(chill electronic music) >> Hello everyone, welcome to theCUBE's presentation of the AWS Startups Showcase, AI and machine learning, the top startups building generative AI on AWS. This is the season three, episode one of the ongoing series covering the exciting startups from the AWS ecosystem, talk about AI and machine learning. Can't believe it's three years and season one. I'm your host, John Furrier. Got a great guest today, we're joined by Joseph Nelson, the co-founder and CEO of Roboflow, doing some cutting edge stuff around computer vision and really at the front end of this massive wave coming around, large language models, computer vision. The next gen AI is here, and it's just getting started. We haven't even scratched a service. Thanks for joining us today. >> Thanks for having me. >> So you got to love the large language model, foundation models, really educating the mainstream world. ChatGPT has got everyone in the frenzy. This is educating the world around this next gen AI capabilities, enterprise, image and video data, all a big part of it. I mean the edge of the network, Mobile World Conference is happening right now, this month, and it's just ending up, it's just continue to explode. Video is huge. So take us through the company, do a quick explanation of what you guys are doing, when you were founded. Talk about what the company's mission is, and what's your North Star, why do you exist? >> Yeah, Roboflow exists to really kind of make the world programmable. I like to say make the world be read and write access. And our North Star is enabling developers, predominantly, to build that future. If you look around, anything that you see will have software related to it, and can kind of be turned into software. The limiting reactant though, is how to enable computers and machines to understand things as well as people can. And in a lot of ways, computer vision is that missing element that enables anything that you see to become software. So in the virtue of, if software is eating the world, computer vision kind of makes the aperture infinitely wide. It's something that I kind of like, the way I like to frame it. And the capabilities are there, the open source models are there, the amount of data is there, the computer capabilities are only improving annually, but there's a pretty big dearth of tooling, and an early but promising sign of the explosion of use cases, models, and data sets that companies, developers, hobbyists alike will need to bring these capabilities to bear. So Roboflow is in the game of building the community around that capability, building the use cases that allow developers and enterprises to use computer vision, and providing the tooling for companies and developers to be able to add computer vision, create better data sets, and deploy to production, quickly, easily, safely, invaluably. >> You know, Joseph, the word in production is actually real now. You're seeing a lot more people doing in production activities. That's a real hot one and usually it's slower, but it's gone faster, and I think that's going to be more the same. And I think the parallel between what we're seeing on the large language models coming into computer vision, and as you mentioned, video's data, right? I mean we're doing video right now, we're transcribing it into a transcript, linking up to your linguistics, times and the timestamp, I mean everything's data and that really kind of feeds. So this connection between what we're seeing, the large language and computer vision are coming together kind of cousins, brothers. I mean, how would you compare, how would you explain to someone, because everyone's like on this wave of watching people bang out their homework assignments, and you know, write some hacks on code with some of the open AI technologies, there is a corollary directly related to to the vision side. Can you explain? >> Yeah, the rise of large language models are showing what's possible, especially with text, and I think increasingly will get multimodal as the images and video become ingested. Though there's kind of this still core missing element of basically like understanding. So the rise of large language models kind of create this new area of generative AI, and generative AI in the context of computer vision is a lot of, you know, creating video and image assets and content. There's also this whole surface area to understanding what's already created. Basically digitizing physical, real world things. I mean the Metaverse can't be built if we don't know how to mirror or create or identify the objects that we want to interact with in our everyday lives. And where computer vision comes to play in, especially what we've seen at Roboflow is, you know, a little over a hundred thousand developers now have built with our tools. That's to the tune of a hundred million labeled open source images, over 10,000 pre-trained models. And they've kind of showcased to us all of the ways that computer vision is impacting and bringing the world to life. And these are things that, you know, even before large language models and generative AI, you had pretty impressive capabilities, and when you add the two together, it actually unlocks these kind of new capabilities. So for example, you know, one of our users actually powers the broadcast feeds at Wimbledon. So here we're talking about video, we're streaming, we're doing things live, we've got folks that are cropping and making sure we look good, and audio/visual all plugged in correctly. When you broadcast Wimbledon, you'll notice that the camera controllers need to do things like track the ball, which is moving at extremely high speeds and zoom crop, pan tilt, as well as determine if the ball bounced in or out. The very controversial but critical key to a lot of tennis matches. And a lot of that has been historically done with the trained, but fallible human eye and computer vision is, you know, well suited for this task to say, how do we track, pan, tilt, zoom, and see, track the tennis ball in real time, run at 30 plus frames per second, and do it all on the edge. And those are capabilities that, you know, were kind of like science fiction, maybe even a decade ago, and certainly five years ago. Now the interesting thing, is that with the advent of of generative AI, you can start to do things like create your own training data sets, or kind of create logic around once you have this visual input. And teams at Tesla have actually been speaking about, of course the autopilot team's focused on doing vision tasks, but they've combined large language models to add reasoning and logic. So given that you see, let's say the tennis ball, what do you want to do? And being able to combine the capabilities of what LLM's represent, which is really a lot of basically, core human reasoning and logic, with computer vision for the inputs of what's possible, creates these new capabilities, let alone multimodality, which I'm sure we'll talk more about. >> Yeah, and it's really, I mean it's almost intoxicating. It's amazing that this is so capable because the cloud scales here, you got the edge developing, you can decouple compute power, and let Moore's law and all the new silicone and the processors and the GPUs do their thing, and you got open source booming. You're kind of getting at this next segment I wanted to get into, which is the, how people should be thinking about these advances of the computer vision. So this is now a next wave, it's here. I mean I'd love to have that for baseball because I'm always like, "Oh, it should have been a strike." I'm sure that's going to be coming soon, but what is the computer vision capable of doing today? I guess that's my first question. You hit some of it, unpack that a little bit. What does general AI mean in computer vision? What's the new thing? Because there are old technology's been around, proprietary, bolted onto hardware, but hardware advances at a different pace, but now you got new capabilities, generative AI for vision, what does that mean? >> Yeah, so computer vision, you know, at its core is basically enabling machines, computers, to understand, process, and act on visual data as effective or more effective than people can. Traditionally this has been, you know, task types like classification, which you know, identifying if a given image belongs in a certain category of goods on maybe a retail site, is the shoes or is it clothing? Or object detection, which is, you know, creating bounding boxes, which allows you to do things like count how many things are present, or maybe measure the speed of something, or trigger an alert when something becomes visible in frame that wasn't previously visible in frame, or instant segmentation where you're creating pixel wise segmentations for both instance and semantic segmentation, where you often see these kind of beautiful visuals of the polygon surrounding objects that you see. Then you have key point detection, which is where you see, you know, athletes, and each of their joints are kind of outlined is another more traditional type problem in signal processing and computer vision. With generative AI, you kind of get a whole new class of problem types that are opened up. So in a lot of ways I think about generative AI in computer vision as some of the, you know, problems that you aimed to tackle, might still be better suited for one of the previous task types we were discussing. Some of those problem types may be better suited for using a generative technique, and some are problem types that just previously wouldn't have been possible absent generative AI. And so if you make that kind of Venn diagram in your head, you can think about, okay, you know, visual question answering is a task type where if I give you an image and I say, you know, "How many people are in this image?" We could either build an object detection model that might count all those people, or maybe a visual question answering system would sufficiently answer this type of problem. Let alone generative AI being able to create new training data for old systems. And that's something that we've seen be an increasingly prominent use case for our users, as much as things that we advise our customers and the community writ large to take advantage of. So ultimately those are kind of the traditional task types. I can give you some insight, maybe, into how I think about what's possible today, or five years or ten years as you sort go back. >> Yes, definitely. Let's get into that vision. >> So I kind of think about the types of use cases in terms of what's possible. If you just imagine a very simple bell curve, your normal distribution, for the longest time, the types of things that are in the center of that bell curve are identifying objects that are very common or common objects in context. Microsoft published the COCO Dataset in 2014 of common objects and contexts, of hundreds of thousands of images of chairs, forks, food, person, these sorts of things. And you know, the challenge of the day had always been, how do you identify just those 80 objects? So if we think about the bell curve, that'd be maybe the like dead center of the curve, where there's a lot of those objects present, and it's a very common thing that needs to be identified. But it's a very, very, very small sliver of the distribution. Now if you go out to the way long tail, let's go like deep into the tail of this imagined visual normal distribution, you're going to have a problem like one of our customers, Rivian, in tandem with AWS, is tackling, to do visual quality assurance and manufacturing in production processes. Now only Rivian knows what a Rivian is supposed to look like. Only they know the imagery of what their goods that are going to be produced are. And then between those long tails of proprietary data of highly specific things that need to be understood, in the center of the curve, you have a whole kind of messy middle, type of problems I like to say. The way I think about computer vision advancing, is it's basically you have larger and larger and more capable models that eat from the center out, right? So if you have a model that, you know, understands the 80 classes in COCO, well, pretty soon you have advances like Clip, which was trained on 400 million image text pairs, and has a greater understanding of a wider array of objects than just 80 classes in context. And over time you'll get more and more of these larger models that kind of eat outwards from that center of the distribution. And so the question becomes for companies, when can you rely on maybe a model that just already exists? How do you use your data to get what may be capable off the shelf, so to speak, into something that is usable for you? Or, if you're in those long tails and you have proprietary data, how do you take advantage of the greatest asset you have, which is observed visual information that you want to put to work for your customers, and you're kind of living in the long tails, and you need to adapt state of the art for your capabilities. So my mental model for like how computer vision advances is you have that bell curve, and you have increasingly powerful models that eat outward. And multimodality has a role to play in that, larger models have a role to play in that, more compute, more data generally has a role to play in that. But it will be a messy and I think long condition. >> Well, the thing I want to get, first of all, it's great, great mental model, I appreciate that, 'cause I think that makes a lot of sense. The question is, it seems now more than ever, with the scale and compute that's available, that not only can you eat out to the middle in your example, but there's other models you can integrate with. In the past there was siloed, static, almost bespoke. Now you're looking at larger models eating into the bell curve, as you said, but also integrating in with other stuff. So this seems to be part of that interaction. How does, first of all, is that really happening? Is that true? And then two, what does that mean for companies who want to take advantage of this? Because the old model was operational, you know? I have my cameras, they're watching stuff, whatever, and like now you're in this more of a, distributed computing, computer science mindset, not, you know, put the camera on the wall kind of- I'm oversimplifying, but you know what I'm saying. What's your take on that? >> Well, to the first point of, how are these advances happening? What I was kind of describing was, you know, almost uni-dimensional in that you have like, you're only thinking about vision, but the rise of generative techniques and multi-modality, like Clip is a multi-modal model, it has 400 million image text pairs. That will advance the generalizability at a faster rate than just treating everything as only vision. And that's kind of where LLMs and vision will intersect in a really nice and powerful way. Now in terms of like companies, how should they be thinking about taking advantage of these trends? The biggest thing that, and I think it's different, obviously, on the size of business, if you're an enterprise versus a startup. The biggest thing that I think if you're an enterprise, and you have an established scaled business model that is working for your customers, the question becomes, how do you take advantage of that established data moat, potentially, resource moats, and certainly, of course, establish a way of providing value to an end user. So for example, one of our customers, Walmart, has the advantage of one of the largest inventory and stock of any company in the world. And they also of course have substantial visual data, both from like their online catalogs, or understanding what's in stock or out of stock, or understanding, you know, the quality of things that they're going from the start of their supply chain to making it inside stores, for delivery of fulfillments. All these are are visual challenges. Now they already have a substantial trove of useful imagery to understand and teach and train large models to understand each of the individual SKUs and products that are in their stores. And so if I'm a Walmart, what I'm thinking is, how do I make sure that my petabytes of visual information is utilized in a way where I capture the proprietary benefit of the models that I can train to do tasks like, what item was this? Or maybe I'm going to create AmazonGo-like technology, or maybe I'm going to build like delivery robots, or I want to automatically know what's in and out of stock from visual input fees that I have across my in-store traffic. And that becomes the question and flavor of the day for enterprises. I've got this large amount of data, I've got an established way that I can provide more value to my own customers. How do I ensure I take advantage of the data advantage I'm already sitting on? If you're a startup, I think it's a pretty different question, and I'm happy to talk about. >> Yeah, what's startup angle on this? Because you know, they're going to want to take advantage. It's like cloud startups, cloud native startups, they were born in the cloud, they never had an IT department. So if you're a startup, is there a similar role here? And if I'm a computer vision startup, what's that mean? So can you share your your take on that, because there'll be a lot of people starting up from this. >> So the startup on the opposite advantage and disadvantage, right? Like a startup doesn't have an proven way of delivering repeatable value in the same way that a scaled enterprise does. But it does have the nimbleness to identify and take advantage of techniques that you can start from a blank slate. And I think the thing that startups need to be wary of in the generative AI enlarged language model, in multimodal world, is building what I like to call, kind of like sandcastles. A sandcastle is maybe a business model or a capability that's built on top of an assumption that is going to be pretty quickly wiped away by improving underlying model technology. So almost like if you imagine like the ocean, the waves are coming in, and they're going to wipe away your progress. You don't want to be in the position of building sandcastle business where, you don't want to bet on the fact that models aren't going to get good enough to solve the task type that you might be solving. In other words, don't take a screenshot of what's capable today. Assume that what's capable today is only going to continue to become possible. And so for a startup, what you can do, that like enterprises are quite comparatively less good at, is embedding these capabilities deeply within your products and delivering maybe a vertical based experience, where AI kind of exists in the background. >> Yeah. >> And we might not think of companies as, you know, even AI companies, it's just so embedded in the experience they provide, but that's like the vertical application example of taking AI and making it be immediately usable. Or, of course there's tons of picks and shovels businesses to be built like Roboflow, where you're enabling these enterprises to take advantage of something that they have, whether that's their data sets, their computes, or their intellect. >> Okay, so if I hear that right, by the way, I love, that's horizontally scalable, that's the large language models, go up and build them the apps, hence your developer focus. I'm sure that's probably the reason that the tsunami of developer's action. So you're saying picks and shovels tools, don't try to replicate the platform of what could be the platform. Oh, go to a VC, I'm going to build a platform. No, no, no, no, those are going to get wiped away by the large language models. Is there one large language model that will rule the world, or do you see many coming? >> Yeah, so to be clear, I think there will be useful platforms. I just think a lot of people think that they're building, let's say, you know, if we put this in the cloud context, you're building a specific type of EC2 instance. Well, it turns out that Amazon can offer that type of EC2 instance, and immediately distribute it to all of their customers. So you don't want to be in the position of just providing something that actually ends up looking like a feature, which in the context of AI, might be like a small incremental improvement on the model. If that's all you're doing, you're a sandcastle business. Now there's a lot of platform businesses that need to be built that enable businesses to get to value and do things like, how do I monitor my models? How do I create better models with my given data sets? How do I ensure that my models are doing what I want them to do? How do I find the right models to use? There's all these sorts of platform wide problems that certainly exist for businesses. I just think a lot of startups that I'm seeing right now are making the mistake of assuming the advances we're seeing are not going to accelerate or even get better. >> So if I'm a customer, if I'm a company, say I'm a startup or an enterprise, either one, same question. And I want to stand up, and I have developers working on stuff, I want to start standing up an environment to start doing stuff. Is that a service provider? Is that a managed service? Is that you guys? So how do you guys fit into your customers leaning in? Is it just for developers? Are you targeting with a specific like managed service? What's the product consumption? How do you talk to customers when they come to you? >> The thing that we do is enable, we give developers superpowers to build automated inventory tracking, self-checkout systems, identify if this image is malignant cancer or benign cancer, ensure that these products that I've produced are correct. Make sure that that the defect that might exist on this electric vehicle makes its way back for review. All these sorts of problems are immediately able to be solved and tackled. In terms of the managed services element, we have solutions as integrators that will often build on top of our tools, or we'll have companies that look to us for guidance, but ultimately the company is in control of developing and building and creating these capabilities in house. I really think the distinction is maybe less around managed service and tool, and more around ownership in the era of AI. So for example, if I'm using a managed service, in that managed service, part of their benefit is that they are learning across their customer sets, then it's a very different relationship than using a managed service where I'm developing some amount of proprietary advantages for my data sets. And I think that's a really important thing that companies are becoming attuned to, just the value of the data that they have. And so that's what we do. We tell companies that you have this proprietary, immense treasure trove of data, use that to your advantage, and think about us more like a set of tools that enable you to get value from that capability. You know, the HashiCorp's and GitLab's of the world have proven like what these businesses look like at scale. >> And you're targeting developers. When you go into a company, do you target developers with freemium, is there a paid service? Talk about the business model real quick. >> Sure, yeah. The tools are free to use and get started. When someone signs up for Roboflow, they may elect to make their work open source, in which case we're able to provide even more generous usage limits to basically move the computer vision community forward. If you elect to make your data private, you can use our hosted data set managing, data set training, model deployment, annotation tooling up to some limits. And then usually when someone validates that what they're doing gets them value, they purchase a subscription license to be able to scale up those capabilities. So like most developer centric products, it's free to get started, free to prove, free to poke around, develop what you think is possible. And then once you're getting to value, then we're able to capture the commercial upside in the value that's being provided. >> Love the business model. It's right in line with where the market is. There's kind of no standards bodies these days. The developers are the ones who are deciding kind of what the standards are by their adoption. I think making that easy for developers to get value as the model open sources continuing to grow, you can see more of that. Great perspective Joseph, thanks for sharing that. Put a plug in for the company. What are you guys doing right now? Where are you in your growth? What are you looking for? How should people engage? Give the quick commercial for the company. >> So as I mentioned, Roboflow is I think one of the largest, if not the largest collections of computer vision models and data sets that are open source, available on the web today, and have a private set of tools that over half the Fortune 100 now rely on those tools. So we're at the stage now where we know people want what we're working on, and we're continuing to drive that type of adoption. So companies that are looking to make better models, improve their data sets, train and deploy, often will get a lot of value from our tools, and certainly reach out to talk. I'm sure there's a lot of talented engineers that are tuning in too, we're aggressively hiring. So if you are interested in being a part of making the world programmable, and being at the ground floor of the company that's creating these capabilities to be writ large, we'd love to hear from you. >> Amazing, Joseph, thanks so much for coming on and being part of the AWS Startup Showcase. Man, if I was in my twenties, I'd be knocking on your door, because it's the hottest trend right now, it's super exciting. Generative AI is just the beginning of massive sea change. Congratulations on all your success, and we'll be following you guys. Thanks for spending the time, really appreciate it. >> Thanks for having me. >> Okay, this is season three, episode one of the ongoing series covering the exciting startups from the AWS ecosystem, talking about the hottest things in tech. I'm John Furrier, your host. Thanks for watching. (chill electronic music)

(gentle music) >> Hello everyone. Welcome to this CUBE conversation here in Palo Alto, California. I'm John Furrier, host of theCUBE. We got a great remote guest coming in. Joseph Nelson, co-founder and CEO of RoboFlow hot startup in AI, computer vision. Really interesting topic in this wave of AI next gen hitting. Joseph, thanks for coming on this CUBE conversation. >> Thanks for having me. >> Yeah, I love the startup tsunami that's happening here in this wave. RoboFlow, you're in the middle of it. Exciting opportunities, you guys are in the cutting edge. I think computer vision's been talked about more as just as much as the large language models and these foundational models are merging. You're in the middle of it. What's it like right now as a startup and growing in this new wave hitting? >> It's kind of funny, it's, you know, I kind of describe it like sometimes you're in a garden of gnomes. It's like we feel like we've got this giant headstart with hundreds of thousands of people building with computer vision, training their own models, but that's a fraction of what it's going to be in six months, 12 months, 24 months. So, as you described it, a wave is a good way to think about it. And the wave is still building before it gets to its full size. So it's a ton of fun. >> Yeah, I think it's one of the most exciting areas in computer science. I wish I was in my twenties again, because I would be all over this. It's the intersection, there's so many disciplines, right? It's not just tech computer science, it's computer science, it's systems, it's software, it's data. There's so much aperture of things going on around your world. So, I mean, you got to be batting all the students away kind of trying to get hired in there, probably. I can only imagine you're hiring regiment. I'll ask that later, but first talk about what the company is that you're doing. How it's positioned, what's the market you're going after, and what's the origination story? How did you guys get here? How did you just say, hey, want to do this? What was the origination story? What do you do and how did you start the company? >> Yeah, yeah. I'll give you the what we do today and then I'll shift into the origin. RoboFlow builds tools for making the world programmable. Like anything that you see should be read write access if you think about it with a programmer's mind or legible. And computer vision is a technology that enables software to be added to these real world objects that we see. And so any sort of interface, any sort of object, any sort of scene, we can interact with it, we can make it more efficient, we can make it more entertaining by adding the ability for the tools that we use and the software that we write to understand those objects. And at RoboFlow, we've empowered a little over a hundred thousand developers, including those in half the Fortune 100 so far in that mission. Whether that's Walmart understanding the retail in their stores, Cardinal Health understanding the ways that they're helping their patients, or even electric vehicle manufacturers ensuring that they're making the right stuff at the right time. As you mentioned, it's early. Like I think maybe computer vision has touched one, maybe 2% of the whole economy and it'll be like everything in a very short period of time. And so we're focused on enabling that transformation. I think it's it, as far as I think about it, I've been fortunate to start companies before, start, sell these sorts of things. This is the last company I ever wanted to start and I think it will be, should we do it right, the world's largest in riding the wave of bringing together the disparate pieces of that technology. >> What was the motivating point of the formation? Was it, you know, you guys were hanging around? Was there some catalyst? What was the moment where it all kind of came together for you? >> You know what's funny is my co-founder, Brad and I, we were making computer vision apps for making board games more fun to play. So in 2017, Apple released AR kit, augmented reality kit for building augmented reality applications. And Brad and I are both sort of like hacker persona types. We feel like we don't really understand the technology until we build something with it and so we decided that we should make an app that if you point your phone at a Sudoku puzzle, it understands the state of the board and then it kind of magically fills in that experience with all the digits in real time, which totally ruins the game of Sudoku to be clear. But it also just creates this like aha moment of like, oh wow, like the ability for our pocket devices to understand and see the world as good or better than we can is possible. And so, you know, we actually did that as I mentioned in 2017, and the app went viral. It was, you know, top of some subreddits, top of Injure, Reddit, the hacker community as well as Product Hunt really liked it. So it actually won Product Hunt AR app of the year, which was the same year that the Tesla model three won the product of the year. So we joked that we share an award with Elon our shared (indistinct) But frankly, so that was 2017. RoboFlow wasn't incorporated as a business until 2019. And so, you know, when we made Magic Sudoku, I was running a different company at the time, Brad was running a different company at the time, and we kind of just put it out there and were excited by how many people liked it. And we assumed that other curious developers would see this inevitable future of, oh wow, you know. This is much more than just a pedestrian point your phone at a board game. This is everything can be seen and understood and rewritten in a different way. Things like, you know, maybe your fridge. Knowing what ingredients you have and suggesting recipes or auto ordering for you, or we were talking about some retail use cases of automated checkout. Like anything can be seen and observed and we presume that that would kick off a Cambrian explosion of applications. It didn't. So you fast forward to 2019, we said, well we might as well be the guys to start to tackle this sort of problem. And because of our success with board games before, we returned to making more board game solving applications. So we made one that solves Boggle, you know, the four by four word game, we made one that solves chess, you point your phone at a chess board and it understands the state of the board and then can make move recommendations. And each additional board game that we added, we realized that the tooling was really immature. The process of collecting images, knowing which images are actually going to be useful for improving model performance, training those models, deploying those models. And if we really wanted to make the world programmable, developers waiting for us to make an app for their thing of interest is a lot less efficient, less impactful than taking our tool chain and releasing that externally. And so, that's what RoboFlow became. RoboFlow became the internal tools that we used to make these game changing applications readily available. And as you know, when you give developers new tools, they create new billion dollar industries, let alone all sorts of fun hobbyist projects along the way. >> I love that story. Curious, inventive, little radical. Let's break the rules, see how we can push the envelope on the board games. That's how companies get started. It's a great story. I got to ask you, okay, what happens next? Now, okay, you realize this new tooling, but this is like how companies get built. Like they solve their own problem that they had 'cause they realized there's one, but then there has to be a market for it. So you actually guys knew that this was coming around the corner. So okay, you got your hacker mentality, you did that thing, you got the award and now you're like, okay, wow. Were you guys conscious of the wave coming? Was it one of those things where you said, look, if we do this, we solve our own problem, this will be big for everybody. Did you have that moment? Was that in 2019 or was that more of like, it kind of was obvious to you guys? >> Absolutely. I mean Brad puts this pretty effectively where he describes how we lived through the initial internet revolution, but we were kind of too young to really recognize and comprehend what was happening at the time. And then mobile happened and we were working on different companies that were not in the mobile space. And computer vision feels like the wave that we've caught. Like, this is a technology and capability that rewrites how we interact with the world, how everyone will interact with the world. And so we feel we've been kind of lucky this time, right place, right time of every enterprise will have the ability to improve their operations with computer vision. And so we've been very cognizant of the fact that computer vision is one of those groundbreaking technologies that every company will have as a part of their products and services and offerings, and we can provide the tooling to accelerate that future. >> Yeah, and the developer angle, by the way, I love that because I think, you know, as we've been saying in theCUBE all the time, developer's the new defacto standard bodies because what they adopt is pure, you know, meritocracy. And they pick the best. If it's sell service and it's good and it's got open source community around it, its all in. And they'll vote. They'll vote with their code and that is clear. Now I got to ask you, as you look at the market, we were just having this conversation on theCUBE in Barcelona at recent Mobile World Congress, now called MWC, around 5G versus wifi. And the debate was specifically computer vision, like facial recognition. We were talking about how the Cleveland Browns were using facial recognition for people coming into the stadium they were using it for ships in international ports. So the question was 5G versus wifi. My question is what infrastructure or what are the areas that need to be in place to make computer vision work? If you have developers building apps, apps got to run on stuff. So how do you sort that out in your mind? What's your reaction to that? >> A lot of the times when we see applications that need to run in real time and on video, they'll actually run at the edge without internet. And so a lot of our users will actually take their models and run it in a fully offline environment. Now to act on that information, you'll often need to have internet signal at some point 'cause you'll need to know how many people were in the stadium or what shipping crates are in my port at this point in time. You'll need to relay that information somewhere else, which will require connectivity. But actually using the model and creating the insights at the edge does not require internet. I mean we have users that deploy models on underwater submarines just as much as in outer space actually. And those are not very friendly environments to internet, let alone 5g. And so what you do is you use an edge device, like an Nvidia Jetson is common, mobile devices are common. Intel has some strong edge devices, the Movidius family of chips for example. And you use that compute that runs completely offline in real time to process those signals. Now again, what you do with those signals may require connectivity and that becomes a question of the problem you're solving of how soon you need to relay that information to another place. >> So, that's an architectural issue on the infrastructure. If you're a tactical edge war fighter for instance, you might want to have highly available and maybe high availability. I mean, these are words that mean something. You got storage, but it's not at the edge in real time. But you can trickle it back and pull it down. That's management. So that's more of a business by business decision or environment, right? >> That's right, that's right. Yeah. So I mean we can talk through some specifics. So for example, the RoboFlow actually powers the broadcaster that does the tennis ball tracking at Wimbledon. That runs completely at the edge in real time in, you know, technically to track the tennis ball and point the camera, you actually don't need internet. Now they do have internet of course to do the broadcasting and relay the signal and feeds and these sorts of things. And so that's a case where you have both edge deployment of running the model and high availability act on that model. We have other instances where customers will run their models on drones and the drone will go and do a flight and it'll say, you know, this many residential homes are in this given area, or this many cargo containers are in this given shipping yard. Or maybe we saw these environmental considerations of soil erosion along this riverbank. The model in that case can run on the drone during flight without internet, but then you only need internet once the drone lands and you're going to act on that information because for example, if you're doing like a study of soil erosion, you don't need to be real time. You just need to be able to process and make use of that information once the drone finishes its flight. >> Well I can imagine a zillion use cases. I heard of a use case interview at a company that does computer vision to help people see if anyone's jumping the fence on their company. Like, they know what a body looks like climbing a fence and they can spot it. Pretty easy use case compared to probably some of the other things, but this is the horizontal use cases, its so many use cases. So how do you guys talk to the marketplace when you say, hey, we have generative AI for commuter vision. You might know language models that's completely different animal because vision's like the world, right? So you got a lot more to do. What's the difference? How do you explain that to customers? What can I build and what's their reaction? >> Because we're such a developer centric company, developers are usually creative and show you the ways that they want to take advantage of new technologies. I mean, we've had people use things for identifying conveyor belt debris, doing gas leak detection, measuring the size of fish, airplane maintenance. We even had someone that like a hobby use case where they did like a specific sushi identifier. I dunno if you know this, but there's a specific type of whitefish that if you grew up in the western hemisphere and you eat it in the eastern hemisphere, you get very sick. And so there was someone that made an app that tells you if you happen to have that fish in the sushi that you're eating. But security camera analysis, transportation flows, plant disease detection, really, you know, smarter cities. We have people that are doing curb management identifying, and a lot of these use cases, the fantastic thing about building tools for developers is they're a creative bunch and they have these ideas that if you and I sat down for 15 minutes and said, let's guess every way computer vision can be used, we would need weeks to list all the example use cases. >> We'd miss everything. >> And we'd miss. And so having the community show us the ways that they're using computer vision is impactful. Now that said, there are of course commercial industries that have discovered the value and been able to be out of the gate. And that's where we have the Fortune 100 customers, like we do. Like the retail customers in the Walmart sector, healthcare providers like Medtronic, or vehicle manufacturers like Rivian who all have very difficult either supply chain, quality assurance, in stock, out of stock, anti-theft protection considerations that require successfully making sense of the real world. >> Let me ask you a question. This is maybe a little bit in the weeds, but it's more developer focused. What are some of the developer profiles that you're seeing right now in terms of low-hanging fruit applications? And can you talk about the academic impact? Because I imagine if I was in school right now, I'd be all over it. Are you seeing Master's thesis' being worked on with some of your stuff? Is the uptake in both areas of younger pre-graduates? And then inside the workforce, What are some of the devs like? Can you share just either what their makeup is, what they work on, give a little insight into the devs you're working with. >> Leading developers that want to be on state-of-the-art technology build with RoboFlow because they know they can use the best in class open source. They know that they can get the most out of their data. They know that they can deploy extremely quickly. That's true among students as you mentioned, just as much as as industries. So we welcome students and I mean, we have research grants that will regularly support for people to publish. I mean we actually have a channel inside our internal slack where every day, more student publications that cite building with RoboFlow pop up. And so, that helps inspire some of the use cases. Now what's interesting is that the use case is relatively, you know, useful or applicable for the business or the student. In other words, if a student does a thesis on how to do, we'll say like shingle damage detection from satellite imagery and they're just doing that as a master's thesis, in fact most insurance businesses would be interested in that sort of application. So, that's kind of how we see uptick and adoption both among researchers who want to be on the cutting edge and publish, both with RoboFlow and making use of open source tools in tandem with the tool that we provide, just as much as industry. And you know, I'm a big believer in the philosophy that kind of like what the hackers are doing nights and weekends, the Fortune 500 are doing in a pretty short order period of time and we're experiencing that transition. Computer vision used to be, you know, kind of like a PhD, multi-year investment endeavor. And now with some of the tooling that we're working on in open source technologies and the compute that's available, these science fiction ideas are possible in an afternoon. And so you have this idea of maybe doing asset management or the aerial observation of your shingles or things like this. You have a few hundred images and you can de-risk whether that's possible for your business today. So there's pretty broad-based adoption among both researchers that want to be on the state of the art, as much as companies that want to reduce the time to value. >> You know, Joseph, you guys and your partner have got a great front row seat, ground floor, presented creation wave here. I'm seeing a pattern emerging from all my conversations on theCUBE with founders that are successful, like yourselves, that there's two kind of real things going on. You got the enterprises grabbing the products and retrofitting into their legacy and rebuilding their business. And then you have startups coming out of the woodwork. Young, seeing greenfield or pick a specific niche or focus and making that the signature lever to move the market. >> That's right. >> So can you share your thoughts on the startup scene, other founders out there and talk about that? And then I have a couple questions for like the enterprises, the old school, the existing legacy. Little slower, but the startups are moving fast. What are some of the things you're seeing as startups are emerging in this field? >> I think you make a great point that independent of RoboFlow, very successful, especially developer focused businesses, kind of have three customer types. You have the startups and maybe like series A, series B startups that you're building a product as fast as you can to keep up with them, and they're really moving just as fast as as you are and pulling the product out at you for things that they need. The second segment that you have might be, call it SMB but not enterprise, who are able to purchase and aren't, you know, as fast of moving, but are stable and getting value and able to get to production. And then the third type is enterprise, and that's where you have typically larger contract value sizes, slower moving in terms of adoption and feedback for your product. And I think what you see is that successful companies balance having those three customer personas because you have the small startups, small fast moving upstarts that are discerning buyers who know the market and elect to build on tooling that is best in class. And so you basically kind of pass the smell test of companies who are quite discerning in their purchases, plus are moving so quick they're pulling their product out of you. Concurrently, you have a product that's enterprise ready to service the scalability, availability, and trust of enterprise buyers. And that's ultimately where a lot of companies will see tremendous commercial success. I mean I remember seeing the Twilio IPO, Uber being like a full 20% of their revenue, right? And so there's this very common pattern where you have the ability to find some of those upstarts that you make bets on, like the next Ubers of the world, the smaller companies that continue to get developed with the product and then the enterprise whom allows you to really fund the commercial success of the business, and validate the size of the opportunity in market that's being creative. >> It's interesting, there's so many things happening there. It's like, in a way it's a new category, but it's not a new category. It becomes a new category because of the capabilities, right? So, it's really interesting, 'cause that's what you're talking about is a category, creating. >> I think developer tools. So people often talk about B to B and B to C businesses. I think developer tools are in some ways a third way. I mean ultimately they're B to B, you're selling to other businesses and that's where your revenue's coming from. However, you look kind of like a B to C company in the ways that you measure product adoption and kind of go to market. In other words, you know, we're often tracking the leading indicators of commercial success in the form of usage, adoption, retention. Really consumer app, traditionally based metrics of how to know you're building the right stuff, and that's what product led growth companies do. And then you ultimately have commercial traction in a B to B way. And I think that that actually kind of looks like a third thing, right? Like you can do these sort of funny zany marketing examples that you might see historically from consumer businesses, but yet you ultimately make your money from the enterprise who has these de-risked high value problems you can solve for them. And I selfishly think that that's the best of both worlds because I don't have to be like Evan Spiegel, guessing the next consumer trend or maybe creating the next consumer trend and catching lightning in a bottle over and over again on the consumer side. But I still get to have fun in our marketing and make sort of fun, like we're launching the world's largest game of rock paper scissors being played with computer vision, right? Like that's sort of like a fun thing you can do, but then you can concurrently have the commercial validation and customers telling you the things that they need to be built for them next to solve commercial pain points for them. So I really do think that you're right by calling this a new category and it really is the best of both worlds. >> It's a great call out, it's a great call out. In fact, I always juggle with the VC. I'm like, it's so easy. Your job is so easy to pick the winners. What are you talking about its so easy? I go, just watch what the developers jump on. And it's not about who started, it could be someone in the dorm room to the boardroom person. You don't know because that B to C, the C, it's B to D you know? You know it's developer 'cause that's a human right? That's a consumer of the tool which influences the business that never was there before. So I think this direct business model evolution, whether it's media going direct or going direct to the developers rather than going to a gatekeeper, this is the reality. >> That's right. >> Well I got to ask you while we got some time left to describe, I want to get into this topic of multi-modality, okay? And can you describe what that means in computer vision? And what's the state of the growth of that portion of this piece? >> Multi modality refers to using multiple traditionally siloed problem types, meaning text, image, video, audio. So you could treat an audio problem as only processing audio signal. That is not multimodal, but you could use the audio signal at the same time as a video feed. Now you're talking about multi modality. In computer vision, multi modality is predominantly happening with images and text. And one of the biggest releases in this space is actually two years old now, was clip, contrastive language image pre-training, which took 400 million image text pairs and basically instead of previously when you do classification, you basically map every single image to a single class, right? Like here's a bunch of images of chairs, here's a bunch of images of dogs. What clip did is used, you can think about it like, the class for an image being the Instagram caption for the image. So it's not one single thing. And by training on understanding the corpora, you basically see which words, which concepts are associated with which pixels. And this opens up the aperture for the types of problems and generalizability of models. So what does this mean? This means that you can get to value more quickly from an existing trained model, or at least validate that what you want to tackle with a computer vision, you can get there more quickly. It also opens up the, I mean. Clip has been the bedrock of some of the generative image techniques that have come to bear, just as much as some of the LLMs. And increasingly we're going to see more and more of multi modality being a theme simply because at its core, you're including more context into what you're trying to understand about the world. I mean, in its most basic sense, you could ask yourself, if I have an image, can I know more about that image with just the pixels? Or if I have the image and the sound of when that image was captured or it had someone describe what they see in that image when the image was captured, which one's going to be able to get you more signal? And so multi modality helps expand the ability for us to understand signal processing. >> Awesome. And can you just real quick, define clip for the folks that don't know what that means? >> Yeah. Clip is a model architecture, it's an acronym for contrastive language image pre-training and like, you know, model architectures that have come before it captures the almost like, models are kind of like brands. So I guess it's a brand of a model where you've done these 400 million image text pairs to match up which visual concepts are associated with which text concepts. And there have been new releases of clip, just at bigger sizes of bigger encoding's, of longer strings of texture, or larger image windows. But it's been a really exciting advancement that OpenAI released in January, 2021. >> All right, well great stuff. We got a couple minutes left. Just I want to get into more of a company-specific question around culture. All startups have, you know, some sort of cultural vibe. You know, Intel has Moore's law doubles every whatever, six months. What's your culture like at RoboFlow? I mean, if you had to describe that culture, obviously love the hacking story, you and your partner with the games going number one on Product Hunt next to Elon and Tesla and then hey, we should start a company two years later. That's kind of like a curious, inventing, building, hard charging, but laid back. That's my take. How would you describe the culture? >> I think that you're right. The culture that we have is one of shipping, making things. So every week each team shares what they did for our customers on a weekly basis. And we have such a strong emphasis on being better week over week that those sorts of things compound. So one big emphasis in our culture is getting things done, shipping, doing things for our customers. The second is we're an incredibly transparent place to work. For example, how we think about giving decisions, where we're progressing against our goals, what problems are biggest and most important for the company is all open information for those that are inside the company to know and progress against. The third thing that I'd use to describe our culture is one that thrives with autonomy. So RoboFlow has a number of individuals who have founded companies before, some of which have sold their businesses for a hundred million plus upon exit. And the way that we've been able to attract talent like that is because the problems that we're tackling are so immense, yet individuals are able to charge at it with the way that they think is best. And this is what pairs well with transparency. If you have a strong sense of what the company's goals are, how we're progressing against it, and you have this ownership mentality of what can I do to change or drive progress against that given outcome, then you create a really healthy pairing of, okay cool, here's where the company's progressing. Here's where things are going really well, here's the places that we most need to improve and work on. And if you're inside that company as someone who has a preponderance to be a self-starter and even a history of building entire functions or companies yourself, then you're going to be a place where you can really thrive. You have the inputs of the things where we need to work on to progress the company's goals. And you have the background of someone that is just necessarily a fast moving and ambitious type of individual. So I think the best way to describe it is a transparent place with autonomy and an emphasis on getting things done. >> Getting shit done as they say. Getting stuff done. Great stuff. Hey, final question. Put a plug out there for the company. What are you going to hire? What's your pipeline look like for people? What jobs are open? I'm sure you got hiring all around. Give a quick plug for the company what you're looking for. >> I appreciate you asking. Basically you're either building the product or helping customers be successful with the product. So in the building product category, we have platform engineering roles, machine learning engineering roles, and we're solving some of the hardest and most impactful problems of bringing such a groundbreaking technology to the masses. And so it's a great place to be where you can kind of be your own user as an engineer. And then if you're enabling people to be successful with the products, I mean you're working in a place where there's already such a strong community around it and you can help shape, foster, cultivate, activate, and drive commercial success in that community. So those are roles that tend themselves to being those that build the product for developer advocacy, those that are account executives that are enabling our customers to realize commercial success, and even hybrid roles like we call it field engineering, where you are a technical resource to drive success within customer accounts. And so all this is listed on roboflow.com/careers. And one thing that I actually kind of want to mention John that's kind of novel about the thing that's working at RoboFlow. So there's been a lot of discussion around remote companies and there's been a lot of discussion around in-person companies and do you need to be in the office? And one thing that we've kind of recognized is you can actually chart a third way. You can create a third way which we call satellite, which basically means people can work from where they most like to work and there's clusters of people, regular onsite's. And at RoboFlow everyone gets, for example, $2,500 a year that they can use to spend on visiting coworkers. And so what's sort of organically happened is team numbers have started to pull together these resources and rent out like, lavish Airbnbs for like a week and then everyone kind of like descends in and works together for a week and makes and creates things. And we call this lighthouses because you know, a lighthouse kind of brings ships into harbor and we have an emphasis on shipping. >> Yeah, quality people that are creative and doers and builders. You give 'em some cash and let the self-governing begin, you know? And like, creativity goes through the roof. It's a great story. I think that sums up the culture right there, Joseph. Thanks for sharing that and thanks for this great conversation. I really appreciate it and it's very inspiring. Thanks for coming on. >> Yeah, thanks for having me, John. >> Joseph Nelson, co-founder and CEO of RoboFlow. Hot company, great culture in the right place in a hot area, computer vision. This is going to explode in value. The edge is exploding. More use cases, more development, and developers are driving the change. Check out RoboFlow. This is theCUBE. I'm John Furrier, your host. Thanks for watching. (gentle music)

(upbeat music) >> Hey everyone. Welcome to theCUBE's special program series "Women of the Cloud", brought to you by AWS. I'm your host for the program, Lisa Martin. Very pleased to welcome back one of our alumni to this special series, Dr. Tendu Yogurtcu joins us, the CTO of Precisely. >> Lisa: Tendu, it's great to see you, it's been a while, but I'm glad that you're doing so well. >> Geez, it's so great seeing you too, and thank you for having me. >> My pleasure. I want the audience to understand a little bit about you. Talk to me a little bit about you, about your role and what are some of the great things that you're doing at Precisely. >> Of course. As CTO, my current role is driving technology vision and innovation, and also coming up with expansion strategies for Precisely's future growth. Precisely is the leader in data integrity. We deliver data with trust, with maximum accuracy, consistency, and also with context. And as a CTO, keeping an eye on what's coming in the business space, what's coming up with the emerging challenges is really key for me. Prior to becoming CTO, I was General Manager for the Syncsort big data business. And previously I had several engineering and R&D leadership roles. I also have a bit of academia experience. I served as a part-time faculty in computer science department in a university. And I am a person who is very tuned to giving back to my community. So I'm currently serving as a advisory board member in the same university. And I'm also serving as a advisory board member for a venture capital firm. And I take pride in being a dedicated advocate for STEM education and STEM education for women in particular, and girls in the underserved areas. >> You have such a great background. The breadth of your background, the experience that you have in the industry as well in academia is so impressive. I've known you a long time. I'd love the audience to get some recommendations from you. For those of the audience looking to grow and expand their careers in technology, what are some of the things that you that you've experienced that you would recommend people do? >> First, stay current. What is emerging today is going to be current very quickly. Especially now we are seeing more change and change at the increased speed than ever. So keeping an eye on on what's happening in the market if you want to be marketable. Now, some of the things that I will say, we have shortage of skills with data science, data engineering with security cyber security with cloud, right? We are here talking about cloud in particular. So there is a shortage of skills in the emerging technologies, AI, ML, there's a shortage of skills also in the retiring technologies. So we are in this like spectrum of skills shortage. So stay tuned to what's coming up. That's one. And on the second piece is that the quicker you tie what you are doing to the goals of the business, whether that's revenue growth whether that's customer retention or cost optimization you are more likely to grow in your career. You have to be able to articulate what you are doing and how that brings value to business to your boss, to your customers. So that becomes an important one. And then third one is giving back. Do something for the women in technology while being a woman in technology. Give back to your community whether that's community is gender based or whether it's your alumni, whether it's your community social community in your neighborhood or in your country or ethnicity. Give back to your community. I think that's becoming really important. >> I think so too. I think that paying it forward is so critical. I'm sure that you have a a long list of mentors and sponsors that have guided you along the way. Giving back to the community paying it forward I think is so important. For others who might be a few years behind us or even maybe have been in tech for the same amount of time that are looking to grow and expand their career having those mentors and sponsors of women who've been through the trenches is inspiring. It's so helpful. And it really is something that we need to do from a diversity perspective alone, right? >> Correct. Correct. And we have seen that, we have seen, for example Covid impact in women in particular. Diverse studies done by girls who quote on Accenture that showed that actually 50% of the women above age 35 were actually dropping out of the technology. And those numbers are scary. However, on the other side we have also seen incredible amount of technology innovation during that time with cloud adoption increasing with the ability to actually work remotely if you are even living in not so secure areas, for example that created more opportunities for women to come back to workforce as well. So we can turn the challenges to opportunities and watch out for those. I would say tipping points. >> I love that you bring up such a great point. There are so, so the, the data doesn't lie, right? The data shows that there's a significant amount of churn for women in technology. But to your point, there are so many opportunities. You mentioned a minute ago the skills gap. One of the things we talk about often on theCUBE and we're talking about cybersecurity which is obviously it's a global risk for companies in every industry, is that there's massive opportunity for people of, of any type to be able to grow their skills. So knowing that there's trend, but there's also so much opportunity for women in technology to climb the ladder is kind of exciting. I think. >> It is. It is exciting. >> Talk to me a little bit about, I would love for the audience to understand some of your hands-on examples where you've really been successful helping organizations navigate digital transformation and their entry and success with cloud computing. What are some of those success stories that you're really proud of? >> Let me think about, first of all what we are seeing is with the digital transformation in general, every single business every single vertical is becoming a technology company. Telecom companies are becoming a technology company. Financial services are becoming a technology company and manufacturing is becoming a technology company. So every business is becoming technology driven. And data is the key. Data is the enabler for every single business. So when we think about the challenges, one of the examples that I give a big challenge for our customers is I can't find the critical data, I can't access it. What are my critical data elements? Because I have so high volumes growing exponentially. What are the critical data elements that I should care and how do I access that? And we work at Precisely with 99 of Fortune 100. So we have two 12,000 customers in over a hundred countries which means we have customers whose businesses are purely built on cloud, clean slate. We also have businesses who have very complex set of data platforms. They have financial services, insurance, for example. They have critical transactional workloads still running on mainframes, IBM i servers, SAP systems. So one of the challenges that we have, and I work with key customers, is on how do we make data accessible for advanced analytics in the cloud? Cloud opens up a ton of open source tools, AI, ML stack lots of tools that actually the companies can leverage for that analytics in addition to elasticity in addition to easy to set up infrastructure. So how do we make sure the data can be actually available from these transactional systems, from mainframes at the speed that the business requires. So it's not just accessing data at the speed the business requires. One of our insurance customers they actually created this data marketplace on Amazon Cloud. And the, their challenge was to make sure they can bring the fresh data on a nightly basis initially and which became actually half an hour, every half an hour. So the speed of the business requirements have changed over time. We work with them very closely and also with the Amazon teams on enabling bringing data and workloads from the mainframes and executing in the cloud. So that's one example. Another big challenge that we see is, can I trust my data? And data integrity is more critical than ever. The quality of data, actually, according to HBR Harvard Business Review survey, 47% of every new record of data has at least one critical data error, 47%. So imagine, I was talking with the manufacturing organization couple of weeks ago and they were giving me an example. They have these three letter quotes for parts and different chemicals they use in the manufacturing. And the single letter error calls a shutdown of the whole manufacturing line. >> Wow. >> So that kind of challenge, how do I ensure that I can actually have completeness of data cleanness of data and consistency in that data? Moreover, govern that on a continuous basis becomes one of the use cases that we help customers. And in that particular case actually we help them put a data governance framework and data quality in their manufacturing line. It's becoming also a critical for, for example ESG, environment, social and governance, supply chain, monitoring the supply chain, and assessing ESG metrics. We see that again. And then the third one, last one. I will give an example because I think it's important. Hybrid cloud becoming critical. Because there's a purest view for new companies. However, facilitating flexible deployment models and facilitating cloud and hybrid cloud is also where we really we can help our customers. >> You brought up some amazingly critical points where it comes to data. You talked about, you know, a minute ago, every company in every industry has to become a technology company. You could also say every company across every industry has to become a data company. They have to become a software company. But to your point, and what it sounds like precisely is really helping organizations to do is access the data access data that has high integrity data that is free of errors. Obviously that's business critical. You talked about the high percentage of errors that caused manufacturing shutdown. Businesses can't, can't have that. That could potentially be life-ending for an organization. So it sounds like what you're talking about data accessibility, data integrity data governance and having that all in real time is table stakes for businesses. Whether it's your grocery store, your local coffee shop a manufacturing company, and e-commerce company. It's table stakes globally these days. >> It is, and you made a very good point actually, Lisa when you talked about the local coffee shop or the retail. One other interesting statistic is that almost 80% of every data has a location attribute. So when we talk about data integrity we no longer talk about just, and consistency of data. We also talk about context, right? When you are going, for example, to a new town you are probably getting some reminders about where your favorite coffee shop is or what telecom company has an office in that particular town. Or if you're an insurance company and a hurricane is hitting southern Florida. Then you want to know how the path of that hurricane is going to impact your customers and predict the claims before they happen. Also understand the propensity of the potential customers that you don't yet have. So location and context, those additional attributes of demographics, visitations are creating actually more confident business insights. >> Absolutely. And and as the consumer we're becoming more and more demanding. We want to be able to transact things so easily whether it's in our personal life at the grocery store, at that cafe, or in our business life. So those demands from the customer are also really influencing the direction that companies need to go. And it's actually, I think it's quite exciting that the amount of personalization the location data that you talk about that comes in there and really helps companies in every industry deliver these the cloud can, these amazing, unique personalized experiences that really drive business forward. We could talk about that all day long. I have no problem. But I want to get in our final minutes here, Tendu. What do you see as in your crystal ball as next for the cloud? How do you see your role as CTO evolving? >> Sure. For what we are seeing in the cloud I think we will start seeing more and more focus on sustainability. Sustainable technologies and governance. Obviously cloud migrations cloud modernizations are helping with that. And we, we are seeing many of our customers they started actually assessing the ESG supply chain and reporting on metrics whether it's the percentage of face or energy consumption. Also on the social metrics on diversity age distribution and as well as compliance piece. So sustainability governance I think that will become one area. Second, security, we talked about IT security and data privacy. I think we will see more and more investments around those. Cybersecurity in particular. And ethical data access and ethics is becoming center to everything we are doing as we have those personalized experiences and have more opportunities in the cloud. And the third one is continued automation with AI, ML and more focus on automation because cloud enables that at scale. And the work that we need to do is too time-intensive and too manual with the amount of data. Data is powering every business. So automation is going to be an increased focus how my role evolves with that. So I have this unique combination. I have been open to non-linear career paths throughout my growth. So I have an understanding of how to innovate and build products that solve real business problems. I also have an understanding of how to sell them build partnerships that combined with the the scale of growth, the hyper growth that we have absorbed in precisely 10 times growth within the last 10 years through a combination of organic innovation and acquisitions really requires the speed of change. So change, implementing change at scale as well as at speed. So taking those and bringing them to the next challenge is the evolution of my role. How do I bring those and tackle keep an eye on what's coming as a challenge in the industry and how they apply those skills that I have developed throughout my career to that next challenge and evolve with it, bring the innovation to data to cloud and the next challenge that we are going to see. >> There's so much on the horizon. It's, there are certainly challenges, you know within technology, but there's so much opportunity. You've done such a great job highlighting your career path the, the big impact that you're helping organizations make leveraging cloud and the opportunity that's there for the rest of us to really get in there get our hands dirty and solve problems. Tendu, I always love our conversations. It's been such a pleasure having you back, back on theCUBE. Thank you for joining us on this special program series today. >> Thank you Lisa. And also thanks to AWS for the opportunity. >> Absolutely. This is brought, brought to us by AWS. For Dr.Tendu, you are good to go. I'm Lisa Martin. You're watching theCUBE special program series Women of the Cloud. We thank you so much for watching and we'll see you soon. (upbeat music)

(upbeat music) >> Good morning and welcome back to fabulous Las Vegas, Nevada. We're here at AWS re:Invent with wall-to-wall coverage all day long on theCUBE. My name is Savannah Peterson and I am joined this morning by the beautiful Lisa Martin. Lisa, good morning. >> Good morning. Good. >> How you feeling day three? >> Day three is we are going to be shot out of a cannon today. The amount of content coming at you from theCUBE today- >> Get ready, you all. >> Us two gals, is a lot. We're going to have some great conversations. >> And we're starting with a really great one with a Cube Alumni to the max. You've been on the show multiple times. >> John: Yeah. >> Very excited to welcome John, the CMO of Couchbase. Welcome. How you doing this morning? >> Thanks. I'm doing great. Great to be here with you. >> How do you feel about the show so far? What's your pulse? >> The show has been great. I say the energy is great. The traffic at our booth, the conversations that we're having, both with prospective customers and even just partners, right? They're all here. The ecosystem is here >> And everyone's finally back in person and it feels so good. >> John: It does. >> So, we're going to dig in a little bit but just in case the audience isn't familiar, tell us about Couchbase. >> Sure. Couchbase is a publicly traded database company. We have a cloud database platform called Capella which is hosted on AWS and GCP. It is used for building mission-critical applications. So, we have great customers, we're building apps that really matter and are using to drive their business. So, we're very excited about that. 30% of the Fortune 100 are Couchbase customers. >> Nice. Talk a little bit about the AWS relationship. >> Mm-hm. Yeah, so we have a great AWS relationship. In fact, yesterday we announced a deepening of that relationship, a strategic collaboration agreement. We're very excited. It's a multi-year agreement. It's focused on go-to market, from a sales and marketing standpoint. We're going to target, you know, various verticals and, you know, really generate joint business between the two of us. So, it's a deepening of a already strong relationship and we're really excited about that. >> Savannah: Yeah. Go ahead. >> What are some of the industry verticals that you're going to be tackling together? >> Well, gaming for one, right? Manufacturing, the workloads that Couchbase is good for are these mission-critical workloads are ones that are really suited for us to be used with AWS. So, we've done some work with them already in those areas and I'm sure we'll be digging in even deeper. >> That's exciting. Speaking of digging in deeper, tell us a little bit more about Capella. >> Capella. It's a cloud databases services I mentioned. We launched it last October and we are super excited by the uptake, the interest that we're seeing. We have a free 30 day trial, so, you know, people can come and try it and get their hands dirty just getting experience with the product and then, you know, become a customer after that. And we're seeing very strong interest from our existing customer base as well. So, we're really excited about how things are going. >> Talk about Capella and the latest release and how it's really enabling Couchbase to invest deeper into the developer experience. >> Yeah, so, at the end of October, we announced a revamp of our user interface, our user experience for Capella really focused on developers. And what we've done is make it so that it's familiar to developers, right? It's a GitHub-like experience. So, developer comes in, they're very familiar, of course, with GitHub, they are familiar with how the Couchbase Capella interface will work. And so that's something that, you know, we've really invested, in fact, we've invested in developers quite a bit. We announced a Couchbase community hub and a Couchbase ambassadors program, both focused on developers and getting out there and building our community. >> A community is a big topic that we've been talking about at all the conferences this year. We're all back in person, in community. How often are you communicating with your community to get feedback on what that experience should be like? >> Yeah, I mean, we actually have a Discord server, so we're in constant communication. (Savannah laughing) >> Savannah: Yes. (John laughing) 24/7. (laughing) >> Basically, you know, we have staff who's dedicated to making sure that the users on there are getting their answers and giving us feedback on the experience. The ambassadors are somebody who have a really strong relationship, who get early insight and give us feedback before we even release a product. So, it gives us a chance to really test-drive it with core developers and get the insight we need before we get it in the market. >> Yeah. It matters so much. You can build it, but they won't come if it's not fantastic. >> John: Exactly. >> Lisa: Right. >> Let's shift a little bit and talk about customers. How, and price, how do you guys compare? >> Customers and? >> And price, your price performance? >> Price, oh. So, customers, we also announced this week a joint customer Arthrex with AWS. Arthrex is a orthopedics medical devices company and they use our Edge capabilities along with running Couchbase on AWS. So, you think of the kinds of surgeries that orthopedic surgeons do, it's scopes and they are often inside. So, what it does is it collects the data, the video data and all of that on a medical devices and then brings it back to a centralized app for the doctors to use sort of in post when they're actually doing further medical recommendations. >> Savannah: It's so cool. >> So, it's cool, the thing about it is it can work whether it's online or offline, it's one of the reasons that Arthrex selected us because the fact that it can, you know, often sometimes there's not connectivity in the operating room, I'd say deep inside of a hospital. So, these devices work regardless and then when they get connectivity, it sinks back to that centralized service. So, it's one of the main reasons that they selected us. >> That's outstanding. You know, one of the things that John Furrier, you know, John, well, you guys go way back. >> John: Way back. >> He had a sit down with Adam Selensky, oh, about 10 days or so ago. He gets an exclusive with the CEO of AWS every pre re:Invent. And one of the things that Adam said is that the role or the title, data analyst, is going to go away, in that every role will have responsibilities of analyzing data. And I always think of that in terms of operations, marketing, finance, sales, but you just brought up physicians as data analysts in their jobs, right? Probably not, we're thinking about it in that way. >> Yeah. >> But it's so interesting how data is really being democratized. >> John: Yeah. >> And how Couchbase is an enabler of that in an operating room. >> John: Yeah, yeah, yeah. >> That's amazing. >> It's a great story. There's many others and I think, you know, we have embedded operational analytics in Couchbase Capella, and, you know, in our offerings in general. So, what that does is allows us to do real-time, highly personalized applications based on that analytics that are coming in real-time from the data from the applications. And so that's something that's actually driving a highly interactive user experience, one that's very personalized and customized. And that's one of the things that our customers really like about what we do. >> It's fascinating. I never thought about it from a medical device perspective. >> Lisa: No, no. >> John: No. >> My gosh is if doctors don't have enough cognitive burden load. >> John: I know. >> You know, right? Like, they don't need to be a data analyst. I would much rather they were just good at the surgery part. That's a piece of the puzzle I need them to do. Yeah, for sure. That's a fascinating customer example. Can you share any other joint AWS examples with us? >> Joint AW- I mean, there's many in the gaming area where, because Couchbase is memory-first architecture, we deliver very, very interactive user experiences and we're used a lot for session management, user ID management in the gaming space, specifically with AWS. It's an area we've done some joint work already and had a lot of success, you know, with small and large gaming companies. >> Yeah. It looks like you also, according to my notes here, we've got things in travel and hospitality as well. >> Yes. Also Carnival Cruises is a great example. We enable their on-ship, on-board experience, highly customized, everybody wears a device called a medallion, and as they move around the ship, it knows where they are and it's able to provide customized services. You walk up to a bar, you have your favorite drink, it can be hit the bar when you land there. >> I'll take that. >> How about that? (laugh) >> That's outstanding. >> Isn't that great? >> Can we carry that onto the AWS show floor? >> Exactly. >> Or Starbucks order? >> Yeah, yeah. Yes, please. Yes, please. Well, another thing that's so interesting these days, is that every company has to be a data company. Say they have to be a software company. They have to be a data company. You just gave some great examples. Hospitality, gaming, healthcare, where that data democratization has to happen. >> John: Yeah. >> Businesses has to transform. But one of the things that Adam also told John is that CIOs, CEOs are coming to him not wanting to talk about technology but about transformation. >> Yeah. >> Huge topic. >> And that's a journey where every customer is at different levels. >> Yeah. >> How is Couchbase helping businesses transform and where are your customer conversations these days? >> Yeah, yeah, yeah. So, I mean, the transformation of the business is a major topic of conversation. So, we completely agree with that. How Couchbase helps is, you know, in our database, one of the things we have is the SQL engine. And so as people are looking to move and modernize their infrastructure, if they're moving off of, or from like a technology that's principally based on SQL but doesn't give all the flexibility of a JSON database or document database like we do, we actually enable them to get more easily onto our platform so that they can start that transformation. And then it's a, you know, it's a journey of how they want to transform their business and it's really focused on how do they better serve their customers and clients, whether it's internal or external? >> It really matters. I mean, and that ease of use as well as the transformation journey. It takes a long time for people to adapt. So, every piece of that puzzle, every Lego being quicker or easier, more intuitive, like you said, with the user experience, we can tell you're very thoughtful. How does this improve the total cost of ownership for your customers? >> That's one of the things that we announced along with that developer changes, was a new storage engine underneath Couchbase Capella. And it's 10 X more dense storage. And what that means is fewer servers. So, fewer servers is a much better cost of ownership story. That plus just the performance of the platform itself, we find, you know, against competition, we can do things on say six nodes that take 18 nodes for others. >> Lisa: Oh wow. >> And we have a great consolidation story as well because we have, it's a multi-modal database, meaning that it has SQL engine, document database, full tech search, eventing and analytics, all these pieces on one common data layer. So, you can actually consolidate off of other technologies onto one, onto Couchbase, and that actually saves you money. So, that's a great story for us. >> There's got to be a sustainability element to that as well? >> Yeah, I mean it's, obviously, if you're using less, using fewer servers, there's a kind of power consumption aspect of it as well. Absolutely. >> Are you finding that a lot of customers and companies we talk to these days have in their RFPs, they must only work with vendors who have an actual ESG program? Are you finding more customers coming to you saying, how can you help us dial down our carbon emissions? >> John: Yeah. >> Savannah: Great question. >> We've got a sustainability program that we've got to meet, we've got commitments to our customers. >> John: Yeah. >> Is that something that's really now kind of a hard and fast requirement? >> We're hearing it, we're definitely hearing it. I wouldn't say it's, you know, massively pervasive but I would say it's a growing component of, as you said, RFPs. And it's something that we feel like we have a great story for. And so, you know, it's something that helps when we get into those conversations, we can clearly articulate how we can provide that value and how we meet some of those needs that they have. >> Yeah, that's awesome. So, we have a bit of a challenge, new to the show at re:Invent. >> John: Mm-hm. >> Where we are prompting you to give us your 30 second Instagram Reel sizzle highlight. Don't worry, I'm not actually timing you, but your thought leadership hot-take on the most important theme or takeaway from this year's show. >> From the conference here. I would say that, and I think this was talked about a little bit by AWS as well, but the convergence of analytics and operational data, you know, through the applications is one that we're certainly seeing as well. It's the reason we have analytics in our database. But as I walk around and look at it, I see that very much as a common theme as well, in terms of what other vendors are saying and just the conversations we're having. So for me, that's one of the things I think would be a takeaway from this show. >> Yeah. Embedded analytics, real-time, everybody wants to know what's going on, in context. >> Yeah. That's right. >> Right now, not last week, not what we're processing from last month. >> Exactly. >> I mean, right? (cross-talking) >> So, I can react and take advantage or take an action if I have to. >> Exactly. And then deliver that personalized experience that we all expect these days. >> Oh, yes. >> I'll take that medallion- >> It's about the medallion. I was like, okay. >> You up with that, John? >> We'll get right on it. >> Lisa: All right. (laughs) >> About this. So, what's next for Couchbase? >> John: Well- >> I know you got the partnership, you've got all this exciting momentum. >> So, we're excited heading into next year. We're going to continue to innovate on Capella, right? Continue to deliver more value, lean into our developer community that we have. We're investing heavily, not just from a product standpoint but from a company standpoint in terms of, you know, our community meetups and some of those things. We have a big community-focused event coming up in March called Connect, Couchbase Connect. So, that's something that we'll, you know, continue to drive. That'll be a major theme for us next year. Cloud and developers and, you know, continuing to enable that ecosystem. >> Lisa: Excellent. >> I just had a Microsoft moment where I saw you saying, "Cloud developers," on stage. (Lisa and Savannah laughing) >> I'm not going Steve Ballmer on you. (all laughing) >> Pardon. I was trying to get someone to sing yesterday. I was hoping you were my Ballmer dance. Oh, man. Well, this has been a really great way to start the day. John, thank you so much for being on the show with us, seriously. And it's great that you keep coming back. I'm glad we haven't scared you off. (John laughing) >> Never. >> Savannah: We will have you anytime. >> Thank you. >> And thank you all for tuning in for yet another fantastic day of all day live coverage here from AWS re:Invent. We are in Sin City, having a fabulous time with Lisa Martin. I'm Savannah Peterson. This is theCUBE and we are the leader in high-tech technology coverage. (upbeat music) (upbeat music fades)

>>Hey everyone, and welcome back to The Cube's live coverage of AWS Reinvented 2022 Live from the Venetian Expo in Las Vegas. We're happy to be back. This is first full day of coverage over here last night. We've got three full days of coverage in addition to last night, and there's about 50,000 people here. This event is ready, people are ready to be back, which is so exciting. Lisa Martin here with Paul Gill and Paul, it's great to be back in person. Great to be hosting with you >>And likewise with you, Lisa. I think the first time we hosted again, >>It is our first time exactly. >>And we come here to the biggest event that the cube ever does during the year. >>It's the Super Bowl of the >>Cube. It's it's elbow to elbow out there. It's, it's, it's full tackle football, totally on the, on the floor of reinvent. And very exciting. This, you know, I've been to a lot of conferences going back 40 years, long as I can remember. Been going to tech conferences. This one, the, the intensity, the excitement around this is really unusual. People are jazzed, they're excited to be here, and that's great to see, particularly coming back from two years of isolation. >>Absolutely. The energy is so palpable. Even yesterday, evening, afternoon when I was walking in, you just feel it with all the people here. You know, we talk to so many different companies on the Q Paul. Every company these days has to be a data company. The most important thing about data is making sure that it's backed up and it's protected, that it's secure, that it can be recovered if anything happens. So we're gonna be having a great conversation next about data resiliency with one of our alumni. >>And that would be Rick Scott, Rick, excuse me, Rick Scott, >>Rick Clark. Rick Clark, say Rick Scott, cloud sales Veritas. Rick, welcome back >>To the program. Thank you. Thank you so much. It's a pleasure being here, you know, thank you so much. You're definitely very excited to myself and 40,000 of my closest cousins and friends all in one place. Yep. Or I could possibly go wrong, right? So >>Yeah, absolutely nothing. So, Rick, so Veritas has made some exciting announcements. Talk to us about some of the new things that you've >>Unveiled. Yeah, we've been, we've been incredibly busy and, you know, the journey that we've been on, one of the big announcement that we made about three or four weeks ago is the introduction, really, of a brand new cloud native data management platform that we call Veritas Alta. And this is a journey that we've been on for the better part of seven years. We actually started it with our, our flex appliances. We continued, that was a containerization of our traditional net backup business in, into a highly secured appliance that was loved by our customers. And we continued that theme and that investment into what we call a scale out and scale up form factor appliance as well, what we called flex scale. And then we continued on that investment theme, basically spending over a billion dollars over that seven year journey in our cloud native. And we call that basically the Veritas altar platform with our cloud native platform. And I think if you really look at what that is, it truly is a data management platform. And I emphasize the term cloud native. And so our traditional technologies around data protection, obviously application resiliency and digital compliance or data compliance and governance. We are the only, the first and only company in the world to provide really a cloud optimized, cloud native platform, really, that addresses that. So it's been fun, it's been a fun journey. >>Talk a little bit about the customer experience. I see over 85% of the Fortune 100 trust Veritas with their data management. That's >>A big number. Yeah. Yeah. It's, it is incredible actually. And it really comes back to the Veritas older platform. We sort of built that with, with four tenants in mind, all driving back to this very similar to AWS's customer obsession. Everything we do each and every day of our waiting moments is a Veritas employee is really surrounds the customer. So it starts with the customer experience on how do they find us to, how do they procure our solutions through things like AWS marketplace and how do they deploy it? And the second thing is around really cost optimization, as we know, you know, to, to say that companies are going through a digital transformation and moving workloads to the cloud. I mean, I've got customers that literally were 20% in cloud a year ago and 80% a year later, we've never seen that kind of velocity. >>And so we've doubled down on this notion of cost optimization. You can only do that with these huge investments that I talked about. And so we're a very profitable company. We've been around, got a great heritage of over 30 years, and we've really taken those investments in r and d to provide that sort of cloud native technology to ultimately make it elastic. And so everything from will spin up and spin down services to optimize the cloud bill for our customers, but we'll also provide the greatest workload support. You know, obviously on-prem workloads are very different from cloud workloads and it's almost like turning the clock back 20 years to see all of those new systems. There's no standard API like s and MP on the network. And so we have to talk to every single PAs service, every single DB PAs, and we capture that information and protect it. So it's really has been a phenomenal journey. It's been great. >>You said this, that that al represents a shift from clouds from flex scale to cloud native. What is the difference there? >>The, the main difference really is we took, you know, obviously our traditional product that you've known for many media years, net backup. It's got, you know, tens of millions of lines of code in that. And we knew if we lifted and shifted it up into the cloud, into an I AEs infrastructure, it's just not, it obviously would perform extremely well, but it wasn't cost optimized for our customer. It was too expensive to to run. And so what we did is we rewrote with microservices and containerization, Kubernetes huge parts of that particular product to really optimize it for the cloud. And not only have we done it for that technology, what we now call alter data protection, but we've done it across our entire port portfolio. That was really the main change that we made as part of this particular transition. And >>What have you done to prepare customers for that shift? Is this gonna be a, a drop in simple upgrade for them? >>Absolutely. Yeah. In fact, one of the things that we introduced is we, we invest still very heavily with regards to our OnPrem solutions. We're certainly not abandoning, we're still innovating. There's a lot of data still OnPrem that needs to move to the cloud. And so we have a unique advantage of all of the different workload supports that we provide OnPrem. We continue that expansion into the cloud. So we, we create it as part of the Veritas AL Vision, a technology, we call it AL view. So it's a single painter glass across both OnPrem and cloud for our customers. And so now they can actually see all of their data protection, all our application availability, single collect, all through that single unified interface, which is really game changing in the industry for us. >>It's game changing for customers too, because customers have what generally six to seven different backup technologies in their environment that they're having to individually manage and provision. So the, the workforce productivity improvements I can imagine are, are huge with Veritas. >>Yeah. You you nailed it, right? You must have seen my script, but Absolutely. I mean, I look at the analogy of, you think about the airlines, what's one of the first things airlines do with efficiency? South Southwest Airlines was the best example, a standardized on the 7 37, right? And so all of their pilots, all of their mechanics, all know how to operate the 7 37. So we are doing the same thing with enterprise data protection. So whether you're OnPrem at the edge or in the cloud or even multi-cloud, we can provide that single painter glass. We've done it for our customers for 30 plus years. We'll continue to do it for another 30 something years. And so it's really the first time with Veritas altar that, that we're, we're coming out with something that we've invested for so long and put, put such a huge investment on that can create those changes and that compelling solution for our customers. So as you can see, we're pretty pumped and excited about it. >>Yes, I can >>Use the term data management to describe Alta, and I want to ask about that term because I hear it a lot these days. Data management used to be database, now data management is being applied to all kinds of different functions across the spectrum. How do you define data management in Veritas >>Perspective? Yeah, there's a, we, we see it as really three main pillars across the environment. So one is protection, and we'll talk a little bit about this notion of ransomware is probably the number one use case. So the ability to take the most complex and the biggest, most vast applications. SAP is an example with hundreds of different moving parts to it and being able to protect that. The second is application resiliency. If, if you look at the cloud, there's this notion of, of responsibility, shared responsibility in the cloud. You've heard it, right? Yep. Every single one of the cloud service providers, certainly AWS has up on their website, this is what we protect, here's the demarcation line, the line in the sand, and you, the customer are responsible for that other level. And so we've had a technology, you previously knew it as InfoScale, we now call it alter application resiliency. >>And it can provide availability zone to availability zone, real time replication, high availability of your mission critical applications, right? So not only do we do the traditional backups, but we can also provide application resiliency for mission critical. And then the third thing really from a data management standpoint is all around governance and compliance. You know, ac a lot of our customers need to keep data for five, 10 years or forever. They're audited. There's regulations and different geographies around the world. And, and those regulations require them to be able to really take control of their cloud, take control of their data. And so we have a whole portfolio of solutions under that data compliance, data government. So back to your, your question Paul, it's really the integration and the intersection of those three main pillars. We're not a one trick pony. We've been at this for a long time, and they're not just new products that we invented a couple of months ago and brought to market. They're tried and tested with eight 80,000 customers and the most complex early solutions on the planet that we've been supporting. >>I gotta ask you, you know, we talked about those three pillars and you talked about the shared responsibility model. And think of that where you mentioned aws, Salesforce, Microsoft 365, Google workspace, whatnot. Are you finding that most customers aren't aware of that and haven't been protecting those workloads and then come to you and saying, Hey guys, guess what, this is what this is what they're responsible for. The data is >>You Yeah, I, it's, it's our probably biggest challenge is, is one of awareness, you know, with the cloud, I mean, how many times have you spoken to someone? You just put it in the cloud. Your applications, like the cloud providers like aws, they'll protect everything. Nothing will ever go down. And it's kind like if you, unless your house was ever broken into, you're probably not gonna install that burglar alarm or that fire alarm, right? Hopefully that won't be an event that you guys have to suffer through. So yeah, it's definitely, it wasn't till the last year or so the cloud service providers really published jointly as to where is their responsibility, right? So a great example is an attack vector for a lot of corporations is their SAS applications. So, you know, whether it it's your traditional SA applications that is available that's available on the web to their customers as a sas. >>And so it's certainly available to the bad actors. They're gonna, where there's, there's gonna be a point they're gonna try to get in. And so no matter what your resiliency plan is, at the end of the day, you really need to protect it. And protection isn't just, for example, with M 365 having a snapshot or a recycle bin, that's just not good enough. And so we actually have some pretty compelling technology, what we call ALTA SAS protection, which covers the, pretty much the, the gamut of the major SAS technologies to protect those and make it available for our customers. So yeah, certainly it's a big part of it is awareness. Yeah. >>Well, I understand that the shared responsibility model, I, I realize there's a lot of confusion about that still, but in the SaaS world that's somewhat different. The responsibility of the SaaS provider for protecting data is somewhat different. How, how should, what should customers know about that? >>I think, you know, the, the related to that, if, if you look at OnPrem, you know, approximately 35 to 40% of OnPrem enterprise data is protected. It's kind of in a long traditional problem. Everyone's aware of it. You know, I remember going to a presentation from IBM 20 something years ago, and someone held their push hand up in the room about the dis drives and says, you need to back it up. And the IBM sales guy said, no, IBM dis drives never crash. Right? And so fast forward to here we are today, things have changed. So we're going through almost a similar sort of changes and culture in the cloud. 8% of the data in the cloud is protected today, 8%. That's incredible. Meaning >>That there is independent backup devoted >>To that data in some cases, not at all. And something many cases, the customer just assumes that it's in the cloud, therefore it's always available. I never have to worry about protecting it, right? And so that's a big problem that we're obviously trying to, trying to solve. And we do that all under the umbrella of ransomware. That's a huge theme, huge investment that, that Veritas does with regards to providing that resiliency for our >>Customers. Ransomware is scary. It is becoming so prolific. The bad actors have access to technologies. Obviously companies are fighting them, but now ransomware has evolved into, no longer are we gonna get hit, it's when, yeah, it's how often it's what's the damage going to be. So the ability to help customers recover from ransomware, that resiliency is table stakes for businesses in any industry these days. Does that, that one of the primary pain points that your customers are coming to you with? >>It's the number one pain point. Yeah, it's, it's incredible. I mean, there's not a single briefing that our teams are doing customer meetings where that term ransomware doesn't come up as, as their number one use case. Just to give you something, a couple of statistics. There's a ransomware attack attack that happens 11 times a second right around the globe. And this isn't just, you know, minor stuff, right? I've got friends that are, you know, executives of large company that have been hit that have that some, you know, multimillion dollar ransom attack. So our, our play on this is, when you think about it, is data protection is the last line of defense. Yes. And so if they break through, it's not a case, Lisa, as you mentioned, if it's a case of when Yeah. And so it's gonna happen. So one of the most important things is knowing how do you know you have a gold copy, a clean copy, and you can recover at speed in some cases. >>We're talking about tens of thousands of systems to do that at speed. That's in our dna. We've been doing it for many, many years. And we spoke through a lot of the cyber insurance companies on this particular topic as well. And what really came back from that is that they're actually now demanding things like immutable storage, malware detection, air gaping, right? Anomaly detection is sort of core technologies tick the box that they literally won't ensure you unless you have those core components. And so what we've done is we've doubled down on that investment. We use AI in ML technologies, particularly around the anomaly detection. One of the, the, the unique and ne differentiators that Verto provides is a ransomware resiliency scorecard. Imagine the ability to save uran a corporation. We can come in and run our analytics on your environment and kind of give you a grade, right? Wouldn't you prefer that than waiting for the event to take place to see where your vulnerability really is? And so these are some of the advantages that we can actually provide for our customers, really, really >>To help. Just a final quick question. There is a, a common perception, I believe that ransomware is an on premise problem. In fact, it is also a cloud problem. Is that not right? >>Oh, absolutely. I I think that probably the biggest attack vector is in the cloud. If it's, if it's OnPrem, you've certainly got a certain line of defense that's trying to break through. But, you know, you're in the open world there. Obviously with SAS applications in the cloud, it's not a case of if, but when, and it's, and it's gonna continue to get, you know, more and more prevalent within corporations. There's always gonna be those attack factors that they find the, the flash wounds that they can attack to break through. What we are concentrating on is that resiliency, that ability for customers to recover at speed. We've done that with our traditional appliances from our heritage OnPrem. We continue to do that with regard to resiliency at speed with our customers in the cloud, with partners like aws >>For sure. Almost done. Give me your 30 seconds on AWS and Veritas. >>We've had a partnership for the better part of 10 years. It's incredible when you think about aws, where they released the elastic compute back in 2006, right? We've been delivering data protection, a data management solutions for, for the better part of 30 years, right? So, so we're, we're Junos in our space. We're the leader in, in data protection and enterprise data protection. We were on-prem. We, we continue to be in the cloud as AWS was with the cloud service provided. So the synergies are incredible. About 80 to 85% of our, our joint customers are the same. We take core unique superpowers of aws, like AWS outposts and AWS Glacier Instant retrieval, for example, those core technologies and incorporate them into our products as we go to Mark. And so we released a core technology a few months ago, we call it ultra recovery vault. And it's an air gap, a mutable storage, worm storage, right Once, right? You can't change it even when the bad actors try to get in. They're independent from the customer's tenant and aws. So we manage it as a managed backup service for our customers. Got it. And so our customers are using that to really help them with their ransomware. So it's been a tremendous partnership with AWS >>Standing 10 years of accounting. Last question for you, Rick. You got a billboard on the 1 0 1 in Santa Clara, right? By the fancy Verto >>1 0 1? >>Yeah. Right. Well, there's no traffic. What does that billboard say? What's that bumper sticker about? Vertus, >>I think, I think the billboard would say, welcome to the new Veritas. This is not your grandfather's old mobile. We've done a phenomenal job in, in the last, particularly the last three or four years, to really reinvent ourselves in the cloud and the investments that we made are really paying off for our customers today. So I'm excited to be part of this journey and excited to talk to you guys today. >>Love it. Not your grandfather's Veritas. Rick, thank you so much for joining Paula, me on the forgot talking about what you guys are doing, how you're helping customers, really established that cyber of resiliency, which is absolutely critical these days. We appreciate your >>Time. My pleasure. Thank you so much. >>All right, for our guest and Paul Gilland, I'm Lisa Martin, you're watching the Queue, which as you know is the leader in live enterprise and emerging check coverage.

>>Hello everyone, This is Dave Lanta and you're watching The Cube's coverage of the Dell Technology Summit 2022 with exclusive behind the scenes interviews featuring Dell executive perspectives. And right now we're gonna explore Apex, which is Dell's as a service offering Dell's multi-cloud and edge strategies and the momentum around those. And we have news around Project Frontier, which is Dell's vision for its edge platform. And there's so much happening here. And don't forget, it's Cyber Security Awareness Month. Sam Groot is here. He's the senior vice president of marketing at Dell Technologies. Sam, always great to see you. How you doing? >>Always great to be here, Dave. >>All right, let's look at cloud. Everybody's talking about cloud Apex, multi-cloud. What's the update? How's it going? Where's the innovation and focal points of the strategy? >>Yeah, yeah. Look, Dave, if you think back over the course of this year, you've really heard us pivot as a company and discussing more and more about how multi-cloud is becoming a reality for our customers today. And when we listen and talk with our customers, they really describe multi-cloud challenges and a few key threads. One, the complexity is growing very, very quickly. Two, they're having a harder time controlling how their users are accessing the various different clouds. And then of course, finally the cloud costs are growing unchecked as well. So we, we like to describe this phenomenon as multi-cloud by design, where essentially organizations are waking up and seeing cloud sprawl around their organization every day. And this is creating more and more of those challenges. So of course at Dell we've got a strong point of view that you don't need to build multi-cloud by by default, rather it's multi-cloud by design, where you're very intentional in how you do multi-cloud. >>And how we deliver multi-cloud by design is through Apex. Apex is our modern cloud and our modern consumption experience. So when you think about the innovation as well, they've like, we've been on a pretty quick track record here in that, you know, the beginning of this year we introduced brand new Apex backup services that provides that SAS based backup service. We've introduced or announced Project Alpine, which is bringing our storage software, intellectual property from on-prem and putting it and running it natively in the public cloud. We've also introduced new Apex cyber recovery services that is simplifying how customers protect against cyber attacks. They can run an Amazon Azure, aw, I'm sorry, Amazon, aws, Azure or Google. And then, you know, we are really focused on this multi-cloud ecosystem. We announce key partnerships with SaaS providers such as Snowflake, where you can now access our information or our data from on-prem through the Snow Snowflake cloud. >>Or if needed, we can actually move the data to the Snowflake cloud if required. So we're continuing to build out that ecosystem SA providers. And then finally I would say, you know, we made a big strategic announcement just recently with Red Hat, where we're not only delivering new Apex container services, but we announce a strategic partnership to build jointly engineered solutions to address hybrid and multi-cloud solutions going forward. You know, VMware is gonna always continue to be a key partner of ours at the la at the recent VMware explorer, we announced new Tansu integration. So, So Dave, I, I think in a nutshell, we've been innovating at a very, very fast pace. We think there is a better way to do multi-cloud and that's multi-cloud by design. >>Yeah, we heard that at Dell Technologies world. First time I had heard that multi-cloud by design versus sort of default, which is great Alpine, which is sort of our, what we called super cloud in the making. And then of course the ecosystem is critical for any cloud company. VMware, of course, you know, top partner, but the Snowflake announcement was very interesting Red Hat. So seeing that expand, now let's go out to the edge. How's it going with the edge expansion? There's gotta be new. Speaking of ecosystem, the edge is like a whole different, you know, OT type That's right. Ecosystem's, telcos, what and what's this new frontier platform all about? >>Yeah, yeah. So we've talked a lot about clouds and multi clouds. We've talked about private and hybrid clouds, we've talked about public clouds, clouds and cos, telcos, et cetera. There's really been one key piece of our multi-cloud and technology strategy that we haven't spent a lot of time on. And that's the edge. And we do see that as that next frontier for our customers to really gain that competitive advantage that is created from their data and get closer to the point of creation where the data lives. And that's at the edge. We see the edge infrastructure space growing very, very quickly. We see upwards of 300% year of year growth in terms of amount of data being created at the edge. That's almost 3000 exabytes of data by 2026. So just incredible growth. And the edge is not really new for Dell. We've been at it for over 20 years of delivering edge solutions. >>81% of the Fortune 100 companies in the US use Dell solutions today at the Edge. And we are the number one OEM provider of Edge solutions with over 44,000 customers across over 40 industries and things like manufacturing, retail, edge healthcare, and more. So Dave, while we've been at it for a long time, we have such a, a deep understanding of how our customers are using Edge solutions. Say the bottom line is the game has gotta change. With that growth that we talked about, the new use cases that are emerging, we've got to un unlock this new frontier for customers to take advantage of the edge. And that's why we are announcing and revealing Project Frontier. And Project Frontier in its most simplest form, is a software platform that's gonna help customers and organizations really radically simplify their edge deployments by automating their edge operations. You know, with Project Frontier organizations are really gonna be able to manage, OP, and operate their edge infrastructure and application securely, efficiently and at scale. >>Okay, so it is, first of all, I like the name. It is software, it's a software architecture. So presumably a lot of API capabilities. That's right. Integration's. Is there hardware involved? >>Yeah, so of course you'll run it on Dell infrastructure. We'll be able to do both infrastructure, orchestration, orchestration through the platform, but as well as application orchestration. And you know, really there's, there's a handful of key drivers that have been really pushing our customers to take on and look at building a better way to do the edge with Project Frontier. And I think I would just highlight a handful of 'em. You know, freedom of choice. We definitely see this as an open ecosystem out there, even more so at the Edge than any other part of the IT stack. You know, being able to provide that freedom of choice for software applications or IOT frameworks, operational technology or OT for any of their edge use cases, that's really, really important. Another key area that we're helping to solve with Project Frontier is, you know, being able to expect zero trust security across all their edge applications from design to deployment, you know, and of course backed by an end and secure supply chain is really, really important to customers. >>And then getting that greater efficiency and reliability of operations with the centralized management through Project Frontier and Zero Touch deployments. You know, one of the biggest challenges, especially when you get out to the far, far reach of the frontier is really IT resources and being able to have that IT expertise. And we built in an enormous amount of automation helps streamline the edge deployments where you might be deploying a single edge solution, which is highly unlikely or hundreds or thousands, which is becoming more and more likely. So Dave, we do think Project Frontier is the right edge platform for customers to build their edge applications on now and certain, excuse me, certainly, and into the future. >>Yeah. Sam, no truck rolls. I like it. And you, you mentioned, you mentioned Zero trust, so we have Mother's Day, you, we have Father's Day. The kids always ask When's Kids' day? And we, of course we say every day is kids' day and every day should be cyber security awareness day. So, but we have cyber security awareness month. What does it mean for Dell? What are you hearing from customers and, and how are you responding? >>Yeah, yeah. No, there isn't a more prevalent top of mind conversation, whether it's the boardroom or the IT departments or every company is really have been forced to reckon with the cyber security and ransom secure issues out there. You know, every decision in IT department makes impacts your security profile. Those decisions can certainly, positively, hopefully impact it, but also can negatively impact it as well. So data security is, is really not a new area of focus for Dell. It's been an area that we've been focused on for a long time, but there are really three core elements to cybersecurity and data security as we go forward. The first is really setting the foundation of trust is really, really important across any IT system. And having the right supply chain in the right partner to partner with to deliver that is kind of the foundation in step one. >>Second, you need to of course go with technology that is trustworthy. It doesn't mean you are putting it together correctly. It means that you're essentially assembling the right piece parts together. That, that coexist together in the right way. You know, to truly change that landscape of the attackers out there that are gonna potentially create risk for your environment. We are definitely pushing and helping to embrace the zero trust principles and architectures that are out there. So finally, while when you think about security, it certainly is not absolute all correct. Security architectures assume that, you know, there are going to be challenges, there are going to be pain points, but you gotta be able to plan for recovery. And I think that's the holistic approach that we're taking with Dell. >>Well, and I think too, it's obviously security is a complicated situation now with cloud, you've got, you know, shared responsibility models, you've got that multi-cloud, you've got that across clouds, you're asking developers to do more. So I think the, the key takeaway is as a security pro, I'm looking for my technology partner through their r and d and their, you mentioned supply chain processes to take that off my plate so I can go plug holes elsewhere. Okay. Sam, put a bow on Dell Technology Summit for us and give us your closing thoughts. >>Yeah, look, I I think we're at a transformative point in it. You know, customers are moving more and more quickly to multi-cloud environments. They're looking to consume it in different ways, such as as a service, a lot of customers edge is new and an untapped opportunity for them to get closer to their customers and to their data. And of course there's more and more cyber threats out there every day. You know, our customers when we talk with them, they really want simple, consistent infrastructure options that are built on an open ecosystem that allows them to accomplish their goals quickly and successfully. And look, I think at Dell we've got the right strategy, we've got the right portfolio. We are the trusted partner of choice to help them lead, lead their, their future transformations into the future. So, Dave, look, I think it's, it's absolutely one of the most exciting times in it and I can't wait to see where it goes from here. >>Sam, always fun catching up with you. Appreciate your time. >>Thanks Dave. >>All right. A Dell Tech world in Vegas this past year, one of the most interesting conversations I personally had was around hybrid work and the future of work and the protocols associated with that and the mindset of, you know, the younger generation. And that conversation was, was with Jen Savira and we're gonna speak to Jen about this and other people and cult culture topics. Keep it right there. You're watching the Cube's exclusive coverage of Dell Technology Summit 2022.

>>As we said in our analysis of Dell's future, the transformation of Dell into Dell emc and now Dell Technologies has been one of the most remarkable stories in the history of the technology industry. After years of successfully integrated EMC and becoming VMware's number one distribution channel, the metamorphosis of Dell com culminated in the spin out of VMware from Dell and a massive wealth creation milestone pending, of course the Broadcom acquisition of VMware. So where's that leave Dell and what does the future look like for this technology powerhouse? Hello and welcome to the Cube's exclusive coverage of Dell Technology Summit 2022. My name is Dave Ante and I'll be hosting the program today In conjunction with the Dell Tech Summit. We'll hear from four of Dell's senior executives. Tom Sweet is the CFO of Dell Technologies. He's gonna share his views of the company's position and opportunities and answer the question, why is Dell good long term investment? >>Then we'll hear from Jeff Boudreau was the president of Dell's ISG business unit. He's gonna talk about the product angle and specifically how Dell is thinking about solving the multi-cloud challenge. And then Sam Grow Cot is the senior vice president of marketing's gonna come in the program and give us the update on Apex, which is Dell's as a service offering and a new edge platform called Project Frontier. By the way, it's also Cybersecurity Awareness Month, and we're gonna see if Sam has any stories there. And finally, for a company that's nearly 40 years old, Dell has some pretty forward thinking philosophies when it comes to its culture and workforce. And we're gonna speak with Jen Savira, who's Dell's chief Human Resource officer about hybrid work and how Dell is thinking about the future of work. We're gonna geek out all day and talk multi-cloud and edge and latency, but first, let's talk wallet. Tom Sweet cfo, and one of Dell's key business architects. Welcome back to the cube, >>Dave, it's good to see you and good to be back with you. So thanks for having me, Jay. >>Yeah, you bet. Tom. It's been a pretty incredible past 18 months. Not only the pandemic and all that craziness, but the VMware spin, you had to give up your gross margin binky as kidding, and, and of course the macro environment. I'm so sick of talking about the macro, but putting that aside for a moment, what's really remarkable is that for a company at your size, you've had some success at the top line, which I think surprised a lot of people. What are your reflections on the last 18 to 24 months? >>Well, Dave, it's been an incredible, not only last 18 months, but the whole transformation journey. If you think all the way back maybe to the LBO and forward from there, but, you know, stepping into the last 18 months, it's, you know, I, I think I remember talking with you and saying, Hey, you know, this scenario planning we did at the beginning of this pandemic journey was, you know, 30 different scenarios roughly, and none of which sort of panned out the way it actually did, which was a pretty incredible growth story as we think about how we helped customers, you know, drive workforce productivity, enabled their business model during the all remote work environment. That was the pandemic created. And couple that with the, you know, the, the rise then and the infrastructure spin as we got towards the tail end of the, of the pandemic coupled with, you know, the spin out of VMware, which culminated last November, as you know, as we completed that, which unlocked a pathway back to investment grade within unlocked, quite frankly shareholder value, capital allocation frameworks. It's really been a remarkable, you know, 18, 24 months. It's, it's never dull at Dell Technologies. Lemme put it that way. >>Well, well, I was impressed with you, Tom, before the leverage buyout and then what I've seen you guys navigate through is, is, is truly amazing. Well, let's talk about the challenging macro. I mean, I've been through a lot of downturns, but I've never seen anything quite like this with fed tightening and you're combating inflation, you got this recession looming, there's a bear market you got, but you got zero unemployment, you're rising wages, strong dollar, and it's very confusing. But it spending is, you know, it's somewhat softer, but it's still not bad. How are you seeing customers behave? How is Dell responding? >>Yeah, look, if you think about the markets we play in Dave, and we should start there as a grounding, you know, the, the total market, the core market that we think about is roughly 700 and, you know, 50 billion or so. If you think about our core IT services capability, you couple that with some of the, the growth initiatives that we're driving and the adjacent markets that that, that brings in, you're roughly talking a 1.4 to $1.5 trillion market opportunity, total addressable market. And so from from that perspective, we're extraordinarily bullish on where are we in the journey as we continue to grow and expand. You know, we have, we're number one share in just about every category that we plan, but yet when you look at that, you know, number one share in some of these, you know, our highest share position may be, you know, low thirties and maybe in the high end of storage you're at the upper end of thirties or 40%. >>But the opportunity there to continue to expand the core and, and continue to take share and outperform the market is truly extraordinary. So, so you step back and think about that, then you say, okay, what have we seen over the last number of months and quarters? It's been, you know, really great performance through the pandemic as, as you highlighted, we actually had a really strong first half of the year of our fiscal year 23 with revenue up 12% operating income up 12% for the first half. You know, what we talked about as you, if you might recall in our second quarter earnings, was the fact that we were starting to see softness. We had seen it in the consumer PC space, which is not a big area of focus for us in the sense of our, our total revenue stream, but we started to see commercial PC soften and we were starting to see server demand soften a bit and storage demand was, was holding quite frankly. >>And so we gave a a framework around guidance for the rest of the year as a, of what we were seeing. You know, the macro environment as you highlight it continues to be challenging. You know, if you look at inflation rates and the efforts by central banks across the globe to with through interest rate rise to press down and, and constrain growth and push down inflation, you couple that with supply chain challenges that continue principle, particularly in the ISG space. And then you couple that with the Ukraine war and the, and the energy crisis that that's created. And particularly in Europe, it's a pretty dynamic environment. And, but I'm confident, you know, I'm confident in the long term, but I do think that there is, you know, that there's navigation that we're going to have to do over the coming number of quarters, who knows quite how long, you know, to, to make sure the business is properly positioned and, you know, we've got a great portfolio and you're gonna talk to some of the team LA later on as you think your way through some of the solution capabilities we're driving what we're seeing around technology trends. >>So the opportunities there, there's some short term navigation that we're gonna need to do just to make sure that we address some of the, you know, some of the environmental things that we're seeing right >>Now. Yeah. And as a global company, of course you're converting local currencies back to appreciated dollars. That's, that's, that's another headwind. But as you say, I mean, that's math and you're navigating it. And again, I've seen a lot of downturns, but you know, the best companies not only weather the storm, but they invest in ways they that allow them to cut out, come out the other side stronger. So I wanna talk about that longer term opportunity, the relationship between the core, the the business growth. You mentioned the tam, I mean, even as a lower margin business, if, if you can penetrate that big of a tam, you could still throw off a lot of cash and you've got other levers to turn in potentially acquisitions and software. And, but so ultimately what gives you confidence in Dell's future? How should we think about Dell's future? >>Yeah, look, I, I think it comes down to we are extraordinarily excited about the opportunity over the long term digital transformation continues. I I am on numerous customer and CIO calls every week. Customers are continuing to invest in digital transformation and infrastructure to enable their business model. Yes, maybe it's gonna slow or, or pause or maybe they're not gonna invest quite at the same rate over the next number of quarters, but over the long term the needs are there. You look at what we're doing around the, the growth opportunities that we see, not only in our core space where we continue to invest, but also in the, what we call the strategic adjacencies. Things like 5G and modern telecom infrastructure as our, the telecom providers across the globe open up their, what a cl previous been closed ecosystems, you know, to open architecture. You think about, you know, what we're doing around the edge and the distribution now that we're seeing of compute and storage back to the edge given data gravity and latency matters. >>And so we're pretty bullish on the opportunity in front of us, you know, yes, we will and we're continuing to invest and you know, Jeff Boudreau talk about that I think later on in the program. So I'm excited about the opportunities and you look at our cash flow generation capability, you know, we are in, in, in normal times a, a cash flow generation machine and we'll continue to do so, You know, we've got a negative, you know, CCC in terms of, you know, how do we think about efficiency of working capital? And we look at our, you know, our capital allocation strategy, which has now returned, you know, somewhere in near 60% of our free cash flow back to shareholders. And so, you know, there's lots to, lots of reasons to think about why this, you know, we are a great sort of, I think value creation opportunity and a over the long term that the long term trends are with us, and I expect them to continue to be so, >>Yeah, and you guys, you, you, you do what you say you're gonna do. I mean, I said in my, in my other piece that I did recently, I think you guys put 46 billion on the, on the, on the balance sheet in terms of debt. That's down to I think 16 billion in the core, which that's quite remarking and that gives you some other opportunities. Give us your, your closing thoughts. I mean, you kind of just addressed why Dell is a good long term play, but I'll give you an opportunity to bring us home. >>Hey, Dave. Yeah, look, I, I just think if you look at the good, the market opportunity, the size and scale of Dell and how we think about the competitive advantages that we have, we com you know, if you look at, say we're a hundred billion revenue company, which we were a year, you know, last year, that as we reported roughly 60, 65 billion of that in the client, in in PC space, roughly, you know, 35 to 40 billion in the ISG or infrastructure space, those markets are gonna continue the opportunity to grow, share, grow at a premium to the market, drive, cash flow, drive, share gain is clearly there. You couple that with, you know, what we think the opportunity is in these adjacent markets, whether it's telecom, the edge, what we're thinking around data services, data management, you know, we, and you cut, you put that together with the long term trends around, you know, data creation and digital transformation. We are extraordinarily well positioned. We have the largest direct selling organization in in the technology space. We have the largest supply chain, our services footprint, you know, well positioned in my mind to take advantage of the opportunities as we move forward. >>Well Tom, really appreciate you taking the time to speak with us. Good to see you again. >>Nice seeing you. Thanks Dave. >>All right. You're watching the Cubes exclusive behind the scenes coverage of Dell Technology Summit 2022. In a moment, I'll be back with Jeff Boudreau. He's the president of Dell's ISG Infrastructure Solutions Group. He's responsible for all the important enterprise business at Dell, and we're excited to get his thoughts, keep it right there. >>Welcome back to the cube's exclusive coverage of the Dell Technology Summit. I'm Dave Ante and we're going inside with Dell execs to extract the signal from the noise. And right now we're gonna dig into customer requirements in a data intensive world and how cross cloud complexities get resolved from a product development perspective and how the ecosystem fits in to that mosaic to close the gaps and accelerate innovation. And with me now as friend of the cube, Jeff Boudreau, he's the president of the Infrastructure Solutions Group, ISG at Dell Technologies. Jeff, always good to see you. Welcome. >>You too. Thank you for having me. It's great to see you and thanks for having me back on the cube. I'm thrilled to be here. >>Yeah, it's our pleasure. Okay, so let's talk about what you're observing from customers today. You know, we talk all the time about operating in a data driven multi-cloud world, blah, blah, blah, blah. But what does that all mean to you when you have to translate that noise into products that solve specific customer problems, Jeff? >>Sure. Hey, great question. And everything always starts with our customers. There are motivation, they're top of mind, everything we do, my leadership team and I spend a lot of time with our customers. We're listening, we're learning, we're really understanding their pain points, and we wanna get their feedback in regards to our solutions, both turn and future offerings, really ensure that we're aligned to meeting their business objectives. I would say from these conversations, I'd say customers are telling us several things. First, it's all about data for no surprise going back to your opening. And second, it's about the multi-cloud world. And I'd say the big thing coming from all of this is that both of those are driving a ton of complexity for our customers. And I'll unpack that just a bit, which is first the data. As we all know, data is growing at unprecedented rates with more than 90% of the world's data being produced in the last two years alone. >>And you can just think of that in it's everywhere, right? And so as it as the IT world shifts towards distributed compute to support that data growth and that data gravity to really extract more value from that data in real time environments become inherently more and more hybrid and more and more multi-cloud. Which leads me to the second key point that I've been hearing from our customers, which it's a multi-cloud world, not new news. Customers by default have multiple clouds running across multiple locations that's on-prem and off-prem, it's running at the edge and it's serving a variety of different needs. Unfortunately, for most of our CU customers, multi-cloud is actually added to their complexity. As we've discussed. It's been a lot more of multi-cloud by default versus multi-cloud by design. And if you really think about our customers, I mean, I, I, I've talking to 'EM all the time, you think about the data complexity, that's the growth and the gravity. >>You think about their infrastructure complexity shifting from central to decentralized it, you think about multi-cloud complexity. So you have these walled gardens, if you will. So you have multiple vendors and you have these multiple contracts that all creates operational complexity for their teams around their processes of their tools. And then you think about security complexity that that dries with the, just the increased tax service and the list goes on. So what are we seeing for our customers? They, what they really want from us, and what they're asking us for is simplicity, not complexity. The immediacy, not latency. They're asking for open and aligned versus I'd say siloed and closed. And they're looking for a lot more agility and not rigidity in what we do. So they really wanna simplify everything. They're looking for a simpler IT and a more agile it. And they want more control of their data, right? >>And so, and they want to extract more of the value to enrich their business or their customer engagements, which all sounds pretty obvious and we've probably all heard it a bunch, but it's really hard to achieve. And that's where I believe, and we believe as Dell that we, it creates a big opportunity for us to really help our customers as that great simplifier of it. We're already doing this today on just a couple quick examples. First is Salesforce. We've supported recently, we've supported their global expansion with a multi-cloud solution to help them drive their business growth. Our solution delivered a reliable and consistent IT experience. We go back to that complexity and it was across a very distributed environment, including more than 60 data centers, 230 countries and hundreds of thousands of customers. It really provided Salesforce with the flexibility of placing workloads and data in an environment based on the right service level. >>Objective things like cost complexity or even security compliance considerations. The second customer A is a big New England Patriot fan. And Dan, Dave, I know you are as well. Oh yeah, this one's near, near data to my heart, it's the craft group. We just created a platform to span all the businesses that create more, I'd say data driven, immersive, secure experience, which is allowing them to capture data at the edge and use it for real time insights for things like cyber resiliency, but also like safety of the facilities. And as being a PA fan like I am, did they truly are meeting us where we are in our seats on their mobile devices and also in the parking lot. So just keep that in mind next time you're there. The bottom line, everything we're doing is really to make it simpler for our customers and to help them get the most of their data. I'd say we're gonna do this, is it through a multi-cloud by design approach, which we talked a lot about with you and and others at Dell Tech world earlier this year, >>Right? And we had Salesforce on, actually at Dell Tech group. The craft group is interesting because, you know, when you get to the stadium, you know, everybody's trying to get, get, get out to the internet and, and, but then the experience is so much better if you can actually, you know, deal with that edge. So I wanna talk about complexity though. You got data, you got, you know, the, the edge, you got multiple clouds, you got a different operating model across security model, different. So a lot of times in this industry we solve complexity with more complexity and it's like a bandaid. So I wanna, I wanna talk to, to how you're innovating around simplicity in ISG to address this complexity and what this means for Dell's long term strategy. >>Sure, I'd love to. So first I, I'd like to state the obvious, which are our investments in our innovations really focused on advancing, you know, our, our our customers needs, right? So we are really, our investments are gonna be targeted. We, we believe customers can have the most value. And some of that's gonna be around how we create strategic partnerships as well connected to what we just spoke about. Much of the complexity of customers have or experiencing is in the orchestration and management of all the data in all these different places and customers, you know, they must be able to quickly deploy and operate across cloud environments. They need to increase their developer productivity, really enabling those developers that do what they do best, which is creating more value for their customers than for their businesses. Our innovation efforts are really focused on addressing this by delivering an open and modern IT architecture that allows customers to run and manage any workload in any cloud anywhere. >>Data lives we're focused on, also focused on consumption based solutions, which allow for a greater degree of simplicity and flexibility, which they're really asking for as well. The foundation for this is our software to define common storage layer, that common storage layer. You can think about this Dave, as our ias if you will. It underpins our data access in mobility across all data types and locations. So you can think private, public, telecom, colo, edge, and it's delivered in a secure, holistic, and consistent cloud experience through Apex. We are making a ton of progress to let you just to be, just to be clear, we've made headway in things like Project Alpine, which you're very well aware of. This is our storage as a service. We announce this back in in January, which brings our unique software IP from our flagship storage platform to all the major public clouds. >>Really delivering the best of both worlds, allowing our customers to take advantage of Dell's enterprise class data services and storage software, such as performance at scale, resiliency, efficiency and security. But in addition to that, we're leveraging the breadth of the public cloud services, right? They're on demand scaling capabilities and access to analytical services. So in addition, we're really, we're, we're on our way to win at the edge as well with Project Frontier, which reduces complexity at the edge by creating an open and secure software platform to help our customers simplify their edge operations, optimize their edge environments and investments, secure that edge environment as well. I believe you're gonna be discussing Project Frontier here with Sam Gro Crop, the very near future. So I won't give up too many more details there. And lastly, we're also scaling Apex, which, oh, well, shifting from our vision, really shifting from vision to reality and introducing several new Apex service offerings, which are coming to market over the next month or so. And the intent is really supporting our customers on their as a service transitions by modernize the consumption experience and providing that flexible as a service model. Ultimately, we're trying to help our customers achieve that multi-cloud by design to really simplify it and unlock the power of their data. >>So some good examples there. I I like to talk about the super Cloud as you, you know, you're building on top of the, you know, hyperscale infrastructure and you got Apex is your cloud, the common storage layer, you call it your is. And that's, that's a ingredient in what we call the super cloud out to the edge. You have to have a common platform there and one of the hallmarks of a cloud company. And as you become a cloud company, everybody's a cloud company ecosystem becomes really, really important in terms of product development and, and innovation. Matt Baker always loves to stress it's not a zero zero sum game. And, and I think Super Cloud recognizes that, that there's value to be built on top of other clouds and, and, and of course on top of your infrastructure so that your ecosystem can add value. So what role does the ecosystem play there? >>For me, it's, it's pretty clear. It's, it's, it's critical. I can't say that enough above the having an open ecosystem. Think about everything we just discussed, and I agree with your super cloud analogy. I agree with what Matt Baker had said to you, I would certain no one company can actually address all the pain points and all the issues and challenges our customers are having on their own, not one. I think customers really want and deserve an open technology ecosystem, one that works together. So not these close stacks that discourages interoperability or stifles innovation and productivity of our, of each of our teams. We del I guess have a long history of supporting open ecosystems that really put customers first. And to be clear, we're gonna be at the center of the multi-cloud ecosystem and we're working with partners today to make that a reality. >>I mean, just think of what we're doing with VMware. We continue to build on our first and best alliances with them in August at their VMware explorer, which I know you were at, we announced several joint engineering initiatives to really help customers more easily manage and gain value from their data and their infrastructure. For multi-cloud specifically, we strength our relationship with VMware and with Tansu as part of that. In addition, just a few weeks ago we announced our partnership with Red Hat to simplify our multi-cloud deployments for managing containerized workloads. I'd say, and using your analogy, I could think of that as our multicloud platform. So that's kind of our PAs layer, if you will. And as you're aware, we have a very long standing and strategic partnership with Microsoft and I'd say stay tuned. There's a lot more to come with them and also others in this multicloud space. >>Shifting a bit to some of the growth engines that my team's responsible for the edge, right? As you think about data being everywhere, we've established partnerships for the Edge as well with folks like PTC and Litmus for the manufacturing edge, but also folks like Deep North for the retail edge analytics and data management. Using your Supercloud analogy, Dave the sa, right? This is our Sasa, we've announced that we're collaborating, partnering with folks like Snowflake and, and there's other data management companies as well to really simplify data access and accelerate those data insights. And then given customers choice of where they'd like to have their IT and their infrastructure, we've we're expanding our colo partnerships as well with folks like eex and, and they're allowing us to broaden our availability of Apex, providing customers the flexibility to take advantage of those as a service offerings wherever it's delivered and where they can get the most value. So those are just some you can hear from me. I think it's critical not only for, for us, I think it's critical for our customers. I think it's been critical, critical for the entire, you know, industry as a whole to really have that open technology ecosystem as we work with our customers on our multi-cloud solutions really to meet their needs. We'll continue to collaborate with whoever customers choose and you know, and who they want us to do business with. So I'd say a lot more coming in that space. >>So it's been an interesting three years for you, just, just over three years now since you've been made the president of the IS isg. And so you had to dig in and, and it was obviously a strange time around the world, but, but you really had to look at, okay, how do we modernize the platform? How do we make it, you know, cloud first, You've mentioned the edge, we're expanding. So what are the big takeaways? What do you want customers and our audience to understand? Just some closing thoughts and if you could summarize. >>Sure. So I'd say first, you know, we discussed we're working in a very fast paced, ever-changing market with massive amounts of data that needs to be managed. It's very complex and our customers need help with that complexity. I believe that Dell Technologies is uniquely positioned to help as their multicloud champion. No one else can solve the breadth and depth of the challenges like we can. And we're gonna help our customers move forward when they basically moving from a multi-cloud by default, as we've discussed before, to multicloud by design. And I'm really excited for the opportunity to work with our customers to help them expand that ecosystem as they truly realize the future of it and, and what they're trying to accomplish. >>Jeff, thanks so much. Really appreciate your time. Always a pleasure. Go pats and we'll see you on the blog. >>Thanks Dave. >>All right, you're watching exclusive insight insights from Dell Technology Summit on the cube, your leader in enterprise and emerging tech coverage. >>Hello everyone, this is Dave Lanta and you're watching the Cubes coverage of the Dell Technology Summit 2022 with exclusive behind the scenes interviews featuring Dell executive perspectives. And right now we're gonna explore Apex, which is Dell's as a service offering Dell's multi-cloud and edge strategies and the momentum around those. And we have news around Project Frontier, which is Dell's vision for its edge platform. And there's so much happening here. And don't forget it's cyber security Awareness month. Sam Grot is here, he's the senior vice president of marketing at Dell Technologies. Sam, always great to see you. How you doing? >>Always great to be here, Dave. >>All right, let's look at cloud. Everybody's talking about cloud Apex, multi-cloud, what's the update? How's it going? Where's the innovation and focal points of the strategy? >>Yeah, yeah. Look Dave, if you think back over the course of this year, you've really heard, heard us pivot as a company and discussing more and more about how multi-cloud is becoming a reality for our customers today. And when we listen and talk with our customers, they really describe multi-cloud challenges and a few key threads. One, the complexity is growing very, very quickly. Two, they're having a harder time controlling how their users are accessing the various different clouds. And then of course, finally the cloud costs are growing unchecked as well. So we, we like to describe this phenomenon as multi-cloud by design. We're essentially, organizations are waking up and seeing cloud sprawl around their organization every day. And this is creating more and more of those challenges. So of course at Dell we've got a strong point of view that you don't need to build multicloud by by default, rather it's multicloud by design where you're very intentional in how you do multicloud. >>And how we deliver multicloud by design is through apex. Apex is our modern cloud and our modern consumption experience. So when you think about the innovation as well, Dave, like we've been on a pretty quick track record here in that, you know, the beginning of this year we introduced brand new Apex backup services that provides that SAS based backup service. We've introduced or announced project outline, which is bringing our storage software, intellectual property from on-prem and putting it and running it natively in the public cloud. We've also introduced new Apex cyber recovery services that is simplifying how customers protect against cyber attacks. They can run an Amazon Azure, aw, I'm sorry, Amazon, aws, Azure or Google. And then, you know, we are really focused on this multi-cloud ecosystem. We announce key partnerships with SaaS providers such as Snowflake, where you can now access our information or our data from on-prem through the Snow Snowflake cloud. >>Or if needed, we can actually move the data to the Snowflake cloud if required. So we're continuing to build out that ecosystem SaaS providers. And then finally I would say, you know, we made a big strategic announcement just recently with Red Hat, where we're not only delivering new Apex container services, but we announce the strategic partnership to build jointly engineered solutions to address hybrid and multi-cloud solutions going forward. You know, VMware is gonna always continue to be a key partner of ours at the la at the recent VMware explorer we announced new Tansu integration. So, So Dave, I, I think in a nutshell we've been innovating at a very, very fast pace. We think there is a better way to do multi-cloud and that's multi-cloud by design. >>Yeah, we heard that at Dell Technologies world. First time I had heard that multi-cloud by design versus sort of default, which is great Alpine, which is sort of our, what we called super cloud in the making. And then of course the ecosystem is critical for any cloud company. VMware of course, you know, top partner, but the Snowflake announcement was very interesting Red Hat. So seeing that expand, now let's go out to the edge. How's it going with the edge expansion? There's gotta be new speaking of ecosystem, the edge is like a whole different, you know, OT type, that's right, ecosystem, that's telcos what and what's this new frontier platform all about? >>Yeah, yeah. So we've talked a lot about cloud and multi clouds, we've talked about private and hybrid cloud, we've talked about public clouds, clouds and cos, telcos, et cetera. There's really been one key piece of our multi-cloud and technology strategy that we haven't spent a lot of time on. And that's the edge. And we do see that as that next frontier for our customers to really gain that competitive advantage that is created from their data and get closer to the point of creation where the data lives. And that's at the edge. We see the edge infrastructure space growing very, very quickly. We see upwards of 300% year of year growth in terms of amount of data being created at the edge. That's almost 3000 exabytes of data by 2026. So just incredible growth. And the edge is not really new for Dell. We've been at it for over 20 years of delivering edge solutions. >>81% of the Fortune 100 companies in the US use Dell solutions today at the Edge. And we are the number one OEM provider of Edge solutions with over 44,000 customers across over 40 industries and things like manufacturing, retail, edge healthcare, and more. So Dave, while we've been at it for a long time, we have such a, a deep understanding of how our customers are using Edge solutions. Say the bottom line is the game has gotta change. With that growth that we talked about, the new use cases that are emerging, we've got to un unlock this new frontier for customers to take advantage of the edge. And that's why we are announcing and revealing Project Frontier. And Project Frontier in its most simplest form, is a software platform that's gonna help customers and organizations really radically simplify their edge deployments by automating their edge operations. You know, with Project Frontier organizations are really gonna be able to manage, OP, and operate their edge infrastructure and applications securely, efficiently and at scale. >>Okay, so it is, first of all, I like the name, it is software, it's a software architecture. So presumably a lot of API capabilities. That's right. Integration's. Is there hardware involved? >>Yeah, so of course you'll run it on Dell infrastructure. We'll be able to do both infrastructure orchestration, orchestration through the platform, but as well as application orchestration. And you know, really there's, there's a handful of key drivers that have been really pushing our customers to take on and look at building a better way to do the edge with Project Frontier. And I think I would just highlight a handful of 'em, you know, freedom of choice. We definitely see this as an open ecosystem out there, even more so at the Edge than any other part of the IT stack. You know, being able to provide that freedom of choice for software applications or I O T frameworks, operational technology or OT for any of their edge use cases, that's really, really important. Another key area that we're helping to solve with Project Frontier is, you know, being able to expect zero trust security across all their edge applications from design to deployment, you know, and of course backed by an end and secure supply chain is really, really important to customers. >>And then getting that greater efficiency and reliability of operations with the centralized management through Project Frontier and Zero Touch deployments. You know, one of the biggest challenges, especially when you get out to the far, far reach of the frontier is really IT resources and being able to have the IT expertise and we built in an enormous amount of automation helps streamline the edge deployments where you might be deploying a single edge solution, which is highly unlikely or hundreds or thousands, which is becoming more and more likely. So Dave, we do think Project Frontier is the right edge platform for customers to build their edge applications on now and certain, excuse me, certainly, and into the future. >>Yeah. Sam, no truck rolls. I like it. And you, you mentioned, you mentioned Zero trust. So we have Mother's Day, we have Father's Day. The kids always ask When's kids' day? And we of course we say every day is kids' day and every day should be cybersecurity awareness day. So, but we have cybersecurity awareness month. What does it mean for Dell? What are you hearing from customers and, and how are you responding? >>Yeah, yeah. No, there isn't a more prevalent pop of mind conversation, whether it's the boardroom or the IT departments or every company is really have been forced to reckon with the cybersecurity and ransom secure issues out there. You know, every decision in IT department makes impacts your security profile. Those decisions can certainly, positively, hopefully impact it, but also can negatively impact it as well. So data security is, is really not a new area of focus for Dell. It's been an area that we've been focused on for a long time, but there are really three core elements to cyber security and data security as we go forward. The first is really setting the foundation of trust is really, really important across any IT system. And having the right supply chain and the right partner to partner with to deliver that is kind of the foundation in step one. >>Second, you need to of course go with technology that is trustworthy. It doesn't mean you are putting it together correctly. It means that you're essentially assembling the right piece parts together. That, that coexist together in the right way. You know, to truly change that landscape of the attackers out there that are gonna potentially create risk for your environment. We are definitely pushing and helping to embrace the zero trust principles and architectures that are out there. So finally, while when you think about security, it certainly is not absolute all correct. Security architectures assume that, you know, there are going to be challenges, there are going to be pain points, but you've gotta be able to plan for recovery. And I think that's the holistic approach that we're taking with Dell. >>Well, and I think too, it's obviously security is a complicated situation now with cloud you've got, you know, shared responsibility models, you've got that a multi-cloud, you've got that across clouds, you're asking developers to do more. So I think the, the key takeaway is as a security pro, I'm looking for my technology partner through their r and d and their, you mentioned supply chain processes to take that off my plate so I can go plug holes elsewhere. Okay, Sam, put a bow on Dell Technology Summit for us and give us your closing thoughts. >>Yeah, look, I I think we're at a transformative point in it. You know, customers are moving more and more quickly to multi-cloud environments. They're looking to consume it in different ways, such as as a service, a lot of customers edge is new and an untapped opportunity for them to get closer to their customers and to their data. And of course there's more and more cyber threats out there every day. You know, our customers when we talk with them, they really want simple, consistent infrastructure options that are built on an open ecosystem that allows them to accomplish their goals quickly and successfully. And look, I think at Dell we've got the right strategy, we've got the right portfolio, we are the trusted partner of choice, help them lead, lead their, their future transformations into the future. So Dave, look, I think it's, it's absolutely one of the most exciting times in it and I can't wait to see where it goes from here. >>Sam, always fun catching up with you. Appreciate your time. >>Thanks Dave. >>All right. A Dell tech world in Vegas this past year, one of the most interesting conversations I personally had was around hybrid work and the future of work and the protocols associated with that and the mindset of, you know, the younger generation. And that conversation was with Jen Savira and we're gonna speak to Jen about this and other people and culture topics. Keep it right there. You're watching the cube's exclusive coverage of Dell Technology Summit 2022. Okay, we're back with Jen Vera, who's the chief human resource officer of Dell, and we're gonna discuss people, culture and hybrid work and leadership in the post isolation economy. Jen, the conversations that we had at Dell Tech World this past May around the new work environment were some of the most interesting and engaging that I had personally. So I'm really eager to, to get the update. It's great to see you again. Thanks for coming on the cube. >>Thanks for having me Dave. There's been a lot of change in just a short amount of time, so I'm excited to, to share some of our learnings >>With you. I, I mean, I bet there has, I mean, post pandemic companies, they're trying, everybody's trying to figure out the return to work and, and what it looks like. You know, last May there was really a theme of flexibility, but depending, we talked about, well, millennial or not young old, and it's just really was mixed, but, so how have you approached the topic? What, what are your policies? What's changed since we last talked? You know, what's working, you know, what's still being worked? What would you recommend to other companies to over to you? >>Yeah, well, you know, this isn't a topic that's necessarily new to Dell technology. So we've been doing hybrid before. Hybrid was a thing. So for over a decade we've been doing what we called connected workplace. So we have kind of a, a history and we have some great learnings from that. Although things did change for the entire world. You know, March of 2020, we went from kind of this hybrid to everybody being remote for a while. But what we wanted to do is, we're such a data driven company, there's so many headlines out there, you know, about all these things that people think could happen will happen, but there wasn't a lot of data behind it. So we took a step back and we asked our team members, How do you think we're doing? And we asked very kind of strong language because we've been doing this for a while. >>We asked them, Do you think we're leading in the world of hybrid in 86% of our team members said that we were, which is great, but we always know there's nuance right behind that macro level. So we, we asked 'em a lot of different questions and we just went on this kind of myth busting journey and we decided to test some of those things. We're hearing about Culture Willow Road or new team members will have trouble being connected or millennials will be different. And we really just collected a lot of data, asked our team members what their experience is. And what we have found is really, you don't have to be together in the office all the time to have a strong culture, a sense of connection, to be productive and to have it really healthy business. >>Well, I like that you were data driven around it in the data business here. So, but, but there is a lot of debate around your culture and how it suffers in a hybrid environment, how remote workers won't get, you know, promoted. And so I'm curious, you know, and I've, and I've seen some like-minded companies like Dell say, Hey, we, we want you guys to work the way you wanna work. But then they've, I've seen them adjust and say, Well yeah, but we also want you to know in the office be so we can collaborate a little bit more. So what are you seeing at Dell and, and, and how do you maintain that cultural advantage that you're alluding to in this kind of strange, new ever changing world? >>Yeah, well I think, look, one approach doesn't fit all. So I don't think that the approach that works for Dell Technologies isn't necessarily the approach that works for every company. It works with our strategy and culture. It is really important that we listen to our team members and that we support them through this journey. You know, they tell us time and time again, one of the most special things about our culture is that we provide flexibility and choice. So we're not a mandate culture. We really want to make sure that our team members know that we want them to be their best and do their best. And not every individual role has the same requirements. Not every individual person has the same needs. And so we really wanna meet them where they are so that they can be productive. They feel connected to the team and to the company and engaged and inspired. >>So, you know, for, for us, it really does make sense to go forward with this. And so we haven't, we haven't taken a step back. We've been doing hybrid, we'll continue to do hybrid, but just like if you, you know, we talk about not being a mandate. I think the companies that say nobody will come in or you have to come in three days a week, all of that feels more limiting. And so what we really say is, work out with your team, work out with your role, workout with your leader, what really makes the most sense to drive things forward. >>I >>You were, so >>That's what we, you were talking before about myths and you know, I wanna talk about team member performance cuz there's a lot of people believe that if, if you're not in the office, you have disadvantages, people in the office have the advantage cuz they get FaceTime. Is is that a myth? You know, is there some truth to that? What, what do you think about that? >>Well, for us, you know, we look, again, we just looked at the data. So we said we don't wanna create a have and have not culture that you're talking about. We really wanna have an inclusive culture. We wanna be outcome driven, we're meritocracy. But we went and we looked at the data. So pre pandemic, we looked at things like performance, we looked at rewards and recognition, we looked at attrition rates, we looked at sentiment, Do you feel like your leader is inspiring? And we found no meaningful differences in any of that or in engagement between those who worked fully remote, fully in the office or some combination between. So our data would bust that myth and say, it doesn't, you don't have to be in an office and be seen to get ahead. We have equitable opportunity. Now, having said that, you always have to be watching that data. And that's something that we'll continue to do and make sure that we are creating equal opportunity regardless of where you work. >>And it's personal too, I think, I think some people can be really productive at home. I happen to be one that I'm way more productive in the office cause the dogs aren't barking. I have less distractions. And so I think we think, and, and I think the takeaway that in just in talking to, to, to you Jen and, and folks at Dell is, you know, whatever works for you, we're we're gonna, we're gonna support. So I I wanted to switch gears a little bit, talk about leadership and, and very specifically empathic leadership has been said to be, have a big impact on attracting talent, retaining talent, but, but it's hard to have empathy sometimes. And I know I saw some stats in a recent Dell study. It was like two thirds the people felt like their organization underestimates the people requirements. And I, I ask myself, I'm like, what am I missing? I hope, you know, with our folks, so especially as it relates to, to transformation programs. So how can human resource practitioners support business leaders generally, specifically as it relates to leading with empathy? >>I think empathy's always been important. You have to develop trust. You can have the best strategy in the world, right? But if you don't feel like your leader understands who you are, appreciates the the value that you bring to the company, then you're not gonna get very far. So I think empathetic leadership has always been part of the foundation of a trusting, strong relationship between a leader and a team member. But if I think we look back on the last two years, and I imagine it'll be even more so as we go forward, empathetic leadership will be even more important. There's so much going on in the world, politically, socially, economically, that taking that time to say you want your team members to see you as credible, that you and confident that you can take us forward, but also that, you know, and understand me as a human being. >>And that to me is really what it's about. And I think with regard to transformation that you brought up, I think one of the things we forget about is leaders. We've probably been thinking about a decision or transformation for months or weeks and we're ready to go execute, we're ready to go operationalize that thing. And so sometimes when we get to that point, because we've been talking about it for so long, we send out the email, we have the all hands and we just say we're ready to go. But our team members haven't always been on that journey for those months that we have. And so I think that empathetic moment to say, Okay, not everybody is on a change curve where I am. Let's take a pause, let me put myself in their shoes and really think about how we bring everybody along. >>You know, Jen, in the spirit of myth busting, I mean I'm one of those people who felt like that a business is gonna have a hard time, harder time fostering this culture of collaboration and innovation post isolation economy as they, they could pre covid. But you know, I noticed there's a, there's an announcement today that came across my desk, I think it's from Newsweek. Yes. And, and it's the list of top hundred companies recognized for employee motivation satisfaction. And it was really interesting because you, you always see, oh, we're the top 10 or the top hundred, But this says as a survey of 1.4 million employees from companies ranging from 50 to 10,000 employees. And it recognizes the companies that put respect, caring, and appreciation for their employees at the center of their business model. And they doing so have earned the loyalty and respect of the people who work for them. >>Number one on the list is Dell sap. So congratulations SAP was number two. I mean, there really isn't any other tech company on there, certainly no large tech companies on there. So I always see these lists, they go, Yeah, okay, that's cool, top a hundred, whatever. But top one in, in, in an industry where there's only two in the top is, is pretty impressive. And how does that relate to fostering my earlier skepticism of a culture of collaboration? So first of all, congratulations, you know, how'd you do it? And how are you succeeding in, in this new world? >>Well thanks. It does feel great to be number one, but you know, it doesn't happen by accident. And I think while most companies have a, a culture and a spouse values, we have ours called the culture code. But it's really been very important to us that it's not just a poster on the wall or or words on paper. And so we embed our culture code into all of our HR practices, that whole ecosystem from recognition of rewards to performance evaluation, to interviewing, to development. We build it into everything. So it really reflects who we are and you experience it every day. And then to make sure that we're not, you know, fooling ourselves, we ask all of our employees, do you feel like the behaviors you see and the experience you have every day reflects the culture code? And 94% of our team members say that, in fact it does. So I think that that's really been kind of the secret to our success. If you, if you listen to Michael Dell, he'll always say, you know, the most special thing about Dell is our culture and our people. And that comes through being very thoughtful and deliberate to preserve and protect and continue to focus on our culture. >>Don't you think too that repetition and, well first of all, belief in that cultural philosophy is, is important. And then kind of repeating, like you said, Yeah, it's not just a poster in the wall, but I remember like, you know, when we're kids, your parents tell you, okay, power positive thinking, do one to others as others, you know, you have others do it to you. Don't make the say you're gonna do some dumb things but don't do the same dumb things twice and you sort of fluff it up. But then as you mature you say, Wow, actually those were, >>They might have had a >>Were instilled in me and now I'm bringing them forward and, you know, paying it forward. But, but so i, it, it, my, I guess my, my point is, and it's kind of a point observation, but I'll turn it into a question, is isn't isn't consistency and belief in your values really, really important? >>I couldn't agree with you more, right? I think that's one of those things that we talk about it all the time and as an HR professional, you know, it's not the HR people just talking about our culture, it's our business leaders, it's our ceo, it's our COOs ev, it's our partners. We share our culture code with our partners and our vendors and our suppliers and, and everybody, this is important. We say when you interact with anybody at Dell Technologies, you should expect that this is the experience that you're gonna get. And so it is something that we talk about that we embed in, into everything that we do. And I think it's, it's really important that you don't just think it's a one and done cuz that's not how things really, really work >>Well. And it's a culture of respect, you know, high performance, high expectations, accountability at having followed the company and worked with the company for many, many years. You always respect the dignity of your partners and your people. So really appreciate your time Jen. Again, congratulations on being number one. >>Thank you so much. >>You're very welcome. Okay. You've been watching a special presentation of the cube inside Dell Technology Summit 2022. Remember, these episodes are all available on demand@thecube.net and you can check out s silicon angle.com for all the news and analysis. And don't forget to check out wikibon.com each week for a new episode of breaking analysis. This is Dave Valante, thanks for watching and we'll see you next time.

(bright music) >> Hello everyone, this is Dave Vellante, and you're watching The Cube's coverage of the Dell Technology Summit 2022, with exclusive behind the scenes interviews featuring Dell executive perspectives. And right now we're going to explore Apex, which is Dell's As-a-Service offering, Dell's multi-cloud and Edge strategies, and the momentum around those. And we have news around Project Frontier, which is Dell's vision for its Edge platform. And there's so much happening here. And don't forget, it's Cyber Security Awareness Month. Sam Grocott is here. He's the Senior Vice President of Marketing at Dell Technologies. Sam, always great to see you. How you doing? >> Always great to be here, Dave. >> All right, let's look at cloud. Everybody's talking about cloud Apex, multi-cloud. What's the update? How's it going? Where's the innovation and focal points of the strategy? >> Yeah, yeah. Look, Dave, if you think back over the course of this year, you've really heard us pivot as a company and discussing more and more about how multi-cloud is becoming a reality for our customers today. And when we listen and talk with our customers, they really describe multi-cloud challenges in a few key threads. One, the complexity is growing very, very quickly. Two, they're having a harder time controlling how their users are accessing the various different clouds. And then of course, finally, the cloud costs are growing unchecked, as well. So we like to describe this phenomenon as multi-cloud by design, where essentially organizations are waking up and seeing cloud sprawl around their organization every day. And this is creating more and more of those challenges. So of course at Dell we've got a strong point of view that you don't need to build multi-cloud by default, rather it's multi-cloud by design, where you're very intentional in how you do multi-cloud. And how we deliver multi-cloud by design is through Apex. Apex is our modern cloud and our modern consumption experience. So when you think about the innovation as well, Dave like, we've been on a pretty quick track record here in that, you know, the beginning of this year we introduced brand new Apex backup services that provides that SAS-based backup service. We've introduced, or announced, Project Alpine which is bringing our storage software intellectual property from on-prem, and putting it and running it natively in the public cloud. We've also introduced new Apex cyber recovery services that is simplifying how customers protect against cyber attacks. They can run in Amazon, Azure, AW I'm sorry, Amazon, AWS, Azure, or Google. And then, you know, we are really focused on this multi-cloud ecosystem. We announced key partnerships with SAS providers such as Snowflake, where you can now access our information, or our data, from on-prem through the Snowflake cloud. Or if needed, we can actually move the data to the Snowflake cloud, if required. So we're continuing to build out that ecosystem SAS providers. And then finally I would say, you know, we made a big strategic announcement just recently with Red Hat, where we're not only delivering new Apex container services, but we announced a strategic partnership to build jointly engineered solutions to address hybrid and multi-cloud solutions going forward. You know VMware is going to always continue to be a key partner of ours. At the more recent VMware explorer, we announced new Tansu integration. So Dave, I think in a nutshell, we've been innovating at a very, very fast pace. We think there is a better way to do multi-cloud and that's multi-cloud by design. >> Yeah, we heard that at Dell Technologies World. First time I had heard that multi-cloud by design versus to the default, which is great. Alpine, which is sort of our, what we call, "super cloud in the making." And then of course the ecosystem is critical for any cloud company. VMware of course, you know, top partner. But the Snowflake announcement was very interesting. Red Hat, so seeing that expand. Now let's go out to the Edge. How's it going with the Edge expansion? There's got to be new, speaking of ecosystem, the Edge is like a whole different you know, OT type of ecosystem, >> That's right. Telcos. And what's this new Frontier platform all about? >> Yeah, yeah. So we've talked a lot about cloud and multi-clouds. We've talked about private and hybrid clouds. We've talked about public clouds, clouds and Kronos, Telcos, et cetera. There's really been one key piece of our multi-cloud and technology strategy that we haven't spent a lot of time on. And that's the Edge. And we do see that as that next frontier for our customers to really gain that competitive advantage that is created from their data and get closer to the point of creation where the data lives, and that's at the Edge. We see the Edge infrastructure space growing very, very quickly. We've seen upwards of 300% year-of-year growth in terms of amount of data being created at the Edge. That's almost 3000 exabytes of data by 2026. So just incredible growth. And the Edge is not really new for Dell. We've been at it for over 20 years of delivering Edge solutions. 81% of the Fortune 100 companies in the US use Dell Solutions today at the Edge. And we are the number one OEM provider of Edge Solutions with over 44,000 customers across over 40 industries in things like manufacturing, retail, Edge, healthcare, and more. So Dave, while we've been at it for a long time, we have such a deep understanding of how our customers are using Edge Solutions. Say, the bottom line is the game has got to change. With that growth that we talked about, the new use cases that are emerging, we've got to unlock this new Frontier for customers to take advantage of the Edge. And that's why we are announcing and revealing Project Frontier. And with Project Frontier in its most simplest form is a software platform that's going to help customers and organizations really radically simplify their edge deployments by automating their edge operations. You know, with Project Frontier organizations are really going to be able to manage, and operate their edge infrastructure and application securely, efficiently, and at scale. >> Okay, so it is, first of all, I like the name. It is software, it's a software architecture. So presumably a lot of API capabilities. >> That's right. >> Integration. Is there hardware involved? >> Yeah, so of course you'll run it on a Dell infrastructure. We'll be able to do both infrastructure orchestration through the platform, but as well as application orchestration. And you know, really there's a handful of key drivers that have been really pushing our customers to take on and look at building a better way to do the edge with Project Frontier. And I think I would just highlight a handful of them. You know, freedom of choice. We definitely see this as an open ecosystem out there even more so at the Edge than any other part of the IT stack. You know, being able to provide that freedom of choice for software applications or IoT frameworks, operational technology, or OT for any of their edge use cases, that's really, really important. Another key area that we're helping to solve with Project Frontier is, you know, being able to expect zero trust security across all their Edge applications, from design to deployment, you know, and of course backed by a secure supply chain is really, really important to customers. And then getting that greater efficiency and reliability of operations with a centralized management through Project Frontier and Zero Touch deployments. You know, one of the biggest challenges especially when you get out to the far, far reach of the Frontier, is really IT resources and being able to have that IT expertise. And we built in an enormous amount of automation to help streamline the Edge deployments where you might be deploying a single-edge solution which is highly unlikely, or hundreds or thousands, which is becoming more and more likely. So Dave, we do think Project Frontier is the right Edge platform for customers to build their Edge applications on now, and certain, excuse me, certainly and into the future. >> Yeah. Sam, no truck rolls. I like it. (laughing) And you, you mentioned, you mentioned Zero trust. So we have Mother's Day, you know, we have Father's Day. The kids always ask, "When's Kids' day?" And we of course we say, "Every day is Kids' Day," and every day should be Cybersecurity Awareness Day. So, (laughs) but we have Cybersecurity Awareness Month. What does it mean for Dell? What are you hearing from customers and how are you responding? >> Yeah, yeah. No, there isn't a more prevalent top-of-mind conversation, whether it's the boardroom or the IT departments, or every company is really have been forced to reckon with the cyber security and ransom secure issues out there. You know, every decision in IT department makes, impacts your security profile. Those decisions can certainly, positively, hopefully impact it, but also can negatively impact it, as well. So, data security is really not a new area of focus for Dell. It's been an area that we've been focused on for a long time. But there are really three core elements to cybersecurity and data security as we go forward. The first is really setting the foundation of trust is really, really important across any IT system and having the right supply chain and the right partner to partner with to deliver that. It's kind of the foundation in step one. Second, you need to, of course, go with technology that is trustworthy. It doesn't mean you are putting it together correctly. It means that you're essentially assembling the right piece parts together, that coexist together in the right way. You know, to truly change that landscape of the attackers out there that are going to potentially create risk for your environment, we are definitely pushing and helping to embrace the zero trust principles and architectures that are out there. So finally, while when you think about security it certainly is not absolute all correct. Security architectures assume that, you know, there are going to be challenges, there are going to be pain points, but you've got to be able to plan for recovery. And I think that's the holistic approach that we're taking with Dell. >> Well, and I think too, it's obviously security is a complicated situation. Now with cloud you've got, you know, shared responsibility models, you got that multi-cloud, you got that across clouds, you're asking developers to do more. So I think the key takeaway is as a security pro, I'm looking for my technology partner through their R&D and their, you mentioned, supply chain processes to take that off my plate so I can go plug holes elsewhere. Okay. Sam, put a bow- >> That's right. >> on Dell Technology Summit for us and give us your closing thoughts. >> Yeah, look, I think we're at a transformative point in IT. You know, customers are moving more and more quickly to multi-cloud environments. They're looking to consume IT in different ways, such as as a service. A lot of customers, Edge is new and an untapped opportunity for them to get closer to their customers and to their data. And of course there's more and more cyber threats out there every day. You know, our customers when we talk with them, they really want simple, consistent infrastructure options that are built on an open ecosystem that allows them to accomplish their goals quickly and successfully. And look, I think at Dell we've got the right strategy we've got the right portfolio. We are the trusted partner of choice to help them lead their future transformations into the future. So, Dave, look, I think it's, it's absolutely one of the most exciting times in IT, and I can't wait to see where it goes from here. >> Sam, always fun catching up with you. Appreciate your time. >> Thanks, Dave. >> All right. At Dell Tech World in Vegas this past year, one of the most interesting conversations I personally had was around hybrid work and the future of work, and the protocols associated with that, and the mindset of, you know, the younger generation. And that conversation was with Jenn Saavedra, and we're going to speak to Jenn about this and other people and culture topics. Keep it right there. You're watching The Cube's exclusive coverage of Dell Technology Summit 2022. (bright music)

>>The Cube Presents UI Path Forward five. Brought to you by UI Path. >>Welcome back to the Cube's Coverage of Forward five UI Path Customer event. This is the fourth forward that we've been at. We started in Miami, had some great events. It's all about the customer stories. Dave Valante with Dave Nicholson, Flow Yees here. She's the director of engineering and development at dsu and Kate Hall is to her right. And Kate is the director of Automation Solutions at dsu. Ladies, welcome to the Cube. Thanks so much. Thanks >>You to >>Be here. Tell us about dsu. You guys are huge company, but but give us the focus. >>Yeah, absolutely. Dentsu, it's one of the largest advertising networks out there. One of the largest in the world with over 66,000 employees and we're operating in a hundred plus countries. We're really proud to serve 95% of the Fortune 100 companies. Household names like Microsoft Factor and Gamble. If you seen the Super Bowls ads last year, Larry, Larry Davids ads for the crypto brand. That's a hilarious one for anyone who haven't seen it. So we're just really proud to be here and we really respect the creatives of our company. >>That was the best commercial, the Super Bowl by far. For sure. I, I said at the top of saying that Dave and I were talking UI pass, a cool company. You guys kinda look like cool people. You got cool jobs. Tell, tell us about your respective roles. What do you guys do? Yeah, >>Absolutely, absolutely. Well, I'm the director of engineering and automation, so what I really do is to implement the automation operating model and connecting developers across five continents together, making sure that we're delivering and deploying automation projects up to our best standards setting by the operating model. So it's a really, really great job. And when we get to see all these brilliant minds across the world >>And, And Kate, what's your role? Yeah, >>And the Automation Solutions vertical that I head up, the focus is really on converting business requirements into technical designs for flows, developers to deliver. So making sure that we are managing our pipeline, sourcing the right ideas, prioritizing them according to the business businesses objectives and making sure that we route them to the right place. So is it, does it need to be an automation first? Do we need to optimize the process? Does this make sense for citizen developers or do we need to bring in the professional resources on flow's >>Team? So you're bilingual, you speak, you're like the translator, you speak geek and wall, right? Is that fair? Okay. So take me back to the, let's, let's do a little mini case study here. How did you guys get started? I'm always interested, was this a top down? Is, is is top down required to be successful? Cuz it does feel like you can have bottom up bottoms up with rpa, but, but how did you guys get started? What was the journey like? >>Yeah, we started back in 2017, very traditional top down approach. So we delivered a couple POCs working directly with UiPath. You know, going back those five years, delivered those really highly scalable top down solutions that drove hundreds of thousands of hours of ROI for the business. However, as people kind of began to embrace automation and they learned that this is something that they could, that could help them, it's not something that they should be afraid of to take away their jobs. You know, DSU is a young company with a lot of young, young creatives. They wanna make their lives better. So we were absolutely inundated with all of these use cases of, hey I, I need a bot to do this. I need a bot to do that i's gonna save me, you know, 10 hours a week. It's gonna save my team a hundred hours a month, et cetera, et cetera. All of these smaller use cases that were gonna be hugely impactful for the individuals, their teams, even in entire department, but didn't have that scalable ROI for us to put professional development resources against it. So starting in 2020 we really introduced the citizen development program to put the power into those people's hands so that they could create their own solutions. And that was really just a snowball effect to tackle it from the bottom up as well as the top down. >>So a lot of young people, Dave, they not not threatened by robots that racing it. So >>They've grown up with the technology, they know that they can order an Uber from their phone, right? Why am I, you know, sitting here at MITs typing data from Excel into a program that might be older than some of our youngest employees. >>Yeah. Now, now the way you described it, correct me if I'm wrong, the way you described it, it sounds like there's sort of a gating function though. You're not just putting these tools in the hands of people sitting, especially creatives who are there to create. You're not saying, Oh you want things automated, here are the tools. Go ahead. Automated. We'll we, for those of you who want to learn how to use the tools, we'll have you automate that there. Did I hear that right? You're, you're sort of making decisions about what things will be developed even by citizen developers. >>Let me, Do you wanna talk to them about governance? Yeah, absolutely. >>Yeah, so I think we started out with assistant development program, obviously the huge success, right? Last year we're also here at the Cubes. We're very happy to be back again. But I think a lot, a lot had changed and we've grown a lot since last year. One, I have the joy being a part of this team. And then the other thing is that we really expanded and implemented an automation operating model that I mentioned briefly just earlier. So what that enabled us to do is to unite developers from five continents together organically and we're now able to tap into their talent at a global scale. So we are really using this operating model to grow our automation practice in a scalable and also controlled manner. Okay. What I mean by that is that these developer originally were sitting in 18 plus markets, right? There's not much communication collaboration between them. >>And then we went in and bridged them together. What happened is that originally they were only delivering projects and use cases within their region and sometimes these use cases could be very, very much, you know, small scale and not really maximizing their talent. What we are now able to do is tap into a global automation pipeline. So we connecting these highly skilled people to the pipeline elsewhere, the use cases elsewhere that might not be within their regions because one of our focus, a lot of change I mentioned, right? One thing that will never change with our team, it's used automation to elevate people's potential. Now it's really a win-win situation cuz we are connecting the use cases from different pipelines. So the business is happy cuz we are delivering these high scalable solutions. We also utilizing these developers and they're happy because their skills are being maximized and then at the same time growing our automation program. So then that way the citizen development program so that the lower complexities projects are being delivered at a local level and we are able to innovate at a local level. >>I, I have so many questions flow based on what you just said. It's blowing my mind >>Here. It's a whole cycle. >>So let me start with how do you, you know, one of the, one of the concerns I had initially with RPA, cuz just you're talking about some very narrow use cases and your goal is to expand that to realize the potential of each individual, right? But early days I saw a lot of what I call paving the cow path, taking a process that was not a great process and then automating it, right? And that was limiting the potential. So how do you guys prioritize which processes to focus on and maybe which processes should be rethought, >>Right? Exactly. A lot of time when we do automation, right, we talk about innovations and all that stuff, but innovation doesn't happen with the same people sitting in the same room doing the same thing. So what we are doing now, able to connect all these people, different developers from different groups, we really bring the diversity together. That's diversity D diverse diversity in the mindset, diversity in the skill. So what are we really able to do and we see how we tackle this problem is to, and that's a problem for a lot of business out there is the short-termism. So there's something, what we do is that we take two approaches. One, before we, you know, for example, when we used to receive a use case, right? Maybe it's for the China market involving a specific tool and we just go right into development and start coding and all that good stuff, which is great. >>But what we do with this automation framework, which we think it's a really great service for any company out there that want to grow and mature their automation practice, it's to take a step back, think about, okay, so the China market would be beneficial from this automation. Can we also look at the Philippine market? Can we also look at the Thailand market? Because we also know that they have similar processes and similar auto tools that they use. So we are really able to make our automation in a more meaningful way by scaling a project just beyond one market. Now it's impacting the entire region and benefiting people in the entire region. That is what we say, you know, putting automation for good and then that's what we talked about at dsu, Teaming without limits. And that's a, so >>By taking, we wanna make sure that we're really like taking a step back, connecting all of the dots, building the one thing the right way, the first time. Exactly. And what's really integral into being able to have that transparency, that visibility is that now we're all working on the same platform. So you know, Brian spoke to you last year about our migration into automation cloud, having everything that single pipeline in the cloud. Anybody at DSU can often join the automation community and get access to automation hub, see what's out there, submit their own ideas, use the launchpad to go and take training. Yeah. And get started on their own automation journey as a citizen developer and you know, see the different paths that are available to them from that one central space. >>So by taking us a breath, stepping back, pausing just a bit, the business impact at the tail end is much, much higher. Now you start in 2017 really before you UI path made it's big enterprise play, it acquired process gold, you know, cloud elements now most recently referenced some others. How much of what you guys are, are, are doing is platform versus kind of the initial sort of robot installation? Yeah, >>I mean platforms power people and that's what we're here to do as the global automation team. Whether it's powering the citizen developers, the professional developers, anybody who's interacting with our automations at dsu, we wanna make sure that we're connecting the docs for them on a platform basis so that developers can develop and they don't need to develop those simple use cases that could be done by a citizen developer. You know, they're super smart technical people, they wanna do the cool shit with the new stuff. They wanna branch into, you know, using AI center and doing document understanding. That's, you know, the nature of human curiosity. Citizen developers, they're thrilled that we're making an investment to upscale them, to give them a new capability so that they can automate their own work. And they don't, they, they're the process experts. They don't need to spend a month talking to us when they could spend that time taking the training, learning how to create something themselves. >>How, how much sort of use case runway when you guys step back and look at your business, do you see a limit to the use cases? I mean where are you, if you had on a spectrum of, you know, maturity, how much more opportunity is there for DSU to automate? >>There's so much I think the, you feel >>Like it's limitless? >>No, I absolutely feel like it's limitless because there one thing, it's, there's the use cases and I think it's all about connecting the talent and making sure that something we do really, you know, making sure that we deliver these use cases, invest the time in our people so we make sure our professional developers part of our team spending 10 to 20% of the time to do learning and development because only limitless if our people are getting the latest and the greatest technology and we want to invest the time and we see this as an investment in the people making sure that we deliver the promise of putting people first. And the second thing, it's also investment in our company's growth. And that's a long term goal. And overcoming just focusing on things our short term. So that is something we really focus to do. And not only the use cases we are doing what we are doing as an operating model for automation. That is also something that we really value because then this is a kind of a playbook and a success model for many companies out there to grow their automation practice. So that's another angle that we are also focusing >>On. Well that, that's a relief because you guys are both seem really cool and, and I'm sitting here thinking they don't realize they're working themselves out of a job once they get everything automated, what are they gonna do? Right? But, but so, so it sounds like it's a never ending process, but because you guys are, are such a large global organization, it seems like you might have a luxury of being able to benchmark automations from one region and then benchmark them against other regions that aren't using that automation to be able to see very, very quickly not only realize ROI really quickly from the region where it's been implemented, but to be able to compare it to almost a control. Is that, is that part of your process? Yeah, >>Absolutely. Because we are such a global brand and with the automation, automation operating model, what we are able to do, not only focusing on the talent and the people, but also focusing on the infrastructure. So for example, right, maybe there's a first use case developing in Argentina and they have never done these automation before. And when they go to their security team and asking for an Okta bypass service account and the security team Argentina, like we never heard of automation, we don't know what UiPath is, why would I give you a service account for good reason, right? They're doing their job right. But what we able to do with automation model, it's to establish trust between the developers and the security team. So now we have a set up standing infrastructure that we are ready to go whenever an automation's ready to deploy and we're able to get the set up standing infrastructure because we have the governance to make sure the quality would delivered and making sure anything that we deployed, automation that we deploy are developed and governed by the best practice. So that's how we able to kind of get this automation expand globally in a very control and scalable manner because the people that we have build a relationship with. What are >>The governors to how fast you can adopt? Is it just expertise or bandwidth of that expertise or what's the bottleneck? >>Yeah, >>If >>You wanna talk more about, >>So in terms of the pipeline, we really wanna make sure that we are taking that step back and instead of just going, let's develop, develop, develop, here are the requirements like get started and go, we've prove the value of automation at Densu. We wanna make sure we are taking that step back and observing the pipeline. And it's, it's up to us to work with the business to really establish their priorities and the priorities. It's a, it's a big global organization. There might be different priorities in APAC than there are in EM for a good reason. APAC may not be adopted on the same, you know, e r P system for example. So they might have those smaller scale ROI use cases, but that's where we wanna work with them to identify, you know, maybe this is a legitimate need, the ROI is not there, let's upscale some citizen developers so that they can start, you know, working for themselves and get those results faster for those simpler use cases. >>Does, does the funding come from the line of business or IT or a combination? I mean there are obviously budget constraints are very concerned about the macro and the recession. You guys have some global brands, you know, as, as things ebb and flow in the economy, you're competing with other budgets. But where are the budgets coming from inside of dsu? Is it the business, is it the tech >>Group? Yeah, we really consider our automation group is the cause of doing business because we are here connecting people with bridging people together and really elevating. And the reason why we structure it that way, it's people, we do automation at dsu not to reduce head count, not to, you know, not, not just those matrix number that we measure, but really it's to giving time back to the people, giving time back to our business. So then that way they can focus on their wellbeing and that way they can focus on the work-life balance, right? So that's what we say. We are forced for good and by using automation for good as one really great example. So I think because of this agenda and because DSU do prioritize people, you know, so that's why we're getting the funding, we're getting the budget and we are seeing as a cause of doing business. So then we can get these time back using innovation to make people more fulfilling and applying automation in meaningful ways. >>Kate and Flo, congratulations. Your energy is palpable and really great success, wonderful story. Really appreciate you sharing. Thank you so >>Much for having us today. >>You're very welcome. All keep it right there. Dave Nicholson and Dave Ante. We're live from UI path forward at five from Las Vegas. We're in the Venetian Consent Convention Center. Will be right back, right for the short break.

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

>>Welcome back everyone to the Cube and Horizon three.ai special presentation. I'm John Furrier, host of the Cube. We with Chris Hill, Sector head for strategic accounts and federal@horizonthree.ai. Great innovative company. Chris, great to see you. Thanks for coming on the Cube. >>Yeah, like I said, you know, great to meet you John. Long time listener. First time call. So excited to be here with >>You guys. Yeah, we were talking before camera. You had Splunk back in 2013 and I think 2012 was our first splunk.com. Yep. And boy man, you know, talk about being in the right place at the right time. Now we're at another inflection point and Splunk continues to be relevant and continuing to have that data driving security and that interplay. And your ceo, former CTO of Splunk as well at Horizons Neha, who's been on before. Really innovative product you guys have, but you know, Yeah, don't wait for a brief to find out if you're locking the right data. This is the topic of this thread. Splunk is very much part of this new international expansion announcement with you guys. Tell us what are some of the challenges that you see where this is relevant for the Splunk and the Horizon AI as you guys expand Node zero out internationally? >>Yeah, well so across, so you know, my role within Splunk was working with our most strategic accounts. And so I look back to 2013 and I think about the sales process like working with, with our small customers. You know, it was, it was still very siloed back then. Like I was selling to an IT team that was either using us for IT operations. We generally would always even say, yeah, although we do security, we weren't really designed for it. We're a log management tool. And you know, we, and I'm sure you remember back then John, we were like sort of stepping into the security space and in the public sector domain that I was in, you know, security was 70% of what we did. When I look back to sort of the transformation that I was, was witnessing in that digital transformation, you know when I, you look at like 2019 to today, you look at how the IT team and the security teams are, have been forced to break down those barriers that they used to sort of be silo away, would not communicate one, you know, the security guys would be like, Oh this is my BA box it, you're not allowed in today. >>You can't get away with that. And I think that the value that we bring to, you know, and of course Splunk has been a huge leader in that space and continues to do innovation across the board. But I think what we've we're seeing in the space that I was talking with Patrick Kauflin, the SVP of security markets about this, is that, you know, what we've been able to do with Splunk is build a purpose built solution that allows Splunk to eat more data. So Splunk itself, as you well know, it's an ingest engine, right? So the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it, but without data it doesn't do anything, right? So how do you drive and how do you bring more data in? And most importantly from a customer perspective, how do you bring the right data in? >>And so if you think about what node zero and what we're doing in a Horizon three is that, sure we do pen testing, but because we're an autonomous pen testing tool, we do it continuously. So this whole thought of being like, Oh, crud like my customers, Oh yeah, we got a pen test coming up, it's gonna be six weeks. The wait. Oh yeah. You know, and everyone's gonna sit on their hands, Call me back in two months, Chris, we'll talk to you then. Right? Not, not a real efficient way to test your environment and shoot, we, we saw that with Uber this week. Right? You know, and that's a case where we could have helped. >>Well just real quick, explain the Uber thing cause it was a contractor. Just give a quick highlight of what happened so you can connect the >>Dots. Yeah, no problem. So there it was, I think it was one of those, you know, games where they would try and test an environment. And what the pen tester did was he kept on calling them MFA guys being like, I need to reset my password re to set my password. And eventually the customer service guy said, Okay, I'm resetting it. Once he had reset and bypassed the multifactor authentication, he then was able to get in and get access to the domain area that he was in or the, not the domain, but he was able to gain access to a partial part of the network. He then paralleled over to what would I assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains. And so within minutes they had access. And that's the sort of stuff that we do under, you know, a lot of these tools. >>Like not, and I'm not, you know, you think about the cacophony of tools that are out there in a CTA orchestra architecture, right? I'm gonna get like a Zscaler, I'm gonna have Okta, I'm gonna have a Splunk, I'm gonna do this sore system. I mean, I don't mean to name names, we're gonna have crowd strike or, or Sentinel one in there. It's just, it's a cacophony of things that don't work together. They weren't designed work together. And so we have seen so many times in our business through our customer support and just working with customers when we do their pen test, that there will be 5,000 servers out there. Three are misconfigured. Those three misconfigurations will create the open door. Cause remember the hacker only needs to be right once, the defender needs to be right all the time. And that's the challenge. And so that's why I'm really passionate about what we're doing here at Horizon three. I see this my digital transformation, migration and security going on, which we're at the tip of the sp, it's why I joined say Hall coming on this journey and just super excited about where the path's going and super excited about the relationship with Splunk. I get into more details on some of the specifics of that. But you know, >>I mean, well you're nailing, I mean we've been doing a lot of things around super cloud and this next gen environment, we're calling it NextGen. You're really seeing DevOps, obviously Dev SecOps has, has already won the IT role has moved to the developer shift left as an indicator of that. It's one of the many examples, higher velocity code software supply chain. You hear these things. That means that it is now in the developer hands, it is replaced by the new ops, data ops teams and security where there's a lot of horizontal thinking. To your point about access, there's no more perimeter. So >>That there is no perimeter. >>Huge. A hundred percent right, is really right on. I don't think it's one time, you know, to get in there. Once you're in, then you can hang out, move around, move laterally. Big problem. Okay, so we get that. Now, the challenges for these teams as they are transitioning organizationally, how do they figure out what to do? Okay, this is the next step. They already have Splunk, so now they're kind of in transition while protecting for a hundred percent ratio of success. So how would you look at that and describe the challenges? What do they do? What is, what are the teams facing with their data and what's next? What do they, what do they, what action do they take? >>So let's do some vernacular that folks will know. So if I think about dev sec ops, right? We both know what that means, that I'm gonna build security into the app, but no one really talks about SEC DevOps, right? How am I building security around the perimeter of what's going inside my ecosystem and what are they doing? And so if you think about what we're able to do with somebody like Splunk is we could pen test the entire environment from soup to nuts, right? So I'm gonna test the end points through to it. So I'm gonna look for misconfigurations, I'm gonna, and I'm gonna look for credential exposed credentials. You know, I'm gonna look for anything I can in the environment. Again, I'm gonna do it at at light speed. And, and what we're, what we're doing for that SEC dev space is to, you know, did you detect that we were in your environment? >>So did we alert Splunk or the SIM that there's someone in the environment laterally moving around? Did they, more importantly, did they log us into their environment? And when did they detect that log to trigger that log? Did they alert on us? And then finally, most importantly, for every CSO out there is gonna be did they stop us? And so that's how we, we, we do this in, I think you, when speaking with Stay Hall, before, you know, we've come up with this boils U Loop, but we call it fine fix verify. So what we do is we go in is we act as the attacker, right? We act in a production environment. So we're not gonna be, we're a passive attacker, but we will go in un credentialed UN agents. But we have to assume, have an assumed breach model, which means we're gonna put a Docker container in your environment and then we're going to fingerprint the environment. >>So we're gonna go out and do an asset survey. Now that's something that's not something that Splunk does super well, you know, so can Splunk see all the assets, do the same assets marry up? We're gonna log all that data and think then put load that into the Splunk sim or the smoke logging tools just to have it in enterprise, right? That's an immediate future ad that they've got. And then we've got the fix. So once we've completed our pen test, we are then gonna generate a report and we could talk about about these in a little bit later. But the reports will show an executive summary the assets that we found, which would be your asset discovery aspect of that, a fixed report. And the fixed report I think is probably the most important one. It will go down and identify what we did, how we did it, and then how to fix that. >>And then from that, the pen tester or the organization should fix those. Then they go back and run another test. And then they validate through like a change detection environment to see, hey, did those fixes taste, play take place? And you know, SNA Hall, when he was the CTO of JS o, he shared with me a number of times about, he's like, Man, there would be 15 more items on next week's punch sheet that we didn't know about. And it's, and it has to do with how we, you know, how they were prioritizing the CVEs and whatnot because they would take all CVS was critical or non-critical. And it's like we are able to create context in that environment that feeds better information into Splunk and whatnot. That >>Was a lot. That brings, that brings up the, the efficiency for Splunk specifically. The teams out there. By the way, the burnout thing is real. I mean, this whole, I just finished my list and I got 15 more or whatever the list just can, keeps, keeps growing. How did Node zero specifically help Splunk teams be more efficient? Now that's the question I want to get at, because this seems like a very scalable way for Splunk customers and teams, service teams to be more efficient. So the question is, how does Node zero help make Splunk specifically their service teams be more efficient? >>So to, so today in our early interactions with building Splunk customers, what we've seen are five things, and I'll start with sort of identifying the blind spots, right? So kind of what I just talked about with you. Did we detect, did we log, did we alert? Did they stop node zero, right? And so I would, I put that at, you know, a a a more layman's third grade term. And if I was gonna beat a fifth grader at this game would be, we can be the sparring partner for a Splunk enterprise customer, a Splunk essentials customer, someone using Splunk soar, or even just an enterprise Splunk customer that may be a small shop with three people and, and just wants to know where am I exposed. So by creating and generating these reports and then having the API that actually generates the dashboard, they can take all of these events that we've logged and log them in. >>And then where that then comes in is number two is how do we prioritize those logs, right? So how do we create visibility to logs that are, have critical impacts? And again, as I mentioned earlier, not all CVEs are high impact regard and also not all are low, right? So if you daisy chain a bunch of low CVEs together, boom, I've got a mission critical AP CVE that needs to be fixed now, such as a credential moving to an NT box that's got a text file with a bunch of passwords on it, that would be very bad. And then third would be verifying that you have all of the hosts. So one of the things that Splunk's not particularly great at, and they, they themselves, they don't do asset discovery. So do what assets do we see and what are they logging from that? And then for, from, for every event that they are able to identify the, one of the cool things that we can do is actually create this low-code, no-code environment. >>So they could let, you know, float customers can use Splunk. So to actually triage events and prioritize that events or where they're being routed within it to optimize the SOX team time to market or time to triage any given event. Obviously reducing mtr. And then finally, I think one of the neatest things that we'll be seeing us develop is our ability to build glass tables. So behind me you'll see one of our triage events and how we build a lock Lockheed Martin kill chain on that with a glass table, which is very familiar to this Splunk community. We're going to have the ability, not too distant future to allow people to search, observe on those IOCs. And if people aren't familiar with an ioc, it's an incident of compromise. So that's a vector that we want to drill into. And of course who's better at drilling in into data and Splunk. >>Yeah, this is a critical, this is awesome synergy there. I mean I can see a Splunk customer going, Man, this just gives me so much more capability. Action actionability. And also real understanding, and I think this is what I wanna dig into, if you don't mind understanding that critical impact, okay. Is kind of where I see this coming. I got the data, data ingest now data's data. But the question is what not to log, You know, where are things misconfigured? These are critical questions. So can you talk about what it means to understand critical impact? >>Yeah, so I think, you know, going back to those things that I just spoke about, a lot of those CVEs where you'll see low, low, low and then you daisy chain together and you're suddenly like, oh, this is high now. But then to your other impact of like if you're a, if you're a a Splunk customer, you know, and I had, I had several of them, I had one customer that, you know, terabytes of McAfee data being brought in and it was like, all right, there's a lot of other data that you probably also wanna bring, but they could only afford, wanted to do certain data sets because that's, and they didn't know how to prioritize or filter those data sets. And so we provide that opportunity to say, Hey, these are the critical ones to bring in. But there's also the ones that you don't necessarily need to bring in because low CVE in this case really does mean low cve. >>Like an ILO server would be one that, that's the print server where the, your admin credentials are on, on like a, a printer. And so there will be credentials on that. That's something that a hacker might go in to look at. So although the CVE on it is low, if you daisy chain was something that's able to get into that, you might say, ah, that's high. And we would then potentially rank it giving our AI logic to say that's a moderate. So put it on the scale and we prioritize though, versus a, a vulner review scanner's just gonna give you a bunch of CVEs and good luck. >>And translating that if I, if I can and tell me if I'm wrong, that kind of speaks to that whole lateral movement. That's it. Challenge, right? Print server, great example, look stupid low end, who's gonna wanna deal with the print server? Oh, but it's connected into a critical system. There's a path. Is that kind of what you're getting at? >>Yeah, I used daisy chain. I think that's from the community they came from. But it's, it's just a lateral movement. It's exactly what they're doing. And those low level, low critical lateral movements is where the hackers are getting in. Right? So that's what the beauty thing about the, the Uber example is that who would've thought, you know, I've got my multifactor authentication going in a human made a mistake. We can't, we can't not expect humans to make mistakes. Were fall, were fallible, right? Yeah. The reality is is once they were in the environment, they could have protected themselves by running enough pen tests to know that they had certain exposed credentials that would've stopped the breach. Yeah. And they did not, had not done that in their environment. And I'm not poking. Yeah, >>They put it's interesting trend though. I mean it's obvious if sometimes those low end items are also not protected well. So it's easy to get at from a hacker standpoint, but also the people in charge of them can be fished easily or spear fished because they're not paying attention. Cause they don't have to. No one ever told them, Hey, be careful of what you collect. >>Yeah. For the community that I came from, John, that's exactly how they, they would meet you at a, an international event introduce themselves as a graduate student. These are national actor states. Would you mind reviewing my thesis on such and such? And I was at Adobe at the time though I was working on this and start off, you get the pdf, they opened the PDF and whoever that customer was launches, and I don't know if you remember back in like 2002, 2008 time frame, there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it. And John, that's >>Or LinkedIn. Hey I wanna get a joke, we wanna hire you double the salary. Oh I'm gonna click on that for sure. You know? Yeah, >>Right. Exactly. Yeah. The one thing I would say to you is like when we look at like sort of, you know, cuz I think we did 10,000 pen test last year is it's probably over that now, you know, we have these sort of top 10 ways that we think then fine people coming into the environment. The funniest thing is that only one of them is a, a CVE related vulnerability. Like, you know, you guys know what they are, right? So it's it, but it's, it's like 2% of the attacks are occurring through the CVEs, but yet there's all that attention spent to that. Yeah. And very little attention spent to this pen testing side. Yeah. Which is sort of this continuous threat, you know, monitoring space and, and, and this vulnerability space where I think we play such an important role and I'm so excited to be a part of the tip of the spear on this one. >>Yeah. I'm old enough to know the movie sneakers, which I love as a, you know, watching that movie, you know, professional hackers are testing, testing, always testing the environment. I love this. I gotta ask you, as we kind of wrap up here, Chris, if you don't mind the benefits to team professional services from this alliance, big news Splunk and you guys work well together. We see that clearly. What are, what other benefits do professional services teams see from the Splunk and Horizon three AI alliance? >>So if you're a, I think for, from our, our, from both of our partners as we bring these guys together and many of them already are the same partner, right? Is that first off, the licensing model is probably one of the key areas that we really excel at. So if you're an end user, you can buy for the enterprise by the enter of IP addresses you're using. But if you're a partner working with this, there's solution ways that you can go in and we'll license as to MSPs and what that business model on our MSPs looks like. But the unique thing that we do here is this c plus license. And so the Consulting Plus license allows like a, somebody a small to midsize to some very large, you know, Fortune 100, you know, consulting firms uses by buying into a license called Consulting Plus where they can have unlimited access to as many ips as they want. >>But you can only run one test at a time. And as you can imagine when we're going and hacking passwords and checking hashes and decrypting hashes, that can take a while. So, but for the right customer, it's, it's a perfect tool. And so I I'm so excited about our ability to go to market with our partners so that we underhand to sell, understand how not to just sell too or not tell just to sell through, but we know how to sell with them as a good vendor partner. I think that that's one thing that we've done a really good job building bringing into market. >>Yeah. I think also the Splunk has had great success how they've enabled partners and professional services. Absolutely. They've, you know, the services that layer on top of Splunk are multifold tons of great benefits. So you guys vector right into that ride, that wave with >>Friction. And, and the cool thing is that in, you know, in one of our reports, which could be totally customized with someone else's logo, we're going to generate, you know, so I, I used to work at another organization, it wasn't Splunk, but we, we did, you know, pen testing as a, as a for, for customers and my pen testers would come on site, they, they do the engagement and they would leave. And then another really, someone would be, oh shoot, we got another sector that was breached and they'd call you back, you know, four weeks later. And so by August our entire pen testings teams would be sold out and it would be like, wow. And in March maybe, and they'd like, No, no, no, I gotta breach now. And, and, and then when they do go in, they go through, do the pen test and they hand over a PDF and they pat you on the back and say, there's where your problems are, you need to fix it. And the reality is, is that what we're gonna generate completely autonomously with no human interaction is we're gonna go and find all the permutations that anything we found and the fix for those permutations and then once you fixed everything, you just go back and run another pen test. Yeah. It's, you know, for what people pay for one pen test, they could have a tool that does that. Every, every pat patch on Tuesday pen test on Wednesday, you know, triage throughout the week, >>Green, yellow, red. I wanted to see colors show me green, green is good, right? Not red. >>And once CIO doesn't want, who doesn't want that dashboard, right? It's, it's, it is exactly it. And we can help bring, I think that, you know, I'm really excited about helping drive this with the Splunk team cuz they get that, they understand that it's the green, yellow, red dashboard and, and how do we help them find more green so that the other guys are >>In Yeah. And get in the data and do the right thing and be efficient with how you use the data, Know what to look at. So many things to pay attention to, you know, the combination of both and then, then go to market strategy. Real brilliant. Congratulations Chris. Thanks for coming on and sharing this news with the detail around this Splunk in action around the alliance. Thanks for sharing, >>John. My pleasure. Thanks. Look forward to seeing you soon. >>All right, great. We'll follow up and do another segment on DevOps and IT and security teams as the new new ops, but, and Super cloud, a bunch of other stuff. So thanks for coming on. And our next segment, the CEO of Verizon, three AA, will break down all the new news for us here on the cube. You're watching the cube, the leader in high tech enterprise coverage.

>>Good afternoon, everyone. And welcome back to the VMware Explorer. 2022 live from San Francisco. Lisa Martin, here with Dave. Valante good to be sitting next to you, sir. >>Yeah. Yeah. The big set >>And we're very excited to be welcoming buck. One of our esteemed alumni Sanja poin joins us, the CEO and president of cohesive. Nice to see >>You. Thank you, Lisa. Thank you, Dave. It's great to meet with you all the time and the new sort of setting here, but first >>Time, first time we've been in west, is that right? We've been in north. We've been in south. We've been in Las Vegas, right. But west, >>I mean, it's also good to be back with live shows with absolutely, you know, after sort of the two or three or hiatus. And it was a hard time for the whole world, but I'm kind of driving a little bit of adrenaline just being here with people. So >>You've also got some adrenaline, sorry, Dave. Yeah, you're good because you are new in the role at cohesive. You wrote a great blog that you are identified. The four reasons I came to cohesive. Tell the audience, just give 'em a little bit of a teaser about that. >>Yeah, I think you should all read it. You can Google and, and Google find that article. I talked about the people Mohi is a fantastic founder. You know, he was the, you know, the architect of the Google file system. And you know, one of the senior Google executives was on my board. Bill Corrin said one of the smartest engineers. He was the true father of hyperconverge infrastructure. A lot of the code of Nutanix. He wrote, I consider him really the father of that technology, which brought computer storage. And when he took that same idea of bringing compute to secondary storage, which is really what made the scale out architect unique. And we were at your super cloud event talking about that, Dave. Yeah. Right. So it's a people I really got to respect his smarts, his integrity and the genius, what he is done. I think the customer base, I called a couple of customers. One of them, a fortune 100 customer. I, I can't tell you who it was, but a very important customer. I've known him. He said, I haven't seen tech like this since VMware, 20 years ago, Amazon 10 years ago and now Ko. So that's special league. We're winning very much in the enterprise and that type of segment, the partners, you know, we have HPE, Cisco as investors. Amazon's an investors. So, you know, and then finally the opportunity, I think this whole area of data management and data security now with threats, like ransomware big opportunity. >>Okay. So when you were number two at VMware, you would come on and say, we'd love all our partners and of course, okay. So you know, a little bit about how to work with, with VMware. So, so when you now think about the partnership between cohesive and VMware, what are the things that you're gonna stress to your constituents on the VMware side to convince them that Hey, partnering with cohesive is gonna gonna drive more value for customers, you know, put your thumb on the scale a little bit. You know, you gotta, you gotta unfair advantage somewhat, but you should use it. So what's the narrative gonna be like? >>Yeah, I think listen with VMware and Amazon, that probably their top two partners, Dave, you know, like one of the first calls I made was to Raghu and he knew about this decision before. That's the level of trust I have in him. I even called Michael Dell, you know, before I made the decision, there's a little bit of overlap with Dell, but it's really small compared to the overlap, the potential with Dell hardware that we could compliment. And then I called four CEOs. I was, as I was making this decision, Andy Jassey at Amazon, he was formerly AWS CEO sat Nadela at Microsoft Thomas cor at Google and Arvin Christian, IBM to say, I'm thinking about this making decision. They are many of the mentors and friends to me. So I believe in an ecosystem. And you know, even Chuck Robbins, who the CEO of Cisco is an investor, I texted him and said, Hey, finally, we can be friends. >>It was harder to us to be friends with Cisco, given the overlap of NSX. So I have a big tent towards everybody in our ecosystem with VMware. I think the simple answer is there's no overlap okay. With, with the kind of the primary storage capabilities with VSAN. And by the same thing with Nutanix, we will be friends and, and extend that to be the best data protection solution. But given also what we could do with security, I think this is gonna go a lot further. And then it's all about meet the field. We have common partners. I think, you know, sort of the narrative I talked about in that blog is just like snowflake was replacing Terada and ServiceNow replace remedy and CrowdStrike, replacing Symantec, we're replacing legacy vendors. We are viewed as the modern solution cloud optimized for private and public cloud. We can help you and make VMware and vs a and VCF very relevant to that part of the data management and data security continuum, which I think could end VMware. And by the way, the same thing into the public cloud. So most of the places where we're being successful is clearly withs, but increasingly there's this discussion also about playing into the cloud. So I think both with VMware and Amazon, and of course the other partners in the hyperscaler service, storage, networking place and security, we have some big plans. >>How, how much do you see this? How do you see this multi-cloud narrative that we're hearing here from, from VMware evolving? How much of an opportunity is it? How are customers, you know, we heard about cloud chaos yesterday at the keynote, are customers, do they, do they admit that there's cloud chaos? Some probably do some probably don't how much of an opportunity is that for cohesive, >>It's tremendous opportunity. And I think that's why you need a Switzerland type player in this space to be successful. And you know, and you can't explicitly rule out the fact that the big guys get into this space, but I think it's, if you're gonna back up office 365 or what they call now, Microsoft 365 into AWS or Google workspace into Azure or Salesforce into one of those clouds, you need a Switzerland player. It's gonna be hard. And in many cases, if you're gonna back up data or you protect that data into AWS banks need a second copy of that either on premise or Azure. So it's very hard, even if they have their own native data protection for them to be dual cloud. So I think a multi-cloud story and the fact that there's at least three big vendors of cloud in, in the us, you know, one in China, if include Alibaba creates a Switzerland opportunity for us, that could be fairly big. >>And I think, you know, what we have to do is make sure while we'll be optimized, our preferred cloud is AWS. Our control plane runs there. We can't take an all in AWS stack with the control plane and the data planes at AWS to Walmart. So what I've explained to both Microsoft and AWS is that data plane will need to be multi-cloud. So I can go to an, a Walmart and say, I can back up your data into Azure if you choose to, but the control plane's still gonna be an AWS, same thing with Google. Maybe they have another account. That's very Google centric. So that's how we're gonna believe the, the control plane will be in AWS. We'll optimize it there, but the data plane will be multicloud. >>Yeah. And that's what Mo had explained at Supercloud. You know, and I talked to him, he really helped me hone in on the deployment models. Yes. Where, where, where the cohesive deployment model is instantiating that technology stack into each cloud region and each cloud, which gives you latency advantages and other advantages >>And single code based same platform. >>And then bringing it, tying it together with a unified, you know, interface. That was he, he was, he was key. In fact, I, I wrote about it recently and, and gave him and the other 29 >>Quite a bit in that session, he went deep with you. I >>Mean, with Mohi, when you get a guy who developed a Google file system, you know, who can technically say, okay, this is technically correct or no, Dave, your way off be. So I that's why I had to >>Go. I, I thought you did a great job in that interview because you probed him pretty deep. And I'm glad we could do that together with him next time. Well, maybe do that together here too, but it was really helpful. He's the, he's the, he's the key reason I'm here. >>So you say data management is ripe for disrupt disruption. Talk about that. You talked about this Switzerland effect. That sounds to me like a massive differentiator for cohesive. Why is data management right for disruption and why is cohesive the right partner to do it? >>Yeah, I think, listen, everyone in this sort of data protection backup from years ago have been saying the S Switzerland argument 18 years ago, I was a at Veras an executive there. We used the Switzerland argument, but what's changed is the cloud. And what's changed as a threat vector in security. That's, what's changed. And in that the proposition of a, a Switzerland player has just become more magnified because you didn't have a sales force or Workday service now then, but now you do, you didn't have multi-cloud. You had hardware vendors, you know, Dell, HPE sun at the time. IBM, it's now Lenovo. So that heterogeneity of, of on-premise service, storage, networking, HyperCloud, and, and the apps world has gotten more and more diverse. And I think you really need scale out architectures. Every one of the legacy players were not built with scale out architectures. >>If you take that fundamental notion of bringing compute to storage, you could almost paralyze. Imagine you could paralyze backup recovery and bring so much scale and speed that, and that's what Mo invented. So he took that idea of how he had invented and built Nutanix and applied that to secondary storage. So now everything gets faster and cheaper at scale. And that's a disruptive technology ally. What snowflake did to ator? I mean, the advantage of snowflake is when you took that same concept data, warehousing is not a new concept it's existed from since Ralph Kimball and bill Inman and the people who are fathers of data warehousing, they took that to Webscale. And in that came a disruptive force toter data, right on snowflake. And then of course now data bricks and big query, similar things. So we're doing the same thing. We just have to showcase the customers, which we do. And when large customers see that they're replacing the legacy solutions, I have a lot of respect for legacy solutions, but at some point in time of a solution was invented in 1995 or 2000, 2005. It's right. For change. >>So you use snowflake as an example, Frank SL doesn't like when I say playbook, cuz I says, Dave, I'm a situational CEO, no playbook, but there are patterns here. And one of the things he did is to your point go after, you know, Terra data with a better data warehouse, simplify scale, et cetera. And now he's, he's a constructing a Tam expansion strategy, same way he did at ServiceNow. And I see you guys following a similar pattern. Okay. You get your foot in the door. Let's face it. I mean, a lot of this started with, you know, just straight back. Okay, great. Now it's extending into data management now extending to multi-cloud that's like concentric circles in a Tam expansion strategy. How, how do you, as, as a CEO, that's part of your job is Tam expansion. >>So yeah, I think the way to think about the Tam is, I mean, people say it's 20, 30 billion, but let me tell you how you can piece it apart in size, Dave and Lisa number one, I estimate there's probably about 10 to 20 exabytes of data managed by these legacy players of on-prem stores that they back up to. Okay. So you add them all up in the market shares that they respectively are. And by the way, at the peak, the biggest of these companies got to 2 billion and then shrunk. That was Verto when I was there in 2004, 2 billion, every one of them is small and they stopped growing. You look at the IDC charts. Many of them are shrinking. We are the fastest growing in the last two years, but I estimate there's about 20 exabytes of data that collectively among the legacy players, that's either gonna stay on prem or move to the cloud. Okay. So the opportunity as they replace one of those legacy tools with us is first off to manage that 20 X by cheaper, faster with the Webscale glass offer the cloud guys, we could tip that into the cloud. Okay. >>But you can't stop there. >>Okay. No, we are not doing just backup recovery. We have a platform that can do files. We can do test dev analytics and now security. Okay. That data is potentially at a risk, not so much in the past, but for ransomware, right? How do we classify that? How do we govern that data? How do we run potential? You know, the same way you did antivirus some kind of XDR algorithms on the data to potentially not just catch the recovery process, which is after fact, but maybe the predictive act of before to know, Hey, there's somebody loitering around this data. So if I'm basically managing in the exabytes of data and I can proactively tell you what, this is, one CIO described this very simply to me a few weeks ago that I, and she said, I have 3000 applications, okay. I wanna be prepared for a black Swan event, except it's not a nine 11 planes getting the, the buildings. >>It is an extortion event. And I want to know when that happens, which of my 3000 apps I recover within one hour within one day within one week, no later than one month. Okay. And I don't wanna pay the bad guys at penny. That's what we do. So that's security discussions. We didn't have that discussion in 2004 when I was at another company, because we were talking about flood floods and earthquakes as a disaster recovery. Now you have a lot more security opportunity to be able to describe that. And that's a boardroom discussion. She needs to have that >>Digital risk. O O okay, go ahead please. I >>Was just gonna say, ransomware attack happens every what? One, every 11, 9, 11 seconds. >>And the dollar amount are going up, you know, dollar are going up. Yep. >>And, and when you pay the ransom, you don't always get your data back. So you that's not. >>And listen, there's always an ethical component. Should you do it or not do it? If you, if you don't do it and you're threatened, they may have left an Easter egg there. Listen, I, I feel very fortunate that I've been doing a lot in security, right? I mean, I built the business at, at, at VMware. We got it to over a billion I'm on the board of sneak. I've been doing security and then at SAP ran. So I know a lot about security. So what we do in security and the ecosystem that supports us in security, we will have a very carefully crafted stay tuned. Next three weeks months, you'll see us really rolling out a very kind of disciplined aspect, but we're not gonna pivot this company and become a cyber security company. Some others in our space have done that. I think that's not who we are. We are a data management and a data security company. We're not just a pure security company. We're doing both. And we do it well, intelligently, thoughtfully security is gonna be built into our platform, not voted on. Okay. And there'll be certain security things that we do organically. There's gonna be a lot that we do through partnerships, this >>Security market that's coming to you. You don't have to go claim that you're now a security vendor, right? The market very naturally saying, wow, a comprehensive security strategy has to incorporate a data protection strategy and a recovery, you know, and the things that we've talking about Mount ransomware, I want to ask you, you I've been around a long time, longer than you actually Sanjay. So, but you you've, you've seen a lot. You look, >>Thank you. That's all good. Oh, >>Shucks. So the market, I've never seen a market like this, right? I okay. After the.com crash, we said, and I know you can't talk about IPO. That's not what I'm talking about, but everything was bad after that. Right. 2008, 2000, everything was bad. I've never seen a market. That's half full, half empty, you know, snowflake beats and raises the stock, goes through the roof. Dev if it, if the area announced today, Mongo, DB, beat and Ray, that things getting crushed and, and after market never seen anything like this. It's so fed, driven and, and hard to protect. And, and of course, I know it's a marathon, you know, it's not a sprint, but have you ever seen anything like this? >>Listen, I walk worked through 18 quarters as COO of VMware. You've seen where I've seen public quarters there and you know, was very fortunate. Thanks to the team. I don't think I missed my numbers in 18 quarters except maybe once close. But we, it was, it's tough. Being a public company of the company is tough. I did that also at SAP. So the journey from 10 to 20 billion at SAP, the journey from six to 12 at VMware, that I was able to be fortunate. It's humbling because you, you really, you know, we used to have this, we do the earnings call and then we kind of ask ourselves, what, what do you think the stock price was gonna be a day and a half later? And we'd all take bets as to where this, I think you just basically, as a, as a sea level executive, you try to build a culture of beaten, raise, beaten, raise, beaten, raise, and you wanna set expectations in a way that you're not setting them up for failure. >>And you know, it's you, there's, Dave's a wonderful CEO as is Frank Salman. So it's hard for me to dissect. And sometimes the market are fickle on some small piece of it. But I think also the, when I, I encourage people say, take the long term view. When you take the long term view, you're not bothered about the ups and downs. If you're building a great company over the length of time, now it will be very clear over the arc of many, many quarters that you're business is trouble. If you're starting to see a decay in growth. And like, for example, when you start to see a growth, start to decay significantly by five, 10 percentage points, okay, there's something macro going on at this company. And that's what you won't avoid. But these, you know, ups and downs, my view is like, if you've got both Mongo D and snowflake are fantastic companies, they're CEOs of people I respect. They've actually kind of an, a, you know, advisor to us as a company, you knows moat very well. So we respect him, respect Frank, and you, there have been other quarters where Frank's, you know, the Snowflake's had a down result after that. So you build a long term and they are on the right side of history, snowflake, and both of them in terms of being a modern cloud relevant in the case of MongoDB, open source, two data technology, that's, you know, winning, I, I, we would like to be like them one day >>As, as the new CEO of cohesive, what are you most ask? What are you most anxious about and what are you most excited about? >>I think, listen, you know, you know, everything starts with the employee. You, I always believe I wrote my first memo to all employees. There was an article in Harvard business review called service profit chains that had a seminal impact on my leadership, which is when they studied companies who had been consistently profitable over a long period of time. They found that not just did those companies serve their customers well, but behind happy engaged customers were happy, engaged employees. So I always believe you start with the employee and you ensure that they're engaged, not just recruiting new employees. You know, I put on a tweet today, we're hiring reps and engineers. That's okay. But retaining. So I wanna start with ensuring that everybody, sometimes we have to make some unfortunate decisions with employees. We've, we've got a part company with, but if we can keep the best and brightest retained first, then of course, you know, recruiting machine, I'm trying to recruit the best and brightest to this company, people all over the place. >>I want to get them here. It's been, so I mean, heartwarming to come Tom world and just see people from all walks, kind of giving me hugs. I feel incredibly blessed. And then, you know, after employees, it's customers and partners, I feel like the tech is in really good hands. I don't have to worry about that. Cuz Mo it's in charge. He's got this thing. I can go to bed knowing that he's gonna keep innovating the future. Maybe in some of the companies I've worried about the tech innovation piece, but most doing a great job there. I can kind of leave that in his cap of hands, but employees, customers, partners, that's kind of what I'm focused on. None of them are for me, like a keep up at night, but there are are opportunities, right? And sometimes there's somebody you're trying to salvage to make sure or somebody you're trying to convince to join. >>But you know, customers, I love pursuing customers. I love the win. I hate to lose. So fortune 1000 global, 2000 companies, small companies, big companies, I wanna win every one of them. And it's not, it's not like, I mean, I know all these CEOs in my competitors. I texted him the day I joined and said, listen, I'll compete, honorably, whatever have you, but it's like Kobe and LeBron Kobe's passed away now. So maybe it's Steph Curry. LeBron, whoever your favorite athlete is you put your best on the court and you win. And that's how I am. That's nothing I've known no other gear than to put my best on the court and win, but do it honorably. It should not be the one that you're doing it. Unethically. You're doing it personally. You're not calling people's names. You're competing honorably. And when you win the team celebrates, it's not a victory for me. It's a victory for the team. >>I always think I'm glad that you brought up the employee experience and we're almost out of time, but I always think the employee experience and the customer experience are inextricably linked. This employees have to be empowered. They have to have the data that they need to do their job so that they can deliver to the customer. You can't do one without the other. >>That's so true. I mean, I, it's my belief. And I've talked also on this show and others about servant leadership. You know, one of my favorite poems is Brenda Naor. I went to bed in life. I dreamt that life was joy. I woke up and realized life was service. I acted in service was joy. So when you have a leadership model, which is it's about, I mean, there's lots of layers between me and the individual contributor, but I really care about that sales rep and the engineer. That's the leaf level of the organization. What can I get obstacle outta their way? I love skipping levels of going right. That sales rep let's go and crack this deal. You know? So you have that mindset. Yeah. I mean, you, you empower, you invert the pyramid and you realize the power is at the leaf level of an organization. >>So that's what I'm trying to do. It's a little easier to do it with 2000 people than I dunno, either 20, 20, 2000 people or 35,000 reported me at VMware. And I mean a similar number at SAP, which was even bigger, but you can shape this. Now we are, we're not a startup anymore. We're a midsize company. We'll see. Maybe along the way, there's an IP on the path. We'll wait for that. When it comes, it's a milestone. It's not the destination. So we do that and we are, we, I told people we are gonna build this green company. Cohesive is gonna be a great company like VMware one day, like Amazon. And there's always a day of early beginnings, but we have to work harder. This is kind of like the, you know, eight year old version of your kid, as opposed to the 18 year old version of the kid. And you gotta work a little harder. So I love it. Yeah. >>Good luck. Awesome. Thank you. Best of luck. Congratulations. On the role, it sounds like there's a tremendous amount of adrenaline, a momentum carrying you forward Sanjay. We always appreciate having you. Thank >>You for having in your show. >>Thank you. Our pleasure, Lisa. Thank you for Sanja poin and Dave ante. I'm Lisa Martin. You're watching the cube live from VMware Explorer, 2022, stick around our next guest. Join us momentarily.

>>Good afternoon, everyone. And welcome back to the Cube's day two coverage of VMware Explorer, 2022 live from San Francisco. Lisa Martin, here with Dave. Valante good to be sitting next to you, sir. >>Yeah, the big >>Set and we're very excited to be welcoming back. One of our esteemed alumni Sanja poin joins us, the CEO and president of cohesive. Nice to see >>You. Thank you, Lisa. Thank you, Dave. It's great to meet with you all the time and the new sort of setting here, but >>First time we've been in west, is that right? We've been in north. We've been in south. We've been in Las Vegas, right. But west >>Nice. Well, I mean, it's also good to be back with live shows with absolutely, you know, after sort of the two or three or high. And it was a hard time for the whole world, but I'm kind of driving a little bit of adrenaline just being here with people. So >>You've also got some adrenaline, sorry, Dave. Yeah, you're good because you are new in the role at cohesive. You wrote a great blog that you are identified. The four reasons I came to cohesive. Tell the audience, just give 'em a little bit of a teaser about that. >>Yeah, I think you should all read it. You can Google and, and Google find that article. I talked about the people Mohi is a fantastic founder. You know, he was the, you know, the architect of the Google file system. And you know, one of the senior Google executives who was on my board, bill Corrin said one of the smartest engineers. He was the true father of hyperconverge infrastructure. A lot of the code of Nutanix. He wrote, I consider him really the father of that technology, which brought computer storage. And when he took that same idea of bringing compute to secondary storage, which is really what made the scale out architect unique. And we were at your super cloud event talking about that, Dave. Yeah. Right. So it's a people I really got to respect his smarts, his integrity and the genius, what he is done. >>I think the customer base, I called a couple of customers. One of them, a fortune 100 customer. I, I can't tell you who it was, but a very important customer. I've known him. He said, I haven't seen tech like this since VMware, 20 years ago, Amazon 10 years ago. And now COER so that's special league. We're winning very much in the enterprise and that type of segment, the partners, you know, we have HPE, Cisco as investors, Amazon's an investors. So, you know, and then finally the opportunity, I think this whole area of data management and data security now with threats, like ransomware big opportunity. >>Sure. Okay. So when you were number two at VMware, you would come on and say, we'd love all our partners and of course, okay. So you know, a little bit about how to work with, with VMware. So, so when you now think about the partnership between cohesive and VMware, what are the things that you're gonna stress to your constituents on the VMware side to convince them that Hey, partnering with cohesive is gonna gonna drive more value for customers, you know, put your thumb on the scale a little bit. You know, you gotta, you gotta unfair advantage somewhat, but you should use it. So what's the narrative gonna be like? >>Yeah. I think listen with VMware and Amazon, that probably their top two partners, Dave, you know, like one of the first calls I made was to Raghu and he knew about this decision before. That's the level of trust I have in him. I even called Michael Dell, you know, before I made the decision, there's a little bit of an overlap with Dell, but it's really small compared to the overlap, the potential with Dell hardware that we could compliment. And then I called four CEOs. I was, as I was making this decision, Andy Jassy at Amazon, he was formerly AWS CEO sat Nadela at Microsoft Thomas cor at Google and Arvin Christian at IBM to say, I'm thinking about this making decision. They are many of the mentors and friends to me. So I believe in an ecosystem. And you know, even Chuck Robbins, who the CEO of Cisco is an investor, I texted him and said, Hey, finally, we can be friends. >>It was harder to us to be friends with Cisco, given the overlap of NEX. So I have a big tent towards everybody in our ecosystem with VMware. I think the simple answer is there's no overlap okay. With, with the kind of the primary storage capabilities with VSAN. And by the same thing with Nutanix, we will be friends and, and extend that to be the best data protection solution. But given also what we could do with security, I think this is gonna go a lot further. And then it's all about meet in the field. We have common partners. I think, you know, sort of the narrative I talked about in that blog is just like snowflake was replacing Terada and ServiceNow replace remedy and CrowdStrike, replacing Symantec, we're replacing legacy vendors. We are viewed as the modern solution cloud optimized for private and public cloud. We can help you and make VMware and VSAN and VCF very relevant to that part of the data management and data security continuum, which I think could enhance VMware. And by the way, the same thing into the public cloud. So most of the places where we're being successful is clearly withs, but increasingly there's this discussion also about playing into the cloud. So I think both with VMware and Amazon, and of course the other partners in the hyperscaler service, storage, networking place and security, we have some big plans. >>How, how much do you see this? How do you see this multi-cloud narrative that we're hearing here from, from VMware evolving? How much of an opportunity is it? How are customers, you know, we heard about cloud chaos yesterday at the keynote, are customers, do they, do they admit that there's cloud chaos? Some probably do some probably don't how much of an opportunity is that for cohesive, >>It's tremendous opportunity. And I think that's why you need a Switzerland type player in this space to be successful. And you know, and you can't explicitly rule out the fact that the big guys get into this space, but I think it's, if you're gonna back up office 365 or what they call now, Microsoft 365 into AWS or Google workspace into Azure or Salesforce into one of those clouds, you need a Switzerland player it's gonna be out. And in many cases, if you're gonna back up data or you protect that data into AWS banks need a second copy of that either on premise or Azure. So it's very hard, even if they have their own native data protection for them to be dual cloud. So I think a multi-cloud story and the fact that there's at least three big vendors of cloud in, in the us, you know, one in China, if include Alibaba creates a Switzerland opportunity for us, that could be fairly big. >>And I think, you know, what we have to do is make sure while we'll be optimized, our preferred cloud is AWS. Our control plane runs there. We can't take an all in AWS stack with the control plane and the data planes at AWS to Walmart. So what I've explained to both Microsoft and AWS is that data plane will need to be multicloud. So I can go to an a Walmart and say, I can back up your data into Azure if you choose to, but the control, plane's still gonna be an AWS, same thing with Google. Maybe they have another account. That's very Google centric. So that's how we're gonna play the, the control plane will be in AWS. We'll optimize it there, but the data plane will be multi-cloud. >>Yeah. And that's what Mo had explained at Supercloud. You know, and I talked to, he really helped me hone in on the deployment models. Yes. Where, where, where the cohesive deployment model is instantiating that technology stack into each cloud region and each cloud, which gives you latency advantages and other advantages >>And single code based same platform, >>And then bringing it, tying it together with a unified, you know, interface. That was he, he was, he was key. In fact, I, I wrote about it recently and, and gave him and the other 20, >>Quite a bit in that session. Yeah. So he went deep with you. I >>Mean, with Mohi, when you get a guy who developed a Google file system, you know, who can technically say, okay, this is technically correct or no, Dave, your way off be so I that's why I had to >>Go. I, I thought you did a great job in that interview because you probed him pretty deep and I'm glad we could do that together with him next time. Well, maybe do that together here too, but it was really helpful. He's the, he's the, he's the key reason I'm here. >>So you say data management is ripe for disrupt disruption. Talk about that. You talked about this Switzerland effect. That sounds to me like a massive differentiator for cohesive. Why is data management right. For disruption and why is cohesive the right partner to do it? >>Yeah, I think, listen, everyone in this sort of data protection backup from years ago have been saying the S Switzerland argument 18 years ago, I was a at Veras an executive there. We used the Switzerland argument, but what's changed is the cloud. And what's changed as a threat vector in security. That's, what's changed. And in that the proposition of a, a Switzerland player has just become more magnified because you didn't have a sales force or Workday service now then, but now you do, you didn't have multi-cloud. You had hardware vendors, you know, Dell, HPE sun at the time. IBM, it's now Lenovo. So that heterogeneity of, of on-premise service, storage, networking, HyperCloud, and, and the apps world has gotten more and more diverse. And I think you really need scale out architectures. Every one of the legacy players were not built with scale out architectures. >>If you take that fundamental notion of bringing compute to storage, you could almost paralyze. Imagine you could paralyze backup recovery and bring so much scale and speed that, and that's what Mo invented. So he took that idea of how he had invented and built Nutanix and applied that to secondary storage. So now everything gets faster and cheaper at scale. And that's a disruptive technology ally. What snowflake did to ator? I mean, the advantage of snowflake is when you took that same concept data, warehousing is not a new concept it's existed from since Ralph Kimble and bill Inman and the people who are fathers of data warehousing, they took that to Webscale. And in that came a disruptive force toter data, right? And snowflake. And then of course now data bricks and big query, similar things. So we're doing the same thing. We just have to showcase the customers, which we do. And when large customers see that they're replacing the legacy solutions, I have a lot of respect for legacy solutions, but at some point in time of a solution was invented in 1995 or 2000, 2005. It's right. For change. >>So you use snowflake as an example, Frank sluman doesn't like when I say playbook, cuz I says, Dave, I'm a situational. See you no playbook, but there are patterns here. And one of the things he did is to your point go after, you know, Terra data with a better data warehouse, simplify scale, et cetera. And now he's, he's a constructing a Tam expansion strategy, same way he did at ServiceNow. And I, you guys following a similar pattern. Okay. You get your foot in the door. Let's face it. I mean, a lot of this started with, you know, just straight back. Okay, great. Now it's extending into data management now extending to multi-cloud that's like concentric circles in a Tam expansion strategy. How, how do as, as a CEO, that's part of your job is Tam expansion. >>So yeah, I think the way to think about the Tam is, I mean, people say it's 20, 30 billion, but let me tell you how you can piece it apart in size, Dave and Lisa number one, I estimate there's probably about 10 to 20 exabytes of data managed by these legacy players of on-prem stores that they back up to. Okay. So you add them all up in the market shares that they respectively are. And by the way, at the peak, the biggest of these companies got to 2 billion and then shrunk. That was Verto when I was there in 2004, 2 billion, every one of them is small and they stopped growing. You look at the IDC charts. Many of them are shrinking. We are the fastest growing in the last two years, but I estimate there's about 20 exabytes of data that collectively among the legacy players, that's either gonna stay on prem or move to the cloud. Okay. So the opportunity as they replace one of those legacy tools with us is first off to manage that 20 X bike cheaper, faster with the Webscale, a glass or for the cloud guys, we could tip that into the cloud. Okay. >>But you can't stop there. >>Okay. No, we are not doing just back recovery. Right. We have a platform that can do files. We can do test dev analytics and now security. Okay. That data is potentially at a risk, not so much in the past, but for ransomware, right? How do we classify that? How do we govern that data? How do we run potential? You know, the same way you did antivirus some kind of XDR algorithms on the data to potentially not just catch the recovery process, which is after fact, but maybe the predictive act of before to know, Hey, there's somebody loitering around this data. So if I'm basically managing in the exabytes of data and I can proactively tell you what, this is, one CIO described this very simply to me a few weeks ago that I, and she said, I have 3000 applications, okay. I wanna be prepared for a black Swan event, except it's not a nine 11 planes hitting the, the buildings. >>It is an extortion event. And I want to know when that happens, which of my 3000 apps I recover within one hour within one day within one week, no lay than one month. Okay. And I don't wanna pay the bad guys of penny. That's what we do. So that's security discussions. We didn't have that discussion in 2004 when I was at another company, because we were talking about flood floods and earthquakes as a disaster recovery. Now you have a lot more security opportunity to be able to describe that. And that's a boardroom discussion. She needs to have that >>Digital risk. O O okay, go ahead please. I >>Was just gonna say, ransomware attack happens every what? One, every 11, 9, 11 seconds. >>And the dollar amount are going up, you know, dollar of what? >>Yep. And, and when you pay the ransom, you don't always get your data back. So you that's >>Not. And listen, there's always an ethical component. Should you do it or not do it? If you, if you don't do it and you're threatened, they may have left an Easter egg there. Listen, I, I feel very fortunate that I've been doing a lot in security, right? I mean, I built the business at, at, at VMware. We got it to over a billion I'm on the board of sneak. I've been doing security and then at SAP ran. So I know a lot about security. So what we do in security and the ecosystem that supports us in security, we will have a very carefully crafted stay tuned. Next three weeks months, you'll see us really rolling out a very kind of disciplined aspect, but we're not gonna pivot this company and become a cyber security company. Some others in our space have done that. I think that's not who we are. We are a data management and a data security company. We're not just a pure security company. We're doing both. And we do it well, intelligently, thoughtfully security is gonna be built into our platform, not bolted on, okay. And there'll be certain security things that we do organically. There's gonna be a lot that we do through partnerships, >>This security market that's coming to you. You don't have to go claim that you're now a security vendor, right? The market very naturally saying, wow, a comprehensive security strategy has to incorporate a data protection strategy and a recovery, you know, and the things we've talking about, Mount ransomware, I want to ask you, you know, I've been around a long time, longer than you actually Sanjay. So, but you you've, you've seen a lot. You look incredibly, >>Thank you. That's all good. Oh, >>Shocks. So the market, I've never seen a market like this, right? I okay. After the.com crash, we said, and I know you can't talk about IPO. That's not what I'm talking about, but everything was bad after that. Right. 2008, 2000, everything was bad. I've never seen a market. That's half full, half empty, you know, snowflake beats and raises the stock, goes through the roof. Dev if it, the area announced today, Mongo, DB, beat and Ray, that things getting crushed. And, and after market never seen anything like this. It's so fed, driven and, and hard to protect. And, and of course, I know it's a marathon, you know, it's not a sprint, but have you ever seen anything like this? >>Listen, I walk worked through 18 quarters as COO of VMware. You seen, I've seen public quarters there and you know, was very fortunate. Thanks to the team. I don't think I missed my numbers in 18 quarters except maybe once close. But we, it was, it's tough. Being a public company. Officer of the company is tough. I did that also at SAP. So the journey from 10 to 20 billion at SAP, the journey from six to 12 at VMware, that I was able to be fortunate. It's humbling because you, you really, you know, we used to have this, we do the earnings call and then we kind of ask ourselves, what, what do you think the stock price was gonna be a day and a half later? And we'd all take bets as to wear this. I think you just basically, as a, as a sea level executive, you try to build a culture of beaten, raise, beaten, raise, beaten, raise, and you wanna set expectations in a way that you're not setting them up for failure. >>And you know, it's you, there's, Dave's a wonderful CEO as is Frank movement. So it's hard for me to dissect. And sometimes the market are fickle on some small piece of it. But I think also the, when I, I encourage people say, take the long term view. When you take the long term view, you're not bothered about the ups and downs. If you're building a great company over the length of time, now it will be very clear over the arc of many, many quarters that you're business is trouble. If you're starting to see a decay in growth. And like, for example, when you start to see a growth, start to decay significantly by five, 10 percentage points, okay, there's something macro going on at this company. And that's what you won't avoid. But these, you know, ups and downs, my view is like, if you've got both Mongo, DIA and snowflake are fantastic companies, they're CEOs of people I respect. They've actually a kind of an, a, you know, advisor to us as a company, you knows mot very well. So we respect him, respect Frank, and you, there have been other quarters where Frank's, you know, the snowflakes had a down result after that. So you build a long term and they are on the right side of history, snowflake, and both of them in terms of being a modern cloud relevant in the case of MongoDB open source to data technology, that's, you know, winning, I, we would like to be like them one day >>As, as the new CEO of cohesive, what are you most, what are you most anxious about? And what are you most excited about? >>I think, listen, you know, you know, everything starts with the employee. You, I always believe I wrote my first memo to all employees. There was an article in Harvard business review called service profit chains that had a seminal impact on my leadership, which is when they studied companies who had been consistently profitable over a long period of time. They found that not just did those companies serve their customers well, but behind happy engaged customers were happy, engaged employees. So I always believe you start with the employee and you ensure that they're engaged, not just recruiting new employees. You know, I put on a tweet today, we're hiring reps and engineers. That's okay. But retaining. So I wanna start with ensuring that everybody, sometimes we have to make some unfortunate decisions with employees. We've, we've got a part company with, but if we can keep the best and brightest retained first, then of course, you know, recruiting machine, I'm trying to recruit the best and brightest to this company, people all over the place. >>I want to get them here. It's been, so I mean, heartwarming to come to world and just see people from all walks, kind of giving me hugs. I feel incredibly blessed. And then, you know, after employees, it's customers and partners, I feel like the tech is in really good hands. I don't have to worry about that. Cuz Mo it's in charge. He's got this thing. I can go to bed knowing that he's gonna keep innovating the future. Maybe in some of the companies, I would worried about the tech innovation piece, but most doing a great job there. I can kind of leave that in his cap of hands, but employees, customers, partners, that's kind of what I'm focused on. None of them are for me, like a keep up at night, but they're are opportunities, right? And sometimes there's somebody you're trying to salvage to make sure or somebody you're trying to convince to join. >>But you know, customers, I love pursuing customers. I love the win. I hate to lose. So fortune 1000 global, 2000 companies, small companies, big companies, I wanna win every one of 'em and it's not, it's not like, I mean, I know all these CEOs in my competitors. I texted him the day I joined and said, listen, I'll compete, honorably, whatever have you, but it's like Kobe and LeBron Kobe's passed away now. So maybe it's step Curry. LeBron, whoever your favorite athlete is you put your best on the court and you win. And that's how I am. That's nothing I've known no other gear than to put my best on the court and win, but do it honorably. It should not be the one that you're doing it. Unethically. You're doing it personally. You're not calling people's names. You're competing honorably. And when you win the team celebrates, it's not a victory for me, it's a victory for the team. >>I always think I'm glad that you brought out the employee experience and we're almost out of time, but I always think the employee experience and the customer experience are inextricably linked. This employees have to be empowered. They have to have the data that they need to do their job so that they can deliver to the customer. You can't do one without the other. >>That's so true. I mean, I, it's my belief. And I've talked also on this show and others about servant leadership. You know, one of my favorite poems is Brenda NA Tago. I went to bed in life. I dreamt that life was joy. I woke up and realized life was service. I acted in service was joy. So when you have a leadership model, which is it's about, I mean, there's lots of layers between me and the individual contributor, but I really care about that sales rep and the engineer. That's the leaf level of the organization. What can I get obstacle outta their way? I love skipping levels and going write that sales rep let's go and crack this deal. You know? So you have that mindset. Yeah. I mean, you, you empower, you invert the pyramid and you realize the power is at the leaf level of an organization. >>So that's what I'm trying to do. It's a little easier to do it with 2000 people than I dunno, either 20, 20, 2000 people or 35,000 reported me at VMware. And I mean a similar number at SAP, which was even bigger, but you can shape this. Now we are, we're not a startup anymore. We're a mid-size company. We'll see. Maybe along the way, there's an IP on the path. We'll wait for that. When it comes, it's a milestone. It's not the destination. So we do that and we are, we, I told people we are gonna build this green company. Cohesive is gonna be a great company like VMware one day, like Amazon. And there's always a day of early beginnings, but we have to work harder. This is kind of like the, you know, eight year old version of your kid, as opposed to the 18 year old version of the kid. And you gotta work a little harder. So I love it. Yeah. >>Good luck. Awesome. Thank you too. Best of luck. Congratulations on the role, it sounds like there's a tremendous amount of adrenaline, a momentum carrying you forward Sanja. We always appreciate having thank >>You for having in your show. >>Thank you. Our pleasure, Lisa. Thank you for Sanjay poin and Dave ante. I'm Lisa Martin. You're watching the cube live from VMware Explorer, 2022, stick around our next guest. Join us momentarily.

>>Hey everyone. Welcome to this cube conversation. I'm your host, Lisa Martin Rajko same joins me now the chief product officer at elation. Raj. Great to have you on the cube. Welcome. >>It's great to be here, Lisa. And I've been a fan for a while and excited to have a chance to talk with you live. >>And we've got some exciting stuff to talk about elation in terms of the success in the enterprise market. I see more than 25% of the fortune 100 doing great. There is customers elation and snowflake. Before we get into your exciting news. Talk to me a little bit about the evolution of the partnership. >>Yeah, no, absolutely. So, you know, we've always been a, a close partner and integrator with snowflake and last year snowflake became an investor in elation and they participated in our series D round. And the thing I'm most excited about beyond that is we were announced in the snowflake summit back in June to be their data governance partner of the year for the second year running. And so we've always had a closer relationship with snowflake, both at the go to market level and at the product level. And you know, the stuff that we're about to talk about is a Testament to that. >>Absolutely. It is. So talk to us before we get into the announcement. What you're seeing in the market as organizations are really becoming much more serious about being data driven and building a data culture. What are you seeing with respect to enterprises as well as those smaller folks? >>Yeah, no, it, it, it's, it's a great question. I mean, you, you hear the T tropes data is the new oil data is like water it's essential. And we're seeing that very consistently across every customer, every segment, every geo that we, that we talk to, I, I think the challenges that organizations are seeing that are leading to the amazing growth that we've seen at elation are there's so much data. They don't know where it resides. You've got silos or islands of knowledge that exist across the, the enterprise. And they need a data intelligence platform to bring it all together, to help them make sense of it and ultimately build a data culture that, you know, it lets their employees make data driven decisions as opposed to relying on gut. And so those are some of the macro trends that we're seeing and with the migration of data to the cloud and in particular snowflake, it seemed like a huge opportunity for us to partner even more closely with, with snowflake. And we're, we're excited about the progress that we've seen with them thus far. >>All right, let's get right into it. So first of all, define a data culture and then talk to us about how elation and snowflake are helping organizations to really achieve that. >>Yeah. You know, it, it's interesting. The, the company vision that we have at elation is to empower a curious and rational world. And you know, what that really means is we want to deliver solutions that drive curiosity and drive rational behavior. So making, making decisions based on data and insights, as opposed to gut, or, you know, the, the highest paid, you know, person's opinion or what have you. And so delivering a data culture, building a data culture, which is something we hear from all the CDOs that we talk to is, Hey, elation, help us drive data literacy across the organization, provide that single source of reference. So if anybody has a question about, do we have data that answers this, or, you know, what kind of performance are we seeing in this product area? Give me a starting point for my data exploration journey. And that's really where elation and our data intelligence solutions kind of come into the play. >>So unpack elation cloud service for snowflake. Talk to us about what it is, why you're doing it, what the significance of this partnership and this solution is delivering. >>Absolutely. So the elation cloud service for snowflake is a brand new offering that we just brought to market. And the intent really was, you know, we've had massive success in the global 2000. You mentioned the, the progress that we've had with fortune 100 customers, we see the need for data, culture, and data literacy and governance in organizations, you know, that are massive global multinational enterprises all the way down to divisions of an organization, or even, you know, mid-market and SMB companies. And so we thought there was a huge opportunity to really drive data culture for those organizations that are adopting snowflake, but still need that data intelligence overlay across the, the data that's in the snowflake cloud. And so what we did is we launched the elation cloud service for snowflake as a free trial, and then, you know, low cost purchase solution that, you know, can be adopted for less than a hundred thousand dollars a year. >>Got it. So tar from a target market perspective that lower end of the market for, of course, you know, these days, Raj, as we talk about every company, regardless of size, regardless of industry and location has to be a data company getting there and, and, and, and really defining and going on a journey to get there is really complex. So you're going now down market to meet those customers where they are, how will elation cloud service for snowflake help those customers, those smaller customers really become data driven and, and, and adopt a data culture. >>Yeah. Yeah. It's, it's a great question. I, I think the biggest goal that we had was making it really simple and easy for them to begin this journey. So, you know, we are now live in the snowflake partner connect portal. And if someone wants to experience the power of elation cloud service for snowflake, they just need to go to that portal, click the elation tile. And literally within less than two minutes, a brand new instance of elation is spun up. Their snowflake data is automatically being cataloged as part of this trial. And they have 14 days to go through this experience and, and get a sense of the power of elation to give them insights into what's in their snowflake platform, what governance options they can layer on top of their snowflake data cloud and how the data is transforming across their organization. >>So talk to me about who you're talking to within a customer. I was looking at some data that elation provided to me, and I see that according to Gartner data culture is priority number one for chief data officers, but for those smaller organizations, do they have chief data officers? Is that responsibility line still with the CIO? Who are you engaging with? >>Yeah, it's very, very, really great question. I, I think the larger organizations that we sell to definitely have a, a CDO and, you know, CDO sometimes is the chief data and analytics officer in smaller organizations, or even in divisions of big companies that, that, you know, might be target customers for ACS, for snowflake could be a, a VP of analytics could be head of marketing. Operations could be a data engineering function, so that might roll up into the it. And so I think that's, what's interesting is we, we wanted to take the friction out of the, the experience process and the trial process, and whoever is responsible for the snowflake instance and, and leveraging snowflake for, for data and analytics, they can explore and understand what the, a power elation layered on top of snowflake can provide for them. >>Okay. So another, another thing that I uncovered in researching for this segment is McKenzie says data, culture is decision culture. I thought that was a really profound statement, but it's also such a challenge to get there is organizations of all sizes are on various points in their journey to become data driven. What does that mean? How, how well, how do elation and help customers really achieve that data culture so that they can really have that decision culture so they can make faster, better data based decisions? >>Yeah, it, so I, I think a huge part of it, like if we think about our, our, our big area of focus, how do we enable users to find, understand trust, govern, and use data within snowflake in this instance? And so step one to drive data culture is how, how do you provide a single source of reference a, a, a search box, frankly, you know, Google for your, for your data environment, so that you can actually find data, then how do you understand it? You know, what's in there. What does it mean? What are the relationships between these data objects? Can I trust this? Is this sandbox data, or is this production data that can be used for reporting and analytics? How do I govern the data? So I know who's using it, who should use it, what policies are there. And so if, if we go through the set of features that we've built into ation cloud service for snowflake, it enables us to deliver on that promise result at the very end, resulting in the ability to explore the data that exists in the snowflake platform as well. >>Let's go ahead and unpack that. Now, talk to me about some of the key capabilities of the solution and what it's enabling organizations to achieve. >>Yeah, so, you know, it starts with cataloging the data itself. You know, we, we, we are the data catalog company. We basically define that category. And so step one is how do we connect to snowflake and automatically ingest all the metadata that exists within that snowflake cloud, as well as extract the lineage relationships between tables. So you can understand how the data is transforming within the snowflake data cloud. And so that provides visibility to, to begin that fine journey. You know, how, how do I actually discover data on the understand and trust front? I think where things get really interesting is we've integrated deeply with Snowflake's new data governance features. So they've got data policies that provide things like row level security and, and data masking. We integrate directly with those policies, extract them, ingest them into elation so that they can be discovered, can be easily applied or added to other data sets within snowflake directly from the elation UI. >>So now you've got policies layered on top of your data environment. Snowflake's introduced, tagging and classification capabilities. We automatically extract and ingest those tags. They're surfaced in inhalation. So if somebody looks for a data set that they're not familiar with, they can see, oh, here are the policies that this data set is applied to. Here are the tags that are applied. And so snow elation actually becomes almost like a user interface to the data that exists within that snowflake platform. And then maybe just two other things with the lineage that we extract. One of the most important things that you can deliver for users is impact analysis. Hey, if I'm gonna deprecate this table, or if I'm gonna make a change to what this table definition is, what are the downstream objects and users that should know about that? So, Hey, if this table's going away and my Tableau report over here is gonna stop working, boy, it'd be great to be able to get visibility into that before that change is made, we can do that automatically within the elation UI and, and really just make it easier for somebody to govern and manage the data that exists within the snowflake data cloud. >>So easier to govern and manage the data. Let's go up a level or two. Sure. Talk to me about some of the business outcomes that this solution is gonna help organizations to achieve. We talked about every company these days has to be a data company. Consumers expect this very personalized, relevant experience. What are you thinking? Some of the outcomes are gonna be that this technology and this partnership is gonna unlock. >>Yeah, no, I, I, I think step one, and this has always been a huge area of focus for us is just simply driving business productivity. So, you know, the, the data that we see in talking to CDOs and CDOs is the onboarding and, and getting productive the time it takes to onboard and, and get a data analyst productive. It, it can be nine to 12 months. And, you know, we all know the battle for talent these days is significant. And so if we can provide a solution, and this is exactly what we do that enables an organization to get a data analyst productive in weeks instead of months, or, or, you know, potentially even a year, the value that that analyst can deliver to the organization goes up dramatically because they're spending less time looking for data and figuring out who knows what about the data. >>They can go to elation, get those insights and start answering business questions, as opposed to trying to wrangle or figure out does the data exist. And, and, and where does it exist? So that's, that's one key dimension. I'd say the other one that, that I'd highlight is just being able to have a governance program that is monitored managed and well understood. So that, you know, whether it's dealing with CCPA or GDPR, you know, some of the regulatory regimes, the, the ability for an organization to feel like they have control over their data, and they understand where it is who's using it and how it's being used. Those are hugely important business outcomes that CIOs and CDOs tell us they need. And that's why we built the lation cloud service for snowflake >>On the first front. One of the things that popped into my mind in terms of really enabling workforce productivity, workforce efficiency, getting analysts ramped up dramatically faster also seems to me to be something that your customers can leverage from a talent attraction and retention perspective, which in today's market is critical. >>I, I so glad you mentioned that that's, that's actually one of the key pillars that we highlight as well is like, if you give great tools to employees, they're gonna be happier. And, and you'll be a, a preferred employer and people are gonna feel like, oh, this is an organization that I wanna work at because they're making my job easier and they're making it easier for me to deliver value and be productive to the organization. And that's, it's absolutely critical this, this, this war for talent that everybody talks about. It's real and great self-service tools that are empowering to employees are the things that are gonna differentiate companies and allow them to, to unleash the power of data, >>Unleash the power of data, really use it to the competitive advantage that it can and should be used for. When we look at, when you look at customers that are on that journey, that data catalog journey, they, you probably see such a variety of, of locations about where they are in that journey. Do you see a common thread when you're in customer conversations? Is there kind of a common denominator that you, you speak to where you, you really know elation and snowflake here is absolutely the right thing. >>Yeah, no, it, it, it's a good question. I would actually say the fact that a customer is on snowflake. I they're already, you know, a step up on that maturity curve. You know, one of the big use cases that we see with customers that is, is leading to the need for data intelligence solutions that, you know, like that elation can deliver is digital transformation and, and, and cloud migration, you know, we've got legacy data. On-prem, we know we need to move to the cloud to get better agility, better scaling, you know, perhaps, you know, reduced costs, et cetera. And so I think step one, on that, that qualification criteria or that maturity journey is, Hey, if you're already in snowflake, that's a great sign because you're, you're recognizing the power of a data cloud platform and, and, and warehouse like snowflake. And so that's a, a, a great signal to us that this is a customer that wants to, you know, really better understand how they can get value out of, out of their solution. I think the next step on that journey is a recognition that they're not utilizing the data that they have as effectively as they can and should be, and they're not, and, and their employees are still struggling with, you know, where does the data exist? Can I trust it? It, you know, it, who do I know tends to be more important than do I have a tool that will help me understand the data. And so customers that are asking those sorts of questions are ideal customers for the elation cloud service for snowflake solution. >>So enabling those customers to get their hands on it, there's a free trial. Talk to us about that. And where can the audience go to actually click and try? >>Absolutely. So, you know, we'll, we'll be doing our usual marketing and, and promotion of this, but what I'm super excited about, you know, again, I mentioned earlier, you know, this is part of our, our cloud native multi 10 and architecture. We are live in the snowflake partner connect portal. And so if you are logged into snowflake and are an admin, you can go to the partner connect portal and you will see a tile. I think it's alphabetically, sorted and elation starts with a so pretty easy to find. I don't think you'll have to do too much searching. And literally all you have to do is click on that tile, answer a couple quick questions. And in the background in about two minutes, your elation instance will get spun up. We'll we will have sample data sets in there. There's some guided tours that you can walk through to kind of get a feel for the power of snowflake. >>So policy center lineage, you know, tags, our intelligent SQL tool that allows you to smartly query the snowflake data cloud and publish queries, share queries with others, collaborate on them for, for greater insights. And there's, you know, as you would expect with any, you know, online free trial, you know, we've got a built in chat bot. So if you have a question, wanna get a better sense of how a particular feature works or curious about how elation might work. In other areas, you can, you know, ask a question to the chat bot and we've got product specialists on the back end that can answer questions. So we really wanna make that journey as, as seamless and easy as, as possible. And hopefully that results in enough interests that the customer wants to, to, or the, the trial user wants to become a customer. And, and that's where our great sales organization will kind of take the Baton from there. >>And there's the, there's the objective there, and I'm sure Raj folks can find out about the free trial and access it. You, you mentioned through the marketplace, more information on elian.com. I imagine they can go there to access it as well, >>A hundred percent elation.com. We're on Twitter, we're on LinkedIn, but yeah, if you have any questions, you know, you can just search for elation cloud service for snowflake, or just go to the elation.com website. Absolutely. >>All right. Elation cloud service for snowflake. Congratulations on the launch to you and the entire elation team. We look forward to hearing customer success stories and really seeing those business outcomes realize in the next few months, Raj, thanks so much for your time. >>Thank you so much, Lisa. It's great to talk to you. >>Likewise, Raj gin. I'm Lisa Martin. Thank you for watching this cube conversation. Stay right here for more great action on the cube, the leader in live tech coverage.

(upbeat music) >> Hello, and welcome to this CUBE Conversation. I'm John Furrier, host of theCUBE here in Palo Alto, California for a great remote interview with Ameya Talwalkar, CEO of Cequence Security. Protecting APIs is the name of the game. Ameya thanks for coming on this CUBE Conversation. >> Thank you, John. Thanks for having us. >> So, I mean, obviously APIs, cloud, it runs everything. It's only going to get better, faster, more containers, more Kubernetes, more cloud-native action, APIs are at the center of it. Quick history, Cequence, how you guys saw the problem and where is it today? >> Yeah, so we started building the company or the product, the first product of the company focused on abuse or business logic abuse on APIs. We had design partners in large finance FinTech companies that are now customers of Cequence that were sort of API first, if you will. There were products in the market that were, you know, solving this problem for them on the web and in some cases mobile applications, but since these were API first very modern FinTech and finance companies that deal with lot of large enterprises, merchants, you have it, you name it. They were struggling to protect their APIs while they had protection on web and mobile applications. So that's the genesis. The problem has evolved exponentially in terms of volume size, pain, the ultimate financial losses from those problems. So it has, it's been a interesting journey and I think we timed it perfectly in terms of when we got started with the problem we started with. >> Yeah, I'm sure if you look at the growth of APIs, they're just exponentially growing because of the development, cloud-native development wave plus open source driving a lot of action. I was talking to a developer the other day and he's like, "Just give me a bag of Lego blocks and I'll build whatever application." I mean, this essentially- >> Yeah. >> API first is, has got us here, and that's standard. >> Yeah. >> Everyone's building on top of APIs, but the infrastructure going cloud-native is growing as well. So how do you secure APIs without slowing down the application velocity? Which everyone's trying to make go faster. So you got faster velocity on the developer side and (chuckles) more APIs coming. How do you secure the API infrastructure without slowing down the apps? >> Yeah, I'll come to the how part of it but I'll give you a little bit of commentary on what the problem really is. It's what has happened in the last few years is as you mentioned, the sort of journey to the cloud whether it's a public cloud or a private cloud, some enterprises have gone to a multi-cloud strategy. What really has happened is two things. One is because of that multi-environment deployment there is no defined parameter anymore to your applications or APIs. And so the parameter where people typically used to have maybe a CDN or WAF or other security controls at the parameter and then you have your infrastructure hosting these apps and APIs is completely gone away, that just doesn't exist anymore. And even more so for APIs which really doesn't have a whole lot of content to be cashed. They don't use CDN. So they are behind whatever API gateways whether they're in the cloud or whatever, they're hosting their APIs. And that has become your micro parameter, if you will, as these APIs are getting spread. And so the security teams are struggling with, how do I protect such a diverse set of environments that I am supposed to manage and protect where I don't have a unified view. I don't have even, like a complete view, if you will, of these APIs. And back in the days when phones or the modern iPhones and Android phones became popular, there used to be a sort of ad campaign I remember that said, "There is an app for that." >> Yeah. >> So the fast forward today, it's like, "There's an API for that." So everything you wanted to do today as a consumer or a business- >> John: Yeah. >> You can call an API and get your business done. And that's the challenge that's the explosion in APIs. >> Yeah. >> (laughs) Go ahead. >> It's interesting you have the API life cycle concept developing. Now you got, everyone knows- >> Right. >> The application life cycle, you know CI/CD pipelining, shifting left, but the surface area, you got web app firewalls which everyone knows is kind of like outdated, but you got API gateways. >> Yep. >> The surface area- >> Yeah. >> Is only increasing. So I have to ask you, do the existing API security tools out there bring that full application- >> Yeah. >> And API life cycle together? 'Cause you got to discover- >> Yep. >> The environment, you got to know what to protect and then also net new functionality. Can you comment? >> Right. Yeah. So that actually goes to your how question from, you know, previous section which is really what Cequence has defined is a API protection life cycle. And it's this concrete six-step process in which you protect your APIs. And the reason why we say it's a life cycle is it's not something that you do once and forget about it. It's a continuous process that you have to keep doing because your DevOps teams are publishing new APIs almost every day, every other day, if you will. So the start of that journey of that life cycle is really about discovering your external facing API attack surface which is where we highlight new hosting environments. We highlight accidental exposures. People are exposing their staging APIs. They might have access to production data. They are exposing Prometheus or performance monitoring servers. We find PKCS 7 files. We find Log4j vulnerabilities. These are things that you can just get a view of from outside looking in and then go about prioritizing which API environments you want to protect. So that's step number one. Step number two, really quick is do an inventory of all your APIs once you figure out which environments you want to protect or prioritize. And so that inventory includes a runtime inventory. Also creating specifications for these APIs. In lot of places, we find unmanaged APIs, shadow APIs and we create the API inventory and also push them towards sort of a central API management program. The third step is really looking at the risk of these APIs. Make sure they are using appropriate security controls. They're not leaking any sensitive information, PCI, PHI, PII, or other sort of industry-specific sensitive information. They are conforming to their schema. So sometimes the APIs dba.runtime from their schema and then that can cause a risk. So that's the first, sort of first half of this life cycle, if you will, which is really making sure your APIs are secure, they're using proper hygiene. The second half is about attack detection and prevention. So the fourth step is attack detection. And here again, we don't stop just at the OWASP Top 10 category of threats, a lot of other vendors do. They just do the OWASP API Top 10, but we think it's more than that. And we go deeper into business logic abuse, bots, and all the way to fraud. And that's sort of the attack detection piece of this journey. Once you detect these attacks, you start about, think about prevention of these attacks, also natively with Cequence. And the last step is about testing and making sure your APIs are secure even before they go live. >> What's- >> So that's a journey. Yeah. >> What's the secret sauce? What makes you different? 'Cause you got two sides to that coin. You got the auditing, kind of figure things out, and then you got the in-built attacks. >> Yeah. >> What makes you guys different? >> Yeah. So the way we are different is, first of all, Cequence is the only vendor that can, that has all these six steps in a single platform. We talked about security teams just lacking that complete view or consistent and uniform view of all your, you know, parameter, all your API infrastructure. We are combining that into a single platform with all the six steps that you can do in just one platform. >> John: Yeah. >> Number two is the outside looking in view which is the external discovery. It's something Cequence is unique in this space, uniquely doing this in this space. The third piece is the depth of our detection which is we don't just stop at the OWASP API Top 10, we go to fraud, business logic abuse, and bot attacks. And the mitigation, this will be interesting to you, which is a lot of the API security vendors say you come into existence because your WAF is not protecting your APIs, but they turn around when they detect the attacks to rely on a WAF to mitigate this or prevent these threats. And how can you sort of comprehend all that, right? >> Yeah. >> So we are unique in the sense we can prevent the attacks that we detect in the same platform without reliance on any other third-party solution. >> Yeah, I mean we- >> The last part is, sorry, just one last. >> Go ahead. Go ahead. >> Which is the scale. So we are serving largest of the large Fortune 100, Fortune 50 enterprises. We are processing 6 billion API calls per day. And one of the large customers of ours is processing 1 billion API calls per day with Cequence. So scale of APIs that we can process and how we can scale is also unique to Cequence. >> Yeah, I think the scale thing's a huge message. There, just, I put a little accent on that. I got to comment because we had an event last week called Supercloud which we were trying to talking about, you know, as clouds become more multicloud, you get more super capabilities. But automation, with super cloud comes super hackers. So as things advance, you're seeing the step function, the bad guys are getting better too. You mentioned bots. So I have to ask you what are some of the sophisticated attacks that you see that look like legitimate traffic or transactions? Can you comment on what your scale and your patterns are showing? Because the attacks are coming in fast and furious >> Correct. So APIs make the attack easier because APIs are well documented. So you want your partners and, you know, programmers to use your API ecosystem, but at the same time the attackers are getting the same information and they can program against those APIs very easily which means what? They are going to write a bunch of bots and automation to cause a lot of pain. The kind of sophistication we have seen is I'll just give a few examples. Ulta Beauty is one of our customers, very popular retailer in the US. And we recently found an interesting attack. They were selling some high-end hair curling high ends which are very high-end demand, very expensive, very hard to find. And so this links sort of physical path to API security, think about it, which is the bad guys were using a bot to scrape a third-party service which was giving local inventory information available to people who wanted to search for these items which are high in demand, low in supply. And they wrote a bot to find where, which locations have these items in supply, and they went and sort of broke into these showrooms and stole those items. So not only we say are saving them from physical theft and all the other problems that they have- >> Yeah. >> But also, they were paying about $25,000 per month extra- >> Yeah. >> For this geo-location service that was looking at their inventory. So that's the kind of abuse that can go on with APIs. Even when the APIs are perfectly secure, they're using appropriate security controls, these can go on. >> You know, that's a really great example. I'm glad you brought that up because I observed at AWS re:Inforce in Boston that Steven Schmidt has changed his title from chief information security officer to just chief security officer, to the point when asked he said, "Physical security is now tied together with the online." So to your point- >> Yeah. >> About the surveillance and attack setup- >> Yeah. >> For the physical, you got warehouses- >> Yep. >> You've got brick and mortar. This is the convergence of security. >> Correct. Absolutely. I mean, we do deal with many other, sort of a governance case. We help a Fortune 50 finance company which operates worldwide. And their gets concern is if an API is hosted in a certain country in Europe which has the most sort of aggressive data privacy and data regulations that they have to deal with, they want to make sure the consumer of that API is within a certain geo location whereby they're not subject to liabilities from GDPR and other data residency regulation. And we are the ones that are giving them that view. And we can have even restrict and make sure they're compliant with that regulation that they have to sort of comply with. >> I could only imagine that that geo-regional view and the intelligence and the scale gives you insights- >> Yeah. >> Into attacks that aren't really kind of, aren't supposed to be there. In other words, if you can keep the data in the geo, then you could look- >> Yep. >> At anything else as that, you know, you don't belong here kind of track. >> You don't belong here. Exactly. Yeah, yeah. >> All right. So let's get to the API. >> Yeah, I mean- >> So the API visibility is an issue, right? So I can see that, check, sold me on that, protection is key, but if, what's the current security team makeup? Are they buying into this or are they just kind of the hair on fire? What are security development teams doing? 'Cause they're under a lot of pressure to do the hardcore security work. And APIs, again, surface area's wide open, they're part of everyone's access. >> Yeah. So I mentioned about the six-step journey of the life cycle. Right? We see customers come to us with very acute pain point and they say, "Our hair is on, our hair on fire. (John laughing) Solve this problem for us." Like one large US telco company came to us to, just a simple problem, do the inventory and risk assessment of all our APIs. That's our number one pain point. Ended up starting with them on those two pain points or those two stops on their life cycle. And then we ended up solving all the six steps with them because once we started creating an inventory and looking at the risk profile, we also observed that these same APIs were target by bots and fraudsters doing all kinds of bad things. So once we discovered those problems we expanded the scope to sort of have the whole life cycle covered with the Cequence platform. And that's the typical experience which is, it's typically the security team. There are developer communities that are coming to us with sort of the testing aspect of it which integrated into DevOps toolchains and CI/CD pipelines. But otherwise, it's all about security challenges, acute pain points, and then expanding into the whole journey. >> All right. So you got the detection, you got the alerting, you got the protection, you got the mitigation. What's the advice- >> Yeah. >> To the customer or the right approach to set up with Cequence so that they can have the best protection. What the motion? What's the initial engagement look like? How do they engage? How do they operationalize? >> Yeah. >> You guys take me through that. >> Yeah. The simple way of engaging with Cequence is get that external assessment which will map your APIs for you, it'll create a assessment for you. We'll present that assessment, you know, to your security team. And like 90% of the times customers have an aha moment, (John chuckles) that they didn't know something that we are showing them. They find APIs that were not supposed to be public. They will find hosting environments that they didn't know about. They will find API gateways that were, like not commissioned, but being used. And so start there, start their journey with an assessment with Cequence, and then work with us to prioritize what problems you want to solve next once you have that assessment. >> So really making sure that their inventory of API is legit. >> Yep. Yep, absolutely. >> It's basically- >> Yep. >> I mean, you're starting to see more of this in the cloud-native, you know, Sbot, they call 'em, you know, (indistinct) materials. >> (Ameya faintly speaking). What do you got out there, kind of full understanding of what's being instrumented out there, big time. >> Yeah. The thing is a lot of analysts say that APIs is the number one attack vector this year and going forward, but you'll be surprised to see that it's not the APIs that get targeted that are poorly secured. Actually, the APIs that are completely not secured are the ones that are attacked the most because there are plenty of them. So start with the assessment, figure out the APIs that are out there and then start your journey. That's sort of my recommendation. >> So based on your advice what you're saying is there's a, most people make the mistake of having a lot of undocumented or unauthorized APIs out there that are unsecured. >> Yeah. And security teams are unaware of those APIs. So how do you protect something that you don't know even exists? >> Yeah. >> Right? So that's the challenge. >> Okay. You know, the APIs have to be secure. And as applications connect too, there's the other side of the APIs, whether that's credential passing, so much is at stake here relative to the security. It's not just access it's what's behind it. There's a lot of trust coming in. So, you know, I got to ask you a final question. You got zero trust and you got trust kind of coming together. What's (laughs), how do you respond to that? >> Yeah. Zero trust is part of it in the sense that you have to not trust sort of any API consumer as a completely trusted entity. Just like I gave you the Ultra Beauty example. They had trusted this third party to be absolutely safe and secure, you know, no controls necessary to sort of monitor their traffic, whereas they can be abused by their end consumers and cause you a lot of pain. So there is a sort of a linkage between zero trust. Never trusts anybody until you verify, that's the sort of angle, that's sort of the connection between APIs security and zero trust. >> Ameya, thank you for coming on theCUBE. Really appreciate the conversation. I'll give you the final word. What should people know about Cequence Security? How would you give the pitch? You go, you know, quick summary, what's going on? >> Yeah. So very excited to be in this space. We sort of are the largest security of API security vendor in the space in terms of revenue, the largest volume of API traffic that we process. And we are just getting started. This is a exciting journey we are on, we are very happy to serve the, you know, Fortune 50, you know, global 200 customers that we have, and we are expanding into many geographies and locations. And so look for some exciting updates from us in the coming days. >> Well, congratulations on your success. Love the approach, love the scale. I think scale's a new competitive advantage. I think that's the new lock-in if you're good, and your scaling providing a lot of benefits. So Ameya, thank you for coming, sharing the story. Looking forward to chatting again soon. >> Thank you very much. Thanks for having us. >> Okay. This is a CUBE Conversation. I'm John Furrier, here at Palo Alto, California. Thanks for watching. (cheerful music)