld 2015, and the story then was pretty strong. You had a company in big data, they seemingly were successful, they had a lot of good customer references, they achieved escape velocity, and had a nice exit under Quentin Galavine, who was the CEO at the time and the team. And they had a really really good story, I thought. But I was like okay, now what? We heard about conceptually we're going to bring the industrial internet and analytics together, and then it kind of got quiet for two years. And now, you're starting to see the strategy take shape in typical Hitachi form. They tend not to just rush in to big changes and transformations like this, they've been around for a long time, a very thoughtful company. I kind of look at Hitachi limited in a way, as an IBM like company of Japan, even though they do industrial equipment, and IBM's obviously in a somewhat different business, but they're very thoughtful. And so I like the story the problem I see is not enough people know about the story. Brian was very transparent this morning, how many people do business with Hitachi? Very few. And so I want to see the ecosystem grow. The ecosystem here is Hitachi, a couple of big data players, I don't see any reason why they can't explode this event and the ecosystem around Hitachi Ventara, to fulfill it's vision. I think that that's a key aspect of what they have to do. >> I want to see-- >> What will be the tipping point? Just to get as you said, I mean it's the brand awareness, and every customer we had on the show really said, when he when he said that my eyes lit up and I thought oh wow, we could actually be doing more stuff with Hitachi, there's more here. >> I want to see a strong developer focus, >> Yeah. >> Going forward, that focuses on AI and deep learning at the at the edge. I'm not hearing a lot of that here at PentahoWorld, of that rate now. So that to me is a strategic gap right now and what they're offering. When everybody across the IT and data and so forth is going real deep on things like frameworks like TensorFlow and so forth, for building evermore sophisticated, data driven algorithms with the full training pipeline and deployment and all that, I'm not hearing a lot of that from the Pentaho product group or from the Hitachi Ventara group here at this event. So next year at this event I would like to hear more of what they're doing in that area. For them to really succeed, they're going to have to have a solid strategy to migrate up there, openstack to include like I said, a bit of TensorFlow, MXNet, or some of the other deep learning tool kits that are becoming essentially defacto standards with developers. >> Yeah, so I mean I think the vision's right. Many of the pieces are in place, and the pieces that aren't there, I'm actually not that worried about, because Hitachi has the resources to go get them, either build them organically, which has proven it can do overtime, or bring in acquisition. Hitachi is a decent acquire of companies. Its content platform came in on an acquisition, I've seen them do some hardware acquisitions, some have worked, some haven't. But there's a lot of interesting software players out there and I think there's some values, frankly. The big data, tons of money poured in to this open source world, hard to make money in opensource, which means I think companies like Hitachi could pick off to do some M and A and find some value. Personally, I think if the numbers right at a half a billion dollars, I personally think that that was pretty good value for Hitachi. You see in all these multi billion dollar acquisitions going left and right. And so the other thing is the fact that Hitachi under the leadership under Brian Householder and others, was able to shift its model from 80% hardware, now it's 50/50 software and services I'd like to dig into that a little bit. They're a public company but you can't really peel the onion on the Hitachi Ventara side, so it kind of is what they say it is, I would imagine that's a lot of infrastructure software, kind of like EMC's a software company. >> James: Right. >> But nonetheless, they're moving towards a subscription model, they're committed to that, and I think that the other thing is that a lot of costumers. We come to a lot of shows and they struggle to get costumers on with substantive stories, so we heard virtually every costumer we talked to today is like Here's how I'm using Pentaho, here's how it's affecting. Not like super sexy stories yet, I mean that's what the IOT and the edge piece come in, but fundamental plumbing around big data, Pentaho seems like a pretty important piece of it. >> Their fundamental-- >> Their fundamental plumbing that's really saving them a lot of money too, and having a big ROI. >> They're fairly blue-chip as a solution provider of a full core data of a portfolio of Pentaho. I think of them in many ways as sort of like SAP, not a flashy vendor, but a very much a solid blue-chip in their core markets >> Right. >> I'm just naming another vendor that I don't see with a strong AI focus yet. >> Yeah. >> Pentaho, nothing to sneeze at when you have one customer after another like we've had here, rolling out some significant work they've been doing with Pantaho for quite a while, not to sneeze at their delivering value but they have to rise to the next level of value before long, to avoid be left in the dust. >> You got this data obviously they're going to be capturing more more data with the devices. >> James: Yeah. >> And The relationship with Hitachi proper, the elevator makers is still a little fuzzy to me, I'm trying to understand how that all shakes up, but my question for you Jim is: okay so let's assume for second they're going to have this infrastructure in place because they are industrial internet, and they got the analytics platform, maybe there's some holes that they can fill in, one being AI and some of the deep learning stuff, can't they get that somewhere? I mean there's so much action going on-- >> Yes. >> In the AI world, can't they bring that in and learn how to apply it overtime? >> Of course they can. First of all they can acquire and tap their own internal expertise. They've got like Mark Hall for example on the panel, they've obviously got a deep bench of data scientist like him who can take it to that next level, that's important. I think another thing that Hitachi Ventara needs to do to take it to the next level is they need a strong robotics portfolio. It's really talking about industrial internet of things, it's robotics with AI inside. I think they're definitely a company that could go there fairly quickly, a wide range of partners they can bring in or acquire to get fairly significant in terms of not just robotics in general, but robotics for a broad range of use cases where the AI is not so much the supervise learning and stuff that involves training, but things like reinforcement learning, and there's a fair amount of smarts and academe on Reinforcement learning for in body cognition, for robots, that's out there in terms of that's like the untapped space other than the broad AI portfolio, reinforcement learning. If somebody's going to innovate and differentiate themselves in terms of the enterprise, in terms of leveraging robotics in a variety of applications, it's going to to be somebody with a really strong grounding and reinforcement learning and productizing that and baking that in to an actual solution portfolio, I don't see yet the Google's and the IBM's and the Microsofts going there, and so if these guys want to stand out, that's one area they might explore. >> Yeah, and I think to pick up on that, I think this notion of robotics process automation, that market's going to explode. We were at a conference this week in Boston, the data rowdy of Boston, the chief data officer conference at the Park Plaza, 20 to 25% of the audiences, the CDO's in the audience had some kind of RPA, robotic process automation, initiative going on which I thought was astoundingly high. And so it would seem to me that Hitachi's going to be in a good position to capture all that data. The other thing that Brian stressed, which a lot of companies without a cloud will stress, is that it's your data, you own the data, we're not trying to resell that data, monetize that data, repackage that data. I pushed him a little bit on well what about that data training models, and where do those models go? And he says Look we are not in the business of taking models and you know as a big consultancy, and bringing it over to other competitors. Now Hitachi does have consultancy, but it's sort of in a focus, but as Brian said in his keynote, you have to listen to what people say and then watch them to see how they act. >> Rebecca: Do they walk the walk? >> How they respond. >> Right. >> And so that's you have to make your decision, but I do think that's going to be a very interesting field to watch because Hitachi's going to have so much data in their devices. Of course they're going to mine that data for things like predictive analytics, those devices are going to be in factories, they're going to be in ecosystems, and there's going to be a battle for who owns the data, and it's going to be really interesting to see how that shakes out. >> So I want to ask you both, as you've both have said, we've had a lot of great customer stories here on TheCUBE today. We had a woman who does autonomous vehicles, we had a gamer from Finland, we had a benefit scientist out of Massachusetts, Who were your favorite customer stories and what excited you most about their stories? >> James: Hmmm. >> Well I know you like the car woman. >> Well, yeah the car woman, >> The car woman. >> Ella Hillel. >> Ella Hillel, Yes. >> The PHD. That was really what I found many things fascinating, I was on a panel with Ella as well as she was on TheCUBE, what I found interesting I was expecting her to go to town on all things autonomous driving, self driving vehicles, and so forth, was she actually talked about the augmentation of the driver, passenger experience through analytics, dashboards in the sense that dashboards that help not only drivers but insurance companies and fleet managers, to do behavioral modification to help them modify the behavior, to get the most out of their vehicular experience, like reducing wear and tear on tires, and by taking better roads, or revising I thought that's kind of interesting; build more of the recommendation engine capability into the overall driving experience. That depends on an infrastructure of predictive analytics and big data, but also metered data coming from the vehicle and so forth. I found that really interesting because they're doing work clearly in that area, that's an area that you don't need levels one through five of self driving vehicles to get that. You can get that at any level of that whole model, just by bringing those analytics somehow into an organic way hopefully safely, into your current driving experience, maybe through a heads-up display that's integrated through your GPS or whatever might be, I found that interesting because that's something you could roll out universally, and it can actually make a huge difference in A: safety, B: people's sort of pleasure with the driving experience, Fahrvergnugen that's a Volkswagon, and then also see how people make the best use of their own vehicular assets in an era where people still mostly own their own car. >> Well for me if there's gambling involved-- >> Rebecca: You're there. >> It was the gaming, now not only because of the gambling, and we didn't find out how to beat the house Leonard, maybe next time, but it was confirmation of the three-tier data model from from edge-- >> James: Yes. >> To gateway to cloud, and that the cloud is two vectors; the on-premise and the off-premise cloud, and the fact that as a gaming company who designs their own slot machines it's an edge device, and they're basically instrumenting that edge device for real-time interactions. He said that most of the data will go back, I'm not sure. Maybe in that situation it might, maybe all the data will go back like weather data, it all comes back, But generally speaking I think there's going to be a lot of analog data at the edge that's going to be digitize that maybe you don't have to save and persist. But anyway, confirmation of that three-tiered data model I think is important because I think that is how Brian talked about it, we all know the pendulum is swinging, swung away from mainframe to decentralize back to the centralized data center and now it's swinging again to a much more distributed sort of data architecture. So it was good to hear confirmation of that, and I think it's again, it's really early innings in terms of how that all shakes out. >> Great, and we'll know more tomorrow at Pentaho day two, and I look forward to to being up here again with both of you tomorrow. >> Likewise. >> Great, this has been TheCUBE's live coverage of PentahoWorld brought to you by Hitachi Ventara, I'm Rebecca Knight for Jim Kobielus and Dave Vellante, we'll see you back here tomorrow.

>> Narrator: Live from Orlando, Florida, it's The Cube, covering PentahoWorld 2017. Brought to you by Hitachi Ventara. >> Welcome back to The Cube's live coverage of PentahoWorld, brought to you, of course, by Hitachi Ventara. I'm your host, Rebecca Knight, along with my cohost, Dave Vellante. We're joined by Reni Waegelein, he is the IT manager of Veikkaus. Thanks so much for coming on The Cube Reni. >> Thank you for having me here. >> So, Veikkaus is the Finnish national betting agency wholly owned by the government. >> Yeah. >> Tell us more. >> Yeah we have, we used to have like three companies, now we are merged as one and we operate every money gaming thing, all the money gaming in Finland. So that includes from casino to lottery, to scratch tickets, sports betting, horse betting, whatever that is, and we gather money, of course, pay out some good winnings as well. But everything we make under the line, that goes to good causes, and I mean everything. >> And you are IT manager. >> Reni: Yeah. >> So what does, what are your responsibilities? >> Yeah, responsibilities like the developing the whole of the idea things we have, from architecture to doing the IT procurement development, and harnessing how we work. >> So the public policy on betting is, hey, let's have a single state-run monopoly. >> Reni: Yep. >> And we'll take the winnings and put it to the public good, right, makes sense. >> Reni: Yep. >> And is there any competition from internet, for example? >> Of course, yes, and the internet, well, it's like a full competition, although we are a legally-based company in Finland and we operate and sell only to Finnish people. The people itself, they have all the freedom to choose whoever they want to play with, so in that sense, it's full competition and have been so for many years. >> So you have to have great websites. >> Reni: Yep. >> Great customer experience, >> Reni: Yep. >> User experience. >> Reni: Yeah. >> Competitive rates, all that stuff. >> Reni: Yep. >> Okay so, and good analytics. (laughing) I mean that industry is obviously very data heavy. >> Reni: Yep. >> Always has been. So how do you analytics and data to compete? >> So we have been doing, like, the product analytics for quite a long time and then we established a customer-ship. So in Finland we have a 5.4 million habitats, and we sell only for the 18+ year old people, and at the moment we have more than 2 million registered customers already. So, you can imagine that we have that vast amount of data from the customer, and we use that data, for example, promoting the service, promoting games, targeting, making some recommendation. We build our own recommendation engine, for example, and utilize all of that kind of data. But, as you know, the gaming is also like a two-edged sword, that's a happy side, but there's also the dark side. So it does cause problem, so we try also to use the data so that we want to identify the bad patterns when somebody is about to lose control of gaming. So we use also the same data that we want to see, for example, for these players who want to see all the activities of marketing, for example, we don't want anybody to get into problems because of gaming. >> So that's a really interesting tension here, is that you obviously want to make money in this, but you also have to watch out for the Finnish society. And as you said, if there's a compulsive gambler or an addicted gambler, you need to act, I mean, is that? >> Yeah, yeah that's really big part of our responsibility, and if we didn't have any data or if we couldn't process it fast, we couldn't know who is problematic gambler and who is not. Since vast majorities, of course, is enjoying it, it's a nice habit. Play a game of poker every now and then or go to the casino for once or twice a month, for example. But then there's the small portion of people who we want to protect so that they don't get into the debt. That's not our intention. >> And the level of protection that you provide, is you stop marketing to them, is that right or? >> Reni: Yeah, yeah. >> It's not like you intervene in some other way. >> Yeah, of course, we want to promote that if you want, you can stop and close your account, or this kind of activities. >> So you promote cutting the cord basically? >> Yeah, yeah, yeah. So instead of marketing, we say that this might be a problem to use, so yeah. >> Let's take a break. >> You should take a break, yeah. >> So, as Dave was saying, you're really, because you are competing with private entities you really have to have a great interface, great customer experience, great rates. How much does this put Veikkaus really on the vanguard of this kind of technology, more so than what other government agencies are doing, in the sense that, you really have to stay on the cutting edge of these things. >> Yeah, we have to be like double-backed, you say. >> So how much do you then you talk to the health agency, or other government agencies about what you're doing and sharing the best practices about capturing customer attention? >> We are actually talking more to the new players out in the field who already live and breath true to data, so that's where we can learn and, I would say that we are also in to like a lottery area itself but also in quite many other industries as well. So we have been doing this for awhile, so we have had the luxury that we have already gathered some experience and opened some paths and, well, maybe learned also from the hard way how not to do it. We of course didn't succeeded in the first runs but you just have to go and have a trial and error in some areas as well. >> And you have multiple data sources obviously, maybe talk about how you're handling those data sources, are you ingesting, how you ingest those into Pentaho, what you do with it, how you're operationalizing the analytics. Where does Pentaho fit in that whole process? >> Yeah Pentaho we use, that's like ETL process, so to get this 360 view of the customer, we have like a various data sources. After the merger, we tripled the amount of different sources, and I think more than quadrupled the amount of data. So of course, just to make the data and work of the analysts easier, we need to make some transformations to the data and in that area the Pentaho has it's place. And in the future, what we are also expecting like the future versions to help us with is the tech in the more real time data. So for example, we can put in the real time data feed for the one physical place so they can see like which machines are used well, which are not, or is there any other activities that they can learn right in their place. >> So are you in the process of instrumenting the machines at this point? >> Reni: Yep. >> And so you're putting, how does that work, is it rip and replace, is it some kind of chip that you put into the machine? How do you instrument the machine? >> It's a good thing, so that we have actually we design our own slot machines, even. >> Dave: Okay, okay so. >> So we, we can like build up from the ground up. >> Dave: Design it in. >> Yeah. We designed the hardware supports like, it's, they are big IOT machines. >> Dave: Right. >> But also the software will support us. >> And then you've got connectivity, is it hard-wired? Is it physical or is it wireless connectivity? >> We use, well, whatever is available, so... >> Dave: Depends. >> Yeah, yeah. And when we are developing like a new type of games, for example, when the slot machines should have like online all the time, like jackpot available, then of course, we have to think about what's the quality of service of the network, as well. So far, we have been like using whatever is available. >> So what does the data architecture look like? I wonder if you could paint the picture, so you've got the machines, let's just use slot machines as an example. So you have the slot machines, you've instrumented those, you're doing real time analytics there, and maybe talk about what kinds of things you do there? And then where does the data go? How much data, do you persist the data? Maybe talk about that a little. >> Yeah so we get like the slot machines and other resources as well, and have like Kafka Hadoop area where we collect everything. Then there's a Pentaho doing the ETL work and we store the, all the data that goes through it to the Vertica. So we have HP's Vertica there, in that Vertica they've like lots of users, they have like a SAS analytics, use that and the Hadoop as well, so then we have some reporting, financials, finance department they also utilize it. But then we are also building up some new things like Apache's Kudu is one thing that we want to set up there just to make the life of analysts much more easier so they are the moment having little bit hard time in some areas how to utilize the data, and especially how to use like the different analyst tools from different cloud vendors for this data since we are still at the moment on premise, so everything is on premise partly because of the government requirements. >> Dave: Okay. >> So some part of the data they require that we keep it in within the Finland. >> Right so could we call that your private cloud? >> Reni: It's not private cloud yet. >> It's not, okay. >> But we're, we are going. >> Dan: Someday. >> Yeah, yeah. >> It will be a private cloud, okay, so you have edge device, which is the slot machine, and then you do you send all the data back to Vertica or no, probably not, right, I mean. >> Not yet. >> Dave: But do you want to? >> But it will be. >> Dave: Really? >> Yeah, it will be. Of course we have to make some decision like what data will be important and what is not, so not all the data is valuable, but especially when it's like connected somehow to the customer, or the retailer as well, that data we also keep like more than a year. So we are not doing all the analytics just for a short time of data but also want to seek out the long trends and make new hypothesis out of it. >> And the Vertica system is essentially your data warehouse, is that right? >> Reni: Yeah. >> Okay. And then are you doing sort of, well you mentioned recommendation engine so you're doing some >> Reni: Yeah. form of it. That's a form of AI, as far as I'm concerned. Are you doing that, where are you doing that? Is you doing that in your data center, and is that another layer of the data pipeline or is that done in the? >> Yeah, it's done partly on site but also in AVS. >> Yeah >> So we used Amazon services in some areas where we can use those, so the recommendation for example, and part of the cost of AI, that's part, some blocks are also on the AWS. >> So it's a three tier. >> Reni: Yeah. >> So there's the edge, then there's the aggregation at Vertica, and then there's the cloud modeling and training that goes on, and Pentaho plays across that data pipeline, is that right? >> Yeah, yeah, it's our one major player in our data platform in this sense so that it will take care quite a many different kind of transactions so that we have the right data in the right place. >> Dave: All right I'm done geeking out. (laughing) >> All right, so Reni before the cameras were rolling, we were talking a little bit about the difficulties of cultural change within these organizations and you were talking about something that you're working on in Finland that's not necessarily related to Veikkaus, can you tell our viewers a little bit about what you're doing? >> Yeah, we are also setting up a Teal Finland, so promoting this like next phase of organizational, well you cannot call it belief, but vision and perspective so we want to also promote these kind of activities. So I know that especially with the big data movement, you have also seen the cultural changes so not the normal organization ways of working are not, just are not efficient enough so you have to liberate today, you have to give the freedom, how to use the data, what kind of hypothesis, what kind of activities are done, and this cultural change is also with the Teal movement. It's like getting next big leap so this is, well it's a side project but it's also really heavily work related. >> And how open is the Finnish tech community to these ideas, I mean is there an adversarial relationship within the people who don't necessarily welcome the change, I mean how would you describe it? >> I believe it's a really open, we have already, I believe, a handful of companies who work and who operate by this, from this perspective and more is popping out. And we are establishing one cooperative, like to support this movement, and maybe to create new spinoffs which can be for profit. >> All right, let's get to the heart of the matter here, (laughing) how do I beat the house? >> I knew you were going there, Dave. >> Just, just between us. >> I knew it. (laughing) >> Obviously I'm kidding but different games have different odds. >> Reni: Yeah. >> Right, I mean, and those are, you're transparent about that, people know what they are, but what are the best odds? Is it slots, best chance of winning, or poker, or... >> Yeah, slots is good side and also whenever you go to Cassie you know, it has a top notch, so 90 point something, so... >> Of probabilities and, >> But of course I have to say that the house wins eventually, so yeah, yeah. >> The bookeys always win so. >> Rebecca: Right exactly. >> So the higher the probability, the lower the pay out, and reverse, presumably, right? >> Reni: Yeah, yeah. >> The lottery would be. >> Lottery you're a check out if you're yeah. >> Dave: Low odds. >> Low odds but, >> Dave: Telephone numbers if you win. >> Yeah. >> Dave: Yeah. >> But David, you can't win if you don't play, okay, just saying, just saying. >> And every week there's somebody who wins. >> Rebecca: Right! >> Yeah. So why it cannot be me, or you? (laughing) >> Or me, or me, maybe! >> So what do you do to the guys who count cards, you like break arms or you put them in jail, no? >> It's Finland, this is no, no, come on. >> Nobody does that, right? >> Reni: No, no, no. But of course, yeah that's probably something we could in future also to use data more efficiently than we use it at the moment, so that's one part like how people behave versus machines behave. So for example in the online poker, the card counting program, that's one problem I think every, for the industry. >> Dave: Right. >> Are you working with behavioral finance experts in this to sort of understand people's behavior when it comes to this? >> Yeah we work, for example, with psychologists to understand this and the same goes with problematic gambling as well so you have to know about how people behave. >> And do you have customers outside of Finland or is it pretty much exclusively? >> No, sorry, it's exclusive club, you have to move to, you know you have to move to Finland. (laughing) And then we welcome you. >> Awesome. >> He's going to immigrate, I think, any day now. Well Reni, >> Reni: But hey, it's one of the best countries. >> Thank you so much for coming on The Cube, it was a lot of fun talking to you. >> Yeah, thank you. >> I'm Rebecca Knight, for Dave Vellante, we will have more from PentahoWorld just after this.