>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back everyone. We're so glad that you're still with us. It's the Cube Live at the MGM Grand. This is our second day of coverage of Palo Alto Networks Ignite. This is takeaways from Ignite 22. Lisa Martin here with two really smart guys, Dave Valante. Dave, we're joined by one of our cube alumni, a friend, a friend of the, we say friend of the Cube. >>Yeah, otc. A friend of the Cube >>Karala joined us. Guys, it's great to have you here. It's been an exciting show. A lot of cybersecurity is one of my favorite topics to talk about. But I'd love to get some of the big takeaways from both of you. Dave, we'll start with you. >>A breathing room from two weeks ago. Yeah, that was, that was really pleasant. You know, I mean, I know was, yes, you sat in the analyst program, interested in what your takeaways were from there. But, you know, coming into this, we wrote a piece, Palo Alto's Gold Standard, what they need to do to, to keep that, that status. And we hear it a lot about consolidation. That's their big theme now, which is timely, right? Cause people wanna save money, they wanna do more with less. But I'm really interested in hearing zeus's thoughts on how that's playing in the market. How customers, how easy is it to just say, oh, hey, I'm gonna consolidate. I wanna get into that a little bit with you, how well the strategy's working. We're gonna get into some of the m and a activity and really bring your perspectives to the table. Well, >>It's, it's not easy. I mean, people have been calling for the consolidation of security for decades, and it's, it's, they're the first company that's actually made it happen. Right? And, and I think this is what we're seeing here is the culmination of this long term strategy, this company trying to build more of a platform. And they, you know, they, they came out as a firewall vendor. And I think it's safe to say they're more than firewall today. That's only about two thirds of their revenue now. So down from 80% a few years ago. And when I think of what Palo Alto has become, they're really a data company. Now, if you look at, you know, unit 42 in Cortex, the, the, the Cortex Data Lake, they've done an excellent job of taking telemetry from their products and from the acquisitions they have, right? And bringing that together into one big data lake. >>And then they're able to use that to, to do faster threat notification, forensics, things like that. And so I think the old model of security of create signatures for known threats, it's safe to say it never really worked and it wasn't ever gonna work. You had too many day zero exploits and things. The only way to fight security today is with a AI and ML based analytics. And they have, they're the gold standard. I think the one thing about your post that I would add the gold standard from a data standpoint, and that's given them this competitive advantage to go out and become a platform for a security. Which, like I said, the people have tried to do that for years. And the first one that's actually done it, well, >>We've heard this from some of the startups, like Lacework will say, oh, we treat security as a data problem. Of course there's a startup, Palo Alto's got, you know, whatever, 10, 15 years of, of, of history. But one of the things I wanted to explore with you coming into this was the notion of can you be best of breed and develop a suite? And we, we've been hearing a consistent answer to that question, which is, and, and do you need to, and the answer is, well, best of breed in security requires that full spectrum, that full view. So here's my question to you. So, okay, let's take Esty win relatively new for these guys, right? Yeah. Okay. And >>And one of the few products are not top two, top three in, right? Exactly. >>Yeah. So that's why I want to take that. Yeah. Because in bakeoffs, they're gonna lose on a head-to-head best of breed. And so the customer's gonna say, Hey, you know, I love your, your consolidation play, your esty win's. Just, okay, how about a little discount on that? And you know, these guys are premium priced. Yes. So, you know, are they in essentially through their pricing strategies, sort of creating that stuff, fighting that, is that friction for them where they've got, you know, the customer says, all right, well forget it, we're gonna go stove pipe with the SD WAN will consolidate some of the stuff. Are you seeing that? >>Yeah, I, I, I still think the sales model is that way. And I think that's something they need to work on changing. If they get into a situation where they have to get down into a feature battle of my SD WAN versus your SD wan, my firewall versus your firewall, frankly they've already lost, you know, because their value prop is the suite and, and is the platform. And I was talking to the CISO here that told me, he realizes now that you don't need best of breed everywhere to have best in class threat protection. In fact, best of breed everywhere leads to suboptimal threat protection. Cuz you have all these data data sets that are in silos, right? And so from a data scientist standpoint, right, there's the good data leads to good insights. Well, partial data leads to fragmented insights and that's, that's what the best, best of breed approach gives you. And so I was talking with Palo about this, can they have this vision of being best of breed and platform? I don't really think you can maintain best of breed everywhere across this portfolio this big, but you don't need to. >>That was my second point of my >>Question. That's the point. >>Yeah. And so, cuz cuz because you know, we've talked about this, that that sweets always win in the long run, >>Sweets >>Win. Yeah. But here's the thing, I, I wonder to your your point about, you know, the customer, you know, understanding that that that, that this resonates with them. I, my guess is a lot of customers, you know, at that mid-level and the fat middle are like still sort of wed, you know, hugging that, that tool. So there's, there's work to be done here, but I think they, they, they got it right Because if they devolve, to your point, if they devolve down to that speeds and feeds, eh, what's the point of that? Where's their valuable? >>You do not wanna get into a knife fight. And I, and I, and I think for them the, a big challenge now is convincing customers that the suite, the suite approach does work. And they have to be able to do that in actual customer examples. And so, you know, I I interviewed a bunch of customers here and the ones that have bought into XDR and xor and even are looking at their sim have told me that the, the, so think of soc operations, the old way heavily manually oriented, right? You have multiple panes of glass and you know, and then you've got, so there's a lot of people work before you bring the tools in, right? If done correctly with AI and ml, the machines would do all the heavy lifting and then you'd bring people in at the end to clean up the little bits that were missed, right? >>And so you, you moved to, from something that was very people heavy to something that's machine heavy and machines can work a lot faster than people. And the, and so the ones that I've talked that have, that have done that have said, look, our engineers have moved on to a lot different things. They're doing penetration testing, they're, you know, helping us with, with strategy and they're not fighting that, that daily fight of looking through log files. And the only proof point you need, Dave, is look at every big breach that we've had over the last five years. There's some SIM vendor up there that says, we caught it. Yeah. >>Yeah. We we had the data. >>Yeah. But, but, but the security team missed it. Well they missed it because you're, nobody can look at that much data manually. And so the, I I think their approach of relying heavily on machines to fight the fight is actually the right way. >>Is that a differentiator for them versus, we were talking before we went live that you and I first hit our very first segment back in 2017 at Fort Net. Is that, where do the two stand in your >>Yeah, it's funny cuz if you talk to the two vendors, they don't really see each other in a lot of accounts because Fort Net's more small market mid-market. It's the same strategy to some degree where Fort Net relies heavily on in-house development and Palo Alto relies heavily on acquisition. Yeah. And so I think from a consistently feature set, you know, Fort Net has an advantage there because it, it's all run off their, their their silicon. Where, where Palo's able to innovate very quickly. The, it it requires a lot of work right? To, to bring the front end and back ends together. But they're serving different markets. So >>Do you see that as a differentiator? The integration strategy that Palo Alto has as a differentiator? We talk to so many companies who have an a strong m and a strategy and, and execution arm. But the challenge is always integrating the technology so that the customer to, you know, ultimately it's the customer. >>I actually think they're, they're underrated as a, an acquirer. In fact, Dave wrote a post to a prior on Silicon Angle prior to Accelerate and he, he on, you put it on Twitter and you asked people to rank 'em as an acquirer and they were in the middle of the pack, >>Right? It was, it was. So it was Oracle, VMware, emc, ibm, Cisco, ServiceNow, and Palo Alto. Yeah. Or Oracle got very high marks. It was like 8.5 out of, you know, 10. Yeah. VMware I think was 6.5. Nice. Era was high emc, big range. IBM five to seven. Cisco was three to eight. Yeah. Yeah, right. ServiceNow was a seven. And then, yeah, Palo Alto was like a five. And I, which I think it was unfair. >>Well, and I think it depends on how you look at it. And I, so I think a lot of the acquisitions Palo Altos made, they've done a good job of integrating their backend data and they've almost ignored the front end. And so when you buy some of the products, it's a little clunky today. You know, if you work with Prisma Cloud, it could be a little bit cleaner. And even with, you know, the SD wan that took 'em a long time to bring CloudGenix in and stuff. But I think the approach is right. I don't, I don't necessarily believe you should integrate the front end until you've integrated the back end. >>That's >>The hard part, right? Because UL ultimately what you're gonna get, you're gonna get two panes of glass and one pane of glass and it might look pretty all mush together, but ultimately you're not solving the bigger problem, right. Of, of being able to create that big data like the, the fight security. And so I think, you know, the approach they've taken is the right one. I think from a user standpoint, maybe it doesn't show up as neatly because you don't see the frontend integration, but the way they're doing it is the right way to do it. And I'm glad they're doing it that way versus caving to the pressures of what, you know, the industry might want >>Showed up in the performance of the company. I mean, this company was basically gonna double revenues to 7 billion from 2020 to >>2023. Three. Think about that at that, that >>Make a, that's unbelievable, right? I mean, and then and they wanna double again. Yeah. You know, so, well >>What did, what did Nikesh was quoted as saying they wanna be the first cyber company that's a hundred billion dollars. He didn't give a timeline market cap. >>Right. >>Market cap, right. Do what I wanna get both of your opinions on what you saw and heard and felt this week. What do you think the likelihood is? And and do you have any projections on how, you know, how many years it's gonna take for them to get there? >>Well, >>Well I think so if they're gonna get that big, right? And, and we were talking about this pre-show, any company that's becoming a big company does it through ecosystem >>Bingo. >>Right? And that when you look around the show floor, it's not that impressive. And if that, if there's an area they need to focus on, it's building that ecosystem. And it's not with other security vendors, it's with application vendors and it's with the cloud companies and stuff. And they've got some relationships there, but they need to do more. I actually challenge 'em on that. One of the analyst sessions. They said, look, we've got 800 cortex partners. Well where are they? Right? Why isn't there a cortex stand here with a bunch of the small companies here? So I do think that that is an area they need to focus on. If they are gonna get to that, that market caps number, they will do so do so through ecosystem. Because every company that's achieved that has done it through ecosystem. >>A hundred percent agree. And you know, if you look at CrowdStrike's ecosystem, it's pretty similar. Yeah. You know, it doesn't really, you know, make much, much, not much different from this, but I went back and just looked at some, you know, peak valuations during the pandemic and shortly thereafter CrowdStrike was 70 billion. You know, that's what their roughly their peak Palo Alto was 56, fortune was 59 for the actually diverged. Right. And now Palo Alto has taken the, the top mantle, you know, today it's market cap's 52. So it's held 93% of its peak value. Everybody else is tanking. Even Okta was 45 billion. It's been crushed as you well know. But, so Palo Alto wasn't always, you know, the number one in terms of market cap. But I guess my point is, look, if CrowdStrike could got to 70 billion during Yeah. During the frenzy, I think it's gonna take, to answer your question, I think it's gonna be five years. Okay. Before they get back there. I think this market's gonna be tough for a while from a valuation standpoint. I think generally tech is gonna kind of go up and down and sideways for a good year and a half, maybe even two years could be even longer. And then I think there's gonna be some next wave of productivity innovation that that hits. And then you're gonna, you're almost always gonna exceed the previous highs. It's gonna take a while. Yeah, >>Yeah, yeah. But I think their ability to disrupt the SIM market actually is something I, I believe they're gonna do. I've been calling for the death of the sim for a long time and I know some people at Palo Alto are very cautious about saying that cuz the Splunks and the, you know, they're, they're their partners. But I, I think the, you know, it's what I said before, the, the tools are catching them, but they're, it's not in a way that's useful for the IT pro and, but I, I don't think the SIM vendors have that ecosystem of insight across network cloud endpoint. Right. Which is what you need in order to make a sim useful. >>CISO at an ETR roundtable said, if, if it weren't for my regulators, I would chuck my sim. >>Yes. >>But that's the only reason that, that this person was keeping it. So, >>Yeah. And I think the, the fact that most of those companies have moved to a perpetual MO or a a recurring revenue model actually helps unseat them. Typically when you pour a bunch of money into something, you remember the old computer associate days, nobody ever took it out cuz the sunk dollars you spent to do it. But now that you're paying an annual recurring fee, it's actually makes it easier to take out. So >>Yeah, it's it's an ebb and flow, right? Yeah. Because the maintenance costs were, you know, relatively low. Maybe it was 20% of the total. And then, you know, once every five years you had to do a refresh and you were still locked into the sort of maintenance and, and so yeah, I think you're right. The switching costs with sas, you know, in theory anyway, should be less >>Yeah. As long as you can migrate the data over. And I think they've got a pretty good handle on that. So, >>Yeah. So guys, I wanna get your perspective as a whole bunch of announcements here. We've only been here for a couple days, not a big conference as, as you can see from behind us. What Zs in your opinion was Palo Alto's main message and and what do you think about it main message at this event? And then same question for you. >>Yeah, I, I think their message largely wrapped around disruption, right? And, and they, in The's keynote already talked about that, right? And where they disrupted the firewall market by creating a NextGen firewall. In fact, if you look at all the new services they added to their firewall, you, you could almost say it's a NextGen NextGen firewall. But, but I do think the, the work they've done in the area of cloud and cortex actually I think is, is pretty impressive. And I think that's the, the SOC is ripe for disruption because it's for, for the most part, most socks still, you know, run off legacy playbooks. They run off legacy, you know, forensic models and things and they don't work. It's why we have so many breaches today. The, the dirty little secret that nobody ever wants to talk about is the bad guys are using machine learning, right? And so if you're using a signature based model, all they're do is tweak their model a little bit and it becomes, it bypasses them. So I, I think the only way to fight the the bad guys today is with you gotta fight fire with fire. And I think that's, that's the path they've, they've headed >>Down and the bad guys are hiding in plain sight, you know? >>Yeah, yeah. Well it's, it's not hard to do now with a lot of those legacy tools. So >>I think, I think for me, you know, the stat that we threw out earlier, I think yesterday at our keynote analysis was, you know, the ETR data shows that are, that are that last survey around 35% of the respondents said we are actively consolidating, sorry, 44%, sorry, 35 says we're actively consolidating vendors, redundant vendors today. That number's up to 44%. Yeah. It's by far the number one cost optimization technique. That's what these guys are pitching. And I think it's gonna resonate with people and, and I think to your point, they're integrating at the backend, their beeps are technical, right? I mean, they can deal with that complexity. Yeah. And so they don't need eye candy. Eventually they, they, they want to have that cuz it'll allow 'em to have deeper market penetration and make people more productive. But you know, that consolidation message came through loud and clear. >>Yeah. The big change in this industry too is all the new startups are all cloud native, right? They're all built on Amazon or Google or whatever. Yeah. And when your cloud native and you buy a cloud native integration is fast. It's not like having to integrate this big monolithic software stack anymore. Right. So I I think their pace of integration will only accelerate from here because everything's now cloud native. >>If a customer comes to you or when a customer comes to you and says, Zs help us with this cyber transformation we have, our board isn't necessarily with our executives in terms of execution of a security strategy. How do you advise them where Palo Alto is concerned? >>Yeah. You know, a lot, a lot of this is just fighting legacy mindset. And I've, I was talking with some CISOs here from state and local governments and things and they're, you know, they can't get more budget. They're fighting the tide. But what they did find is through the use of automation technology, they're able to bring their people costs way down. Right. And then be able to use that budget to invest in a lot of new projects. And so with that, you, you have to start with your biggest pain points, apply automation where you can, and then be able to use that budget to reinvest back in your security strategy. And it's good for the IT pros too, the security pros, my advice to, to it pros is if you're doing things today that aren't resume building, stop doing them. Right? Find a way to automate the money your job. And so if you're patching systems and you're looking through log files, there's no reason machines can't do that. And you go do something a lot more interesting. >>So true. It's like storage guys 10 years ago, provisioning loans. Yes. It's like, stop doing that. Yeah. You're gonna be outta a job. And so who, last question I have is, is who do you see as the big competitors, the horses on the track question, right? So obviously Cisco kind of service has led for a while and you know, big portfolio company, CrowdStrike coming at it from end point. You know who, who, who do you see as the real players going for that? You know, right now the market's three to 4%. The leader has three, three 4% of the market. You know who they're all going for? 10, 15, maybe 20% of the market. Who, who are the likely candidates? Yeah, >>I don't know if CrowdStrike really has the breadth of portfolio to compete long term though. I I think they've had a nice run, but I, we might start to see the follow 'em. I think Microsoft is gonna be for middle. They've laid down the gauntlet, right? They are a security vendor, right? We, we were at Reinvent and a AWS is the platform for security vendors. Yes. Middle, somewhere in the middle. But Microsoft make no mistake, they're in security. They've got some good products. I think a lot of 'em are kind of good enough and they, they tie it to the licensing and I'm not sure that works in security, but they've certainly got the ear of a lot of it pros. >>It might work in smb. >>Yeah. Yeah. It, it might. And, and I do like Zscaler. I, I know these guys poo poo the proxy model, but they've, they've done about as much with proxies as you can. And I, I think it's, it's a battle of, I love the, the, the near, you know, proxies are dead and Jay's model, you know, Jay over at c skater throw 'em back at 'em. So I, it's good to see that kind of fight going on between the two. >>Oh, it's great. Well, and, and again, ZScaler's coming at it from their cloud security angle. CrowdStrike's coming at it from endpoint. I, I do think CrowdStrike has an opportunity to build out the portfolio through m and a and maybe ecosystem. And then obviously, you know, Palo Alto's getting it done. How about Cisco? >>Yeah. Cisco's interesting. And I, I think if Cisco can make the network matter in security and it should, right? We're talking about how a lot of you need a lot of forensics to fight security today. Well, they're gonna see things long before anybody else because they have all that network data. If they can tie network security, I, I mean they could really have that business take off. But we've been saying that about Cisco for 20 years. >>But big install based though. Yeah. It's hard for a company, any company to just say, okay, hey Cisco customer sweep the floor and come with us. That's, that's >>A tough thing. They have a lot of good peace parts, right? And like duo's a good product and umbrella's a good product. They've, they've not done a good job. >>They're the opposite of these guys. >>They've not done a good job of the backend integration that, that's where Cisco needs to, to focus. And I do think g G two Patel there fixed the WebEx group and I think he's now, in fact when you talk to him, he's doing very little on WebEx that that group's running itself and he's more focused in security. So I, I think we could see a resurgence there. But you know, they have a, from a revenue perspective, it's a little misleading cuz they have this big legacy base that's in decline while they're moving to cloud and stuff. So, but they, but they, there's a lot of work there're trying to, to tie to network. >>Right. Lots of fuel for conversation. We're gonna have to carry this on, on Silicon angle.com guys. Yes. And Wikibon, lets do see us. Thank you so much for joining Dave and me giving us your insights as to this event. Where are you gonna be next? Are you gonna be on vacation? >>There's nothing more fun than mean on the cube, so, right. What's outside of that though? Yeah, you know, Christmas coming up, I gotta go see family and do the obligatory, although for me that's a lot of travel, so I guess >>More planes. Yeah. >>Hopefully not in Vegas. >>Not in Vegas. >>Awesome. Nothing against Vegas. Yeah, no, >>We love it. We >>Love it. Although I will say my year started off with ces. Yeah. And it's finishing up with Palo Alto here. The bookends. Yeah, exactly. In Vegas bookends. >>Well thanks so much for joining us. Thank you Dave. Always a pleasure to host a show with you and hear your insights. Reading your breaking analysis always kicks off my prep for show and it's always great to see, but predictions come true. So thank you for being my co-host bet. All right. For Dave Valante Enz as Carla, I'm Lisa Martin. You've been watching The Cube, the leader in live, emerging and enterprise tech coverage. Thanks for watching.

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back everyone. We're so glad that you're still with us. It's the Cube Live at the MGM Grand. This is our second day of coverage of Palo Alto Networks Ignite. This is takeaways from Ignite 22. Lisa Martin here with two really smart guys, Dave Valante. Dave, we're joined by one of our cube alumni, a friend, a friend of the, we say friend of the Cube. >>Yeah, F otc. A friend of the Cube >>Karala joins us. Guys, it's great to have you here. It's been an exciting show. A lot of cybersecurity is one of my favorite topics to talk about. But I'd love to get some of the big takeaways from both of you. Dave, we'll start with >>You. A breathing room from two weeks ago. Yeah, that was, that was really pleasant. You know, I mean, I know was, yes, you sat in the analyst program, interested in what your takeaways were from there. But, you know, coming into this, we wrote a piece, Palo Alto's Gold Standard, what they need to do to, to keep that, that status. And we hear it a lot about consolidation. That's their big theme now, which is timely, right? Cause people wanna save money, they wanna do more with less. But I'm really interested in hearing zeus's thoughts on how that's playing in the market. How customers, how easy is it to just say, oh, hey, I'm gonna consolidate. I wanna get into that a little bit with you, how well the strategy's working. We're gonna get into some of the m and a activity and really bring your perspectives to the table. Well, >>It's, it's not easy. I mean, people have been calling for the consolidation of security for decades, and it's, it's, they're the first company that's actually made it happen. Right? And, and I think this is what we're seeing here is the culmination of this long-term strategy, this company trying to build more of a platform. And they, you know, they, they came out as a firewall vendor. And I think it's safe to say they're more than firewall today. That's only about two thirds of their revenue now. So down from 80% a few years ago. And when I think of what Palo Alto has become, they're really a data company. Now, if you look at, you know, unit 42 in Cortex, the, the, the Cortex Data Lake, they've done an excellent job of taking telemetry from their products and from the acquisitions they have, right? And bringing that together into one big data lake. >>And then they're able to use that to, to do faster threat notification, forensics, things like that. And so I think the old model of security of create signatures for known threats, it's safe to say it never really worked and it wasn't ever gonna work. You had too many days, zero exploits and things. The only way to fight security today is with a AI and ML based analytics. And they have, they're the gold standard. I think the one thing about your post that I would add, they're the gold standard from a data standpoint. And that's given them this competitive advantage to go out and become a platform for security. Which, like I said, the people have tried to do that for years. And the first one that's actually done it, well, >>We've heard this from some of the startups, like Lacework will say, oh, we treat security as a data problem. Of course there's a startup, Palo Alto's got, you know, whatever, 10, 15 years of, of, of history. But one of the things I wanted to explore with you coming into this was the notion of can you be best of breed and develop a suite? And we, we've been hearing a consistent answer to that question, which is, and, and do you need to, and the answer is, well, best of breed in security requires that full spectrum, that full view. So here's my question to you. So, okay, let's take Estee win relatively new for these guys, right? Yeah. Okay. And >>And one of the few products are not top two, top three in, right? >>Exactly. Yeah. So that's why I want to take that. Yeah. Because in bakeoffs, they're gonna lose on a head-to-head best of breed. And so the customer's gonna say, Hey, you know, I love your, your consolidation play, your esty win's. Just, okay, how about a little discount on that? And you know, these guys are premium priced. Yes. So, you know, are they in essentially through their pricing strategies, sort of creating that stuff, fighting that, is that friction for them where they've got, you know, the customer says, all right, well forget it, we're gonna go stove pipe with the SD WAN will consolidate some of the stuff. Are you seeing that? >>Yeah, I, I, I still think the sales model is that way. And I think that's something they need to work on changing. If they get into a situation where they have to get down into a feature battle of my SD WAN versus your SD wan, my firewall versus your firewall, frankly they've already lost, you know, because their value prop is the suite and, and is the platform. And I was talking with the CISO here that told me, he realizes now that you don't need best of breed everywhere to have best in class threat protection. In fact, best of breed everywhere leads to suboptimal threat protection. Cuz you have all these data data sets that are in silos, right? And so from a data scientist standpoint, right, there's the good data leads to good insights. Well, partial data leads to fragmented insights and that's, that's what the best, best of breed approach gives you. And so I was talking with Palo about this, can they have this vision of being best of breed and platform? I don't really think you can maintain best of breed everywhere across this portfolio this big, but you don't need to. >>That was my second point of my question. That's the point I'm saying. Yeah. And so, cuz cuz because you know, we've talked about this, that that sweets always win in the long run, >>Sweets win. >>Yeah. But here's the thing, I, I wonder to your your point about, you know, the customer, you know, understanding that that that, that this resonates with them. I, my guess is a lot of customers, you know, at that mid-level and the fat middle are like still sort of wed, you know, hugging that, that tool. So there's, there's work to be done here, but I think they, they, they got it right Because if they devolve, to your point, if they devolve down to that speeds and feeds, eh, what's the point of that? Where's their >>Valuable? You do not wanna get into a knife fight. And I, and I, and I think for them the, a big challenge now is convincing customers that the suite, the suite approach does work. And they have to be able to do that in actual customer examples. And so, you know, I I interviewed a bunch of customers here and the ones that have bought into XDR and xor and even are looking at their sim have told me that the, the, so think of soc operations, the old way heavily manually oriented, right? You have multiple panes of glass and you know, and then you've got, so there's a lot of people work before you bring the tools in, right? If done correctly with AI and ml, the machines would do all the heavy lifting and then you'd bring people in at the end to clean up the little bits that were missed, right? >>And so you, you moved to, from something that was very people heavy to something that's machine heavy and machines can work a lot faster than people. And the, and so the ones that I've talked that have, that have done that have said, look, our engineers have moved on to a lot different things. They're doing penetration testing, they're, you know, helping us with, with strategy and they're not fighting that, that daily fight of looking through log files. And the only proof point you need, Dave, is look at every big breach that we've had over the last five years. There's some SIM vendor up there that says, we caught it. Yeah. >>Yeah. We we had the data. >>Yeah. But, but, but the security team missed it. Well they missed it because you're, nobody can look at that much data manually. And so the, I I think their approach of relying heavily on machines to fight the fight is actually the right way. >>Is that a differentiator for them versus, we were talking before we went live that you and I first hit our very first segment back in 2017 at Fort Net. Is that, where do the two stand in your >>Yeah, it's funny cuz if you talk to the two vendors, they don't really see each other in a lot of accounts because Fort Net's more small market mid-market. It's the same strategy to some degree where Fort Net relies heavily on in-house development in Palo Alto relies heavily on acquisition. Yeah. And so I think from a consistently feature set, you know, Fort Net has an advantage there because it, it's all run off their, their their silicon. Where, where Palo's able to innovate very quickly. The, it it requires a lot of work right? To, to bring the front end and back ends together. But they're serving different markets. So >>Do you see that as a differentiator? The integration strategy that Palo Alto has as a differentiator? We talk to so many companies who have an a strong m and a strategy and, and execution arm. But the challenge is always integrating the technology so that the customer to, you know, ultimately it's the customer. >>I actually think they're, they're underrated as a, an acquirer. In fact, Dave wrote a post to a prior on Silicon Angle prior to Accelerate and he, he on, you put it on Twitter and you asked people to rank 'em as an acquirer and they were in the middle of the pack, >>Right? It was, it was. So it was Oracle, VMware, emc, ibm, Cisco, ServiceNow, and Palo Alto. Yeah. Or Oracle got very high marks. It was like 8.5 out of, you know, 10. Yeah. VMware I think was 6.5. Naira was high emc, big range. IBM five to seven. Cisco was three to eight. Yeah. Yeah, right. ServiceNow was a seven. And then, yeah, Palo Alto was like a five. And I, which I think it was unfair. Well, >>And I think it depends on how you look at it. And I, so I think a lot of the acquisitions Palo Alto's made, they've done a good job of integrating the backend data and they've almost ignored the front end. And so when you buy some of the products, it's a little clunky today. You know, if you work with Prisma Cloud, it could be a little bit cleaner. And even with, you know, the SD wan that took 'em a long time to bring CloudGenix in and stuff. But I think the approach is right. I don't, I don't necessarily believe you should integrate the front end until you've integrated the back end. >>That's >>The hard part, right? Because UL ultimately what you're gonna get, you're gonna get two panes of glass and one pane of glass and it might look pretty and all mush together, but ultimately you're not solving the bigger problem, right. Of, of being able to create that big data lake to, to fight security. And so I think, you know, the approach they've taken is the right one. I think from a user standpoint, maybe it doesn't show up as neatly because you don't see the frontend integration, but the way they're doing it is the right way to do it. And I'm glad they're doing it that way versus caving to the pressures of what, you know, the industry might want or >>Showed up in the performance of the company. I mean, this company was basically gonna double revenues to 7 billion from 2020 to >>2023. Think about that at that. That makes, >>I mean that's unbelievable, right? I mean, and then and they wanna double again. Yeah. You know, so, well >>What did, what did Nikesh was quoted as saying they wanna be the first cyber company that's a hundred billion dollars. He didn't give a timeline market >>Cap. Right. >>Market cap, right. Do what I wanna get both of your opinions on what you saw and heard and felt this week. What do you think the likelihood is? And and do you have any projections on how, you know, how many years it's gonna take for them to get there? >>Well, >>Well I think so if they're gonna get that big, right? And, and we were talking about this pre-show, any company that's becoming a big company does it through ecosystem >>Bingo >>Go, right? And that when you look around the show floor, it's not that impressive. No. And if that, if there's an area they need to focus on, it's building that ecosystem. And it's not with other security vendors, it's with application vendors and it's with the cloud companies and stuff. And they've got some relationships there, but they need to do more. I actually challenge 'em on that. One of the analyst sessions. They said, look, we've got 800 cortex partners. Well where are they? Right? Why isn't there a cortex stand here with a bunch of the small companies here? So I do think that that is an area they need to focus on. If they are gonna get to that, that market caps number, they will do so do so through ecosystem. Because every company that's achieved that has done it through ecosystem. >>A hundred percent agree. And you know, if you look at CrowdStrike's ecosystem, it's, I mean, pretty similar. Yeah. You know, it doesn't really, you know, make much, much, not much different from this, but I went back and just looked at some, you know, peak valuations during the pandemic and shortly thereafter CrowdStrike was 70 billion. You know, that's what their roughly their peak Palo Alto was 56, fortune was 59 for the actually diverged. Right. And now Palo Alto has taken the, the top mantle, you know, today it's market cap's 52. So it's held 93% of its peak value. Everybody else is tanking. Even Okta was 45 billion. It's been crushed as you well know. But, so Palo Alto wasn't always, you know, the number one in terms of market cap. But I guess my point is, look, if CrowdStrike could got to 70 billion during Yeah. During the frenzy, I think it's gonna take, to answer your question, I think it's gonna be five years. Okay. Before they get back there. I think this market's gonna be tough for a while from a valuation standpoint. I think generally tech is gonna kind of go up and down and sideways for a good year and a half, maybe even two years could be even longer. And then I think there's gonna be some next wave of productivity innovation that that hits. And then you're gonna, you're almost always gonna exceed the previous highs. It's gonna take a while. Yeah. >>Yeah, yeah. But I think their ability to disrupt the SIM market actually is something that I, I believe they're gonna do. I've been calling for the death of the sim for a long time and I know some people of Palo Alto are very cautious about saying that cuz the Splunks and the, you know, they're, they're their partners. But I, I think the, you know, it's what I said before, the, the tools are catching them, but they're, it's not in a way that's useful for the IT pro and, but I, I don't think the SIM vendors have that ecosystem of insight across network cloud endpoint. Right. Which is what you need in order to make a sim useful. >>CISO at an ETR round table said, if, if it weren't for my regulators, I would chuck my sim. >>Yes. >>But that's the only reason that, that this person was keeping it. No. >>Yeah. And I think the, the fact that most of those companies have moved to a perpetual MO or a a recurring revenue model actually helps unseat them. Typically when you pour a bunch of money into something, you remember the old computer associate says nobody ever took it out cuz the sunk dollars you spent to do it. But now that you're paying an annual recurring fee, it's actually makes it easier to take out. So >>Yeah, it's just an ebb and flow, right? Yeah. Because the maintenance costs were, you know, relatively low. Maybe it was 20% of the total. And then, you know, once every five years you had to do a refresh and you were still locked into the sort of maintenance and, and so yeah, I think you're right. The switching costs with sas, you know, in theory anyway, should be less >>Yeah. As long as you can migrate the data over. And I think they've got a pretty good handle on that. So, >>Yeah. So guys, I wanna get your perspective as a whole bunch of announcements here. We've only been here for a couple days, not a big conference as, as you can see from behind us. What Zs in your opinion was Palo Alto's main message and and what do you think about it main message at this event? And then same question for you. >>Yeah, I, I think their message largely wrapped around disruption, right? And, and they, and The's keynote already talked about that, right? And where they disrupted the firewall market by creating a NextGen firewall. In fact, if you look at all the new services they added to their firewall, you, you could almost say it's a NextGen NextGen firewall. But, but I do think the, the work they've done in the area of cloud and cortex actually I think is, is pretty impressive. And I think that's the, the SOC is ripe for disruption because it's for, for the most part, most socks still, you know, run off legacy playbooks. They run off legacy, you know, forensic models and things and they don't work. It's why we have so many breaches today. The, the dirty little secret that nobody ever wants to talk about is the bad guys are using machine learning, right? And so if you're using a signature based model, all they gotta do is tweak their model a little bit and it becomes, it bypasses them. So I, I think the only way to fight the the bad guys today is with you're gonna fight fire with fire. And I think that's, that's the path they've, they've headed >>Down. Yeah. The bad guys are hiding in plain sight, you know? Yeah, >>Yeah. Well it's, it's not hard to do now with a lot of those legacy tools. So >>I think, I think for me, you know, the stat that we threw out earlier, I think yesterday at our keynote analysis was, you know, the ETR data shows that are, that are that last survey around 35% of the respondents said we are actively consolidating, sorry, 44%, sorry, 35 says who are actively consolidating vendors, redundant vendors today that number's up to 44%. Yeah. It's by far the number one cost optimization technique. That's what these guys are pitching. And I think it's gonna resonate with people and, and I think to your point, they're integrating at the backend, their beeps are technical, right? I mean, they can deal with that complexity. Yeah. And so they don't need eye candy. Eventually they, they, they want to have that cuz it'll allow 'em to have deeper market penetration and make people more productive. But you know, that consolidation message came through loud and clear. >>Yeah. The big change in this industry too is all the new startups are all cloud native, right? They're all built on Amazon or Google or whatever. Yeah. And when your cloud native and you buy a cloud native integration is fast. It's not like having to integrate this big monolithic software stack anymore. Right. So I, I think their pace of integration will only accelerate from here because everything's now cloud native. >>If a customer comes to you or when a customer comes to you and says, Zs help us with this cyber transformation we have, our board isn't necessarily aligned with our executives in terms of execution of a security strategy. How do you advise them where Palo Alto is concerned? >>Yeah. You know, a lot, a lot of this is just fighting legacy mindset. And I've, I was talking with some CISOs here from state and local governments and things and they're, you know, they can't get more budget. They're fighting the tide. But what they did find is through the use of automation technology, they're able to bring their people costs way down. Right. And then be able to use that budget to invest in a lot of new projects. And so with that, you, you have to start with your biggest pain points, apply automation where you can, and then be able to use that budget to reinvest back in your security strategy. And it's good for the IT pros too, the security pros, my advice to the IT pros is, is if you're doing things today that aren't resume building, stop doing them. Right. Find a way to automate the money your job. And so if you're patching systems and you're looking through log files, there's no reason machines can't do that. And you go do something a lot more interesting. >>So true. It's like storage guys 10 years ago, provisioning loans. Yes. It's like, stop doing that. Yeah. You're gonna be outta a job. So who, last question I have is, is who do you see as the big competitors, the horses on the track question, right? So obviously Cisco kind of service has led for a while and you know, big portfolio company, CrowdStrike coming at it from end point. You know who, who, who do you see as the real players going for that? You know, right now the market's three to 4%. The leader has three, three 4% of the market. You know who they're all going for? 10, 15, maybe 20% of the market. Who, who are the likely candidates? Yeah, >>I don't know if CrowdStrike really has the breadth of portfolio to compete long term though. I I think they've had a nice run, but I, we might start to see the follow 'em. I think Microsoft is gonna be for middle. They've laid down the gauntlet, right? They are a security vendor, right? We, we were at Reinvent and a AWS is the platform for security vendors. Yes. Middle, somewhere in the middle. But Microsoft make no mistake, they're in security. They've got some good products. I think a lot of 'em are kind of good enough and they, they tie it to the licensing and I'm not sure that works in security, but they've certainly got the ear of a lot of it pros. >>It might work in smb. >>Yeah, yeah. It, it might. And, and I do like Zscaler. I, I know these guys poo poo the proxy model, but they've, they've done about as much with prox as you can. And I, I think it's, it's a battle of, I love the, the, the near, you know, proxies are dead and Jay's model, you know, Jay over at csca, throw 'em back at 'em. So I, it's good to see that kind of fight going on between the >>Two. Oh, it's great. Well, and, and again, ZScaler's coming at it from their cloud security angle. CrowdStrike's coming at it from endpoint. I, I do think CrowdStrike has an opportunity to build out the portfolio through m and a and maybe ecosystem. And then obviously, you know, Palo Alto's getting it done. How about Cisco? >>Yeah, Cisco's interesting. And I I think if Cisco can make the network matter in security and it should, right? We're talking about how a lot of you need a lot of forensics to fight security today. Well, they're gonna see things long before anybody else because they have all that network data. If they can tie network security, I, I mean they could really have that business take off. But we've been saying that about Cisco for 20 years. >>But big install based though. Yeah. It's hard for a company, any company to say, okay, hey Cisco customer sweep the floor and come with us. That's, that's >>A tough thing. They have a lot of good peace parts, right? And like duo's a good product and umbrella's a good product. They've, they've not done a good job. >>They're the opposite of these guys. >>They've not done a good job of the backend integration and that, that's where Cisco needs to, to focus. And I do think g G two Patel there fixed the WebEx group and I think he's now, in fact when you talk to him, he's doing very little on WebEx that that group's running itself and he's more focused in security. So I, I think we could see a resurgence there. But you know, they have a, from a revenue perspective, it's a little misleading cuz they have this big legacy base that's in decline while they're moving to cloud and stuff. So, but they, but they, there's a lot of Rick there trying to, to tie to network. >>Lots of fuel for conversation. We're gonna have to carry this on, on Silicon angle.com guys. Yes. And Wi KeePon. Lets do see us. Thank you so much for joining Dave and me giving us your insights as to this event. Where are gonna be next? Are you gonna be on >>Vacation? There's nothing more fun than mean on the cube. So what's outside of that though? Yeah, you know, Christmas coming up, I gotta go see family and be the obligatory, although for me that's a lot of travel, so I guess >>More planes. Yeah. >>Hopefully not in Vegas. >>Not in Vegas. >>Awesome. Nothing against Vegas. Yeah, no, >>We love it. We love >>It. Although I will say my year started off with ces. Yeah. And it's finishing up with Palo Alto here. The bookends. Yeah, exactly. In Vegas bookends. >>Well thanks so much for joining us. Thank you Dave. Always a pleasure to host a show with you and hear your insights. Reading your breaking analysis always kicks off my prep for show. And it, it's always great to see, but predictions come true. So thank you for being my co-host bet. All right. For Dave Valante Enz as Carla, I'm Lisa Martin. You've been watching The Cube, the leader in live, emerging and enterprise tech coverage. Thanks for watching.

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back to Vegas. Guys. We're happy that you're here. Lisa Martin here covering with Dave Valante, Palo Alto Networks Ignite 22. We're at MGM Grand. This is our first day, Dave of two days of cube coverage. We've been having great conversations with the ecosystem with Palo Alto executives, with partners. One of the things that they have is unit 42. We're gonna be talking with them next about cyber intelligence. And the threat data that they get is >>Incredible. Yeah. They have all the data, they know what's going on, and of course things are changing. The state of play changes. Hold on a second. I got a text here. Oh, my Netflix account was frozen. Should I click on this link? Yeah. What do you think? Have you had a, it's, have you had a little bit more of that this holiday season? Yeah, definitely. >>Unbelievable, right? A lot of smishing going on. >>Yeah, they're very clever. >>Yeah, we're very pleased to welcome back one of our alumni to the queue. Wendy Whitmore is here, the SVP of Unit 42. Welcome back, Wendy. Great to have >>You. Thanks Lisa. So >>Unit 42 created back in 2014. One of the things that I saw that you said in your keynote this morning or today was everything old is still around and it's co, it's way more prolific than ever. What are some of the things that Unit 42 is seeing these days with, with respect to cyber threats as the landscape has changed so much the last two years alone? >>You know, it, it has. So it's really interesting. I've been responding to these breaches for over two decades now, and I can tell you that there are a lot of new and novel techniques. I love that you already highlighted Smishing, right? In the opening gate. Right. Because that is something that a year ago, no one knew what that word was. I mean, we, it's probably gonna be invented this year, right? But that said, so many of the tactics that we have previously seen, when it comes to just general espionage techniques, right? Data act filtration, intellectual property theft, those are going on now more than ever. And you're not hearing about them as much in the news because there are so many other things, right? We're under the landscape of a major war going on between Russia and Ukraine of ransomware attacks, you know, occurring on a weekly basis. And so we keep hearing about those, but ultimately these nations aid actors are using that top cover, if you will, as a great distraction. It's almost like a perfect storm for them to continue conducting so much cyber espionage work that like we may not be feeling that today, but years down the road, they're, the work that they're doing today is gonna have really significant impact. >>Ransomware has become a household word in the last couple of years. I think even my mom knows what it is, to some degree. Yeah. But the threat actors are far more sophisticated than they've ever written. They're very motivated. They're very well funded. I think I've read a stat recently in the last year that there's a ransomware attack once every 11 seconds. And of course we only hear about the big ones. But that is a concern that goes all the way up to the board. >>Yeah. You know, we have a stat in our ransomware threat report that talks about how often victims are posted on leak sites. And I think it's once every seven minutes at this point that a new victim is posted. Meaning a victim has had their data, a victim organization had their data stolen and posted on some leak site in the attempt to be extorted. So that has become so common. One of the shifts that we've seen this year in particular and in recent months, you know, a year ago when I was at Ignite, which was virtual, we talked about quadruple extortion, meaning four different ways that these ransomware actors would go out and try to make money from these attacks in what they're doing now is often going to just one, which is, I don't even wanna bother with encrypting your data now, because that means that in order to get paid, I probably have to decrypt it. Right? That's a lot of work. It's time consuming. It's kind of painstaking. And so what they've really looked to do now is do the extortion where they simply steal the data and then threaten to post it on these leak sites, you know, release it other parts of the web and, and go from there. And so that's really a blending of these techniques of traditional cyber espionage with intellectual property theft. Wow. >>How trustworthy are those guys in terms of, I mean, these are hackers, right? In terms of it's really the, the hacker honor system, isn't it? I mean, if you get compromised like that, you really beholden to criminals. And so, you >>Know, so that's one of the key reasons why having the threat intelligence is so important, right? Understanding which group that you're dealing with and what their likelihood of paying is, what's their modus operandi. It's become even more important now because these groups switch teams more frequently than NFL trades, you know, free agents during the regular season, right? Or players become free agents. And that's because their infrastructure. So the, you know, infrastructure, the servers, the systems that they're using to conduct these attacks from is actually largely being disrupted more from law enforcement, international intelligence agencies working together with public private partnerships. So what they're doing is saying, okay, great. All that infrastructure that I just had now is, is burned, right? It's no longer effective. So then they'll disband a team and then they'll recruit a new team and it's constant like mixing and matching in players. >>All that said, even though that's highly dynamic, one of the other areas that they pride themselves on is customer service. So, and I think it's interesting because, you know, when I said they're not wanting to like do all the decryption? Yeah. Cuz that's like painful techni technical slow work. But on the customer service side, they will create these customer service portals immediately stand one up, say, you know, hey it's, it's like an Amazon, you know, if you've ever had to return a package on Amazon for example, and you need to click through and like explain, you know, Hey, I didn't receive this package. A portal window pops up, you start talking to either a bot or a live agent on the backend. In this case they're hu what appeared to be very much humans who are explaining to you exactly what happened, what they're asking for, super pleasant, getting back within minutes of a response. And they know that in order for them to get paid, they need to have good customer service because otherwise they're not going to, you know, have a business. How, >>So what's the state of play look like from between nation states, criminals and how, how difficult or not so difficult is it for you to identify? Do you have clear signatures? My understanding in with Solar Winds it was a little harder, but maybe help us understand and help our audience understand what the state of play is right now. >>One of the interesting things that I think is occurring, and I highlighted this this morning, is this idea of convergence. And so I'll break it down for one example relates to the type of malware or tools that these attackers use. So traditionally, if we looked at a nation state actor like China or Russia, they were very, very specific and very strategic about the types of victims that they were going to go after when they had zero day. So, you know, new, new malware out there, new vulnerabilities that could be exploited only by them because the rest of the world didn't know about it. They might have one organization that they would target that at, at most, a handful and all very strategic for their objective. They wanted to keep that a secret as long as possible. Now what we're seeing actually is those same attackers going towards one, a much larger supply chain. >>So, so lorenzen is a great example of that. The Hafnia attacks towards Microsoft Exchange server last year. All great examples of that. But what they're also doing is instead of using zero days as much, or you know, because those are expensive to build, they take a lot of time, a lot of funding, a lot of patience and research. What they're doing is using commercially available tools. And so there's a tool that our team identified earlier this year called Brute Rael, C4 or BRC four for short. And that's a tool that we now know that nation state actors are using. But just two weeks ago we invested a ransomware attack where the ransomware actor was using that same piece of tooling. So to your point, yak can get difficult for defenders when you're looking through and saying, well wait, they're all using some of the same tools right now and some of the same approaches when it comes to nation states, that's great for them because they can blend into the noise and it makes it harder to identify as >>Quickly. And, and is that an example of living off the land or is that B BRC four sort of a homegrown hacker tool? Is it, is it a, is it a commercial >>Off the shelf? So it's a tool that was actually, so you can purchase it, I believe it's about 2,500 US dollars for a license. It was actually created by a former Red teamer from a couple well-known companies in the industry who then decided, well hey, I built this tool for work, I'm gonna sell this. Well great for Red teamers that are, you know, legitimately doing good work, but not great now because they're, they built a, a strong tool that has the ability to hide amongst a, a lot of protocols. It can actually hide within Slack and teams to where you can't even see the data is being exfiltrated. And so there's a lot of concern. And then now the reality that it gets into the wrong hands of nation state actors in ransomware actors, one of the really interesting things about that piece of malware is it has a setting where you can change wallpaper. And I don't know if you know offhand, you know what that means, but you know, if that comes to mind, what you would do with it. Well certainly a nation state actor is never gonna do something like that, right? But who likes to do that are ransomware actors who can go in and change the background wallpaper on a desktop that says you've been hacked by XYZ organization and let you know what's going on. So pretty interesting, obviously the developer doing some work there for different parts of the, you know, nefarious community. >>Tremendous amount of sophistication that's gone on the last couple of years alone. I was just reading that Unit 42 is now a founding member of the Cyber Threat Alliance includes now more than 35 organizations. So you guys are getting a very broad picture of today's threat landscape. How can customers actually achieve cyber resilience? Is it achievable and how do you help? >>So I, I think it is achievable. So let me kind of parse out the question, right. So the Cyber Threat Alliance, the J C D C, the Cyber Safety Review Board, which I'm a member of, right? I think one of the really cool things about Palo Alto Networks is just our partnerships. So those are just a handful. We've got partnerships with over 200 organizations. We work closely with the Ukrainian cert, for example, sharing information, incredible information about like what's going on in the war, sharing technical details. We do that with Interpol on a daily basis where, you know, we're sharing information. Just last week the Africa cyber surge operation was announced where millions of nodes were taken down that were part of these larger, you know, system of C2 channels that attackers are using to conduct exploits and attacks throughout the world. So super exciting in that regard and it's something that we're really passionate about at Palo Alto Networks in terms of resilience, a few things, you know, one is visibility, so really having a, an understanding of in a real, as much of real time as possible, right? What's happening. And then it goes into how you, how can we decrease operational impact. So that's everything from network segmentation to wanna add the terms and phrases I like to use a lot is the win is really increasing the time it takes for the attackers to get their work done and decreasing the amount of time it takes for the defenders to get their work done, right? >>Yeah. I I call it increasing the denominator, right? And the ROI equation benefit over or value, right? Equals equals or benefit equals value over cost if you can increase the cost to go go elsewhere, right? Absolutely. And that's the, that's the game. Yeah. You mentioned Ukraine before, what have we learned from Ukraine? I, I remember I was talking to Robert Gates years ago, 2016 I think, and I was asking him, yeah, but don't we have the best cyber technology? Can't we attack? He said, we got the most to lose too. Yeah. And so what have we learned from, from Ukraine? >>Well, I, I think that's part of the key point there, right? Is you know, a great offense essentially can also be for us, you know, deterrent. So in that aspect we have as an, as a company and or excuse me, as a country, as a company as well, but then as partners throughout all parts of the world have really focused on increasing the intelligence sharing and specifically, you know, I mentioned Ukrainian cert. There are so many different agencies and other sorts throughout the world that are doing everything they can to share information to help protect human life there. And so what we've really been concerned with, with is, you know, what cyber warfare elements are going to be used there, not only how does that impact Ukraine, but how does it potentially spread out to other parts of the world critical infrastructure. So you've seen that, you know, I mentioned CS rrb, but cisa, right? >>CISA has done a tremendous job of continuously getting out information and doing everything they can to make sure that we are collaborating at a commercial level. You know, we are sharing information and intelligence more than ever before. So partners like Mania and CrowdStrike, our Intel teams are working together on a daily basis to make sure that we're able to protect not only our clients, but certainly if we've got any information relevant that we can share that as well. And I think if there's any silver lining to an otherwise very awful situation, I think the fact that is has accelerated intelligence sharing is really positive. >>I was gonna ask you about this cause I think, you know, 10 or so years ago, there was a lot of talk about that, but the industry, you know, kind of kept things to themselves, you know, a a actually tried to monetize some of that private data. So that's changing is what I'm hearing from you >>More so than ever more, you know, I've, I mentioned I've been in the field for 20 years. You know, it, it's tough when you have a commercial business that relies on, you know, information to, in order to pay people's salaries, right? I think that has changed quite a lot. We see the benefit of just that continuous sharing. There are, you know, so many more walls broken down between these commercial competitors, but also the work on the public private partnership side has really increased some of those relationships. Made it easier. And you know, I have to give a whole lot of credit and mention sisa, like the fact that during log four J, like they had GitHub repositories, they were using Slack, they were using Twitter. So the government has really started pushing forward with a lot of the newer leadership that's in place to say, Hey, we're gonna use tools and technology that works to share and disseminate information as quickly as we can. Right? That's fantastic. That's helping everybody. >>We knew that every industry, no, nobody's spared of this. But did you notice in the last couple of years, any industries in particular that are more vulnerable? Like I think of healthcare with personal health information or financial services, any industries kind of jump out as being more susceptible than others? >>So I think those two are always gonna be at the forefront, right? Financial services and healthcare. But what's been really top of mind is critical infrastructure, just making sure right? That our water, our power, our fuel, so many other parts of right, the ecosystem that go into making sure that, you know, we're keeping, you know, houses heated during the winter, for example, that people have fresh water. Those are extremely critical. And so that is really a massive area of focus for the industry right now. >>Can I come back to public-private partnerships? My question is relates to regulations because the public policy tends to be behind tech, the technology industry as an understatement. So when you take something like GDPR is the obvious example, but there are many, many others, data sovereignty, you can't move the data. Are are, are, is there tension between your desire as our desire as an industry to share data and government's desire to keep data private and restrict that data sharing? How is that playing out? How do you resolve that? >>Well I think there have been great strides right in each of those areas. So in terms of regulation when it comes to breaches there, you know, has been a tendency in the past to do victim shaming, right? And for organizations to not want to come forward because they're concerned about the monetary funds, right? I think there's been tremendous acceleration. You're seeing that everywhere from the fbi, from cisa, to really working very closely with organizations to, to have a true impact. So one example would be a ransomware attack that occurred. This was for a client of ours within the United States and we had a very close relationship with the FBI at that local field office and made a phone call. This was 7:00 AM Eastern time. And this was an organization that had this breach gone public, would've made worldwide news. There would've been a very big impact because it would've taken a lot of their systems offline. >>Within the 30 minutes that local FBI office was on site said, we just saw this piece of malware last week, we have a decryptor for it from another organization who shared it with us. Here you go. And within 60 minutes, every system was back up and running. Our teams were able to respond and get that disseminated quickly. So efforts like that, I think the government has made a tremendous amount of headway into improving relationships. Is there always gonna be some tension between, you know, competing, you know, organizations? Sure. But I think that we're doing a whole lot to progress it, >>But governments will make exceptions in that case. Especially for something as critical as the example that you just gave and be able to, you know, do a reach around, if you will, on, on onerous regulations that, that ne aren't helpful in that situation, but certainly do a lot of good in terms of protecting privacy. >>Well, and I think there used to be exceptions made typically only for national security elements, right? And now you're seeing that expanding much more so, which I think is also positive. Right. >>Last question for you as we are wrapping up time here. What can organizations really do to stay ahead of the curve when it comes to, to threat actors? We've got internal external threats. What can they really do to just be ahead of that curve? Is that possible? >>Well, it is now, it's not an easy task so I'm not gonna, you know, trivialize it. But I think that one, having relationships with right organizations in advance always a good thing. That's a, everything from certainly a commercial relationships, but also your peers, right? There's all kinds of fantastic industry spec specific information sharing organizations. I think the biggest thing that impacts is having education across your executive team and testing regularly, right? Having a plan in place, testing it. And it's not just the security pieces of it, right? As security responders, we live these attacks every day, but it's making sure that your general counsel and your head of operations and your CEO knows what to do. Your board of directors, do they know what to do when they receive a phone call from Bloomberg, for example? Are they supposed supposed to answer? Do your employees know that those kind of communications in advance and training can be really critical and make or break a difference in an attack. >>That's a great point about the testing but also the communication that it really needs to be company wide. Everyone at every level needs to know how to react. Wendy, it's been so great having, >>Wait one last question. Sure. Do you have a favorite superhero growing up? >>Ooh, it's gotta be Wonder Woman. Yeah, >>Yeah, okay. Yeah, so cuz I'm always curious, there's not a lot of women in, in security in cyber. How'd you get into it? And many cyber pros like wanna save the world? >>Yeah, no, that's a great question. So I joined the Air Force, you know, I, I was a special agent doing computer crime investigations and that was a great job. And I learned about that from, we had an alumni day and all these alumni came in from the university and they were in flight suits and combat gear. And there was one woman who had long blonde flowing hair and a black suit and high heels and she was carrying a gun. What did she do? Because that's what I wanted do. >>Awesome. Love it. We >>Blonde >>Wonder Woman. >>Exactly. Wonder Woman. Wendy, it's been so great having you on the program. We, we will definitely be following unit 42 and all the great stuff that you guys are doing. Keep up the good >>Work. Thanks so much Lisa. Thank >>You. Day our pleasure. For our guest and Dave Valante, I'm Lisa Martin, live in Las Vegas at MGM Grand for Palo Alto Ignite, 22. You're watching the Cube, the leader in live enterprise and emerging tech coverage.

(upbeat music) >> From theCube Studios in Palo Alto in Boston, bringing you data driven insights from theCube and ETR. This is Breaking Analysis with Dave Vellante. >> While by no means a safe haven, the cybersecurity sector has outpaced the broader tech market by a meaningful margin, that is up until very recently. Cybersecurity remains the number one technology priority for the C-suite, but as we've previously reported the CISO's budget has constraints just like other technology investments. Recent trends show that economic headwinds have elongated sales cycles, pushed deals into future quarters, and just like other tech initiatives, are pacing cybersecurity investments and breaking them into smaller chunks. Hello and welcome to this week's Wikibon Cube Insights powered by ETR. In this Breaking Analysis we explain how cybersecurity trends are reverting to the mean and tracking more closely with other technology investments. We'll make a couple of valuation comparisons to show the magnitude of the challenge and which cyber firms are feeling the heat, which aren't. There are some exceptions. We'll then show the latest survey data from ETR to quantify the contraction in spending momentum and close with a glimpse of the landscape of emerging cybersecurity companies, the private companies that could be ripe for acquisition, consolidation, or disruptive to the broader market. First, let's take a look at the recent patterns for cyber stocks relative to the broader tech market as a benchmark, as an indicator. Here's a year to date comparison of the bug ETF, which comprises a basket of cyber security names, and we compare that with the tech heavy NASDAQ composite. Notice that on April 13th of this year the cyber ETF was actually in positive territory while the NAS was down nearly 14%. Now by August 16th, the green turned red for cyber stocks but they still meaningfully outpaced the broader tech market by more than 950 basis points as of December 2nd that Delta had contracted. As you can see, the cyber ETF is now down nearly 25%, year to date, while the NASDAQ is down 27% and change. Now take a look at just how far a few of the high profile cybersecurity names have fallen. Here are six security firms that we've been tracking closely since before the pandemic. We've been, you know, tracking dozens but let's just take a look at this data and the subset. We show for comparison the S&P 500 and the NASDAQ, again, just for reference, they're both up since right before the pandemic. They're up relative to right before the pandemic, and then during the pandemic the S&P shot up more than 40%, relative to its pre pandemic level, around February is what we're using for the pre pandemic level, and the NASDAQ peaked at around 65% higher than that February level. They're now down 85% and 71% of their previous. So they're at 85% and 71% respectively from their pandemic highs. You compare that to these six companies, Splunk, which was and still is working through a transition is well below its pre pandemic market value and 44, it's 44% of its pre pandemic high as of last Friday. Palo Alto Networks is the most interesting here, in that it had been facing challenges prior to the pandemic related to a pivot to the Cloud which we reported on at the time. But as we said at that time we believe the company would sort out its Cloud transition, and its go to market challenges, and sales compensation issues, which it did as you can see. And its valuation jumped from 24 billion prior to Covid to 56 billion, and it's holding 93% of its peak value. Its revenue run rate is now over 6 billion with a healthy growth rate of 24% expected for the next quarter. Similarly, Fortinet has done relatively well holding 71% of its peak Covid value, with a healthy 34% revenue guide for the coming quarter. Now, Okta has been the biggest disappointment, a darling of the pandemic Okta's communication snafu, with what was actually a pretty benign hack combined with difficulty absorbing its 7 billion off zero acquisition, knocked the company off track. Its valuation has dropped by 35 billion since its peak during the pandemic, and that's after a nice beat and bounce back quarter just announced by Okta. Now, in our view Okta remains a viable long-term leader in identity. However, its recent fiscal 24 revenue guide was exceedingly conservative at around 16% growth. So either the company is sandbagging, or has such poor visibility that it wants to be like super cautious or maybe it's actually seeing a dramatic slowdown in its business momentum. After all, this is a company that not long ago was putting up 50% plus revenue growth rates. So it's one that bears close watching. CrowdStrike is another big name that we've been talking about on Breaking Analysis for quite some time. It like Okta has led the industry in a key ETR performance indicator that measures customer spending momentum. Just last week, CrowdStrike announced revenue increased more than 50% but new ARR was soft and the company guided conservatively. Not surprisingly, the stock got absolutely crushed as CrowdStrike blamed tepid demand from smaller and midsize firms. Many analysts believe that competition from Microsoft was one factor along with cautious spending amongst those midsize and smaller customers. Notably, large customers remain active. So we'll see if this is a longer term trend or an anomaly. Zscaler is another company in the space that we've reported having great customer spending momentum from the ETR data. But even though the company beat expectations for its recent quarter, like other companies its Outlook was conservative. So other than Palo Alto, and to a lesser extent Fortinet, these companies and others that we're not showing here are feeling the economic pinch and it shows in the compression of value. CrowdStrike, for example, had a 70 billion valuation at one point during the pandemic Zscaler top 50 billion, Okta 45 billion. Now, having said that Palo Alto Networks, Fortinet, CrowdStrike, and Zscaler are all still trading well above their pre pandemic levels that we tracked back in February of 2020. All right, let's go now back to ETR'S January survey and take a look at how much things have changed since the beginning of the year. Remember, this is obviously pre Ukraine, and pre all the concerns about the economic headwinds but here's an X Y graph that shows a net score, or spending momentum on the y-axis, and market presence on the x-axis. The red dotted line at 40% on the vertical indicates a highly elevated net score. Anything above that we think is, you know, super elevated. Now, we filtered the data here to show only those companies with more than 50 responses in the ETR survey. Still really crowded. Note that there were around 20 companies above that red 40% mark, which is a very, you know, high number. It's a, it's a crowded market, but lots of companies with, you know, positive momentum. Now let's jump ahead to the most recent October survey and take a look at what, what's happening. Same graphic plotting, spending momentum, and market presence, and look at the number of companies above that red line and how it's been squashed. It's really compressing, it's still a crowded market, it's still, you know, plenty of green, but the number of companies above 40% that, that key mark has gone from around 20 firms down to about five or six. And it speaks to that compression and IT spending, and of course the elongated sales cycles pushing deals out, taking them in smaller chunks. I can't tell you how many conversations with customers I had, at last week at Reinvent underscoring this exact same trend. The buyers are getting pressure from their CFOs to slow things down, do more with less and, and, and prioritize projects to those that absolutely are critical to driving revenue or cutting costs. And that's rippling through all sectors, including cyber. Now, let's do a bit more playing around with the ETR data and take a look at those companies with more than a hundred citations in the survey this quarter. So N, greater than or equal to a hundred. Now remember the followers of Breaking Analysis know that each quarter we take a look at those, what we call four star security firms. That is, those are the, that are in, that hit the top 10 for both spending momentum, net score, and the N, the mentions in the survey, the presence, the pervasiveness in the survey, and that's what we show here. The left most chart is sorted by spending momentum or net score, and the right hand chart by shared N, or the number of mentions in the survey, that pervasiveness metric. that solid red line denotes the cutoff point at the top 10. And you'll note we've actually cut it off at 11 to account for Auth 0, which is now part of Okta, and is going through a go to market transition, you know, with the company, they're kind of restructuring sales so they can take advantage of that. So starting on the left with spending momentum, again, net score, Microsoft leads all vendors, typical Microsoft, very prominent, although it hadn't always done so, it, for a while, CrowdStrike and Okta were, were taking the top spot, now it's Microsoft. CrowdStrike, still always near the top, but note that CyberArk and Cloudflare have cracked the top five in Okta, which as I just said was consistently at the top, has dropped well off its previous highs. You'll notice that Palo Alto Network Palo Alto Networks with a 38% net score, just below that magic 40% number, is healthy, especially as you look over to the right hand chart. Take a look at Palo Alto with an N of 395. It is the largest of the independent pure play security firms, and has a very healthy net score, although one caution is that net score has dropped considerably since the beginning of the year, which is the case for most of the top 10 names. The only exception is Fortinet, they're the only ones that saw an increase since January in spending momentum as ETR measures it. Now this brings us to the four star security firms, that is those that hit the top 10 in both net score on the left hand side and market presence on the right hand side. So it's Microsoft, Palo Alto, CrowdStrike, Okta, still there even not accounting for a Auth 0, just Okta on its own. If you put in Auth 0, it's, it's even stronger. Adding then in Fortinet and Zscaler. So Microsoft, Palo Alto, CrowdStrike, Okta, Fortinet, and Zscaler. And as we've mentioned since January, only Fortinet has shown an increase in net score since, since that time, again, since the January survey. Now again, this talks to the compression in spending. Now one of the big themes we hear constantly in cybersecurity is the market is overcrowded. Everybody talks about that, me included. The implication there, is there's a lot of room for consolidation and that consolidation can come in the form of M&A, or it can come in the form of people consolidating onto a single platform, and retiring some other vendors, and getting rid of duplicate vendors. We're hearing that as a big theme as well. Now, as we saw in the previous, previous chart, this is a very crowded market and we've seen lots of consolidation in 2022, in the form of M&A. Literally hundreds of M&A deals, with some of the largest companies going private. SailPoint, KnowBe4, Barracuda, Mandiant, Fedora, these are multi billion dollar acquisitions, or at least billion dollars and up, and many of them multi-billion, for these companies, and hundreds more acquisitions in the cyberspace, now less you think the pond is overfished, here's a chart from ETR of emerging tech companies in the cyber security industry. This data comes from ETR's Emerging Technologies Survey, ETS, which is this diamond in a rough that I found a couple quarters ago, and it's ripe with companies that are candidates for M&A. Many would've liked, many of these companies would've liked to, gotten to the public markets during the pandemic, but they, you know, couldn't get there. They weren't ready. So the graph, you know, similar to the previous one, but different, it shows net sentiment on the vertical axis and that's a measurement of, of, of intent to adopt against a mind share on the X axis, which measures, measures the awareness of the vendor in the community. So this is specifically a survey that ETR goes out and, and, and fields only to track those emerging tech companies that are private companies. Now, some of the standouts in Mindshare, are OneTrust, BeyondTrust, Tanium and Endpoint, Net Scope, which we've talked about in previous Breaking Analysis. 1Password, which has been acquisitive on its own. In identity, the managed security service provider, Arctic Wolf Network, a company we've also covered, we've had their CEO on. We've talked about MSSPs as a real trend, particularly in small and medium sized business, we'll come back to that, Sneek, you know, kind of high flyer in both app security and containers, and you can just see the number of companies in the space this huge and it just keeps growing. Now, just to make it a bit easier on the eyes we filtered the data on these companies with with those, and isolated on those with more than a hundred responses only within the survey. And that's what we show here. Some of the names that we just mentioned are a bit easier to see, but these are the ones that really stand out in ERT, ETS, survey of private companies, OneTrust, BeyondTrust, Taniam, Netscope, which is in Cloud, 1Password, Arctic Wolf, Sneek, BitSight, SecurityScorecard, HackerOne, Code42, and Exabeam, and Sim. All of these hit the ETS survey with more than a hundred responses by, by the IT practitioners. Okay, so these firms, you know, maybe they do some M&A on their own. We've seen that with Sneek, as I said, with 1Password has been inquisitive, as have others. Now these companies with the larger footprint, these private companies, will likely be candidate for both buying companies and eventually going public when the markets settle down a bit. So again, no shortage of players to affect consolidation, both buyers and sellers. Okay, so let's finish with some key questions that we're watching. CrowdStrike in particular on its earnings calls cited softness from smaller buyers. Is that because these smaller buyers have stopped adopting? If so, are they more at risk, or are they tactically moving toward the easy button, aka, Microsoft's good enough approach. What does that mean for the market if smaller company cohorts continue to soften? How about MSSPs? Will companies continue to outsource, or pause on on that, as well as try to free up, to try to free up some budget? Adam Celiski at Reinvent last week said, "If you want to save money the Cloud's the best place to do it." Is the cloud the best place to save money in cyber? Well, it would seem that way from the standpoint of controlling budgets with lots of, lots of optionality. You could dial up and dial down services, you know, or does the Cloud add another layer of complexity that has to be understood and managed by Devs, for example? Now, consolidation should favor the likes of Palo Alto and CrowdStrike, cause they're platform players, and some of the larger players as well, like Cisco, how about IBM and of course Microsoft. Will that happen? And how will economic uncertainty impact the risk equation, a particular concern is increase of tax on vulnerable sectors of the population, like the elderly. How will companies and governments protect them from scams? And finally, how many cybersecurity companies can actually remain independent in the slingshot economy? In so many ways the market is still strong, it's just that expectations got ahead of themselves, and now as earnings forecast come, come, come down and come down to earth, it's going to basically come down to who can execute, generate cash, and keep enough runway to get through the knothole. And the one certainty is nobody really knows how tight that knothole really is. All right, let's call it a wrap. Next week we dive deeper into Palo Alto Networks, and take a look at how and why that company has held up so well and what to expect at Ignite, Palo Alto's big user conference coming up later this month in Las Vegas. We'll be there with theCube. Okay, many thanks to Alex Myerson on production and manages the podcast, Ken Schiffman as well, as our newest edition to our Boston studio. Great to have you Ken. Kristin Martin and Cheryl Knight help get the word out on social media and in our newsletters. And Rob Hof is our EIC over at Silicon Angle. He does some great editing for us. Thank you to all. Remember these episodes are all available as podcasts. Wherever you listen, just search Breaking Analysis podcast. I publish each week on wikibond.com and siliconangle.com, or you can email me directly David.vellante@siliconangle.com or DM me @DVellante, or comment on our LinkedIn posts. Please do checkout etr.ai, they got the best survey data in the enterprise tech business. This is Dave Vellante for theCube Insights powered by ETR. Thanks for watching, and we'll see you next time on Breaking Analysis. (upbeat music)

(bright music) >> Okay, we're back. With Jeff and Travis Vigil to dig deeper into the news. Guys, again, good to see you. Travis, if you could, maybe before we get into the news, can you set the business context for us? What's going on out there? >> Yeah, thanks for that question, Dave. To set a little bit of the context when you look at the data protection market, Dell has been a leader in providing solutions to customers for going on nearly two decades now. We have tens of thousands of people using our appliances. We have multiple thousands of people using our latest, modern, simple power protect data manager software. And as Jeff mentioned, we have, you know, 1700 customers protecting 14 exabytes of data in the public clouds today. And that foundation gives us a unique vantage point. We talked to a lot of customers. And they're really telling us three things. They want simple solutions, they want us to help them modernize, and they want us as the highest priority, maintain that high degree of resiliency that they expect from our data protection solutions. So that's the backdrop to the news today. And as we go through the news, I think you'll agree that each of these announcements deliver on those pillars. And in particular, today we're announcing the PowerProtect Data Manager Appliance. We are announcing PowerProtect Cyber Recovery enhancements, and we are announcing enhancements to our APEX data storage services. >> Okay, so three pieces, let's dig to that. It's interesting appliance, everybody wants software but then you talk to customers and they're like, "Well, we actually want appliances because we just want to put it in and it works, and performs great." So what do we need to know about the appliance? What's the news there? >> Well, you know, part of the reason I gave you some of those stats to begin with is, that we have this strong foundation of experience, but also intellectual property. Components that we've taken, that have been battle tested in the market. And we've put them together in a new simple, integrated appliance that really combines the best of the target appliance capabilities, we have with that modern, simple software. And we've integrated it from the, you know, sort of taking all of those pieces, putting them together in a simple, easy-to-use and easy-to-scale interface for customers. >> So the premise that I've been putting forth for, you know, months now, probably well over a year, is that data protection is becoming an extension of your cybersecurity strategies. So I'm interested in your perspective on Cyber Recovery, your specific news that you have there? >> Yeah, you know, we are in addition to simplifying things via the appliance. We are providing solutions for customers no matter where they're deploying. And Cyber Recovery, especially, when it comes to cloud deployments, it's an increasing area of interest and deployment that we see with our customers. So what we're announcing today is that we're expanding our Cyber Recovery services to be available in Google Cloud. With this announcement, it means we're available in all three of the major Clouds. And it really provides customers the flexibility to cure their data no matter if they're running, you know, on premises, in a Colo, at the edge in the public cloud. And the other nice thing about this announcement is that you have the ability to use Google Cloud as a Cyber Recovery vault. That really allows customers to isolate critical data and they can recover that critical data from the vault back to on-premises or from that vault back to running their cyber protection, or their data protection solutions in the public cloud. >> I always involve my favorite Matt Baker here, It's not a zero-sum game, but this is a perfect example where there's opportunities for a company like Dell to partner with the public cloud provider. You've got capabilities that don't exist there. You've got the on-prem capabilities. We could talk about Edge all day, but that's a different topic. Okay so my other question, Travis, is how does this all fit into APEX? We hear a lot about APEX as a service it's sort of the new hot thing. What's happening there? What's the news around APEX? >> Yeah, we've seen incredible momentum with our APEX Solutions, since we introduced data protection options into them earlier this year. And we're really building on that momentum with this announcement being, you know, providing solutions that allow customers to consume flexibly. And so what we're announcing specifically is, that we're expanding APEX Data Storage Services to include a data protection option. And it's like with all APEX offers, it's a pay-as-you go solution. Really streamlines the process of customers purchasing, deploying, maintaining and managing their backup software. All a customer really needs to do is, you know, specify their base capacity, they specify their performance tier, they tell us do they want a one-year term, or a three-year term? And we take it from there. We get them up and running, so they can start deploying and consuming flexibly. And as with many of our APEX solutions, it's a simple user experience all exposed through a unified APEX console. >> Okay, so you're keeping a simple, like, I think large, medium, small, you know, we hear a lot about T-shirt sizes. I'm a big fan of that 'cause you guys should be smart enough to figure out, you know, based on my workload, what I need. How different is this? I wonder if you guys could address this, Jeff, maybe you can- >> So, I'll start and then, pitch me, you know, Travis, you jump in when I screw up here so... >> Awesome. >> So first I'd say we offer innovative Multi-cloud data protection solutions. We provide that deliver performance, efficiency and scale that our customers demand and require. We support as Travis at all the major public clouds. We have a broad ecosystem of workload support and I guess the great news is we're up to 80% more cost effective than any of the competition. >> 80%? >> 80%. >> That's a big number. Travis, what's your point of view on this? >> Yeah, I think number one, end-to-end data protection. We, we are that one stop shop that I talked about. Whether it's a simplified appliance, whether it's deployed in the cloud, whether it's at the edge, whether it's integrated appliances, target appliances, software we have solutions that span the gamut as a service. I mentioned the APEX solution as well. So really we can provide solutions that helps support customers and protect them, any workload, any cloud, anywhere that data lives, Edge core to cloud. The other thing that we're here, as a big differentiator for Dell and Jeff touched on this a little bit earlier, is our intelligent cyber resiliency. We have a unique combination in the market where we can offer immutability or protection against deletion as sort of that first line of defense. But we can also offer a second level of defense which is isolation, talking about data vaults or cyber vaults and Cyber Recovery. And more importantly, the intelligence that goes around that vault. It can look at detecting cyber-attacks, it can help customer speed time to recovery and really provides AI and ML to help early diagnosis of a cyber-attack and fast recovery should a cyber-attack occur. And you know, if you look at customer adoption of that solution specifically in the clouds, we have over 1300 customers utilizing PowerProtect Cyber Recovery. >> So I think it's fair to say that your, I mean your portfolio has obviously been a big differentiator whenever I talk to, you know your finance team, Michael Dell, et cetera that an end-to-end capability that that your ability to manage throughout the supply chain. We actually just did an event recently with you guys where you went into what you're doing to make infrastructure trusted. And so my take on that is, in a lot of respects, you're shifting, you know, the client's burden to your R&D, and now, they have a lot of work to do, so it's not like they can go home and just relax, but that's a key part of the partnership that I see. Jeff, I wonder if you could give us the final thoughts. >> Sure, Dell has a long history of being a trusted partner within IT, right? So we have unmatched capabilities, going back to your point, we have the broadest portfolio, we have, you know, we're a leader in every category that we participate and we have a broad deep breadth of portfolio. We have scale, we have innovation that is just unmatched. Within data protection itself, we have the trusted market leader, no if and or buts. We're a number one for both data protection software in appliances per IDC. And we were just named, for the 17th consecutive time the leader in the Gartner Magic Quadrant. So bottom line is customers can count on Dell. >> Yeah. And I think again, we're seeing the evolution of data protection. It's not like the last 10 years, it's really becoming an adjacency and really a key component of your cyber strategy. I think those two parts of the organization are coming together. So guys, really appreciate your time. Thanks for (indistinct). >> Thank you, sir. Thanks, Travis, good to see you. All right, in a moment, I'm going to come right back and summarize what we learned today, what actions you can take for your business. You're watching "The Future of Multicloud Data Protection" made possible by Dell and collaboration with the Cube, your leader in enterprise and emerging tech coverage, right back. (upbeat music) >> In our data driven world. Protecting data has never been more critical, to guard against everything from cyber incidents to unplanned outages. You need a cyber resilient multi-cloud data protection strategy. >> It's not a matter of if you're going to get hacked, it's a matter of when. And I want to know that I can recover and continue to recover each day. >> It is important to have a cyber security and a cyber resiliency plan in place, because the threat of cyber-attack are imminent. >> PowerProtects Data manager from Dell Technologies helps deliver the data protection and security confidence you would expect from a trusted we chose PowerProtect Data Manager because we've been on strategic partner with Dell Technologies, for roughly 20 years now. Our partnership with Dell Technologies has provided us with the ability to scale, and grow as we've transition from 10 billion in assets to 20 billion. >> With PowerProtect Data Manager, you can enjoy exceptional ease of use to increase your efficiency and reduce costs. >> Got installed it by myself, learn it by myself, with very intuitive >> While restoring a machine with PowerProtect Data Manager is fast. We can fully manage PowerProtect through the center. We can recover a whole machine in seconds. >> Data Manager offers innovation such as Transparent Snapshots to simplify virtual machine backups and it goes beyond backup and restore to provide valuable insights and to protected data, workloads and VMs. >> In our previous environment, it would take anywhere from three to six hours a night to do a single backup of each VM. Now we're backing up hourly and it takes two to three seconds with the Transparent Snapshots. >> With PowerProtect's Data Manager, you get the peace of mind knowing that your data is safe and available whenever you need it. >> Data is extreme important. We can't afford to lose any data. We need things just to work. >> Start your journey to modern data protection with Dell PowerProtect Data Manager. Visit dell.com/powerprotectdatamanager. >> We put forth the premise in our introduction that the worlds of data protection and cyber security must be more integrated. We said that data recovery strategies have to be built into security practices and procedures and by default, this should include modern hardware and software. Now in addition, to reviewing some of the challenges that customers face, which have been pretty well documented, we heard about new products that Dell Technologies is bringing to the marketplace. Specifically, address these customer concerns. There were three that we talked about today. First, the PowerProtect Data Manager Appliance, which is an integrated system. Taking advantage of Dell's history in data protection but adding new capabilities. And I want to come back to that in a moment. Second is Dell's PowerProtect Cyber Recovery for Google Cloud platform. This rounds out the big three public cloud providers for Dell, which joins AWS and Azure support. Now finally, Dell has made its target backup appliances available in APEX. You might recall earlier this year, we saw the introduction from Dell of APEX backup services. And then in May at Dell Technologies World, we heard about the introduction of APEX Cyber Recovery Services. And today, Dell is making its most popular backup appliances available in APEX. Now I want to come back to the PowerProtect Data Manager Appliance because it's a new integrated appliance. And I asked Dell off camera, really, what is so special about these new systems and what's really different from the competition because look, everyone offers some kind of integrated appliance. So I heard a number of items Dell talked about simplicity and efficiency and containers and Kubernetes. So I kind of kept pushing and got to what I think is the heart of the matter in two really important areas. One is simplicity. Dell claims that customers can deploy the system in half the time relative to the competition. So we're talking minutes to deploy and of course, that's going to lead to much simpler management. And the second real difference I heard, was backup and restore performance for VMware workloads. In particular, Dell has developed transparent snapshot capabilities to fundamentally change the way VMs are protected which leads to faster backup and restores with less impact on virtual infrastructure. Dell believes this new development is unique in the market, and claims that in its benchmarks, the new appliance was able to back up 500 virtual machines in 47% less time compared to a leading competitor. Now this is based on Dell benchmarks so hopefully these are things that you can explore in more detail with Dell to see if and how they apply to your business. So if you want more information go to the Data Protection page at Dell.com. You can find that at dell.com/dataprotection. And all the content here and all the videos are available on demand at thecube.net. Check out our series, on the blueprint for trusted infrastructure it's related and has some additional information. And go to siliconangle.com for all the news and analysis related to these and other announcements. This is Dave Vellante. Thanks for watching "The Future of Multi-cloud Protection." Made possible by Dell in collaboration with the Cube your leader in enterprise and emerging tech coverage. (upbeat music)

>> Prior to the pandemic, organizations were largely optimized for efficiency as the best path to bottom line profits. Many CIOs tell theCUBE privately that they were caught off guard by the degree to which their businesses required greater resiliency beyond their somewhat cumbersome disaster recovery processes. And the lack of that business resilience has actually cost firms because they were unable to respond to changing market forces. And certainly, we've seen this dynamic with supply chain challenges. And there's a little doubt we're also seeing it in the area of cybersecurity generally, and data recovery specifically. Over the past 30 plus months, the rapid adoption of cloud to support remote workers and build in business resilience had the unintended consequences of expanding attack vectors, which brought an escalation of risk from cybercrime. While security in the public cloud is certainly world class, the result of multicloud has brought with it multiple shared responsibility models, multiple ways of implementing security policies across clouds and on-prem. And at the end of the day, more, not less, . But there's a positive side to this story. The good news is that public policy, industry collaboration and technology innovation is moving fast to accelerate data protection and cybersecurity strategies with a focus on modernizing infrastructure, securing the digital supply chain, and very importantly, simplifying the integration of data protection and cybersecurity. Today, there's heightened awareness that the world of data protection is not only an adjacency to, but is becoming a fundamental component of cybersecurity strategies. In particular, in order to build more resilience into a business, data protection people, technologies and processes must be more tightly coordinated with security operations. Hello, and welcome to "The Future of Multicloud Data Protection" made possible by Dell in collaboration with theCUBE. My name is Dave Vellante and I'll be your host today. In this segment, we welcome into theCUBE two senior executives from Dell who will share details on new technology announcements that directly address these challenges. Jeff Boudreau is the President and General Manager of Dell's Infrastructure Solutions Group, ISG, and he's going to share his perspectives on the market and the challenges he's hearing from customers. And we're going to ask Jeff to double click on the messages that Dell is putting into the marketplace and give us his detailed point of view on what it means for customers. Now, Jeff is going to be joined by Travis Vigil. Travis is the Senior Vice-President of Product Management for ISG at Dell Technologies, and he's going to give us details on the products that are being announced today and go into the hard news. Now, we're also going to challenge our guests to explain why Dell's approach is unique and different in the marketplace. Thanks for being with us. Let's get right into it. (upbeat music) We're here with Jeff Boudreau and Travis Vigil, and we're going to dig into the details about Dell's big data protection announcement. Guys, good to see you. Thanks for coming in. >> Good to see you. Thank you for having us. >> You're very welcome. Alright, let's start off Jeff, with the high level. You know, I'd like to talk about the customer, what challenges they're facing? You're talking to customers all the time. What are they telling you? >> Sure, as you know, we spend a lot of time with our customers, specifically listening, learning, understanding their use cases, their pain points within their specific environments. They tell us a lot. No surprise to any of us that data is a key theme that they talk about. It's one of their most important assets. They need to extract more value from that data to fuel their business models, their innovation engines, their competitive edge. So, they need to make sure that that data is accessible, it's secure and its recoverable, especially in today's world with the increased cyber attacks. >> Okay, so maybe we could get into some of those challenges. I mean, when you talk about things like data sprawl, what do you mean by that? What should people know? >> Sure, so for those big three themes, I'd say, you have data sprawl, which is the big one, which is all about the massive amounts of data. It's the growth of that data, which is growing at unprecedented rates. It's the gravity of that data and the reality of the multicloud sprawl. So stuff is just everywhere, right? Which increases that surface as attack space for cyber criminals. >> And by gravity, you mean the data's there and people don't want to move it. >> It's everywhere, right? And so when it lands someplace, think Edge, Core or Cloud, it's there. And it's something we have to help our customers with. >> Okay, so it's nuanced 'cause complexity has other layers. What are those layers? >> Sure. When we talk to our customers, they tell us complexity is one of their big themes. And specifically it's around data complexity. We talked about that growth and gravity of the data. We talk about multicloud complexity and we talk about multicloud sprawl. So multiple vendors, multiple contracts, multiple tool chains, and none of those work together in this multicloud world. Then that drives their security complexity. So, we talk about that increased attack surface. But this really drives a lot of operational complexity for their teams. Think about we're lacking consistency through everything. So people, process, tools, all that stuff, which is really wasting time and money for our customers. >> So, how does that affect the cyber strategies and the, I mean, I've often said the Cisco, now they have this shared responsibility model. They have to do that across multiple clouds. Every cloud has its own security policies and frameworks and syntax. So, maybe you could double click on your perspective on that. >> Sure. I'd say the big challenge customers have seen, it's really inadequate cyber resiliency and specifically, they're feeling very exposed. And today as the world with cyber attacks being more and more sophisticated, if something goes wrong, it is a real challenge for them to get back up and running quickly. And that's why this is such a big topic for CEOs and businesses around the world. You know, it's funny. I said this in my open. I think that prior to the pandemic businesses were optimized for efficiency, and now they're like, "Wow, we have to actually put some headroom into the system to be more resilient." You know, are you hearing that? >> Yeah, we absolutely are. I mean, the customers really, they're asking us for help, right? It's one of the big things we're learning and hearing from them. And it's really about three things. One's about simplifying IT. Two, it's really helping them to extract more value from their data. And then the third big piece is ensuring their data is protected and recoverable regardless of where it is going back to that data gravity and that very, you know, the multicloud world. Just recently, I don't know if you've seen it, but the Global Data Protected, excuse me, the Global Data Protection Index. >> GDPI. >> Yes. Jesus. >> Not to be confused with GDPR. >> Actually, that was released today and confirms everything we just talked about around customer challenges. But also it highlights at an importance of having a very cyber, a robust cyber resilient data protection strategy. >> Yeah, I haven't seen the latest, but I want to dig into it. I think this, I've done this many, many years in a row. I'd like to look at the time series and see how things have changed. All right. At a high level, Jeff, can you kind of address why Dell, from your point of view is best suited? >> Sure. So, we believe there's a better way or a better approach on how to handle this. We think Dell is uniquely positioned to help our customers as a one stop shop, if you will, for that cyber resilient multicloud data protection solution and needs. We take a modern, a simple and resilient approach. >> What does that mean? What do you mean by modern? >> Sure. So modern, we talk about our software defined architecture. Right? It's really designed to meet the needs not only of today, but really into the future. And we protect data across any cloud and any workload. So, we have a proven track record doing this today. We have more than 1,700 customers that trust us to protect more than 14 exabytes of their data in the cloud today. >> Okay, so you said modern, simple and resilient. What do you mean by simple? >> Sure. We want to provide simplicity everywhere, going back to helping with the complexity challenge. And that's from deployment to consumption, to management and support. So, our offers will deploy in minutes. They are easy to operate and use, and we support flexible consumption models for whatever the customer may desire. So, traditional subscription or as a service. >> And when you talk about resilient, I mean, I put forth that premise, but it's hard because people say, "Well, that's going to cost us more. Well, it may, but you're going to also reduce your risk." So, what's your point of view on resilience? >> Yeah, I think it's something all customers need. So, we're going to be providing a comprehensive and resilient portfolio of cyber solutions that are secure by design. And we have some unique capabilities and a combination of things like built in immutability, physical and logical isolation. We have intelligence built in with AI part recovery. And just one, I guess fun fact for everybody is we have, our cyber vault is the only solution in the industry that is endorsed by Sheltered Harbor that meets all the needs of the financial sector. >> So it's interesting when you think about the NIST framework for cybersecurity. It's all about about layers. You're sort of bringing that now to data protection. >> Jeff: Correct. Yeah. >> All right. In a minute, we're going to come back with Travis and dig into the news. We're going to take a short break. Keep it right there. (upbeat music) (upbeat adventurous music) Okay, we're back with Jeff and Travis Vigil to dig deeper into the news. Guys, again, good to see you. Travis, if you could, maybe you, before we get into the news, can you set the business context for us? What's going on out there? >> Yeah. Thanks for that question, Dave. To set a little bit of the context, when you look at the data protection market, Dell has been a leader in providing solutions to customers for going on nearly two decades now. We have tens of thousands of people using our appliances. We have multiple thousands of people using our latest modern, simple PowerProtect Data Manager Software. And as Jeff mentioned, we have, 1,700 customers protecting 14 exabytes of data in the public clouds today. And that foundation gives us a unique vantage point. We talked to a lot of customers and they're really telling us three things. They want simple solutions. They want us to help them modernize. And they want us to add as the highest priority, maintain that high degree of resiliency that they expect from our data protection solutions. So, that's the backdrop to the news today. And as we go through the news, I think you'll agree that each of these announcements deliver on those pillars. And in particular, today we're announcing the PowerProtect Data Manager Appliance. We are announcing PowerProtect Cyber Recovery Enhancements, and we are announcing enhancements to our APEX Data Storage Services. >> Okay, so three pieces. Let's dig to that. It's interesting, appliance, everybody wants software, but then you talk to customers and they're like, "Well, we actually want appliances because we just want to put it in and it works." >> Travis: (laughs) Right. >> It performs great. So, what do we need to know about the appliance? What's the news there? >> Well, you know, part of the reason I gave you some of those stats to begin with is that we have this strong foundation of experience, but also intellectual property components that we've taken that have been battle tested in the market. And we've put them together in a new simple, integrated appliance that really combines the best of the target appliance capabilities we have with that modern, simple software. And we've integrated it from the, you know, sort of taking all of those pieces, putting them together in a simple, easy to use and easy to scale interface for customers. >> So, the premise that I've been putting forth for months now, probably well over a year, is that data protection is becoming an extension of your cybersecurity strategies. So, I'm interested in your perspective on cyber recovery. Your specific news that you have there. >> Yeah, you know, we are in addition to simplifying things via the appliance, we are providing solutions for customers no matter where they're deploying. And cyber recovery, especially when it comes to cloud deployments, is an increasing area of interest and deployment that we see with our customers. So, what we're announcing today is that we're expanding our cyber recovery services to be available in Google Cloud. With this announcement, it means we're available in all three of the major clouds and it really provides customers the flexibility to secure their data no matter if they're running on-premises, in Acolo, at the Edge, in the public cloud. And the other nice thing about this announcement is that you have the ability to use Google Cloud as a cyber recovery vault that really allows customers to isolate critical data and they can recover that critical data from the vault back to on-premises or from that vault back to running their cyber protection or their data protection solutions in the public cloud. >> I always invoke my favorite Matt Baker here. "It's not a zero sum game", but this is a perfect example where there's opportunities for a company like Dell to partner with the public cloud provider. You've got capabilities that don't exist there. You've got the on-prem capabilities. We could talk about Edge all day, but that's a different topic. Okay, so my other question Travis, is how does this all fit into APEX? We hear a lot about APEX as a service. It's sort of the new hot thing. What's happening there? What's the news around APEX? >> Yeah, we've seen incredible momentum with our APEX solutions since we introduced data protection options into them earlier this year. And we're really building on that momentum with this announcement being providing solutions that allow customers to consume flexibly. And so, what we're announcing specifically is that we're expanding APEX Data Storage Services to include a data protection option. And it's like with all APEX offers, it's a pay-as-you-go solution. Really streamlines the process of customers purchasing, deploying, maintaining and managing their backup software. All a customer really needs to do is specify their base capacity. They specify their performance tier. They tell us do they want a one year term or a three year term and we take it from there. We get them up and running so they can start deploying and consuming flexibly. And as with many of our APEX solutions, it's a simple user experience all exposed through a unified APEX Console. >> Okay, so it's, you're keeping it simple, like I think large, medium, small. You know, we hear a lot about T-shirt sizes. I'm a big fan of that 'cause you guys should be smart enough to figure out, you know, based on my workload, what I need. How different is this? I wonder if you guys could address this. Jeff, maybe you can start. >> Sure, I'll start and then- >> Pitch me. >> You know, Travis, you jump in when I screw up here. >> Awesome. >> So, first I'd say we offer innovative multicloud data protection solutions. We provide that deliver performance, efficiency and scale that our customers demand and require. We support as Travis said, all the major public clouds. We have a broad ecosystem of workload support and I guess the great news is we're up to 80% more cost effective than any of the competition. >> Dave: 80%? >> 80% >> Hey, that's a big number. All right, Travis, what's your point of view on this? >> Yeah, I think number one, end-to-end data protection. We are that one stop shop that I talked about, whether it's a simplified appliance, whether it's deployed in the cloud, whether it's at the Edge, whether it's integrated appliances, target appliances, software. We have solutions that span the gamut as a service. I mentioned the APEX Solution as well. So really, we can provide solutions that help support customers and protect them, any workload, any cloud, anywhere that data lives. Edge, Core to Cloud. The other thing that we hear as a big differentiator for Dell, and Jeff touched on on this a little bit earlier, is our Intelligent Cyber Resiliency. We have a unique combination in the market where we can offer immutability or protection against deletion as sort of that first line of defense. But we can also offer a second level of defense, which is isolation, talking about data vaults or cyber vaults and cyber recovery. And more importantly, the intelligence that goes around that vault. It can look at detecting cyber attacks. It can help customers speed time to recovery. And really provides AI and ML to help early diagnosis of a cyber attack and fast recovery should a cyber attack occur. And if you look at customer adoption of that solution, specifically in the cloud, we have over 1300 customers utilizing PowerProtect Cyber Recovery. >> So, I think it's fair to say that your portfolio has obviously been a big differentiator. Whenever I talk to your finance team, Michael Dell, et cetera, that end-to-end capability, that your ability to manage throughout the supply chain. We actually just did an event recently with you guys where you went into what you're doing to make infrastructure trusted. And so my take on that is you, in a lot of respects, you're shifting the client's burden to your R&D. now they have a lot of work to do, so it's not like they can go home and just relax. But that's a key part of the partnership that I see. Jeff, I wonder if you could give us the final thoughts. >> Sure. Dell has a long history of being a trusted partner within IT, right? So, we have unmatched capabilities. Going back to your point, we have the broadest portfolio. We're a leader in every category that we participate in. We have a broad deep breadth of portfolio. We have scale. We have innovation that is just unmatched. Within data protection itself, we are the trusted market leader. No if, ands or buts. We're number one for both data protection software in appliances per IDC and we were just named for the 17th consecutive time the leader in the Gartner Magic Quadrant. So, bottom line is customers can count on Dell. >> Yeah, and I think again, we're seeing the evolution of data protection. It's not like the last 10 years. It's really becoming an adjacency and really, a key component of your cyber strategy. I think those two parts of the organization are coming together. So guys, really appreciate your time. Thanks for coming. >> Thank you, sir. >> Dave. >> Travis, good to see you. All right, in a moment I'm going to come right back and summarize what we learned today, what actions you can take for your business. You're watching "The Future of Multicloud Data Protection" made possible by Dell in collaboration with theCUBE, your leader in enterprise and emerging tech coverage. Right back. >> Advertiser: In our data-driven world, protecting data has never been more critical. To guard against everything from cyber incidents to unplanned outages, you need a cyber resilient multicloud data protection strategy. >> It's not a matter of if you're going to get hacked, it's a matter of when. And I want to know that I can recover and continue to recover each day. >> It is important to have a cyber security and a cyber resiliency plan in place because the threat of cyber attack are imminent. >> Advertiser: PowerProtect Data Manager from Dell Technologies helps deliver the data protection and security confidence you would expect from a trusted partner and market leader. >> We chose PowerProtect Data Manager because we've been a strategic partner with Dell Technologies for roughly 20 years now. Our partnership with Dell Technologies has provided us with the ability to scale and grow as we've transitioned from 10 billion in assets to 20 billion. >> Advertiser: With PowerProtect Data Manager, you can enjoy exceptional ease of use to increase your efficiency and reduce costs. >> I'd installed it by myself, learn it by myself. It was very intuitive. >> While restoring your machine with PowerProtect Data Manager is fast, we can fully manage PowerProtect through the center. We can recover a whole machine in seconds. >> Instructor: Data Manager offers innovation such as transparent snapshots to simplify virtual machine backups, and it goes beyond backup and restore to provide valuable insights into protected data, workloads and VMs. >> In our previous environment, it would take anywhere from three to six hours a night to do a single backup of each VM. Now, we're backing up hourly and it takes two to three seconds with the transparent snapshots. >> Advertiser: With PowerProtect's Data Manager, you get the peace of mind knowing that your data is safe and available whenever you need it. >> Data is extremely important. We can't afford to lose any data. We need things just to work. >> Advertiser: Start your journey to modern data protection with Dell PowerProtect's Data Manager. Visit dell.com/powerprotectdatamanager >> We put forth the premise in our introduction that the worlds of data protection in cybersecurity must be more integrated. We said that data recovery strategies have to be built into security practices and procedures and by default, this should include modern hardware and software. Now, in addition to reviewing some of the challenges that customers face, which have been pretty well documented, we heard about new products that Dell Technologies is bringing to the marketplace that specifically address these customer concerns. And there were three that we talked about today. First, the PowerProtect Data Manager Appliance, which is an integrated system taking advantage of Dell's history in data protection, but adding new capabilities. And I want to come back to that in a moment. Second is Dell's PowerProtect Cyber Recovery for Google Cloud platform. This rounds out the big three public cloud providers for Dell, which joins AWS and Azure support. Now finally, Dell has made its target backup appliances available in APEX. You might recall, earlier this year we saw the introduction from Dell of APEX Backup Services and then in May at Dell Technologies World, we heard about the introduction of APEX Cyber Recovery Services. And today, Dell is making its most popular backup appliances available in APEX. Now, I want to come back to the PowerProtect Data Manager Appliance because it's a new integrated appliance and I asked Dell off camera, "Really what is so special about these new systems and what's really different from the competition?" Because look, everyone offers some kind of integrated appliance. So, I heard a number of items. Dell talked about simplicity and efficiency and containers and Kubernetes. So, I kind of kept pushing and got to what I think is the heart of the matter in two really important areas. One is simplicity. Dell claims that customers can deploy the system in half the time relative to the competition. So, we're talking minutes to deploy, and of course that's going to lead to much simpler management. And the second real difference I heard was backup and restore performance for VMware workloads. In particular, Dell has developed transparent snapshot capabilities to fundamentally change the way VMs are protected, which leads to faster backup and restores with less impact on virtual infrastructure. Dell believes this new development is unique in the market and claims that in its benchmarks, the new appliance was able to back up 500 virtual machines in 47% less time compared to a leading competitor. Now, this is based on Dell benchmarks, so hopefully these are things that you can explore in more detail with Dell to see if and how they apply to your business. So if you want more information, go to the Data Protection Page at dell.com. You can find that at dell.com/dataprotection. And all the content here and other videos are available on demand at theCUBE.net. Check out our series on the blueprint for trusted infrastructure, it's related and has some additional information. And go to siliconangle.com for all the news and analysis related to these and other announcements. This is Dave Vellante. Thanks for watching "The Future of Multicloud Protection" made possible by Dell, in collaboration with theCUBE, your leader in enterprise and emerging tech coverage. (upbeat music)

>>Hello everyone, This is Dave Lanta and you're watching The Cube's coverage of the Dell Technology Summit 2022 with exclusive behind the scenes interviews featuring Dell executive perspectives. And right now we're gonna explore Apex, which is Dell's as a service offering Dell's multi-cloud and edge strategies and the momentum around those. And we have news around Project Frontier, which is Dell's vision for its edge platform. And there's so much happening here. And don't forget, it's Cyber Security Awareness Month. Sam Groot is here. He's the senior vice president of marketing at Dell Technologies. Sam, always great to see you. How you doing? >>Always great to be here, Dave. >>All right, let's look at cloud. Everybody's talking about cloud Apex, multi-cloud. What's the update? How's it going? Where's the innovation and focal points of the strategy? >>Yeah, yeah. Look, Dave, if you think back over the course of this year, you've really heard us pivot as a company and discussing more and more about how multi-cloud is becoming a reality for our customers today. And when we listen and talk with our customers, they really describe multi-cloud challenges and a few key threads. One, the complexity is growing very, very quickly. Two, they're having a harder time controlling how their users are accessing the various different clouds. And then of course, finally the cloud costs are growing unchecked as well. So we, we like to describe this phenomenon as multi-cloud by design, where essentially organizations are waking up and seeing cloud sprawl around their organization every day. And this is creating more and more of those challenges. So of course at Dell we've got a strong point of view that you don't need to build multi-cloud by by default, rather it's multi-cloud by design, where you're very intentional in how you do multi-cloud. >>And how we deliver multi-cloud by design is through Apex. Apex is our modern cloud and our modern consumption experience. So when you think about the innovation as well, they've like, we've been on a pretty quick track record here in that, you know, the beginning of this year we introduced brand new Apex backup services that provides that SAS based backup service. We've introduced or announced Project Alpine, which is bringing our storage software, intellectual property from on-prem and putting it and running it natively in the public cloud. We've also introduced new Apex cyber recovery services that is simplifying how customers protect against cyber attacks. They can run an Amazon Azure, aw, I'm sorry, Amazon, aws, Azure or Google. And then, you know, we are really focused on this multi-cloud ecosystem. We announce key partnerships with SaaS providers such as Snowflake, where you can now access our information or our data from on-prem through the Snow Snowflake cloud. >>Or if needed, we can actually move the data to the Snowflake cloud if required. So we're continuing to build out that ecosystem SA providers. And then finally I would say, you know, we made a big strategic announcement just recently with Red Hat, where we're not only delivering new Apex container services, but we announce a strategic partnership to build jointly engineered solutions to address hybrid and multi-cloud solutions going forward. You know, VMware is gonna always continue to be a key partner of ours at the la at the recent VMware explorer, we announced new Tansu integration. So, So Dave, I, I think in a nutshell, we've been innovating at a very, very fast pace. We think there is a better way to do multi-cloud and that's multi-cloud by design. >>Yeah, we heard that at Dell Technologies world. First time I had heard that multi-cloud by design versus sort of default, which is great Alpine, which is sort of our, what we called super cloud in the making. And then of course the ecosystem is critical for any cloud company. VMware, of course, you know, top partner, but the Snowflake announcement was very interesting Red Hat. So seeing that expand, now let's go out to the edge. How's it going with the edge expansion? There's gotta be new. Speaking of ecosystem, the edge is like a whole different, you know, OT type That's right. Ecosystem's, telcos, what and what's this new frontier platform all about? >>Yeah, yeah. So we've talked a lot about clouds and multi clouds. We've talked about private and hybrid clouds, we've talked about public clouds, clouds and cos, telcos, et cetera. There's really been one key piece of our multi-cloud and technology strategy that we haven't spent a lot of time on. And that's the edge. And we do see that as that next frontier for our customers to really gain that competitive advantage that is created from their data and get closer to the point of creation where the data lives. And that's at the edge. We see the edge infrastructure space growing very, very quickly. We see upwards of 300% year of year growth in terms of amount of data being created at the edge. That's almost 3000 exabytes of data by 2026. So just incredible growth. And the edge is not really new for Dell. We've been at it for over 20 years of delivering edge solutions. >>81% of the Fortune 100 companies in the US use Dell solutions today at the Edge. And we are the number one OEM provider of Edge solutions with over 44,000 customers across over 40 industries and things like manufacturing, retail, edge healthcare, and more. So Dave, while we've been at it for a long time, we have such a, a deep understanding of how our customers are using Edge solutions. Say the bottom line is the game has gotta change. With that growth that we talked about, the new use cases that are emerging, we've got to un unlock this new frontier for customers to take advantage of the edge. And that's why we are announcing and revealing Project Frontier. And Project Frontier in its most simplest form, is a software platform that's gonna help customers and organizations really radically simplify their edge deployments by automating their edge operations. You know, with Project Frontier organizations are really gonna be able to manage, OP, and operate their edge infrastructure and application securely, efficiently and at scale. >>Okay, so it is, first of all, I like the name. It is software, it's a software architecture. So presumably a lot of API capabilities. That's right. Integration's. Is there hardware involved? >>Yeah, so of course you'll run it on Dell infrastructure. We'll be able to do both infrastructure, orchestration, orchestration through the platform, but as well as application orchestration. And you know, really there's, there's a handful of key drivers that have been really pushing our customers to take on and look at building a better way to do the edge with Project Frontier. And I think I would just highlight a handful of 'em. You know, freedom of choice. We definitely see this as an open ecosystem out there, even more so at the Edge than any other part of the IT stack. You know, being able to provide that freedom of choice for software applications or IOT frameworks, operational technology or OT for any of their edge use cases, that's really, really important. Another key area that we're helping to solve with Project Frontier is, you know, being able to expect zero trust security across all their edge applications from design to deployment, you know, and of course backed by an end and secure supply chain is really, really important to customers. >>And then getting that greater efficiency and reliability of operations with the centralized management through Project Frontier and Zero Touch deployments. You know, one of the biggest challenges, especially when you get out to the far, far reach of the frontier is really IT resources and being able to have that IT expertise. And we built in an enormous amount of automation helps streamline the edge deployments where you might be deploying a single edge solution, which is highly unlikely or hundreds or thousands, which is becoming more and more likely. So Dave, we do think Project Frontier is the right edge platform for customers to build their edge applications on now and certain, excuse me, certainly, and into the future. >>Yeah. Sam, no truck rolls. I like it. And you, you mentioned, you mentioned Zero trust, so we have Mother's Day, you, we have Father's Day. The kids always ask When's Kids' day? And we, of course we say every day is kids' day and every day should be cyber security awareness day. So, but we have cyber security awareness month. What does it mean for Dell? What are you hearing from customers and, and how are you responding? >>Yeah, yeah. No, there isn't a more prevalent top of mind conversation, whether it's the boardroom or the IT departments or every company is really have been forced to reckon with the cyber security and ransom secure issues out there. You know, every decision in IT department makes impacts your security profile. Those decisions can certainly, positively, hopefully impact it, but also can negatively impact it as well. So data security is, is really not a new area of focus for Dell. It's been an area that we've been focused on for a long time, but there are really three core elements to cybersecurity and data security as we go forward. The first is really setting the foundation of trust is really, really important across any IT system. And having the right supply chain in the right partner to partner with to deliver that is kind of the foundation in step one. >>Second, you need to of course go with technology that is trustworthy. It doesn't mean you are putting it together correctly. It means that you're essentially assembling the right piece parts together. That, that coexist together in the right way. You know, to truly change that landscape of the attackers out there that are gonna potentially create risk for your environment. We are definitely pushing and helping to embrace the zero trust principles and architectures that are out there. So finally, while when you think about security, it certainly is not absolute all correct. Security architectures assume that, you know, there are going to be challenges, there are going to be pain points, but you gotta be able to plan for recovery. And I think that's the holistic approach that we're taking with Dell. >>Well, and I think too, it's obviously security is a complicated situation now with cloud, you've got, you know, shared responsibility models, you've got that multi-cloud, you've got that across clouds, you're asking developers to do more. So I think the, the key takeaway is as a security pro, I'm looking for my technology partner through their r and d and their, you mentioned supply chain processes to take that off my plate so I can go plug holes elsewhere. Okay. Sam, put a bow on Dell Technology Summit for us and give us your closing thoughts. >>Yeah, look, I I think we're at a transformative point in it. You know, customers are moving more and more quickly to multi-cloud environments. They're looking to consume it in different ways, such as as a service, a lot of customers edge is new and an untapped opportunity for them to get closer to their customers and to their data. And of course there's more and more cyber threats out there every day. You know, our customers when we talk with them, they really want simple, consistent infrastructure options that are built on an open ecosystem that allows them to accomplish their goals quickly and successfully. And look, I think at Dell we've got the right strategy, we've got the right portfolio. We are the trusted partner of choice to help them lead, lead their, their future transformations into the future. So, Dave, look, I think it's, it's absolutely one of the most exciting times in it and I can't wait to see where it goes from here. >>Sam, always fun catching up with you. Appreciate your time. >>Thanks Dave. >>All right. A Dell Tech world in Vegas this past year, one of the most interesting conversations I personally had was around hybrid work and the future of work and the protocols associated with that and the mindset of, you know, the younger generation. And that conversation was, was with Jen Savira and we're gonna speak to Jen about this and other people and cult culture topics. Keep it right there. You're watching the Cube's exclusive coverage of Dell Technology Summit 2022.

foreign welcome back everyone to our special presentation here at thecube with Horizon 3.a I'm John Furrier host thecube here in Palo Alto back it's niho and Tony CEO and co-founder of horizon 3 for deep dive on going under the hood around the big news and also the platform autonomous pen testing changing the game and security great to see you welcome back thank you John I love what you guys have been doing with the cube huge fan been here a bunch of times and yeah looking forward to the conversation let's get into it all right so what what's the market look like and how do you see it evolving we're in a down Market relative to startups some say our data we're reporting on siliconangle in the cube that yeah there might be a bit of downturn in the economy with inflation but the tech Market is booming because the hyperscalers are still pumping out massive scale and still innovating so so you know for the first time in history this is a recession or downturn where there's now Cloud scale players that are an economic engine what's your view on this where's the market heading relative to the downturn and how are you guys navigating that so um I think about it one the there's a lot of belief out there that we're going to hit a downturn and we started to see that we started to see deals get longer and longer to close back in May across the board in the industry we continue to see deals get at least backloaded in the quarter as people understand their procurement how much money they really have to spend what their earnings are going to be so we're seeing this across the board one is quarters becoming lumpier for tech companies and we think that that's going to become kind of the norm over the next over the next year but what's interesting in our space of security testing is a very basic supply and demand problem the demand for security testing has skyrocketed when I was a CIO eight years ago I only had to worry about my on-prem attack surface my perimeter and Insider threat those are my primary threat vectors now if I was a CIO I have to include multiple clouds all of the data in my SAS offerings my Salesforce account and so on as well as work from home threat vectors and other pieces and I've got Regulatory Compliance in Europe in Asia in in the U.S tons of demand for testing and there's just not enough Supply there's only 5 000 certified pen testers in the United States so I think for starters you have a fundamental supply and demand problem that plays to our strength because we're able to bring a tremendous amount of pen testing supply to the table but now let's flip to if you are the CEO of a large security company or whether it's a Consulting shop or so on you've got a whole bunch of deferred revenue in your business model around security testing services and what we've done in our past in previous companies I worked at is if we didn't think we were going to make the money the quarter with product Revenue we would start to unlock some of that deferred Services Revenue to make the number to hit what we expected Wall Street to hit what Wall Street expected of us in testing that's not possible because there's not enough Supply except us so if I'm the CEO of an mssp or a large security company and I need I see a huge backlog of security testing revenue on the table the easy button to convert that to recognized revenue is Horizon 3. and when I think about the next six months and the amount of Revenue misses we're going to see in security shops especially those that can't fulfill their orders I think there's a ripe opportunity for us to win yeah one of the few opportunities where on any Market you win because the forces will drive your flywheel that's exactly right very basic supply and demand forces that are only increasing with pressure and there's no way it takes 10 years just to build a master hacker just it's a very hard complex space we become the easy button to address that supply problem yeah and this and the autonomous aspect makes appsec reviews as new things get pushed with Cloud native developers they're shifting left but still the security policies need to stay Pace as these new vectors threat vectors appear yeah I mean because that's what's happening a new new thing makes a vector possible that's exactly right I think there's two aspects one is the as you in increase change in your environment you need to increase testing they are absolutely correlated the second thing though is you know for 20 years we focused on remote code execution or rces as an industry what was the latest rce that gave an attacker access to my environment but if you look over the past few years that entire mindset has shifted credentials are the new code execution what I mean by that is if I have a large organization with a hundred a thousand ten thousand employees all it takes is one of them to have a password I can crack in credential spray and gain access to as an attacker and once I've gained access to a single user I'm going to systematically snowball that into something of consequence and so I think that the attackers have shifted away from looking for code execution and looked more towards harvesting credentials and cascading credentials from a regular domain user into an admin this brings up the conversation I would like to do it more Deep dive now shift into more of like the real kind of landscape of the market and your positioning and value proposition in that and that is managed services are becoming really popular as we move into this next next wave of super cloud and multi-cloud and hybrid Cloud because I mean multi-cloud and hybrid hybrid than multi-cloud sounds good on paper but the security Ops become big and one of the things we're reporting with here on the cube and siliconangle the past six months is devops has made the developer the IT team because they've essentially run it now in CI CD pipeline as they say that means it's replaced by data Ops or AI Ops or security Ops and data and security kind of go hand in hand so I can see that playing out do you believe that to be true that that's kind of the new operational kind of beach head that's critical and if so secure if data is part of security that makes security the new it yeah I I think that if you think about organizations hell even for Horizon 3 right now I don't need to hire a CIO I'll have a CSO and that CSO will own it and governance risk and compliance and security operations because at the end of the day the most pressing question for me to answer as a CEO is my security posture IIT is a supporting function of that security posture and we see that at say or a growth stage company like Horizon 3 but when I thought about my time at GE Capital we really shifted to this mindset of security by Design architecture as code and it was very much security driven conversation and I think that is the norm going forward and how do you view the idea that you have to enable a managed service provider with security also managing comp and which then manages the company to enable them to have agile security um security is code because what you're getting at is this autonomous layer that's going to be automated away to make the next talented layer whether it's coder or architect scale so the question is what is abstracted away at at automation seems to be the conversation that's coming out of this big cloud native or super cloud next wave of cloud scale I think there's uh there's two Dimensions to that and honestly I think the more interesting Dimension is not the technical side of it but rather think of the Equifax hack a bunch of years ago had Equifax used a managed security services provider would the CEO have been fired after the breach and the answer is probably not I think the CEO would have transferred enough reputational risk in operational risk to the third party mssp to save his job from being you know from him being fired you can look at that across the board I think that if if I were a CIO again I would be hard-pressed to build my own internal security function because I'm accepting that risk as an executive and we saw what just happened at Uber there's a ton of risk coming with that with the with accepting that as a security person so I think in the future the role of the mssp becomes more significant as a mechanism for transferring enough reputational and operational and legal risk to a third party so that you as the Core Company are able to protect yourself and your people now then what you think is a super cloud printables and Concepts being applied at mssp scale and I think that becomes really interesting talk about the talent opportunity because I think the managed service providers point to markets that are growing and changing also having managed service means that the customers can't always hire Talent hence they go to a Channel or a partner this seems to be a key part of the growth in your area talk about the talent aspect of it yeah um think back to what we saw in Cloud so as as Cloud picked up we saw IBM HP other Hardware companies sell more servers but to fewer customers Amazon Google and others right and so I think something similar is going to happen in the security space where I think you're going to see security tools providers selling more volume but to fewer customers that are just really big mssps so that is the the path forward and I think that the underlying Talent issue gives us economies at scale and that's what we saw this with Cloud we're going to see the same thing in the mssp space I've got a density of Talent Plus a density of automation plus a density of of relationships and ecosystem that give mssps a huge economies of scale advantage over everybody else I mean I want to get into the mssp business sounds like I make a lot of money yeah definitely it's profitable no doubt about it like that I got to ask more on the more of the burden side of it because if you're a partner I don't need another training class I don't need another tool I don't need someone saying this is the highest margin product I need to actually downsize my tools so right now there's hundreds of tools that mssps have all the time dealing with and does the customer so tools platforms we've kind of teased this out in previous conversations together but more more relevant to the mssp is what they do to the customers so talk about this uh burden of tools and the socks out there in the in in the landscape how do you how do you view that and what's the conversation like on average an organization has 130 different cyber security tools installed none of those tools were designed to work together none of those tools are from the same vendor and in fact oftentimes they're from vendors that have competing products and so what we don't have and they're still getting breached in the industry we don't have a tools problem we have an Effectiveness problem we have to reduce the number of tools we have get more out of out of the the effectiveness out of the existing infrastructure build muscle memory you know how to detect and respond to a breach and continuously verify that posture I think that's what the the most successful security organizations have mastered the fundamentals and they mastered that by making sure they were effective in detection and response not mastering it by buying the next shiny AI tool on the defensive side okay so you mentioned supply and demand early since you're brought up economics we'll get into the economic equations here when you have great profits that's going to attract more entrance into the marketplace so as more mssps enter the market you're going to start to see a little bit of competition maybe some fud maybe some price competitive price penetration all kinds of different Tactics get out go on there um how does that impact you because now does that impact your price or are you now part of them just competing on their own value what's that mean for the channel as more entrants come in hey you know I can compete against that other one does that create conflict is that an opportunity does are you neutral on that what's the position it's a great question actually I think the way it plays out is one we are neutral two the mssp has to stand on their own with their own unique value proposition otherwise they're going to become commoditized we saw this in the early cloud provider days the cloud providers that were just basically wrapping existing Hardware with with a race to the bottom pricing model didn't survive those that use the the cloud infrastructure as a starting point to build higher value capabilities they're the ones that have succeeded to this day the same Mo I think will occur in mssps which is there's a base level of capability that they've got to be able to deliver and it is the burden of the mssp to innovate effectively to elevate their value problem it's interesting Dynamic and I brought it up mainly because if you believe that this is going to be a growing New Market price erosion is more in mature markets so it's interesting to see that Dynamic come up and we'll see how that handles on the on the economics and just the macro side of it getting more into kind of like the next gen autonomous pen testing is a leading indicator that a new kind of security assessment is here um if I said that to you how do you respond to that what is this new security assessment mean what does that mean for the customer and to the partner and that that relationship down that whole chain yeah um back to I'm wearing a CIO hat right now don't tell me we're secure in PowerPoint show me we're secure Today Show me where we're secure tomorrow and then show me we're secure again next week because that's what matters to me if you can show me we're secure I can understand the risk I'm accepting and articulate it up to my board to my Regulators up until now we've had a PowerPoint tell me where secure culture and security and I just don't think that's going to last all that much longer so I think the future of security testing and assessment is this shift from a PowerPoint report to truly showing me that my I'm secure enough you guys auto-generate those statements now you mentioned that earlier that's exactly right because the other part is you know the classic way to do security reports was garbage in garbage out you had a human kind of theoretically fill out a spreadsheet that magically came up with the risk score or security posture that doesn't work that's a check the box mentality what you want to have is an accurate High Fidelity understanding of your blind spots your threat vectors what data is at risk what credentials are at risk you want to look at those results over time how quickly did I find problems how quickly did I fix them how often did they reoccur and that is how you get to a show me where secure culture whether I'm a company or I'm a channel partner working with Horizon 3.ai I have to put my name on the line and say Here's a service level agreement I'm going to stand behind there's levels of compliance you mentioned that earlier how do you guys help that area because that becomes I call the you know below the line I got to do it anyway usually it's you know they grind out the work but it has to be fundamental because if the threats vectors are increasing and you're handling it like you say you are the way it is real time today tomorrow the next day you got to have that other stuff flow into it can you describe how that works under the hood yeah there's there's two parts to it the first part is that attackers don't have to hack in with zero days they log in with credentials that they found but often what attackers are doing is chaining together different types of problems so if you have 10 different tactics you can chain those together a number of different ways it's not just 10 to the 10th it's it's actually because you don't you don't have to use all the tactics at once this is a very large number of combinations that an attacker can apply upon you is what it comes down to and so at the base level what you want to have is what are the the primary tactics that are being used and those tactics are always being added to and evolving what are the primary outcomes that an attacker is trying to achieve steal your data disrupt your systems become a domain admin and borrow and now what you have is it actually looks more like a chess game algorithm than it does any sort of hard-coded automation or anything else which is based on the pieces on the board the the it infrastructure I've discovered what is the next best action to become a domain admin or steal your data and that's the underlying innovation in IP we've created which is next best action Knowledge Graph analytics and adaptiveness to figure out how to combine different problems together to achieve an objective that an attacker cares about so the 3D chess players out there I'd say that's more like 3D chess are the practitioners implementing it but when I think about compliance managers I don't see 3D chess players I see back office accountants in my mind like okay are they actually even understand what comes out of that so how do you handle the compliance side do you guys just check the boxes there is it not part of it is it yeah I I know I don't Envision the compliance guys on the front lines identifying vectors do you know what it doesn't even know what it means yeah it's a great question when you think about uh the market segmentation I think there are we've seen are three basic types of users you've got the the really mature high frequency security testing purple team type folks and for them we are the the force multiplier for them to secure the environment you then have the middle group where the IT person and the security person are the same individual they are barely Treading Water they don't know what their attack surface is and they don't know what to focus on we end up that's actually where we started with the barely Treading Water Persona and that's why we had a product that helped those Network Engineers become superheroes the third segment are those that view security and compliance as synonymous and they don't really care about continuous they care about running and checking the box for PCI and forever else and those customers while they use us they are better served by our partner ecosystem and that's really so the the first two categories tend to use us directly self-service pen tests as often as they want that compliance-minded folks end up going through our partners because they're better served there steel great to have you on thanks for this deep dive on um under the hood section of the interview appreciate it and I think autonomous is is an indicator Beyond pen testing pen testing has become like okay penetration security but this is not going away where do you see this evolving what's next what's next for Horizon take a minute to give a plug for what's going on with copy how do you see it I know you got good margins you're raising Capital always raising money you're not yet public um looking good right now as they say yeah yeah well I think the first thing is our company strategy is in three chapters chapter one is become the best security testing platform in the industry period that's it and be very good at helping you find and fix your security blind spots that's chapter one we've been crushing it there with great customer attraction great partner traction chapter two which we've started to enter is look at our results over time to help that that GRC officer or auditor accurately assess the security posture of an organization and we're going to enter that chapter about this time next year longer term though the big Vision I have is how do I use offense to inform defense so for me chapter three is how do I get away from just security testing towards autonomous security overall where you can use our security testing platform to identify ways to attack that informs defensive tools exactly where to focus how to adjust and so on and now you've got offset and integrated learning Loop between attack and defense that's the future never been done before Master the art of attack to become a better Defender is the bigger vision of the company love the new paradigm security congratulations been following you guys we will continue to follow you thanks for coming on the Special Report congratulations on the new Market expansion International going indirect that a big way congratulations thank you John appreciate it okay this is a special presentation with the cube and Horizon 3.ai I'm John Furrier your host thanks for watching thank you

(bright music) >> Hello everyone, this is Dave Vellante, and you're watching The Cube's coverage of the Dell Technology Summit 2022, with exclusive behind the scenes interviews featuring Dell executive perspectives. And right now we're going to explore Apex, which is Dell's As-a-Service offering, Dell's multi-cloud and Edge strategies, and the momentum around those. And we have news around Project Frontier, which is Dell's vision for its Edge platform. And there's so much happening here. And don't forget, it's Cyber Security Awareness Month. Sam Grocott is here. He's the Senior Vice President of Marketing at Dell Technologies. Sam, always great to see you. How you doing? >> Always great to be here, Dave. >> All right, let's look at cloud. Everybody's talking about cloud Apex, multi-cloud. What's the update? How's it going? Where's the innovation and focal points of the strategy? >> Yeah, yeah. Look, Dave, if you think back over the course of this year, you've really heard us pivot as a company and discussing more and more about how multi-cloud is becoming a reality for our customers today. And when we listen and talk with our customers, they really describe multi-cloud challenges in a few key threads. One, the complexity is growing very, very quickly. Two, they're having a harder time controlling how their users are accessing the various different clouds. And then of course, finally, the cloud costs are growing unchecked, as well. So we like to describe this phenomenon as multi-cloud by design, where essentially organizations are waking up and seeing cloud sprawl around their organization every day. And this is creating more and more of those challenges. So of course at Dell we've got a strong point of view that you don't need to build multi-cloud by default, rather it's multi-cloud by design, where you're very intentional in how you do multi-cloud. And how we deliver multi-cloud by design is through Apex. Apex is our modern cloud and our modern consumption experience. So when you think about the innovation as well, Dave like, we've been on a pretty quick track record here in that, you know, the beginning of this year we introduced brand new Apex backup services that provides that SAS-based backup service. We've introduced, or announced, Project Alpine which is bringing our storage software intellectual property from on-prem, and putting it and running it natively in the public cloud. We've also introduced new Apex cyber recovery services that is simplifying how customers protect against cyber attacks. They can run in Amazon, Azure, AW I'm sorry, Amazon, AWS, Azure, or Google. And then, you know, we are really focused on this multi-cloud ecosystem. We announced key partnerships with SAS providers such as Snowflake, where you can now access our information, or our data, from on-prem through the Snowflake cloud. Or if needed, we can actually move the data to the Snowflake cloud, if required. So we're continuing to build out that ecosystem SAS providers. And then finally I would say, you know, we made a big strategic announcement just recently with Red Hat, where we're not only delivering new Apex container services, but we announced a strategic partnership to build jointly engineered solutions to address hybrid and multi-cloud solutions going forward. You know VMware is going to always continue to be a key partner of ours. At the more recent VMware explorer, we announced new Tansu integration. So Dave, I think in a nutshell, we've been innovating at a very, very fast pace. We think there is a better way to do multi-cloud and that's multi-cloud by design. >> Yeah, we heard that at Dell Technologies World. First time I had heard that multi-cloud by design versus to the default, which is great. Alpine, which is sort of our, what we call, "super cloud in the making." And then of course the ecosystem is critical for any cloud company. VMware of course, you know, top partner. But the Snowflake announcement was very interesting. Red Hat, so seeing that expand. Now let's go out to the Edge. How's it going with the Edge expansion? There's got to be new, speaking of ecosystem, the Edge is like a whole different you know, OT type of ecosystem, >> That's right. Telcos. And what's this new Frontier platform all about? >> Yeah, yeah. So we've talked a lot about cloud and multi-clouds. We've talked about private and hybrid clouds. We've talked about public clouds, clouds and Kronos, Telcos, et cetera. There's really been one key piece of our multi-cloud and technology strategy that we haven't spent a lot of time on. And that's the Edge. And we do see that as that next frontier for our customers to really gain that competitive advantage that is created from their data and get closer to the point of creation where the data lives, and that's at the Edge. We see the Edge infrastructure space growing very, very quickly. We've seen upwards of 300% year-of-year growth in terms of amount of data being created at the Edge. That's almost 3000 exabytes of data by 2026. So just incredible growth. And the Edge is not really new for Dell. We've been at it for over 20 years of delivering Edge solutions. 81% of the Fortune 100 companies in the US use Dell Solutions today at the Edge. And we are the number one OEM provider of Edge Solutions with over 44,000 customers across over 40 industries in things like manufacturing, retail, Edge, healthcare, and more. So Dave, while we've been at it for a long time, we have such a deep understanding of how our customers are using Edge Solutions. Say, the bottom line is the game has got to change. With that growth that we talked about, the new use cases that are emerging, we've got to unlock this new Frontier for customers to take advantage of the Edge. And that's why we are announcing and revealing Project Frontier. And with Project Frontier in its most simplest form is a software platform that's going to help customers and organizations really radically simplify their edge deployments by automating their edge operations. You know, with Project Frontier organizations are really going to be able to manage, and operate their edge infrastructure and application securely, efficiently, and at scale. >> Okay, so it is, first of all, I like the name. It is software, it's a software architecture. So presumably a lot of API capabilities. >> That's right. >> Integration. Is there hardware involved? >> Yeah, so of course you'll run it on a Dell infrastructure. We'll be able to do both infrastructure orchestration through the platform, but as well as application orchestration. And you know, really there's a handful of key drivers that have been really pushing our customers to take on and look at building a better way to do the edge with Project Frontier. And I think I would just highlight a handful of them. You know, freedom of choice. We definitely see this as an open ecosystem out there even more so at the Edge than any other part of the IT stack. You know, being able to provide that freedom of choice for software applications or IoT frameworks, operational technology, or OT for any of their edge use cases, that's really, really important. Another key area that we're helping to solve with Project Frontier is, you know, being able to expect zero trust security across all their Edge applications, from design to deployment, you know, and of course backed by a secure supply chain is really, really important to customers. And then getting that greater efficiency and reliability of operations with a centralized management through Project Frontier and Zero Touch deployments. You know, one of the biggest challenges especially when you get out to the far, far reach of the Frontier, is really IT resources and being able to have that IT expertise. And we built in an enormous amount of automation to help streamline the Edge deployments where you might be deploying a single-edge solution which is highly unlikely, or hundreds or thousands, which is becoming more and more likely. So Dave, we do think Project Frontier is the right Edge platform for customers to build their Edge applications on now, and certain, excuse me, certainly and into the future. >> Yeah. Sam, no truck rolls. I like it. (laughing) And you, you mentioned, you mentioned Zero trust. So we have Mother's Day, you know, we have Father's Day. The kids always ask, "When's Kids' day?" And we of course we say, "Every day is Kids' Day," and every day should be Cybersecurity Awareness Day. So, (laughs) but we have Cybersecurity Awareness Month. What does it mean for Dell? What are you hearing from customers and how are you responding? >> Yeah, yeah. No, there isn't a more prevalent top-of-mind conversation, whether it's the boardroom or the IT departments, or every company is really have been forced to reckon with the cyber security and ransom secure issues out there. You know, every decision in IT department makes, impacts your security profile. Those decisions can certainly, positively, hopefully impact it, but also can negatively impact it, as well. So, data security is really not a new area of focus for Dell. It's been an area that we've been focused on for a long time. But there are really three core elements to cybersecurity and data security as we go forward. The first is really setting the foundation of trust is really, really important across any IT system and having the right supply chain and the right partner to partner with to deliver that. It's kind of the foundation in step one. Second, you need to, of course, go with technology that is trustworthy. It doesn't mean you are putting it together correctly. It means that you're essentially assembling the right piece parts together, that coexist together in the right way. You know, to truly change that landscape of the attackers out there that are going to potentially create risk for your environment, we are definitely pushing and helping to embrace the zero trust principles and architectures that are out there. So finally, while when you think about security it certainly is not absolute all correct. Security architectures assume that, you know, there are going to be challenges, there are going to be pain points, but you've got to be able to plan for recovery. And I think that's the holistic approach that we're taking with Dell. >> Well, and I think too, it's obviously security is a complicated situation. Now with cloud you've got, you know, shared responsibility models, you got that multi-cloud, you got that across clouds, you're asking developers to do more. So I think the key takeaway is as a security pro, I'm looking for my technology partner through their R&D and their, you mentioned, supply chain processes to take that off my plate so I can go plug holes elsewhere. Okay. Sam, put a bow- >> That's right. >> on Dell Technology Summit for us and give us your closing thoughts. >> Yeah, look, I think we're at a transformative point in IT. You know, customers are moving more and more quickly to multi-cloud environments. They're looking to consume IT in different ways, such as as a service. A lot of customers, Edge is new and an untapped opportunity for them to get closer to their customers and to their data. And of course there's more and more cyber threats out there every day. You know, our customers when we talk with them, they really want simple, consistent infrastructure options that are built on an open ecosystem that allows them to accomplish their goals quickly and successfully. And look, I think at Dell we've got the right strategy we've got the right portfolio. We are the trusted partner of choice to help them lead their future transformations into the future. So, Dave, look, I think it's, it's absolutely one of the most exciting times in IT, and I can't wait to see where it goes from here. >> Sam, always fun catching up with you. Appreciate your time. >> Thanks, Dave. >> All right. At Dell Tech World in Vegas this past year, one of the most interesting conversations I personally had was around hybrid work and the future of work, and the protocols associated with that, and the mindset of, you know, the younger generation. And that conversation was with Jenn Saavedra, and we're going to speak to Jenn about this and other people and culture topics. Keep it right there. You're watching The Cube's exclusive coverage of Dell Technology Summit 2022. (bright music)

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

>>All we're back. We're wrapping up day two at Falcon 22 from the area in Las Vegas, CrowdStrike CrowdStrike. The action is crazy. Second day, a keynotes. Sean Henry is back. He's the chief security officer at CrowdStrike. He did a keynote today. Sean. Good to see you. Thanks for coming >>Back. Good. See you, Dave. Thanks for having me. >>So, unfortunately, I wasn't able to see your keynote cuz I had to come do cube interviews. You interviewed Kimbo Walden from, from, you know, white house, right? >>National cyber security >>Director. We're gonna talk about that. We're gonna talk about Overwatch, your threat hunting report. I want to share the results with our audience, but start with your, well actually start with the event. We're now in day two, you've had a good chance to talk to customers and partners. What are, what are your observations? Yeah, >>It's first of all, it's been an amazing event over 2200 attendees here. It's really taking top three floors at the area hotel and we've got partners and customers, employees, and to see the excitement and the level of collaboration here is absolutely phenomenal. All these different organizations that are each have a piece of cyber security to see them coming together, all in support of how do you stop breaches? How do you work together to do it? It's really been absolutely phenomenal. You're >>Gonna love the collaboration. We kind of talked about this on our earlier segment is the industry has to do a better job and has been doing a better job. You know, I think you and Kevin laid that out pretty well. So tell me about the interview with the fireside chat with Kimba. What was that like? What topics came up? >>Yeah. Kimba is the principal, deputy national cyber security advisor. She's been there for just four months. She spent over 10 years at DHS, but she most recently came from the private sector in cybersecurity. So she's got that the experience as a private sector expert, as well as a public sector expert and to see her come together in that position. It was great. We talked a lot about some of the strategies the white house is looking to put forth in their new cybersecurity strategy. There was recently an executive order, right? That the, the president put forth that talks about a lot of the things that we're doing here. So for example, the executive order talks about a lot of the legacy type of capabilities being put to pasture and about the government embracing cloud, embracing threat, hunting, embracing EDR, embracing zero trust and identity protection. Those are all the things that the private sector has been moving towards over the last year or two. That's what this is all about here. But to see the white house put that out, that all government agencies will now be embracing that I think it puts them on a much shorter footing and it allows the government to be able to identify vulnerabilities before they get exploited. It allows them to much more quickly identify, have visibility and respond to, to threats. So the government in infrastructure will be safer. And it was really nice to hear her talk about that and about how the private sector can work with the government. >>So you know how this works, you know, having been in the bureau. But so it's the, these executive orders. A lot of times people think, oh, it's just symbolic. And there are a couple of aspects of it. One is president Biden really impressed upon the private sector to, you know, amp it up to, to really focus and do a better job. But also as you pointed out that executive order can adjudicate what government agencies must do must prioritize. So it's more than symbolic. It's actually taking action. Isn't >>It? Yeah. I, I, I think it, I think it's both. I think it's important for the government to lead in this area because while a, a large portion of infrastructure, major companies, they understand this, there is still a whole section of private sector organizations that don't understand this and to see the white house, roll it out. I think that's good leadership and that is symbolic. But then to your second point to mandate that government agencies do this, it really pushes those. That might be a bit reluctant. It pushes them forward. And I think this is the, the, the type of action that as it starts to roll out and people become more comfortable and they start to see the successes. They understand that they're becoming safer, that they're reducing risk. It really is kind of a self-fulfilling prophecy and we see things become much safer. Did, >>Did you guys talk about Ukraine? Was that, was that off limits or did that come up at all? >>It wasn't, it wasn't off limits, but we didn't talk about it because there are so many other things we were discussing. We were talking about this, the cyber security workforce, for example, and the huge gap in the number of people who have the expertise, the capability and the, and the opportunities to them to come into cyber security technology broadly, but then cyber security as a sub sub component of that. And some of the programs, they just had a big cyber workforce strategy. They invited a lot of people from the private sector to have this conversation about how do you focus on stem? How do you get younger people? How do you get women involved? So getting maybe perhaps to the untapped individuals that would step forward and be an important stop gap and an important component to this dearth of talent and it's absolutely needed. So that was, was one thing. There were a number of other things. Yeah. >>So I mean, pre pandemic, I thought the number was 350,000 open cybersecurity jobs. I heard a number yesterday just in the us. And you might have even told me this 7, 7 50. So it's doubled in just free to post isolation economy. I don't know what the stats are, but too big. Well, as a, as a CSO, how much can automation do to, to close that gap? You know, we were talking earlier on the cube about, you gotta keep the humans in the loop, you, you, the, the, the, the Nirvana of the machines will just take care of everything is just probably not gonna happen anytime in the near term, even midterm or long term, but, but, but how can automation play and help close that gap? So >>The, the automation piece is, is what allows this to scale. You know, if we had one company with a hundred endpoints and we had a couple of folks there, you could do it with humans. A lot of it when you're talking about hundreds of millions of endpoints spread around the globe, you're talking about literally trillions of events every week that are being identified, evaluated and determined whether they're malicious or not. You have to have automation and to have using the cloud, using AI, using machine learning, to sort through, and really look for the malicious needle in a stack of needle. So you've gotta get that fidelity, that fine tune review. And you can only do that with automation. What you gotta remember, Dave, is that there's a human being at the end of every one of these attacks. So we've got the bad guys, have humans there, they're using the technology to scale. We're using the technology to scale to detect them. But then when you get down to the really malicious activity, having human beings involved is gonna take it to another level and allow you to eradicate the adversaries from the environment. >>Okay. So they'll use machines to knock on the door when that door gets opened and they're in, and they're saying, okay, where do we go from here? And they're directing strategy. Absolutely. I, I spent, I think gave me a sta I, I wonder if I wrote it down correctly, 2 trillion events per day. Yeah. That you guys see is that I write that down. Right? >>You did. It changes just like the number of jobs. It changes when I started talking about this just a, a year and a half ago, it was a billion a day. And when you look at how it's multiplied exponentially, and that will continue because of the number of applications, because of the number of devices as that gets bigger, the number of events gets bigger. And that's one of the problems that we have here is the spread of the network. The vulnerability, the environment is getting bigger and bigger and bigger as it gets bigger, more opportunities for bad guys to exploit vulnerabilities. >>Yeah. And we, we were talking earlier about IOT and extending, you know, that, that threats surface as well, talk about the Overwatch threat hunting report. What is that? How, how often have you run it? And I'd love to get into some of the results. Yeah. >>So Overwatch is a service that we offer where we have 24 by seven threat hunters that are operating in our customer environments. They're hunting, looking for, looking for malicious activity, malicious behavior. And to the point you just made earlier, where we use automation to sort out and filter what is clearly bad. When an adversary does get what we call fingers on the keyboard. So they're in the box and now a human being, they get a hit on their automated attack. They get a hit that, Hey, we're in, it's kind of the equivalent of looking at the Bober while you're fishing. Yeah. When you see the barber move, then the fisherman jumps up from his nap and starts to reel it in similar. They jump on the keyboard fingers on the keyboard. Our Overwatch team is detecting them very, very quickly. So we found 77,000 potential intrusions this past year in 2021, up to the end of June one, one every seven minutes from those detections. >>When we saw these detections, we were able to identify unusual adversary behavior that we'd not necessar necessarily seen before we call it indicators of attack. What does that mean? It means we're seeing an adversary, taking a new action, using a new tactic. Our Overwatch team can take that from watching it to human beings. They take it, they give it to our, our engineering team and they can write detections, which now become automated, right? So you have, you have all the automation that filters out all the bad stuff. One gets through a bad guy, jumps up, he's on the keyboard. And now he's starting to execute commands on the system. Our team sees that pulls those commands out. They're unusual. We've not seen 'em before we give it to our engineering team. They write detections that now all become automated. So because of that, we stopped over with the 77,000 attacks that we identified. We stopped over a million new attacks that would've come in and exploited a network. So it really is kind of a big circle where you've got human beings and intelligence and technology, all working together to make the system smarter, to make the people smarter and make the customers safer. And you're >>Seeing new IAS pop up all the time, and you're able to identify those and, and codify 'em. Now you've announced at reinforced, I, I, in July in Boston, you announced the threat hunting service, which is also, I think, part of your you're the president as well of that services division, right? So how's that going? What >>What's happening there? What we announced. So we've the Overwatch team has been involved working in customer environments and working on the back end in our cloud for many years. What we've announced is this cloud hunting, where, because of the adoption of the cloud and the movement to the cloud of so many organizations, they're pushing data to the cloud, but we're seeing adversaries really ramp up their attacks against the cloud. So we're hunting in Google cloud in Microsoft Azure cloud in AWS, looking for anomalous behavior, very similar to what we do in customer environments, looking for anomalous behavior, looking for credential exploitation, looking for lateral movement. And we are having a great success there because as that target space increases, there's a much greater need for customers to ensure that it's protected. So >>The cloud obviously is very secure. You got some of the best experts in the planet inside of hyperscale companies. So, and whether it's physical security or logical security, they're obviously, you know, doing a good job is the weakness, the seams between where the cloud provider leaves off and the customer has to take over that shared responsibility model, you know, misconfiguring and S3 bucket is the, you know, the common one, but I'm so there like a zillion others, where's that weakness. Yeah. >>That, that's exactly right. We see, we see oftentimes the it piece enabling the cloud piece and there's a connectivity there, and there is a seam there. Sometimes we also see misconfiguration, and these are some of the things that our, our cloud hunters will find. They'll identify again, the equivalent of, of walking down the hallway and seeing a door that's unlocked, making sure it's locked before it gets exploited. So they may see active exploitation, which they're negating, but they also are able to help identify vulnerabilities prior to them getting exploited. And, you know, the ability for organizations to successfully manage their infrastructure is a really critical part of this. It's not always malicious actors. It's identifying where the infrastructure can be shored up, make it more resilient so that you can prevent some of these attacks from happening. I >>Heard, heard this week earlier, something I hadn't heard before, but it makes a lot of sense, you know, patch Tuesday means hack Wednesday. And, and so I, I presume that the, the companies releasing patches is like a signal to the bad guys that Hey, you know, free for all go because people aren't necessarily gonna patch. And then the solar winds customers are now circumspect about patches. The very patches that are supposed to protect us with the solar winds hack were the cause of the malware getting in and, you know, reforming, et cetera. So that's a complicated equation. Yeah. >>It, it certainly is a couple, couple parts there to unwind. First, when you, you think about patch Tuesday, there are adversaries often, not always that are already exploiting some of those vulnerabilities in the wild. So it's a zero day. It's not yet been patched in some cases hasn't yet been identified. So you've got people who are actively exploiting. It we've found zero days in the course of our threat hunting. We report them in a, in a, in a responsible way. We've gone to Microsoft. We've told them a couple times in the last few months that we found a zero day and give them an opportunity to patch that before anybody goes public with it, because absolutely right when it does go public, those that didn't know about it before recognize that there will be millions of devices depending on the, the vulnerability that are out there and exploitable. And they will absolutely, it will tell everybody that you can now go to this particular place. And there's an opportunity to gain access, to exploit privileges, depending on the criticality of the patch. >>I, I don't, I, I don't, I'm sorry to generalize, but I wanna ask you about the hacker mindset. Let's say that what you just described a narrow set of hackers knows that there's an unpatched, you know, vulnerability, and they're making money off of that. Will they keep that to themselves? Will they share that with other folks in the net? Will they sell that information? Or is it, is it one of those? It depends. It, >>I was just gonna say, it depends you, you beat me to it. It absolutely depends. All of, all of the above would be the answer. We certainly see organ now a nation state for example, would absolutely keep that to themselves. Yeah. Right. Their goal is very different from an organized crime group, which might sell access. And we see them all the time in the underground selling access. That's how they make money nation states. They want to keep a zero day to themselves. It's something they're able to exploit in some cases for months or years, that that, that vulnerability goes undetected. But a nation state is aware of it and exploiting it. It's a, it's a dangerous game. And it just, I think, exemplifies the importance of ensuring that you're doing everything you can to patch in a timely matter. Well, >>Sean, we appreciate the work that you've done in your previous role and continuing to advance education, knowledge and protection in our industry. Thank you for coming on >>You. Thank you for having me. This is a fantastic event. Really appreciate you being here and helping to educate folks. Yeah. >>You guys do do a great job. Awesome. Set that you built and look forward to future events with you guys. My >>Friends. Thanks so much, Dave. Yeah. Thank >>You. Bye now. All right. Appreciate it. All right, keep it right there. We're gonna wrap up in a moment. Live from Falcon 22. You're watching the cube.

(upbeat music) >> Welcome back to Fal.Con 2022. My name is Dave Vallante. We're here with my co-host Dave Nicholson. On the last earnings call George Kurts made a really big emphasis on the relationship with managed service providers. CrowdStrike has announced a new service provider capability. The powered service provider program. Jason Cook is here. He is the president of cyber defense labs. He's joined by Mike Riolo. Who's the vice president of global system integrators and service providers at CrowdStrike gents. Welcome to TheCube. Good to see you. >> Thank you very much. >> Thank you >> Jason, tell us about cyber defense labs. What do you guys do? Give us the bumper sticker, please. >> Cyber defense labs uses the best technology in the world to put together services that help protect our clients >> Simple. Like it. What's XDR? (people laughing) >> I've not heard of that before, sorry. >> So Mike, we've seen the rise of service providers. I saw a stat, I don't know, six, seven months ago that 50% of us companies don't even have a SOC. We're talking about mid to large companies. So service providers are crucial. What's the CrowdStrike powered service provider program all about? >> Well, it's an evolution for us. We've been dealing with this market for some time. And the idea is, is like how do we expand the opportunity to stop reaches? I mean, that's what it's all about. Like how more routes to market, more partners like cyber defense labs that can really go in and bring our technology coupled with their services to power their offerings to their customers and just help us reach every end user out there, to stop reaches. >> So Jason, how do you guys differentiate? Cause I see, you know, as an analyst, I'll look back, I'll read the press releases and they'll see, okay. They just look so similar. So how do you differentiate from the competition? What do you tell customers? >> So when it comes to our selection of technology we test it, we work it, we literally put it into real world situations with our clients. And then we differentiate ourselves with expert services. It's a white glove service from us. We embed ourselves right in with our clients. That's why we call 'em our client partners. And they see us as part of their team and extension of their team. They don't have the time to play with technology and work out what's best. They don't know the time to select it or even then the expertise to use it effectively in the environment. So that's where the trust comes in with us. And then for us, likewise, we are the technology provider such as CrowdStrick, we need to know the technology works and it does what it says. >> I always ask CISOs; What's your number one challenge? And they'll say lack of talent. The only time I didn't get that answer was at... The Mongo DB CISO at reinforced. I'm like yeah, it's cause you're Mongo, I guess reinforced or AWS doesn't have the same problem, but do you... Obviously you see that problem. And you compliment that, is that a fair? >> Yeah, absolutely. Many, many companies mid-market enterprises are really struggling to find talent and then retain the talent. So for us where that's all we are about and then we are there to enable your business to do what your business does. It is just working and I think more and more so you're going to see an industry clearly CrowdStrike's going in that direction. That it's the service provider that becomes a critical element of that trusted circle. >> Does that translate into a market segment by size of organization typically or? You mentioned the ever never ending quest for talent which is critical regardless of size but what does your target market look like? >> So I, I think the biggest gap in the market frankly, is still the mid-market. Many smaller companies still are really just struggling with 'what is the problem.' At least in the mid-market, in the enterprises they really beginning to understand the problem and want to invest and lean in. And here's the irony. They now want to partner to solve the problem cause they recognize they can't do it on their own. >> So Mike, what are the critical aspects of this program? I mean, got the press release out there, but put some meat on the bone for us. >> So if you look at what we were doing to enable managed service providers to go in and, and be powered by CrowdStrike before it was in a corporate market segment it was a specific set of product from us to really enable MDR, you know, sort of that, that generation of services that a lot of customers looked at MSPs for. And what the big message about this is is we are now expanding that. We're taking it out of corporate, we're going upmarket, we're going enterprise. We can leverage partners like cyber defense labs to package our software into their offering and help them power them more than just endpoint. Right? We've had a lot of exciting announcements and probably more to come around identity, you know XDR, the new buzz, right? Like what does it mean? And in, if you look at our approach, it's a very platform centric approach and that's something that partners can monetize. That's something that partners can really help clients grow with is that it's not just about endpoint. It's more about how do I make sure that I'm in a position with a partner that allows me to grow as a market decides it's necessary. So things like identity, cloud on and on and on, that we're investing in and continuing to grow. We are making that available to the CrowdStrike powered service about our marketplace. >> So Jason, service providers historically outsourcing, okay. And it used to be a lot of; 'okay, you know, I'll take over your mess for less kind of thing.' Right? And so the pattern was you would have one of everything and then, that limited your scale. The bigger you got, you had this economies of scale. So am I hearing that, like how do you partner with CrowdStrike? Are you kind of standardizing on that platform or not necessarily cause you have to be agnostic. What's your posture on that? >> So there's a level of, you have to be technology agnostic. We pride ourselves in just using the best technology that's out there. But at the same time, very much with the Fal.Con platform they're building out and maturing in a way that's making significant risk mitigation abilities for a solution provider like us to say we'll take one of those, one of those and put our service around it because that's the best fit service to reduce the risk of this particular client. And having that flexibility for us to do that really allows us then to stay within the same sort of product suite rather than going outside when integration is still one of the biggest challenges that you have. >> So you're one of those organizations that's consolidating a bevy of point tools. Is that right? I mean, you're going through that transformation now. Have you already gone through that? What's your journey look like there? >> Oh, we help companies do that. That's how they mitigate and reduce their risk. >> Okay. But you're using tools as, as well. Are you not? So I mean, you've got to also I mean you're like an extension of those clients. >> Absolutely. So it comes down to a lot of the time do you have the right team? We have a team of experts that deliver expert services. You get to a level of skillset and experience, which goes what's just the best tool out there. And it becomes that's our insight. So one of the reasons why we like the Fal.Con product is because regardless of what the mess is, that's happening you can rapidly deploy stuff to make a difference. And then you then work out how to fix the mess which is quite a change from how traditionally things are done, which is let's analyze the problem. Let's look at options around it. And by the time you've done that time has passed and you can't afford to just allow time to pass these days. So having the right technology allows you to rapidly deploy. Of course, we use what we sell. So we are proud to say that we use a number of the Fal.Con products to protect ourselves and consolidate onto that technology as we then offer that out as a service to our clients. >> So Mike, I'm thinking about the program in general and specifically how you are implementing this program thinking about the path to bringing the customer on board. There are a finite number of strategic seats at any customer's table. So who is at the customer's table? Is it CDL saying; 'Hey, I'm going to bring in my folks from CrowdStrike to have a conversation with you.' Is it CrowdStrike saying; 'Hey, it looks like a service provider might be the best solution for you. Let's go talk to CDL.' How does that work? >> It's a great question. And I think we talk a lot about how there's a gap in people to support cyber efforts inside of companies. But we don't talk about the gap in like experts that can go in and actually sit down with CISOs, with CIOs, with CFOs. And so for us, like it's all about the flexibility. It's it's what do you need in the moment? Because at the end of the day, it comes down to the people. If Jason has a great trusted relationship, he's like; 'Hey I just need some content.' 'Help me push why we're powered by CrowdStrike in this moment.' Great, go run. If we have an opportunity where we know that cyber defense labs has a presence then we go in together, right? Like that flexibility is there. We've done a lot. When you build a program like this, like it's easy to tell the market what they need. It's easy to tell everybody, but it's also you're looking at a cultural shift and how CrowdStrike goes to market, right? Like this is all about how do we get every possible route to market to stop reaches for customers of all size. >> I would echo that. there's three ways that that's working for our two companies at the moment. Many times a lot of the relationships that we have are trusted advisor at the owner or board level of these mid-market and enterprise companies. They're looking to ask for a number of things. And one of the things that we then say is, Hey for your technology roadmap, hey we want to bring in co-present coded us, co-discuss co-strategize with you what your roadmap is. And so we often bring CrowdStrike into the conversations that cyber defense lab is having at the board level. Then on the other side, CrowdStrike obviously has a significant sales force and trusted advisors. They go in with the product and then it's apparent that the you know, the client wants way more than just the product. They say, this is great. I love it. I've made my decision, but I can't operate it effectively. And so we then get pulled in from that perspective >> You get to all the time from product companies, right? It's like, okay, now what? How do I do this? And you go, oh, I'll call somebody. So this is going to accelerate. You go to market. >> Well, and everybody looks at it like, you know how does your sales play with their sales, right? Everyone's going after the same thing. And I'm, you know, that's important, but you have to look at CrowdStrike as more than sales, right? We have an amazing threat intel group that are helping clients understand the risk factors and what bad people are trying to do to them. We can bring so many experts to the side of a cyber defense labs in, in that realm. You know, we've been doing this a long time. >> This is what's interesting to me when I think about your threat hunting, because you guys are experts and you guys are experts. But the... Correct me if I'm wrong. But the advantage I see at the CrowdStrike has is your cloud platform allows you to have such a huge observation space. You got a ton of data and you bring that to the relationship as well and then you benefit from that? >> It's two way. It's absolutely two way. CrowdStrike has a whole bunch of experts and expertise in this space. So do cyber defense labs. We call it for us because we're providing a service to multiple clients. Many of them have a global presence. We call it our global threat view. And absolutely we are exchanging real time threat telemetry data with, with our friends at CrowdStrike Which is impacting the value that we have and the ability to respond extremely quickly when something's happening to one of our clients. >> Well, I just add to that, you know if you look at all of our alliances, right? We've got solution providers, tech reliant, everything. The one thing that's really interesting about the CrowdStrike powered service provider program; it lives in alliances, It's a partnership program, but they're our customer. They have chosen to standardize on our platform, right. To help drive the best results for their customers. And so we treat them like a partner because it's not for internal use. There's unlimited aspect to it. And so as that treating like partnership we have to enable them with more than just product. Right? We want to bring the right experts. We want to bring the right, you know, vision of where the market's going the threats out there, things of that nature. And that's something that we do every day with you guys. >> And it was even expressed earlier with the keynote speech that George gave. Look there's an ecosystem of very good technologies, very good providers. And there there's that sort of friend-of-me view here. You put the best thing together for the client at the end of the day. And if we all acknowledge, which I think is the maturity of our partnership, that one plus one equals, I always say at 51 now, if you play it right, then the partner sees... That the client sees the value of the partnership. And so they want more of that. >> So it sounds like... We got to wrap, but I wonder if we could close on this. It sounds like this was happening just organically in the field. Now you've codified it. So my question to each of you is; What's your vision for the future? Where do you guys want to take this thing? >> What a wrap question right there. I love it. Honestly, like we look at it in... Look at what does it mean to be a CrowdStrike powered service provider. It is more than just the platform. It's the program in general, offering them tools to go in and do early assessments. One thing about service providers, they're in there before vendors, right? We're still a vendor at the end of the day. And so they have that relationship, like how do we enable them to leverage our platform leverage our tools, leverage our programs in order to help a client understand, like, what is your risk factor Could a breach come, things of that nature. And so it's really building in really enabling a partner like cyber defense labs to take on the full suite of programs, services, platform that we can provide to them as a customer, treated them like a partner. >> And Jason, from your perspective, bring us on if you would. >> So our partnership with CrowdStrike is really enabling cyber defense labs to increase our share of wallet, our presence in very specific market segments; The mid-market to enterprise especially around banking, financial services auto dealerships, healthcare, manufacturing, where last year we saw a significant progress there. And we think we're going to double it between this year and next year. >> Jason Cook, Mike Riolo. thanks for coming in TheCube. Great story. >> Thank you for having us >> Alright, thank you for watching. Keep it right there. Dave Vallante and Dave Nicholson will be back right after this short break from Fal.Con 22. You're watching TheCube. (soft electronic music)

>> From theCUBE studios in Palo Alto in Boston bringing you data driven insights from theCUBE and ETR. This is "Breaking Analysis" with Dave Vellante. >> In just over 10 years, CrowdStrike has become a leading independent security firm with more than 2 billion in annual recurring revenue, nearly 60% ARR growth, and approximate $40 billion market capitalization, very high retention rates, low churn, and a path to 5 billion in revenue by mid decade. The company has joined Palo Alto Networks as a gold standard pure play cyber security firm. It has achieved this lofty status with an architecture that goes beyond a point product. With outstanding go to market and financial execution, some sharp acquisitions and an ever increasing total available market. Hello, and welcome to this week's Wikibon Cube Insights powered by ETR. In this "Breaking Analysis" and ahead of Falcon, Fal.Con, CrowdStrike's user conference, we take a deeper look into CrowdStrike, its performance, its platform, and survey data from our partner ETR. Now, the general consensus is that spending on Cyber is non-discretionary and is held up better than other technology sectors. While this is generally true, as this data shows, it's nuanced. Let's explore this a bit. First, this is a year-to-date chart of the stock performance of CrowdStrike relative to Palo Alto, the BUG ETF, which is a Cyber index, the NASDAQ and SentinelOne, a relatively new entrant to the IPO public markets. Now, as you can see the security sector as evidenced by the orange line, that Cyber ETF, is holding up better than the overall NASDAQ which is off 28% year-to-date. Palo Alto has held up incredibly well, the best, being off only around 4% year-to-date. Whereas CrowdStrike is off in the double digits this year. But up as we talked about in one of our last "Breaking Analysis" on Cyber, up from its lows this past May. Now, CrowdStrike had a very nice beat and raise on August 30th. But the stop didn't respond well initially. We asked "Breaking Analysis" contributor, Chip Simonton for his technical take and he stated that CrowdStrike has bounced around for the last three months in its current range. He said that Cyber stocks have held up better than the rest of the market, as we're showing. And now might be a good time to take a shot but he is cautious. FedEx had a warning today of a global recession and that's obvious case for a concern. You know, maybe some of these quality Cyber stocks like Palo Alto and CrowdStrike and Zscaler will outperform in a recession, but that play is not for the faint of heart. In fact, it's feeling like a longer, more drawn out tech lash than many had hoped. Perhaps as much as 12 to 18 months of bouncing around with sellers still in control, is generally the sentiment from Simonton. So in terms of Cyber spending being non-discretionary, we'd say it's less discretionary than other it sectors but the CISO still does not have an open wallet, as we've reported before. We've seen that spending momentum has decelerated in all sectors throughout the year. This is an across the board trend. Now, independent of the stock price, George Kurtz, CEO of CrowdStrike, he's running a marathon, not a sprint. And this company is running at a nice pace despite tough macro headwinds. The company is free cash flow positive and is in the black, or a non-GAAP operating profit basis and yet it's growing ARR at nearly 60%. Frank Slootman uses the term inherent profitability, meaning that the company could drive more profits if it wanted to dial down expenses especially in go to market costs. But that would be a mistake for a company like CrowdStrike, in our opinion. While it has an impressive nearly 20,000 customers, there are hundreds of thousands of customers that CrowdStrike could penetrate. So like Snowflake and Slootman, Kurtz is not taking its foot off the gas. Now, the fundamental strength of CrowdStrike and its secret sauce is its architecture and platform, in our view, so let's take a deeper look. CrowdStrike believes that the unstoppable breach is a myth. Now, CISOs don't agree with that because they assume they're going to get breached, but that's CrowdStrike's point of view, so lofty vision. CrowdStrike's mission is to consolidate the patchwork of solutions by introducing modules that go beyond point products. CrowdStrike has more than 20 modules, I think 22, that span a range of capabilities as shown in this table. Now, there are a few critical aspects of the CrowdStrike architecture that bear mentioning. First is the lightweight agent, that is fundamental. You know, we're used to thinking that agentless is good and agent is bad, but in this case, a powerful but small, slim and easy to install but unobtrusive agent has its advantages because it supports multiple CrowdStrike modules. The second point is CrowdStrike from the beginning has been dogmatic about getting all the telemetry data into the cloud. It sort of shunned doing bespoke on prem so that all the data could be analyzed. So the more agents that CrowdStrike installs around the world, the more data it has access to and the better its intelligence. Few companies have access to more data, perhaps Microsoft given it scale and size is an exception in that endpoint space. CrowdStrike has developed a purpose-built threat graph and analytics platform that allows it to quickly ingest in near real time key telemetry data and detect not only known malware, that's pretty straightforward, pretty much anybody could do that. But using machine intelligence, it can also detect unknown malware and other potentially malicious behavior using indicators of attack, IOC, or IOAs. Humio is shown here as a company that CrowdStrike bought for around 400 million in early 2020, early 2021. It's the company's Splunk killer and will serve as an observability platform. It's really starting to take off, that's a great market for them to go after. CrowdStrike, to try to put it into sort of a summary, uses a three pronged approach. First is it's next generation anti-virus, meaning it's SaaS base. SAS based solution that can do fast lookups to telemetry data and that data lives in the cloud. And this leverages cloud strikes proprietary threat graph. Now, the second is endpoint detection and response. CrowdStrike sends all endpoint activity to the cloud and can process the data in real time. CrowdStrike EDR allows you to search data history and its partners with threat intelligent platforms who push the data into CrowdStrike, the CrowdStrike cloud. This increases CloudStrike's observation space. It also has containment capabilities in EDR to fence off compromised system. Now, the third leg of the stool is CrowdStrike's world class manage hunting approach. Like many firms, CrowdStrike has a crack team of experts that is looking at the data, but CrowdStrike's advantage is the amount of data, that observation space that we just talked about, and near real time capabilities of the architecture thanks to that proprietary database that they've developed. And all this is built in the cloud and so it enables global scale. And of course, agility. Now, let's dig into some of the survey data and take a look at what ETR respondents are saying about the spending momentum for CrowdStrike in context with its peers. Here's a very recent dataset, the October preliminary data from the October dataset in ETR's survey. Eric Bradley shared with us, ETR's head of strategy, and he runs the round tables, he's a frequent "Breaking Analysis" contributor. This is an XY graph with Netcore or spending momentum on the vertical axis and the overlap or pervasiveness in the survey on the horizontal axis. That dotted red line at 40% indicates an elevated level of spending velocity. Anything above that, we consider really impressive. Note the CrowdStrike progression since the pandemic started. The two notable points are one, that CrowdStrike has remained consistently above that 40% mark and two, it has made notable progress to the right. You can see that sort of squiggly line consistently increasing its share with one little anomaly there in the early days of over a two-year period. The other call out here is Microsoft in the upper-right. We circled Microsoft as usual. Microsoft messes up the data because it's such a dominant player and has referenced earlier as a massive scale and very quality telemetry from its endpoints. Unlike AWS, Microsoft is a direct competitor of CrowdStrike's. Nonetheless, the sector remains very strong with lots of players. Cyber is a large and expanding TAM with too many point tools that CrowdStrike is well positioned to consolidate, in our view. Now, here's a more narrow view of that same XY graph. What it does is it takes out Microsoft to kind of normalize the data a bit and it compares a number of firms that specialize in endpoint, along with CrowdStrike such as Tanium which also has a lightweight agent, by the way, and appears to be doing pretty well. SentinelOne did a relatively recent IPO, took off, stock hasn't done as well since, as you saw earlier. Carbon Black which VMware bought for around $2 billion and Cylance which is the Blackberry pivot. Now, we've also for context included Palo Alto and Cisco because they are major players with the big presence in security and they've got solutions that compete with CrowdStrike. But you can see how CrowdStrike looms large with a higher net score than these others. Although Palo Alto is very impressive, as is Cisco, steady. But Palo Alto also, sorry, CrowdStrike also has a very steady posture instead of just looming on that X axis. Let's now take a look at XDR, extended detection and response. XDR is kind of this bit of a buzzword but CrowdStrike seems to be taking the mantle and trying to sort of own the category and define it, in our view. It's a natural evolution of endpoint detection and response, EDR. In a recent ETR Roundtable hosted by our colleague, Eric Bradley, the sentiment among several CIOs is that existing SIEM, security information and event management platforms are inadequate and some see XDR as a replacement for, or at least a strong compliment to SIEM. CISOs want a single view of their data. Hmm, you haven't heard that before. They want help prioritizing potentially high impact breaches and they want to automate the low level stuff because the problem is sometimes too much information becomes information overload and you can't prioritize. So they want to consolidate platforms. They want better co consistency. They have too many dashboards, too many stove pipes. They have difficulty scaling and they have inconsistent telemetry data. As one CISO said, it's a call out here. "If the regulatory requirement isn't there, I absolutely would get rid of my SIEM." So CrowdStrike, we feel, is in a good position to continue to gain, share and disrupt this space. And that's what Dave Nicholson and I will be looking for next week when theCUBE is at Fal.Con, CrowdStrike's user conference. We'll be there for two days at the area in Vegas. In addition to CrowdStrike CEO, we'll hear from government cyber experts. We always hear that at security conferences and the CEO of Mandiant. Google just the other day closed its $5 billion plus acquisition of Mandiant, which is a threat intelligence expert and MSSP. I'm going to hear a lot about MSSPs by the way. CrowdStrike is a growing MSSP base. We think that's a really interesting sector because many companies don't have a SOC. As many as 50% of companies in the United States don't have a security operations center. So they need help, that's where MSPs come in. At the conference, there'll be a real focus on the Falcon platform. And we expect CrowdStrike to educate the audience on its multiple modules and how to take advantage of the capabilities beyond endpoint. And we'll also be watching for the ecosystem conversations. We saw this at reinforced, for example, where CrowdStrike and Okta were presenting together to show how these companies products compliment each other in the marketplace. Sometimes it gets confusing when you hear that CrowdStrike has an identity product. Okta, of course, is the identity specialist. So we'll be helping extract that signal from the noise. Because a generational company must have a strong ecosystem. CrowdStrike is evolving and our belief is that it has some work to do to create a stronger partner flywheel, and we're eager to dig into that next week. So if you're at the event, please do stop by theCUBE, say hello to Dave Nicholson and myself. Okay, we're going to leave it there today. Many thanks to Chip Simonton and Eric Bradley for their input and contributions to today's episode. Thanks to Alex Myerson, who does production, he also manages our podcast, Ken Schiffman as well, in our Boston studios, Kristen Martin and Cheryl Knight help get the word out on social media and our newsletters, and Rob Hof is our editor in chief over at siliconangle.com. He does some wonderful editing and I really appreciate that. Remember, all these episodes are available as podcasts wherever you listen, just search "Breaking Analysis" Podcast. I publish each week on wikibon.com and siliconangle.com and you can email me at david.vellante@siliconangle.com or DM me @DVellante or comment on our LinkedIn post. And please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching, and we'll see you next time on "Breaking Analysis". (upbeat music)

>>Hi, everyone. Welcome to this program. Sponsored by HPE. I'm your host, Lisa Martin. We're here talking about being confident and trusting your server security with HPE. I have two guests here with me to talk about this important topic. Cole Humphreys joins us global server security product manager at HPE and Anne Potton trusted supply chain program lead at HPE guys. It's great to have you on the program. Welcome. >>Hi, thanks. Thank you. It's nice to be here, Anne. >>Let's talk about really what's going on there. Some of the trends, some of the threats there's so much change going on. What is HPE seeing? >>Yes. Good question. Thank you. Yeah. You know, cyber security threats are increasing everywhere and it's causing disruption to businesses and governments alike worldwide. You know, the global pandemic has caused limited employee availability. Originally this has led to material shortages and these things opens the door perhaps even wider for more counterfeit parts and products to enter the market. And these are challenges for consumers everywhere. In addition to this, we're seeing the geopolitical environment has changed. We're seeing, you know, rogue nation states using cybersecurity warfare tactics to immobilize an entity's ability to operate and perhaps even use their tactics for revenue generation, the Russian invasion of Ukraine as one example, but businesses are also under attack. You know, for example, we saw solar winds, software supply chain was attacked two years ago, which unfortunately went a notice for several months and then this was followed by the colonial pipeline attack and numerous others. >>You know, it just seems like it's almost a daily occurrence that we hear of a cyber attack on the evening news. And in fact, it's estimated that the cyber crime cost will reach over 10 and a half trillion dollars by 2025 and will be even more profitable than the global transfer of all major illegal drugs combined. This is crazy, you know, the macro environment in which companies operate in has changed over the years. And you know, all of these things together and coming from multiple directions presents a cybersecurity challenge for an organization and in particular it's supply chain. And this is why HPE is taking proactive steps to mitigate supply chain risk so that we can provide our customers with the most secure products and services. >>So Cole, let's bring you into the conversation and did a great job of summarizing the major threats that are going on the tumultuous landscape. Talk to us Cole about the security gap. What is it? What is HPE seeing and why are organizations in this situation? >>Hi, thanks Lisa. You know, what we're seeing is as this threat landscape increases to, you know, disrupt or attempt to disrupt our customers and our partners and ourselves, I, it's a kind of a double edge if you will, because you're seeing the increase in attacks, but what you're not seeing is that equal to growth of the skills and the experiences required to address the scale. So it really puts the pressure on companies because you have a skill gap, a talent gap, if you will. There's, you know, for example, there are projected to be three and a half million cyber roles open in the next few years, right? So all this scale is growing and people are just trying to keep up, but the gap is growing just literally the people to stop the bad actors from attacking the data and, and to complicate matters. You're also seeing a dynamic change of the who and the, how the attacks are happening, right? >>The classic attacks that you've seen, you know, and the SDK and all the, you know, the history books, those are not the standard plays anymore. You'll have, you know, nation states going after commercial entities and, you know, criminal syndicates and alluded to that. There's more money in it than the international drug trade. So you can imagine the amount of criminal interest in getting this money. So you put all that together. And the increasing of attacks, it just is really pressing down is, is literally, I mean, the reports we're reading over half of everyone, obviously the most critical infrastructure cares, but even just mainstream computing requirements need to have their data protected, help me protect my workloads and they don't have the people in house, right? So that's where partnership is needed, right? And that's where we believe, you know, our approach with our partner ecosystem is it's not HPE delivering everything ourself, but all of us in this together is really what we believe. The only way we're gonna be able to get this done. >>So collets double click on that HPE and its partner ecosystem can provide expertise that companies and every industry are lacking. You're delivering HPE as a 360 degree approach to security. Talk about what that 360 degree approach encompasses. >>Thank you. It is, it is an approach, right? Because I feel that security is a, it is a, it is a thread that will go through the entire construct of a technical solution, right there. Isn't a, oh, if you just buy this one server with this one feature, you don't have to worry about anything else. It's really it's everywhere. And at least the way we believe it, it's everywhere. And it in a 360 degree approach, the way we like to frame it is it's, it's this beginning with our supply chain, right? We take a lot of pride in the designs, you know, the really smart engineering teams, the design, our technology, our awesome world class global operations team, working in concert to deliver some of these technologies into the market. That is a huge, you know, great capability, but also a huge risk to customers, cuz that is the most vulnerable place that if you inject some sort of malware or, or tampering at that point, you know, the rest of the story really becomes mute because you've already defeated, right? >>And then you move in to you physically deployed that through our global operations. Now you're in an operating environment. That's where automation becomes key, right? We have software innovations in, you know, our ILO product of management inside those single servers. And we have really cool new grain lake for compute operations management services out there that give customers more control back and more information to deal with this scaling problem. And then lastly, as you begin to wrap up, you know, the natural life cycle and you need to move to new platforms and new technologies, right? We think about the exit of that life cycle and how do we make sure we dispose of the data and, and move those products into a secondary life cycle so that we can move back into this kind of circular 360 degree approach. We don't wanna leave our customers hanging anywhere in this entire journey. >>That 360 degree approach is so critical, especially given as we've talked about already in this segment, the changes, the dynamics in the environment. And as Cole said, this is this 360 degree approach that HPE is delivering is beginning in the manufacturing supply chain seems like the first line of defense against cyber attackers talked to us about why that's important. And where did the impetus come from? Was that COVID was that customer demand? >>Yep. Yep. Yeah. The supply chain is critical. Thank you. So in 2018, we, we could see all of these cybersecurity issues starting to emerge and predicted that this would be a significant challenge for our industry. So we formed a strategic initiative called the trusted supply chain program designed to mitigate cybersecurity risk in the supply chain and really starting at the product with the product life cycle, starting at the product design phase and moving through sourcing and manufacturing, how we deliver products to our customers and ultimately a product's end of life that Cole mentioned. So in doing this, we're able to provide our customers with the most secure products and services, whether they're buying their servers from, for their data center or using our own GreenLake services. So just to give you some examples, something that is foundational to our trusted supply chain program, we've built a very robust cybersecurity supply chain risk management program that includes assessing our risk at our all factories and our suppliers. >>Okay. We're also looking at strengthening our software supply chain by developing mechanisms to identify software vulnerabilities and hardening our own software build environments to protect against counterfeit parts that I mentioned in the beginning from entering our supply chain, we've recently started a blockchain program so that we can identify component provenance and trace part parts back to their original manufacturers. So our security efforts, you know, continue even after product manufacturing, we offer three different levels of secure delivery services for our customers, including, you know, a dedicated truck and driver or perhaps even an exclusive use vehicle. We can tailor our delivery services to whatever the customer needs. And then when a product is at its end of life, products are either recycled or disposed using our approved vendors. So our servers are also equipped with the one button secure erase that erases every bite of data, including firmware data and talking about products, we've taken additional steps to provide additional security features for our products. >>Number one, we can provide platform certificates that allow the user to cryptographically verify that their server hasn't been tampered with from the time it left the manufacturing facility to the time that it arrives at the customer's factory facility. In addition to that, we've launched a dedicated line of trusted supply chain servers with additional security features, including secure configuration lock chassis intrusion detection. And these are assembled at our us factory by us vetted employees. So lots of exciting things happening within the supply chain, not just to shore up our own supply chain risk, but also to provide our customer the most. So that announcement. >>All right, thank you. You know, they've got great setup though, because I think you gotta really appreciate the whole effort that we're putting into, you know, bringing these online. But one of the just transparently the gaps we had as we proved this out was as you heard, this initial proof was delivered with assembly in the us factory employees, you know, fantastic program really successful in all our target industries and, and even expanding to places we didn't really expect it to, but it's kind of going to the point of security. Isn't just for one industry or one set of customers, right? We're seeing it in our partners. We're seeing it in different industries than we have in the past. And, but the challenge was we couldn't get this global right out the gate, right? This has been a really heavy transparently, a us federal activated focus, right? >>If, if you've been tracked in what's going on since may of last year, there's been a call to action to improve a nation cybersecurity. So we've been all in on that and we have an opinion and we're working hard on that, but we're a global company, right? How can we get this out to the rest of the world? Well guess what, this month we figured it out and well, let's take a lot more than those month. We did a lot of work that we figured it out and we have launched a comparable service globally called server security optimization service, right? HPE server security optimization service for proli. I like to call it, you know, S S O S sauce, right? Do you wanna be clever HPE sauce that we can now deploy globally? We get that product hardened in the supply chain, right? Because if you take the best of your supply chain and you take your technical innovations, that you've innovated into the server, you can deliver a better experience for your customers, right? >>So the supply chain equals server technology and our awesome, you know, services teams deliver supply chain security at that last mile. And we can deliver it in the European markets. And now in the Asia Pacific markets right now, we could always just, we could ship it from the us to other markets. So we could always fulfill this promise, but I think it's just having that local access into your partner ecosystem and stuff just makes more sense, but it is big deal for us because now we have activated a meaningful supply chain security benefit for our entire global network of partners and customers, and we're excited about it. And we hope our customers are too. >>That's huge Cole. And, and in terms of this significance of the impact that HPE is delivering through its partner ecosystem globally as the supply chain continues to be one of the terms on everyone's lips here, I'm curious Cole, we just couple months ago, we're at discover. Can you talk about what HPE is doing here from a, a security perspective, this global approach that it's taking as it relates to what HPE was talking about at discover, in terms of we wanna secure the enterprise to deliver these experiences from edge to cloud. >>You know, I feel like for, for me, and, and I think you look at the shared responsibility models and you know, other frameworks out there, the way we're the way I believe it to be is this is it's, it's a solution, right? There's not one thing, you know, if you use HPE supply chain, the end, or if you buy an HPE pro line the end, right. It is an integrated connectedness with our, as a service platform, our service and support commitments, you know, our extensive partner ecosystem, our alliances, all of that comes together to ultimately offer that assurance to a customer. And I think these are specific, meaningful proof points in that chain of custody, right? That chain of trust, if you will, because as the world becomes more, zero trust, we are gonna have to prove ourselves more, right. And these are those kind of technical I credentials and identities and, you know, capabilities that a modern approach to security need. >>Excellent, great work there. And let's go ahead and, and take us home, take the audience through what you think ultimately, what HPE is doing, really infusing security at that 360 degree approach level that we talked about. What are some of the key takeaways that you want the audience that's watching here today to walk away with? >>Right. Right. Thank you. Yeah. You know, with the increase in cyber security threats, everywhere affecting all businesses globally, it's gonna require everyone in our industry to continue to evolve in our supply chain security in our product security in order to protect our customers in our business, continuity protecting our supply chain is something that HPE is very committed to and takes very seriously. So, you know, I think regardless of whether our customers are looking for an on-prem solution or a GreenLake service, you know, HPE is proactively looking for in mitigating any security risk in this supply chain so that we can provide our customers with the most secure products and services. >>Awesome. Ann and Cole. Thank you so much for joining me today, talking about what HPE is doing here and why it's important as our program is called to be confident and trust your server security with HPE and how HPE is doing that. Appreciate your insights on your time. >>Thank you so much for having thank >>You, Lisa, >>For Cole Humphreys and Anne Potton I'm Lisa Martin. We wanna thank you for watching this segment in our series. Be confident and trust your server security with HPE. We'll see you soon.