>> Announcer: Live from Las Vegas, it's the Cube, covering Dell Technologies World, 2018, brought to you by Dell EMC and it's ecosystem partners. >> Well welcome back to Las Vegas, the Cube, continuing our coverage here of Dell Technologies World 2018, with some 14 thousand strong in attendance. This is day two by the way, of three days of coverage that you'll be seeing here live on the Cube. Along with Keith Townsend, I'm John Walls and we're now joined by Alex Almeida, who is the consultant of product marketing at Dell EMC, and Bob Bender who is the CTO of Founders Federal Credit Union, Bob, good to see you as well, sir. >> Thank you, thank you for having me. >> You bet, thanks for being here to both of you. First off, let's just set the table for what you do at Founders and what Founders is all about and then why Dell, and how Dell figures into your picture. >> Sure, so Founders Federal Credit Union established in 1950 we're a regional financial institution providing basic services for that area in South and North Carolina. We now service over 32 areas and we have about 210 thousand plus members. So I'm Chief Technology Officer and we're looking to Dell EMC to really give us a lift in the cyber resilience of our data, what we're trying to protect today. >> Keith and I were talking too, and said we always like hearing on the customer side of this, especially on the financial side, right? Because your concerns are grave concerns, right? We all care about our money, right? And obviously that's first and foremost for you, having trust, credibility, liability. So tell us a little bit about that thought process in general, what drives your business and how that then transfers over to DIT. >> Sure, and as a member, you look at us, big or small, you expect the same cyber resilience, protection for your personal information, you don't think there's going to be a difference there. So if you look at the Carolina's, you're going to see a significant, or the southeast, we've been picked on with malware, with that data extortion of what the name, ransomware, so we had to find a solution quickly and we looked at Dell EMC for data protection and cyber recovery to really help us in that area and really protect our data. >> So let's talk about some of the threats faced. Outside of malware, typically the line of thought is, you know what, don't assume that you can prevent getting hacked, assume that you are hacked, what personas do you guys wear as a bank, or as a credit union? >> Well, we looked at that and what we did is we get really involved and we go out and we see that event, the breach, the malware, the ransomware, and so we really thought, we lack the ability of bringing assets under governance, so how do we really roll that up so that everybody knows at any point in time, we can recover, that we have kind of a isolated recovery, an air gap, or a data bunker, and then a clean room to bring that up, a Sandbox. And we really saw that our tape media backup recovery was not going to recover for the events that were happening, the old days, you're looking at one or two critical systems that are being recovered. Today, they're locking 500, 1500 servers in a matter of minutes. So, when you rehydrate that data, you know, the deduplication, we're seeing 72 to one and that's done very fast, through the product lines of Dell EMC, significant, but when you want to rehydrate that, the data's gone, it's just not there. Well, if you take away that air gap situation, what're you left with? And if they're smart enough to figure out where your backups are, you're left with no protection, so we really needed to isolate and put off network all that critical data. And because of that 72 to one dedupe rate, and I realize we may be unique, there's others that may have to choose what those critical systems are, we're not going to have to, we're going to protect everything, every day, and so that we have a recovery point that we can point to and show management and our board and our members, such as you guys, that we can recover, that you're going to have trust in us handling your financial responsibilities. >> So what specific technologies are you guys using from Dell to create this environment in which you can recover within these isolated bubbles? >> You know, I'll let Alex talk more specific, but we really looked at the data protection solution, and a cyber solution, we said phase one, we want to stand this up very quickly because it's any minute this could happen to us. It's happening to very smart establishments. We really picked what was going to optimize our first iteration of this, and we did it quickly, so we're talking a roll out in 45 days. We used Data Domain, Avamar, DD Boost, we've got Data Protection Advisor, which gives me, whether I'm here or I'm off at another conference, or I'm showing up at the office, I get instant results of what we did the day before for that recovery. I know that we're in the petabyte storage business, I don't know when we crossed that line, but now we store you know, a huge amount of data very quickly. I mean, we took their product line and went from hours down to seconds and I can move that window any which way I want, and so it's just empowering to be able to use that product line to protect our data the way we are today. >> Yeah, I think the Dell EMC cyber recovery solution really is kind of looking at solving the problem, most people look at it from solving it as a preventative thing, how do I prevent malware from happening, how do I stop ransomware from attacking me? The thing is is that it's all about really, how are you going to recover from that? And having plan to be able to recover. And with the way we approached it, we started talking to customers like Bob, and they were really coming to us and saying, you know, this is increasing, this is an increasing problem that we're seeing and it's inevitable, we feel we're going to be attacked at some point. And you see on the news today, you know, we're only a little bit through the year and there's been a lot of news on cyber attacks and things like that. The key thing is how do you recover? So we took at that in conversations with our customers and went specifically back and designed a solution that leverages the best in industry technology that we have with our data protection portfolio. So when you look at data deduplication, you look at Data Domain, that technology in the industry provides the fastest recovery possible. And from there, that makes it realistic for companies to really say, yeah, I can recover from a ransomware attack. And the more important thing is, we look at this as the isolation piece of the solution is really where the value comes in. Not only is it to get a clean copy of the data, but you can use that for analysis of that data in that clean room to be able to detect early on problems that may be happening in your production environment. And it's really important that that recovery aspect be stressed and really the Data Domain solution is kind of the enabler there. >> It's still a really tough spot to be in, right? Because on one hand you're protecting, you're trying to prevent, so you're building the fortress as best you can, and at the same time, you're developing a recovery solution so that if there is a violation, an intrusion, you're going to be okay, but the fact is the data's gone, you know, it went out the door, and so I'm just curious psychologically, you know, how do you deal with that, with your board, with your ownership, with your customers? How do you deal with it, Alex, to your customer, just saying we're going to do all we can to keep this safe, >> Absolutely. >> But so that but is a big caviada, right? How do both of you deal with that? >> Yeah. >> First off... >> I'll say this, working with the Dell EMC engineers and their business partners, I'm sleeping better at night, and I'm not just saying that being here, what I mean is that they've shrunk my backup window, they've guaranteed me reporting and a infrastructure IQ of that environment that I have more insight, integrated, so across, holistically, my enterprise. So no longer am I adding on different components to complete backups, this backup, this company, this... I never get that insight, and I never really have the evidence that we're restoring, I can do the store and the restore at the same time and see that next day in reporting, that we're achieving that. I hear that but, but that but is a little quieter because you know, it's just a little less impactful because I'm confident now that I've got a very efficient window. I'm not effecting again, with those add on, ad hoc products, not condemning 'em, but, they're impactful to critical applications, I can see response time during peak times, the product doesn't have that effect. And it's really exciting because now I can, you know, I've got to rip and replace, I got to lift and shift, you decide what the acronyms you want to add to it, but we... The big thing I want to add, and sorry to ramble here a little, >> You're fine. >> Yep, yep. Our run books are becoming smaller. And this is, the less complex, now we're taking keep the lights on people that are very frustrated with our acronyms and our terminology and the way we're going and I'm starting to bring them into the cyber resilience, cyber security environment and they're feeling empowered and I'm getting more creative ideas and that means, more creative ideas means we're back as a business solving problems, not worrying if our backups are done at two in the morning. >> And from a Dell EMC perspective, I think we're really uniquely positioned in the industry, in that, not just from Dell EMC, but we look at all of Dell technologies, right? When we incorporate the fact that we have best in class data protection solutions to do operational recovery, disaster recovery, the next logical step is to really augment that and really start looking at cyber recovery, right? And then when you look at that and you look at the power of Dell technologies, it's really a layered approach, how do I layer my data protection solutions to do operational recovery, to do disaster recovery? And then at the same time, throw in a little RSA and SecureWorks in there into the picture and we're really uniquely positioned as a vendor in the industry, no other vendor can really handle that breadth in the industry from a cyber recovery standpoint when you throw in the likes of RSA and SecureWorks. >> So, Alex, let's drill down in the overall capability versus the rest of the industry. There's been a ton of investment in data protection, 90 million, 100 million, we're seeing unicorns pop up over just this use case of data protection. And they're making no qualms at it, they're going right at the Data Domain business. What is the message that you're going out and telling any users like Bob, that, you know what, stay the course, Data Domain, the portfolio of data protection at Dell is the best way to recover your environment in case of a breach. >> Yeah, absolutely. So in terms of that, what I say to customers I talk to every day around this, that are maybe doubting you know, going forward and what they're going to do, is that we are continuing to innovate, that Data Domain platform continues to innovate, you see that in our cloud scenarios, in the cloud, you know, use cases that we're talking about, and really kind of working together with our customers as a partner on how we apply things like cyber recovery for their workloads that go into the cloud, right? And that's really through that working relationship with customers and that very strong investment that we're making on the engineering side with our roadmaps is really what customers, at the end of the day become convinced that Data Domain is here to stay. >> So, Bob I'd love to follow up on-- >> Bob: Can I add on to that? >> Please. >> You know, I think the couple things you pointed on that I probably missed, is one, you've given me options, I can be on pram or off pram or back to on pram, and that is with the product line. And again, that integration across that, I have to have that insight, but at the end of the day, Dell EMC's product line delivers and that's what we experienced in our relationship. We're not talking about... 72 to one dedupe rate, I know that's, I triple checked the facts, it's like really, we're achieving that? That's impactful to my project lines, right? I'm no longer a bottle neck because I'm back at the projects and we're getting stuff moving and we're just not confused by the technology or the way we have to, you know, kind of bandaid them together, it's just one place to go and it delivers. And we see that delivery, especially with the growth of the Data Domain and the addition of the Sandbox, it's very exciting, we're seeing some great performance on our new systems. >> Yeah, and we hear that a lot about the flexibility of the portfolio and the data protection, the fact that, Bob mentioned it many times, making the backup window disappear is really where the heart of it is. And now Bob's team an all the customers that I've talked to and their teams can go off and actually move the business forward with more innovation and bringing more value back to the business. >> Part of security is disaster recovery. Do you guys integrate your disaster recovery practice as part of your Data Domain implementation? >> I think that's a great question. We've challenged our DR group, external also, we saw incident response component, just a big empty hole, it's missing. And I think that's a change in mindset people have to implement, as you pointed out, incident response is going to be before the disaster. And if you don't stand up, you're, look our data's gone mobile, that means it's everywhere, and we have to follow it everywhere with the same protection in the end of the day, no matter where we sit, we own it, we're responsible for it, so we have to go after it in the same protection. So I think it is part of that, we're integrating it, I think we confused a couple companies with that, but you got to stand up those foundation services, the cyber security, the data life cycle has made the cyber security become much more complex. And the use, the business use of that data is becoming more demanding, so we had to make it available, so we had to be transparent with these products and Kudos to Dell EMC and all the engineers making this happen. I don't know what I would be doing if it wasn't there for me. >> Keith: Well thank you, Bob. >> You know, and I'll tell you what strikes me a little bit about this, as we have just a final moment here, is that we think about cyber invasions and violations, what have you, we think about it on a global or a national scale. I mean, you are a very successful regional business, right? And you are just as prime of a target for malfeasance as any and you need to take these prophylactic measures just as aggressively as any enterprise. >> Right, right. If you look at the names, I mean, you just go down the list, Boeing, Mecklenburg County, City of Atlanta, you know, not to name 'em and pick on 'em but they're still recovering. And our business resilience, our reputation is all we have, we're there, you know, our critical asset is your data, that is what we say, you know, the story we tell is how we protect that and that's our services and if at the end of the day you don't trust our services, what are we? >> Alex: That's right. >> Not enough just to protect and prevent, you have to be able to recover. >> So to have a business partner that really understands, and I know I'm a little, maybe a little smaller than some of your others, but you still treat me like I'm... And you still listen to me, I bring you ideas, you say this fits, let's see what we can do. Your engineers go back and they say, you know, we can't say yes, but we can say we're going to take a different approach and come back with a solution. So it's very, very exciting to have a partner that does that with you. >> No, it's a great lesson, it is, it's great. Although, as I say goodbye here, I am a little disappointed when I heard you're from South Carolina I was expecting this wonderful southern accent to come out. (laughing) it just, Bob, what happened? >> You know, I'm an Iowa boy. >> John: You got a little yankee in ya'. >> There you go. Maybe they'll say a little more than a little. >> Alright, gentlemen, thanks for being with us. >> Thank you very much for having us. >> Thanks for sharing the Founders Federal story. Back with more from Las Vegas, you're watching the Cube, we're in Dell Technologies World 2018.

(upbeat music) >> Welcome back to a Blueprint For Trusted Infrastructure. We're here with Rob Emsley. Who's the director of product marketing for data protection and cyber security. Rob, good to see you. A new role. >> Yeah. Good to be back, Dave. Good to see you. Yeah, it's been a while since we chatted last and, you know, one of the changes in my world is that I've expanded my responsibilities beyond data protection marketing to also focus on cybersecurity marketing specifically for our infrastructure solutions group. So certainly that's, you know, something that really has driven us, you know, to come and have this conversation with you today. >> So data protection obviously has become an increasingly important component of the cyber security space. I don't think necessarily of, you know, traditional backup and recovery as security, to me, it's an adjacency. I know some companies have said, oh, yeah. Now we're a security company. They're kind of chasing the valuation bubble. >> For sure. >> Dell's interesting because you have, you know, data protection in the form of backup and recovery and data management, but you also have security, you know, direct security capabilities. So you're sort of bringing those two worlds together and it sounds like your responsibility is to connect those dots. Is that right? >> Absolutely. Yeah. I mean, I think that the reality is is that security is a multi-layer discipline. I think the days of thinking that it's one or another technology that you can use or process that you can use to make your organization secure are long gone. I mean, certainly you actually correct. If you think about the backup and recovery space, I mean, people have been doing that for years, you know, certainly backup and recovery, it's all about the recovery. It's all about getting yourself backup and running when bad things happen. And one of the realities, unfortunately today is that one of the worst things that can happen is cyber attacks. You know, ransomware, malware are all things that are top of mind for all organizations today. And that's why you see a lot of technology and a lot of innovation going into the backup and recovery space because if you have a copy, a good copy of your data, then that is really the first place you go to recover from a cyber attack. And that's why it's so important. The reality is is that unfortunately the cyber criminals keep on getting smarter. I don't know how it happens, but one of the things that is happening is that the days of them just going after your production data are no longer the only challenge that you have, they go after your backup data as well. So over the last half a decade, Dell Technologies with its backup and recovery portfolio has introduced the concept of isolated cyber recovery vaults. We've had many conversations about that over the years and that's really a big tenant of what we do in the data protection portfolio. >> So this idea of cybersecurity resilience that definition is evolving. What does it mean to you? >> Yeah, I think the analyst team over at Gartner, they wrote a very insightful paper called you will be hacked embrace the breach. And the whole basis of this analysis is so much money's been spent on prevention is that what's out of balance is the amount of budget that companies have spent on cyber resilience and cyber resilience is based upon the premise that you will be hacked. You have to embrace that fact and be ready and prepared to bring yourself back into business. You know, and that's really where cyber resiliency is very, very different than cyber security and prevention, you know, and I think that balance of get your security disciplines well funded, get your defenses as good as you can get them but make sure that if the inevitable happens and you find yourself compromised that you have a great recovery plan and certainly a great recovery plan, it's really the basis of any good, solid data protection backup from recovery philosophy. >> So if I had to do a SWOT analysis, we don't have to do the WOT, but let's focus on the S. What would you say are Dell's strengths in this, you know, cyber security space as it relates to data protection? >> One is we've been doing it a long time. You know, we talk a lot about Dell's data protection being proven and modern. You know, certainly the experience that we've had over literally three decades of providing enterprise scale data protection solutions to our customers has really allowed us to have a lot of insight into what works and what doesn't. As I mentioned to you, one of the unique differentiators of our solution is the cyber recovery vaulting solution that we introduce a little over five years ago, five, six years. Power protect cyber recovery is something which has become a unique capability for customers to adopt on top of their investment in Dell Technologies data protection, you know, the unique elements of our solution already threefold, and we call them the three Is. It's isolation, it's a immutability and it's intelligence. And the, the isolation part is really so important because you need to reduce the attack surface of your good known copies of data. You know, you need to put it in a location that the bad actors can't get to it. And that really is the essence of a cyber recovery vault. Interestingly enough, you're starting to see the market throw out that word, you know, from many other places, but really it comes down to having a real discipline that you don't allow the security of your cyber recovery vault to be compromised insofar as allowing it to be controlled from outside of the vault, you know, allowing it to be controlled by your backup application. Our cyber recovery vaulting technology is independent of the backup infrastructure. It uses it, but it controls its own security. And that is so, so important. It's like having a vault that the only way to open it is from the inside, you know, and think about that. If you think about, you know, vaults in banks or vaults in your home, normally you have a key pad on the outside. Think of our cyber recovery vault as having its security controlled from inside of the vault. >> So nobody can get in, nothing can get in unless it's already in. And if it's already in, then it's trusted. >> Exactly, exactly. >> Yeah. So isolation's the key. And then you mentioned immutability is the second piece. >> Yeah, so immutability is also something which has been around for a long time. People talk about backup mutability or immutable backup copies. So I mutability is just the additional technology that allows the data that's inside of the vault to be unchangeable, you know, but again that immutability, you know, your mileage varies, you know, when you look across the different offers that are out there in the market especially in the backup industry. You made a very valid point earlier that the backup vendors in the market seem to be security washing their marketing messages. I mean, everybody is leaning into the ever present danger of cybersecurity, not a bad thing, but the reality is is that you have to have the technology to back it up, you know, quite literally >> Yeah, no pun intended. Right. Actually pun intended. Now what about the intelligence piece of it? That's that's AI, ML, where does that fit? >> For sure. So the intelligence piece is delivered by a solution called CyberSense. And CyberSense for us is what really gives you the confidence that what you have in your cyber recovery vault is a good clean copy of data. So it's looking at the backup copies that get driven into the cyber vault, and it's looking for anomalies. So it's not looking for signatures of malware. You know, that's what your antivirus software does. That's what your endpoint protection software does. That's on the prevention side of the equation. But what we're looking for is we're looking to ensure that the data that you need when all hell breaks loose is good and that when you get a request to restore and recover your business, you go, right, let's go and do it. And you don't have any concern that what you have in the vault has been compromised. So cyber sense is really a unique analytic solution in the market based upon the fact that it isn't looking at at cursory indicators of malware infection or ransomware introduction, it's doing full content analytics, you know, looking at, you know, has the data in any way changed, has it suddenly become encrypted? Has it suddenly become different to how it was in the previous scan? So that anomaly detection is very, very different. It's looking for, you know, like different characteristics that really are an indicator that something is going on. And, of course, if it sees it, you immediately get flagged. But the good news is is that you always have in the vault the previous copy of good known data which now becomes your restore point. >> So we're talking to Rob Emsley about how data protection fits into what Dell calls DTI, Dell Trusted Infrastructure. And I want to come back, Rob, to this notion of, and not or cause I think a lot of people are skeptical. Like how can I have great security and not introduce friction into my organization? Is that an automation play? How does Dell tackle that problem? >> I mean, I think a lot of it is across our infrastructure is is security has to be built in, I mean, intrinsic security within our servers, within our storage devices, within our elements of our backup infrastructure. I mean, security, multifactor authentication, you know, elements that make the overall infrastructure secure. You know, we have capabilities that, you know, allow us to identify whether or not configurations have changed. You know, we'll probably be talking about that a little bit more to you later in the segment, but the essence is security is not a Bolton. It has to be part of the overall infrastructure. And that's so true, certainly in the data protection space >> Give us the bottom line on how you see Dell's key differentiators. Maybe you could talk about Dell, of course, always talks about its portfolio, but why should customers, you know, lead in to Dell in this whole cyber resilience space? >> You know, staying on the data protection space as I mentioned, the work we've been doing to introduce this cyber resiliency solution for data protection is in our opinion, as good as it gets. You know, you've spoken to a number of our best customers whether it be Bob Bender from Founders Federal or more recently at (indistinct) you spoke to Tony Bryson from the Town of Gilbert. And these are customers that we've had for many years that have implemented cyber recovery vaults. And at the end of the day, they can now sleep at night. You know, that's really the peace of mind that they have is that the insurance that a data protection from Dell cyber recovery vault, a power protect cyber recovery solution gives them, you know, really allows them to, you know, just have the assurance that they don't have to pay a ransom. If they have an insider threat issue and, you know, all the way down to data deletion is they know that what's in the cyber recovery vault is good and ready for them to recover from. >> Great. Well, Rob, congratulations on the new scope of responsibility. I like how, you know, your organization is expanding as the threat surface is expanding. As we said, data protection becoming an adjacency to security, not security in and of itself. A key component of a comprehensive security strategy. Rob Emsley, thank you for coming back in theCUBE. Good to see you again. >> You too, Dave. Thanks. >> All right, in a moment, I'll be back to wrap up a blueprint for trusted infrastructure. You are watching theCUBE. (upbeat music)

>> Narrator: From the CUBE Studios in Palo Alto, in Boston. Connecting with thought leaders all around the world, this is a CUBE Conversation. >> Hi, everybody. Welcome to the special Cube Conversation. With COVID-19 hitting, organizations really had to focus on business resiliency, and we've got two great guests here to talk about that topic. Bob Bender's the chief technology officer at Founders Federal Credit Union. And he's joined by Jim Shook, who is the director of cybersecurity and compliance practice at Dell Technologies. Gentlemen, thanks for coming on the CUBE, great to see you. >> Thanks, Dave, great to see you, thank you. So, Bob, let's start with you, give us a little bit of background on Founders and your role. >> Founders Federal Credit Union is a financial institution that has about 225,000 members, serving them in 30 different locations, located in the Carolinas. I serve as chief technology officer bringing in the latest technology and cyber resilient direction for the company. >> Great. And Jim, talk about your role. Is this a new role that was precipitated by COVID or was this something that Dell has had for a while? Certainly relevant. >> It's actually been around for a while, Dave. The organization invested in this space going back about five years, I founded the cyber security and compliance practice. So really, my role is most of the time in the field with our customers, helping them to understand and solve their issues around the cyber resilience and cyber recovery field that we're talking about. But I also, to do that properly, spend a lot of time with organizations that are interested in that space. So it could be with an advisory partner, could be the FBI, might be a regulator, a particular group like Sheltered Harbor that we've worked with frequently. So it's just really, as you point out, taken off first with ransomware a couple of years ago, and then with the recent challenges from work from home in COVID. So we're really helping out a lot of our customers right now. >> Bob, I've talked privately to a number of CIOs and CSOs and many have said to me that when COVID hit that their business continuance was really much too (voice cuts out) Now, you guys actually started your journey way back in 2017. I wonder if you could take us back a few years and what were the trends that you were seeing that precipitated you to go on this journey? >> Well, I think we actually saw the malware, the horizon there. And I'll take you back a little further 'cause I just love that story is, when we looked at the relationship of Dell EMC, we talked to the 1% of the 1%, who is protecting their environment, their data capital, the new critical asset in our environment. And Dell EMC was the top of the line every time. When we looked at the environment and what it required, to put our assets under protection, again, we turned to Dell EMC and said, where do we need to go here? You look at this Mecklenburg County, you look at the city of Atlanta, you look at Boeing and I hate to use the examples, but some very large companies, some really experienced companies were susceptible to this malware attacks that we just knew ourself it was going to change us. So the horizon was moving fast and we had to as well. >> Well, you were in a highly regulated industry as well. How did that factor into the move? Well, you're exactly right. We had on our budget, our capital budget horizon, to do an air gap solution. We were looking at that. So the regulatory requirements were requiring that, the auditors were in every day talking about that. And we just kept framing that in what we were going to do in that environment. We wanted to make sure as we did this purpose built data bunker, that we looked at everything, talk to the experts, whether that was federal state regulation. You mentioned Sheltered Harbor, there's GDPR. All these things are changing how are we going to be able to sustain a forward look as we stand this environment up. And we also stood up a cyber security operations center. So we felt very confident in our Runbooks, in our incident response, that you would think that we would be ready to execute. I'll share with you that we reached out every which way and a friend called me and was actually in a live ransomware event and asked if I wanted to come on to their site to help them through that incident. We had some expertise on our staff that they did not possess at that time. So going into that environment, spending 30 hours of the last 72 hours of an attack we came back changed. We came back changed and went to our board and our executives and said, "We thought we knew what we were doing." But when you see the need to change from one to 10 servers recovery to 300 in 72 hours, we just realized that we had to change our plan. We turned to the investment we had already made and what we had looked at for some time, and said, "Dell EMC, we're ready to look at that "PowerProtect Cyber Recovery solution. "How can you stand this up very quickly?" >> So, Jim, Bob was saying that he looked at the 1% of the 1%, so these guys are early adopters, but anything you can add to that discussion in terms of what you saw precipitate the activity, let's go pre-COVID, certainly ransomware was part of that. Was that the big catalyst that you saw? >> It really was. So when we started the practice, it was following up on the Sony Pictures attack, which only hit Sony in that. But it was unique in that it was trying to destroy an organization as opposed to just steal their data. So we had financial industry really leading the way, the regulators in the financial industry saying, "Gosh, these attacks could happen here "and they would be devastating." So they led the way. And as our practice continued, 2016 became the year of ransomware and became more prevalent, with the attackers getting more sophisticated and being able to monetize their efforts more completely with things like cryptocurrencies. And so as we come around and start talking to Bob, he still was well ahead of the game. People were talking about these issues, starting to grow concerned, but didn't really understand what to do. And Dave, I know we'll get to this a little bit later, but even today, there's quite a bit of disconnect, many times between the business, understanding the risks of the business and then the technology, which really is the business now, but making those pieces fit together and understanding where you need to improve to secure against these risks is a difficult process. >> Well, I think I'd love to come back to Bob and try to understand how you pitch this to the board, if you will, how you made the business case. To Jim's point, the adversaries are highly capable. It's a lucrative business. I always talk to my kids about ROI numerator and denominator. If you can raise the denominator, that's going to lower the value. And that's the business that you're in is making it less attractive for the bad guys. But how did you present this to the board? Was it a board level discussion? >> It was, exactly. We brought Dell EMC PowerProtect Cyber Recovery solution to them and said, not only you're experiencing and seeing in the news daily, these attacks in our regions, but we have actually gone out into an environment and watch that attack play out. Not only that is when we stepped away, and we ran through some tabletops with them and we stepped away. And we said, "Are you okay? "Do you know how it got in? "Are you prepared to protect now and detect that again?" Within 30 days, they were hit again by the same ransomware attacks and hackers. So I hate to say this, but I probably fast forwarded on the business case and in the environment, the horizon around me, players, they made my case for me. So I really appreciated that top down approach. The board invested, the executive invested, they understood what was at risk. They understood that you don't have weeks to recover in the financial institution. You're dealing with hundreds of thousand transactions per second so it made my case. We had studied, we had talked to the experts. We knew what we wanted. We went to Dell EMC and said, "I have six months and here's my spend." And that's from equipment hitting our CoLOS and our data centers, standing it up, standing up the Runbooks and it's fully executed. And I wanted an environment that was not only holistic. We built it out to cover all of our data and that I could stand up the data center within that environment. I didn't need another backup solution. I needed a cyber recovery environment, a lifestyle change, if you would say. It's got to be different than your BCP/DR. While it inherits some of those relationships, we fund it with employees separately. We treated the incident response separately, and it is really benefited. And I think we've really grown. And we continue to stress that to educate ourselves not only at the board level, but a bottom up approach as well with the employees. 'cause they're a part of that human firewall as well. >> I think you've seen this where a lot of organizations, they do a checkbox on backup or as I was saying before, DR. But then in this world of digital, when a problem hits, it's like, "Oh-oh, we're not ready." So I wonder Jim, if we can get into this solution that Bob has been talking about the Dell EMC PowerProtect Cyber Recovery solution, there's a mouthful there. You got the power branding going on. What is that all about? Talk to us about the tech that's behind this. >> It's something that we've developed over time and really added to in our capability. So at its core, PowerProtect Cyber Recovery is going to protect your most critical data and applications so that if there is a cyber attack, a ransomware or destructive attack, they're safe from that attack. And you can take that data and recover the most important components of the business. And to do that, we do a number of things, Dave. The solution itself takes care of all these things. But number one is we isolate the data so that you can't get there from here. If you're a bad actor, even an insider, you can't get to the data because of how we've architected. And so we'll use that to update the critical applications and data. Then we'll lock that data down. People will use terms like immutability or retention lock. So we'll lock it down in that isolated environment, and then we'll analyze it. So it's one thing to be able to protect the data with the solution, it's another, to be able to say that what I have here in my data vault, in my air gapped isolated environment is clean. It's good data. And if there was an attack, I can use that to recover. And then of course over time, we've built out all the capabilities. We've made it easier to deploy, easier to manage. We have very sophisticated services for organizations that need them. And then we can do a much lighter touch for organizations that have a lot of their built in capabilities. At its core, it's a recover capability so that if there was an attack that was unfortunately successful, you don't lose your business. You're not at the mercy of the criminals to pay the ransom. You have this data and you can recover it. >> So Bob, talk to us about your objectives going into this. It's more than a project. It really is a transformation of your resiliency infrastructure, I'll call it. What were your objectives going in? A lot of companies are reacting, and it's like, you don't have time to really think. So what are the objectives? How long did it take? Paint a picture of the project and what it looked like, some of the high level milestones that you were able to achieve. >> Well, I think several times Dell EMC was able to talk us off the edge, where it really got complicated. The Foundation Services is just one of your more difficult conversations, one of the top three, definitely, patch management, notification, and how you're going to rehydrate that data, keeping that window very small to reduce that risk almost completely as you move. I think other area this apply is that we really wanted to understand our data. And I think we're on a road to achieving that. It was important that if we were going to put it into the vault, it had a purpose. And if we weren't going to put it in a vault, let's see why would we choose to do that? Why would we have this data? Why would we have this laying around? Because that's a story of our members, 225 stories. So their ability to move into financial security, that story is now ours to protect. Not only do we want to serve you in the services and the industry and make sure you achieve what you're trying to, but now we have that story about you that we have to protect just as passionately. And we had that. I think that was two of the biggest things. I think the third is that we wanted to make sure we could be successful moving forward. And I'll share with you that in the history of the credit union, we achieved one of the biggest projects here, in the last two years. That umbrella of the Cyber Recovery solution protection was immediate. We plugged in a significant project of our data capital and it's automatically covered. So I take that out of the vendor of responsibility, which is very difficult to validate, to hold accountable sometimes. And it comes back under our control into this purpose built data security and cyber resilient, business strategy. That's a business strategy for us is to maintain that presence. So everything new, we feel that we're sized, there's not going to be a rip and replace, a huge architectural change because we did have this as an objective at the very beginning. >> Tim, when you go into a project like this, what do you tell customers in terms of things that they really should be focused on to have a successful outcome? >> I'm going to say first that not everybody has a Bob Bender. So we have a lot of these conversations where we have to really start from the beginning and work through it with our customers. If you approach this the right way, it's really about the business. So what are the key processes for your business? It can be different from a bank than from a hospital than from a school point. So what are the key things that you do? And then what's the tech that supports that and underlies those processes? That's what we want to get into the vault. So we'll have those conversations early on. I think we have to help a lot of organizations through the risks too. So understand the risk landscape, why doing one or two little things aren't really going to protect you from the full spectrum of attackers. And then the third piece really is, where do we start? How do we get moving on this process? How do we get victory so that the board can understand and the business can understand, and we can continue to progress along the way? So it's always a bit of a journey, but getting that first step and getting some understanding there on the threat landscape, along with why we're doing this is very important. >> So, Bob, what about any speed bumps that you encountered? What were some of those? No project is ever perfect. What'd you run into? How'd you deal with it? >> Well, I would say the Foundation Services were major part of our time. So it really helped for Dell EMC to come and explain to us and look at that perimeter and how our data is brought into that and size that for us and make sure it's sustainable. So that is definitely, could be a speed bump that we had to overcome. But today, because of those lifts, those efforts invested the Runbooks, the increase in new products, new data as our business organically grows is a non-event. It's very plug and play and that's what we wanted from the start. Again, you go back to that conversation at 1% of the 1%, it's saying, who protects you? We followed that. We stayed with the partner we trusted, the horizon holistically has come back and paid for itself again and again. So speed bumps, we're just enjoying that we were early adapters. I don't want to throw anybody out there, but you look about two weeks ago, there was a major announcement about an attack that was successful. They got them with ransomware and the company paid the ransom. But it wasn't for the ransomware, it was for the data they stole so that they would delete it. That's again, why we wanted this environment is we needed time to react in the case that these malwares are growing much faster than we're capable of understanding how they're attacking. Now it's one, two punch, where's it going to be? Where is it going to end? We're not going to likely be patient zero, but we're also not going to have to be up at night worrying that there's a new strain out there. We have a little time now that we have this secure environment that we know has that air gap solution that was built with the regulatory consideration, with the legal considerations, with the data capital, with the review of malware and such. You can go back in time and say, "Scan to see if I have a problem. So again, the partnership is while we focus on our business, they're focusing on the strategy for the future. And that's what we need. We can't be in both places at once. >> How long did the project take from the point of which you agreed, signed the contract to where you felt like you were getting value out of the solution? >> Six months. >> Really? >> We were adamant. I'd put it off for a year and a half, that's two budget cycles basically is what it felt. And then I had to come back and ask for that money back because we felt so passionate that our data, our critical data didn't need to be at that risk any longer. So it was a very tight timeline. And again, product on prem within six months. And it was a lot of things going on there. So I just wasn't idle during that time. I was having a conversation with Dell EMC about our relationship and our contracts. Let's build that cyber resilience into the contract. Now we've got this, PowerProtect Cyber Recovery environment, let's build it here where you also agree to bring on extra hardware or product if I need that. Let's talk about me being on a technology advisory panel So I can tell you where the pricing of the regulations are going, so you can start to build that in. Let's talk about the executive board reporting of your products and how that can enable us. We're not just talking about cyber and protecting your data. We're talking about back then 60% of your keep the lights on IT person will spend with auditors, talking about how we were failing. This product helped us get ahead of that to now where we're data analytic. We're just analysts that can come back to the business table and say, "We can stand that up very quickly." Not only because of the hardware and the platform solution we have, but it is now covered with a cyber resilience of the the cyber security recovery platform. >> I want to ask you about analytics. Do you feel as though you've been able to go from what is generally viewed as a reactive mode into something that is more anticipatory or proactive using analytics? >> Well, I definitely do. We pull analytics daily and sometimes hourly to make sure we're achieving our KPIs. And looking at the KRIs, we do risk assessments from the industry to make sure if our controls layer of defenses are there, that they will still work what we stood up three years ago. So I definitely think we've gone from an ad hoc rip and replace approach to transformation into a more of a threat hunting type of approach. So our cyber security operation center, for us, is very advanced and is always looking for opportunities not only to improve, to do self-assessments, but we're very active. We're monetizing that with a CUSO arm of the credit union to go out and help others where we're successful, others that may not have that staff. It's very rewarding for us. And I hate to say it sometimes it's at their expense of being in-evolved in the event of a ransomware attack or a malware event. We learned so much the gaps we have, that we could take this back, create Runbooks and make the industry stronger against these types of attacks. >> Well, so Jim, you said earlier, not every company has a Bob Bender. How common is it that you're able to see customers go from that reactive mode into one that is proactive? Is that rare or is it increasingly common? It can't be a 100%, but what are you seeing as trends? >> It's more common now. You think of, again, back to Bob, that's three plus years ago, and he's been a tireless supporter and tireless worker in his industry and in his community, in the cyber area. And efforts like those of Bob's have helped so many other organizations I think, understand the risks and take further action. I think too, Bob talks about some of the challenges with getting started in that three year timeframe, PowerProtect Cyber Recovery has become more productized, our practice is more mature. We have more people, more help. We're still doing things out there that nobody else is touching. And so we've made it easier for organizations that have an interest in this area, to deploy and deploy quickly and to get quick value from their projects. So I think between that some of the ease of use, and then also there's more understanding, I think, of what the bad actors can do and those threats. This isn't about somebody maybe having an outage for a couple of hours. This is about the very existence of a business being threatened. That if you're attacked, you might not come back from it. And there've been some significant example that you might lose hundreds of millions of dollars. So as that awareness has grown, more and more people have come on board and been able to leverage learnings from people like Bob who started much earlier. >> Well, I can see the CFO saying, "Okay, I get it. "I have no choice where we're going to be attacked. "We know that, I got to buy the insurance. You got me." But I can see the CFO saying, "Is there any way we can "get additional value out of this? "Can we use it to improve our processes and cut our costs? "Can we monetize this in some way?" Bob, what's the reality there? Are you able to find other sources of value beyond just an insurance policy? >> Definitely, Dave you're exactly right. We're able to go out there and take these Runbooks and really start to educate what cyber resilience means and what air gap means, what are you required to do, and then what is your responsibility to do it. When you take these exercises that are offered and you go through them, and then you change that perspective and go through a live event with other folks that see that after 60 hours of folks being up straight, it really changes your view to understand that there's no finish line here. We're always going to be trying to improve the product and why not pick somebody that you're comfortable with and you trust. And I think that's the biggest win we have from this is that was a Dell EMC partnership with us. It is very comfortable fit. We moved from backup and recovery into cyber resilience and cybersecurity as a business strategy with that partner, with our partner Dell, and it hasn't failed us. It's a very comforting. We're talking about quality of life for the employee. You hear that, keep the lights on. And they've really turned into professionals to really understand what security means differently today and what that quality of data is. Reports, aren't just reports, they're data capital. The new currency today of the value we bring. So how are we going to use that? How are we going to monetize that? It's changing. And then I hate to jump ahead, but we had our perimeters at 1% of our workforce remote and all of a sudden COVID-19 takes on a different challenge. We thought we were doing really good and next, we had to move 50% of our employees out in five days. And because of that Dell EMC, holistic approach, we were protected every step of the way. We didn't lose any time saying, we bought the wrong control, the wrong hardware, the wrong software. It was a very comfortable approach. The Runbooks held us, our security posture stayed solid. It's been a very rewarding. >> Well, Bob, that was my next question, actually is because you've started the journey. >> Sorry. >> No, no, it's okay. Because you started the journey early, were you able to respond to COVID in a more fast sell manner? it sounds like you just went right in. But there's nuance there, because you've got now 50% or more of the workforce working at home, you got endpoint security to worry about. You got identity access management, and it sounds like you were, "No problem. "We've got this covered." Am I getting that right? >> You're exactly right, Dave. We test our endpoints daily. We make sure that we understand what residue of data is where. And when we saw that employee shift to a safe environment, our most consideration at that time, we felt very comfortable that the controls we had in place, again, Dell and their business partners who we are going to hold true and be solid. And we test those metrics daily. I get reports back telling me, what's missing in patch management, what's missing in a backup. I'll go back to keeping BCP and cyber security separate. In the vault, we take approach of recovery and systems daily. And now that goes from maybe a 2% testing rate almost to 100% annually. So again, to your point, COVID was a real setback. We just executed the same Runbooks we had been maturing all along. So it was very comfortable for employees and it was very comfortable for our IT structure. We did not feel any service delays or outages because of that. In a day, when you have to produce that data, secure that data, every minute of every day of every year, it's very comforting to know it's going to happen. You don't push that button and nothing happens. It's executed as planned. >> Jim, did you see a huge spike in demand for your services as a result of COVID and how did you handle it? You guys got a zillion customers, how did you respond and make sure that you were taking care of everybody? >> We really did see a big spike, Dave. I think there were a couple of things going on. As Bob points out, the security posture changes very quickly when you're sending people to work from home or people remotely, you've expanded or obliterated your parameter, you're not ready for it. And so security becomes even more important and more top of mind. So with PowerProtect Cyber Recovery, we can go in and we can protect those most critical applications. So organizations are really looking at their full security posture. What can we do better to detect and protect against these threats? And that's really important. For us, we're focusing on what happens when those fail? And with that extension and people going home, and then the threat actors getting even more active, the possibilities of those failures become more possible and the risks are just in front of everybody. So I think it was a combination of all of those things. Many, many customers came to us very quickly and said, "Tell us more about what you're doing here. "How does it fit into our infrastructure? "What does it protect us against? "How quickly can we deploy?" And so there has been a huge uptake in interest. And we're fortunate in that, as you pointed out early on, Dave, we invested early here. I'm five years into the practice. We've got a lot of people, very mature, very sophisticated in this area, a lot of passion among our team. And we can go take care of all those customers. >> Bob, if you had a mulligan, thinking about this project, what would you do differently if you had a chance to do it over? >> I think I would start earlier. I think that was probably the biggest thing I regret in that realizing you need to understand that you may not have the time you think you do. And luckily, we came to our senses, we executed and I got to say it was with common sense, comfortable products that we already understood. We didn't have to learn a whole new game plan. I don't worry about that. I don't worry about the sizing of the product 'cause we did it, I feel correctly going in and it fits us as we move forward. And we're growing at an increased rate that we may not expect. It's plug and play. Again, I would just say, stay involved, get involved, know that what we know today about malware and these attacks are only going to get more complicated. And that's where I need to spend my time, my group become experts there. Why I really cherish the Dell EMC relationship is from the very beginning, they've always been very passionate on delivering products that recover and protect and now are cyber resilient. I don't have to challenge that, you pay for what you get for. And I just got to say, I don't think there's much other than I would have started earlier. So start today, don't put it off. >> So you said earlier though, you're never done, you never are, in this industry. So what's your roadmap look like? Where do you want to go from here with this capability? >> I definitely want to keep educating my staff, keep training them, keep working with Dell. Again, I tell you they're such forward thinking as a company. They saved me that investment. So if you're looking at part of the investment, it's got to be, are you with a partner that's forward thinking? So we definitely want to mature this, challenge it, keep challenging, keep working with Dell and their products to deliver more. Again, we go to the federal and state regulatory requirements. You go to the Sheltered Harbor, the ACET testing from the NCUA regulators, just software asset management. You can keep on going down the line. This product, I hate to say it, it's like the iPhone. You think about how many products the iPhone has now made not relevant. I don't even own a flashlight, I don't think. This is what the Dell product line brings to me is that I can trust they're going to keep me relevant so I can stay at the business table and design products that help our members today. >> Jim, how about from Dell's perspective, the roadmap, without giving away any confidential information, where do you want to take this? We talk about air gaps. I remember watching that documentary Zero Days and hearing them say, "We got through an air gap. "No problem." So analytics obviously plays a role in this machine intelligence, machine learning, AI. Where does Dell want to take this capability? Where do you see that going? >> We've got some things in mind and then we're always going to listen to our customers and see where the regulations are going to. And thus far, we've been ahead of those with the help of people like Bob. I think where we have a huge advantage, Dave is with PowerProtect Cyber Recovery. It's a product. So we've got people who are dedicated to this full time. We have a maturity in the organization, in the field to deliver it and to service it. And having something as a product like that really enables us to have roadmaps and support and things that customers need to really make this effective for them. So as we look out on the product, and thanks for your reminder, I don't want to risk saying anything here I'm going to get in trouble for. We look at things in three paths. One is we want to increase the ability for our customers to consume the product. So they want it in different forms. They might want it in appliances, in the Cloud, virtual, all of those things are things that we've developed and continue to develop. They want more capabilities. So they want the product to do more things. They want it to be more secure, and keeping up. As you mentioned, machine learning with the analytics is a big key for us. Even more mundane things like operational information makes it easier to keep the vault secure and understand what's going on there without having to get into it all the time. So those are really valuable. And then our third point, really, we can't do everything. And so we have great partners, whether they're doing delivery, offering cyber recovery as a service or providing secure capabilities, like our relationship with Unisys. They have a stealth product that is a zero knowledge, zero trust product that helps us to secure some of the connections to the vault. We'll keep iterating on all of those things and being innovative in this space, working with the regulators, doing things. Bob's mentioned a couple of times, Sheltered Harbor. We've been working with them for two years to have our product endorsed to their specification. Something that nobody else is even touching. So we'll continue along all those paths, but really following our customer's lead in addition to maybe going some places that they haven't thought about before. >> It's great guys. I have to fear that when you talk to SecOps pros, you ask them what their biggest challenge is, and they'll say lack of talent, lack of skills. And so this is a great example, Jim, you're mentioning it, you've productized this. This is a great example of a technology company translating, IT labor costs into R&D. And removing those so customers can spend time running their business. Bob and Jim, thanks so much for coming on the CUBE. Great story. Really appreciate your time. >> Thank you, Dave. >> Thank you, Dave. >> Thanks, Bob. >> All right. And thank you everybody for watching. This is Dave Vellante for the CUBE. We'll see you next time. (instrumental music)

>> From the SiliconANGLE media office in Boston Massachusetts, it's theCUBE. Now here's your host, Dave Vellante. >> Hi everbody, this is Dave Vellante, and welcome to this special Cube conversation on a very important topic, cyber security and cyber resiliency. With me today is Stefan Voss who's the Senior Director of Product Management for Data Protection Software and Cyber Security and Compliance at Dell EMC. Stefan, thanks for coming on and helping us understand this very important topic ahead of RSA World. >> My pleasure, thanks Dave for having me. >> You're welcome, so let's talk about the environment today. We have, for years, seen back-up evolve into data protection, obviously disaster recovery is there, certainly long term retention. But increasingly, cyber resilience is part of the conversation. What are you seeing from customers? >> Yeah, definitely, we're seeing that evolution as well. It's definitely a changing market and what a perfect fit. We have to worry about right of breach, What happens when I get attacked? How can I recover? And the technologies we have, that we have for business resiliency back-up, they all apply, they all apply more than ever. But sometimes they have to be architected in a different way. So folks are very sensitive to that and they realize that they have great technologies. >> I'm glad you mentioned the focus on recovery because we have a lot of conversations on theCUBE about the CIO and how he, or she, should be communicating to the board, or the CSO, how they should be communicating to the board. That conversation has changed quite dramatically over the last 10 years. Cyber is a board-level issue. When you talk to, certainly large companies, every quarter they're talking about cyber. And not just in terms of what they're doing to keep the bad guys out but really what the processes are to respond, what the right regime is - you know, cyber security is obviously a team sport, it's not just the responsibility of the CSO or the SECOPS team, or the IT team, everybody has to be involved and be aware of it. Are you seeing that awareness at board levels within your customer base, and maybe even at smaller companies? >> 100%, I think the company size almost doesn't matter. Everybody can lose their business fairly quickly and there's one thing that NotPetya, that very bad, sort of, attack told us is that it can be very devastating. And so if we don't have a process and if we don't treat it as a team sport, we'll be uncoordinated. So, first of all, we learned that recovery is real and we need to have a recovery strategy. Doesn't mean we don't do detection, so the NIS continuum applies, but the CSOs are much more interested in the actual data recovery than they ever were before which is very interesting. And then, you know, you learn that the process is as important as the technology. So, in other words, Bob Bender - a fabulous quote from Founders Federal - you know, the notion of sweating before the game, being prepared, having a notion of a cyber recovery run book. Because the nature of the disasters are changing so, therefore, we have to think about using the same technologies in a different way. >> And I said at the open that things are shifting from just a pure back-up and recovery spectrum to much broader. The ROI is changing, people are trying to get more out of their data protection infrastructure than just insurance and, certainly, risk management and cyber resiliency and response is part of that. How is the ROI equation changing? >> Yeah, I mean, it's a very valid question. You know, we do have, people are asking for the ROI. We have to take a risk-based approach, we are mitigating risk. It's never fun to have any data protection or business resilience topology, 'cause it's incremental cost, but we do that for a reason. We need to be able to have an operational recovery strategy, a recovery strategy from a geographic disaster and, of course, now more so than ever a recovery strategy from a cyber attack. And so, therefore, we have to think about, you know, not so much the ROI but what is my risk reduction, right? By having, sort of, that process in place but also the confidence that I can get to the data that I need to recover. >> Now we're gonna get into that a little bit later when we talk about the business impact analysis. But I wanna talk about data isolation. Obviously ransomware is a hot topic today and this notion of creating an air gap. What is data isolation from your perspective? What are customers doing there? >> Yeah, I mean, I think almost every customer has a variant of data isolation. It's clear that it works, we've seen this from the NotPetya attack again that where we were, large logistics company, right, found data the domain controller on a system that underwent maintenance in Nigeria. So a system that was offline, but we don't wanna operate that way. So we wanna get the principles of isolation because we know it kind of reduces the attack surface, right, from the internal actor, from ransomware variants, you name it. All of these are, when you have stuff on the network it's theoretically fair game for the attacker. >> So that Nigeria example was basically by luck there was a system offline under maintenance that happened to be isolated? And so they were able to recover from that system? >> Absolutely. And another example was, of course, critical data that domain controller, 'cause that's what this attack happened to go after, was on tape. And so, you know, this just shows and proves that isolation works. The challenge we were running into with every customer we work with was the recovery time. Especially when you have to do selective recovery more often, you know, we wanna be able to get the benefits of online media. But also get, sort of, the benefits of isolation. >> Yeah, I mean, you don't wanna recover from tape. Tape is there as a last resort and hopefully you never have to go to it. How are customers, sort of, adopting this data isolation strategy and policy? Who's involved, what are some of the pre-requisites that they need to think about? >> Yeah, so the good thing - first thing's first, right. We have technology we know and love, so our data protection appliances where we started architecting this workflow, that we can use. So, in other words, you don't have to learn a new technology, buy something else. There's an incremental investment, yes. And then we have to think about who's involved. So that earlier point, the security folks are almost always involved, and they should be involved. Sometimes they fund the project, sometimes it comes out of IT. Right, so, this is the collaborative effort and then to the extent it's necessary, of course, you wanna have GRC - so the risk people - involved to make sure that we really focus on the most important critical assets. >> Now ahead of RSA, let's talk a little bit about what's going on in that world. There are security frameworks, Nist in particular is one, that's relatively new, I mean it's 2014 it came out, it's been revised really focusing on prevent, detect and, very importantly, respond. Something we've talked about a lot. Are people using that framework? Are they doing the self-assessments that Nist prescribes? What's your take? >> Yeah, I think they are. So, first of all, they are realizing that leaning too much left of breach, in other words hoping that we can always catch everything, sort of the eggshell perimeter, everybody understands that that's not enough. So we have to go in-depth and we also have to have a recovery strategy. And so the way I always like to break it down pragmatically is - one, what do I prioritize on? So we can always spend money on everything, but doing a business impact analysis and then maybe governing that in a tool like RSA Archer can help me be a little bit more strategic. And then, on the other end, if I can do a better job co-ordinating the data recovery along with the incident response, that will go a long way. You know and, of course, that doesn't forego any investment in the detection but it is widely adopted. >> One of the key parts about the NIS framework is understanding exposure in the supply chain where you may not have total control over one of your suppliers' policies, but yet they're embedded into your workflow. How are people handling that? Is there a high degree of awareness there? What are you seeing? >> It is absolutely, that's why product security is such an important element, and it's the number one priority for Dell Security, even above and beyond the internal security of our data center, as crazy as it sounds. Because, you know, we can do a lot of damage right in the market. So, certainly, supply chain, making sure we have robust products all along the way is something that every customer asks about all the time and it's very important. >> Let's go back to business impact analysis, we've mentioned it a couple of times now. What is a business impact analysis and how do you guys go about helping your customers conduct one? >> Yeah, I mean, let's maybe keep it to that example, let's say I go through this analysis and I find that I'm a little bit fuzzy on the recovery and that's an area I wanna invest. You know, and then I buy off on the concept that I have an isolated or cyber recovery vault on an isolated enclave onto which I can then copy data and make sure that I can get to it when I have to recover. The question then becomes, well what does business critical mean? And that's where the business impact analysis will help to say what is your business critical process - number one, number two - what are the associated applications, assets? 'Cause when you have that dependency map it makes it a lot easier to start prioritizing what applications do I put in the vault, in other words. In this specific example. And then how can I put it into financial terms to justify the investment? >> Well we were talking about ROI before, I mean really we've done actually quite a few studies looking at Global 2000 and the cost of downtime. I mean, these are real tangible metrics that, if you can reduce the amount of downtime or you can reduce the security threat, you're talking about putting money back in your pocket. Because Global 2000 organizations are losing millions and millions of dollars every year, so it is actually hard ROI. Even though some people might look at it as softer. I wanna talk about isolated data vault, you know, this notion of air gaps. What are you guys specifically doing there? Do you have solutions in that area? >> Yeah, we do. So we are using, luckily, so the concepts that we know from resiliency disaster recovery. Right, so our data protection storage which is very robust, it's very secure, it has very secure replication. So we have the mechanisms to get data into the vault, we have the mechanisms to create a read-only copy, so an immutable copy, that I can then go back into. So all of this is there, right, but the problem is how do I automate that workflow? So that's a software that we wrote that goes along with the data protection appliance sale. And what it does, it's all about ingesting that business critical data that I talked about into the secure enclave, and then rendering it into an immutable copy that I can get to when I have nowhere else to go. >> Okay, so you've got that gap, that air gap. Now, the bad guys will say 'Hey, I can get through an air gap, I can dress somebody up as a worker and put a stick in'. And so, how much awareness is there of that exposure? And I know it's maybe, you know, we're hitting the tip of the pyramid here, but still important. Can you guys help address that through, whether it's processes or product or experience? >> 100% so we have, of course, our consulting services that will then work with you on elements of physical security, or how do I lock down that remaining replication link? It's just about raising the bar for the attacker to make it more likely we'll catch them before they can get to, really, the prized assets. We're just raising the bar but, yes, those are things we do. So consulting, physical security, how do I do secure reporting out? How do I secure management going in? How do I secure that replication or synchronization link into the vault? All of these are topics that we then discuss, if they kind of deviate from the best practices and we have very good answers through our many customer arrangements. >> Stefan, let's talk about some of the specific offerings. RSA is a portfolio company in the Dell Technologies Group, it's a sister company of Dell EMC. What are you guys doing with RSA? Are you integrating with any of their specific products? Maybe you could talk about that a little bit? >> Yeah, I think, so when you think about recovery and incident response being so important, there's an obvious, right? So what RSA has found - I thought this was very interesting is that there's a lack of coordination between, typically, the security teams and the data professionals, data restoration professionals. So the more we can bridge that gap through technology, reporting, the better it is, right? So, there's a logical affinity between an incident response retainer, activity, and the data recovery solutions that we provide. That's one example, right? So every day counts, that example that I talked about NotPetya, the specific customer was losing 25 Euros every day. If I can shave off one day, it's money in the bank. Or money not out of the bank. The other area is, how do I make sure that I'm strategic about what data I protect in this way? That's the BIA Archer. And then there's some integrations we are looking at from an analytics perspective. >> Archer being the sort of governance risk and compliance, workflow, that's sort of one of the flagship products of RSA. So you integrate to that framework. And what about analytics, things like IOC, RSA NetWitness, are those products that you're integrating to or with, or leveraging in any way? >> Yeah, first off, analytics in general it's an interesting concept now we have data inside our secure enclave, right? So what if we could actually go in and give more confidence to the actual copies that we're storing there. So we have an ecosystem from an analytics perspective. We work with one specific company, we have Arrest API-based integration where we then, essentially, use them to do a vote of confidence on the copy, of the raw back up. Is it good? Are there signs that it was corrupted by malware? and so forth. So what that helps us do is be more proactive around our recovery because, I think you're about to say something - but if I knew there's something, you know, suspicious then I can start my analytics activity that much sooner. >> Well the lightbulb went off in my head. Because if I have an air gap, and I was saying before, it's necessary but insufficient. If I can run analytics on the corpus of the back up data and I can identify anomalies, I might be able to end run somebody trying to get through that air gap that I just mentioned before. Maybe it's a physical, you know, security breach. And the analytics might inform me. Is that a reasonable scenario? >> It is a reasonable scenario, though we do something slightly different. So, first of all, detection mechanisms, left of breach stuff, is what it is, we love it, we sell it, you know, we use it. But, you know, when it comes to back up they're not off-the-shelf tools we can just use and say 'Hey, why don't you scan this back up?' It doesn't typically work. So what we do is, in the vault, we have time, we have a workbench so it's almost like sending a specimen to the lab. And then we take a look at it. Are there any signs that there was data corruption that was indicative of a ransomware attack? And when there is such a scenario we say, 'You might wanna take a look at it, and do some further investigation'. That's when we then look at NetWitness or working with the security teams. But we can now be of service and say 'You might wanna look at this copy over here'. It's suspicious, there's an indicative compromise. And then take the next steps other than hoping for the best. >> You mentioned the ecosystem, you mentioned the ecosystem before. I wanna double-click on that. So, talk about the ecosystem. We've said here it's a team sport, you can't just do it alone. From a platform perspective is it open, is it API based? Maybe you can give some examples of how you're working with the ecosystem and how they're leveraging the platform. >> Yeah 100%. So, like I said, so we have, you know, our data protection appliances and that's sort of our plumbing, right, to get the data to where I want. We have the orchestration software. This is the part we're talking about. The orchestration software has Arrest API, everything's documented in Swagger. And the reason we did that is that we can do these orchestrations with third party analytics vendors, that's one use case right? So, I'm here, I have a copy here, please scan, tell me what you find and then give me an alert if you find something. The other example would be, maybe, doing a level of resiliency orchestration. Where you'd automate the recovery workflow beyond what we would have to offer. There are many examples but that is how we are enabling the ecosystem, essentially. >> You mentioned Founders Federal earlier. Is that a customer, is that a reference customer? What can you tell me about them? >> Yeah it's a reference customer and they very much saw the need for this type of protection. And, you know, we've been working with them. There's a Dell World, last year, session that we did with them. And very much the same sort of, like the quote said, focus on the process not only the product and the set of technologies, right? And, so that's how we've been partnering with them. >> The quote being 'Sweat before the game'? Founders Federal, that's a great quote. Alright, we've talked a lot about just, sort of, general terms about cyber recovery. What can you tell us, tell the audience, what makes Dell EMC cyber recovery different in the marketplace and, you know, relative to your competition? Pitch me. >> Yeah, I mean, I think it's a very unique capability. Because, one, you need a large install base and, sort of, a proven platform to even built it on, right? So when you look at the data domain technology we have a lot to work with. We have a lot of customers using it. So that's very hard to mimic. We have the orchestration software where we, I believe, are ahead of the game, right? So the orchestration software that I talked about that gets the data into the vault securely. And then our ecosystem, right? So those are really the three things. And then, of course, we have the consulting services which is also hard to mimic. To really, you know, design the process around this whole thing. But I think the ecosystem, sort of, approach is also very powerful. >> You have a big portfolio, you've got your sister company that's, sort of, well known obviously in this business. Do you also have solutions? I mean, for instance, is there an appliance as part of the portfolio that fits in here? And what is that? >> Yeah, so, you can think of this as, if I wanted to really blow it down, the two things I would buy is a data domain - it could be the smallest one - and a VxRail appliance that runs the software. And then I stick that in the vault. And then there's, sort of, that product. So you can think of it as an appliance that happens to go with the software that I talked about that does the orchestration. >> Okay, so, RSA the premier conference on cyber coming up in a couple of weeks. What have you guys got going there? Give us a little tease. >> Yeah, absolutely. So it's gonna be an awesome show and we will have a booth, and so we look forward to a lot of customer conversations. And we do have a panel. It's gonna be with Mastercard and RSA and myself. And we're really gonna take it from left of breach all the way to right of breach. >> Awesome, do you know when that panel is yet? >> It is, I think, on the 5th, I may have to check. >> Which is which day? >> I wanna say it's Wednesday. >> So it starts on the Monday, right? So that'll be day three. So check the conference schedule, I mean things change at the last minute. But that's great. Mastercard is an awesome reference customer. We've worked with them in the past and so, that's great. Stefan, thanks very much for coming to theCUBE and sharing some of your perspectives and what's coming up at RSA. It's good to have you. >> Thanks so much, Dave, I appreciate it. >> Okay, thanks for watching everybody. This is Dave Vellante from our East Cost headquarters. You're watching theCUBE.