(upbeat music) >> Hello and welcome to theCUBE's presentation of the AWS Startup Showcase. This is season two, episode four of the ongoing series covering the exciting hot startups from the AWS ecosystem. Here we're talking about cybersecurity in this episode. I'm your host, John Furrier here we're excited to have CUBE alumni who's back Snehal Antani who's the CEO and co-founder of Horizon3.ai talking about exploitable weaknesses and vulnerabilities with autonomous pen testing. Snehal, it's great to see you. Thanks for coming back. >> Likewise, John. I think it's been about five years since you and I were on the stage together. And I've missed it, but I'm glad to see you again. >> Well, before we get into the showcase about your new startup, that's extremely successful, amazing margins, great product. You have a unique journey. We talked about this prior to you doing the journey, but you have a great story. You left the startup world to go into the startup, like world of self defense, public defense, NSA. What group did you go to in the public sector became a private partner. >> My background, I'm a software engineer by education and trade. I started my career at IBM. I was a CIO at GE Capital, and I think we met once when I was there and I became the CTO of Splunk. And we spent a lot of time together when I was at Splunk. And at the end of 2017, I decided to take a break from industry and really kind of solve problems that I cared deeply about and solve problems that mattered. So I left industry and joined the US Special Operations Community and spent about four years in US Special Operations, where I grew more personally and professionally than in anything I'd ever done in my career. And exited that time, met my co-founder in special ops. And then as he retired from the air force, we started Horizon3. >> So there's really, I want to bring that up one, 'cause it's fascinating that not a lot of people in Silicon Valley and tech would do that. So thanks for the service. And I know everyone who's out there in the public sector knows that this is a really important time for the tactical edge in our military, a lot of things going on around the world. So thanks for the service and a great journey. But there's a storyline with the company you're running now that you started. I know you get the jacket on there. I noticed get a little military vibe to it. Cybersecurity, I mean, every company's on their own now. They have to build their own militia. There is no government supporting companies anymore. There's no militia. No one's on the shores of our country defending the citizens and the companies, they got to offend for themselves. So every company has to have their own military. >> In many ways, you don't see anti-aircraft rocket launchers on top of the JP Morgan building in New York City because they rely on the government for air defense. But in cyber it's very different. Every company is on their own to defend for themselves. And what's interesting is this blend. If you look at the Ukraine, Russia war, as an example, a thousand companies have decided to withdraw from the Russian economy and those thousand companies we should expect to be in the ire of the Russian government and their proxies at some point. And so it's not just those companies, but their suppliers, their distributors. And it's no longer about cyber attack for extortion through ransomware, but rather cyber attack for punishment and retaliation for leaving. Those companies are on their own to defend themselves. There's no government that is dedicated to supporting them. So yeah, the reality is that cybersecurity, it's the burden of the organization. And also your attack surface has expanded to not just be your footprint, but if an adversary wants to punish you for leaving their economy, they can get, if you're in agriculture, they could disrupt your ability to farm or they could get all your fruit to spoil at the border 'cause they disrupted your distributors and so on. So I think the entire world is going to change over the next 18 to 24 months. And I think this idea of cybersecurity is going to become truly a national problem and a problem that breaks down any corporate barriers that we see in previously. >> What are some of the things that inspired you to start this company? And I loved your approach of thinking about the customer, your customer, as defending themselves in context to threats, really leaning into it, being ready and able to defend. Horizon3 has a lot of that kind of military thinking for the good of the company. What's the motivation? Why this company? Why now? What's the value proposition? >> So there's two parts to why the company and why now. The first part was what my observation, when I left industry realm or my military background is watching "Jack Ryan" and "Tropic Thunder" and I didn't come from the military world. And so when I entered the special operations community, step one was to keep my mouth shut, learn, listen, and really observe and understand what made that community so impressive. And obviously the people and it's not about them being fast runners or great shooters or awesome swimmers, but rather there are learn-it-alls that can solve any problem as a team under pressure, which is the exact culture you want to have in any startup, early stage companies are learn-it-alls that can solve any problem under pressure as a team. So I had this immediate advantage when we started Horizon3, where a third of Horizon3 employees came from that special operations community. So one is this awesome talent. But the second part that, I remember this quote from a special operations commander that said we use live rounds in training because if we used fake rounds or rubber bullets, everyone would act like metal of honor winners. And the whole idea there is you train like you fight, you build that muscle memory for crisis and response and so on upfront. So when you're in the thick of it, you already know how to react. And this aligns to a pain I had in industry. I had no idea I was secure until the bad guy showed up. I had no idea if I was fixing the right vulnerabilities, logging the right data in Splunk, or if my CrowdStrike EDR platform was configured correctly, I had to wait for the bad guys to show up. I didn't know if my people knew how to respond to an incident. So what I wanted to do was proactively verify my security posture, proactively harden my systems. I needed to do that by continuously pen testing myself or continuously testing my security posture. And there just wasn't any way to do that where an IT admin or a network engineer could in three clicks have the power of a 20 year pen testing expert. And that was really what we set out to do, not build a autonomous pen testing platform for security people, build it so that anybody can quickly test their security posture and then use the output to fix problems that truly matter. >> So the value preposition, if I get this right is, there's a lot of companies out there doing pen tests. And I know I hate pen tests. They're like, cause you do DevOps, it changes you got to do another pen test. So it makes sense to do autonomous pen testing. So congratulations on seeing that that's obvious to that, but a lot of other have consulting tied to it. Which seems like you need to train someone and you guys taking a different approach. >> Yeah, we actually, as a company have zero consulting, zero professional services. And the whole idea is that build a true software as a service offering where an intern, in fact, we've got a video of a nine year old that in three clicks can run pen tests against themselves. And because of that, you can wire pen tests into your DevOps tool chain. You can run multiple pen tests today. In fact, I've got customers running 40, 50 pen tests a month against their organization. And that what that does is completely lowers the barrier of entry for being able to verify your posture. If you have consulting on average, when I was a CIO, it was at least a three month lead time to schedule consultants to show up and then they'd show up, they'd embarrass the security team, they'd make everyone look bad, 'cause they're going to get in, leave behind a report. And that report was almost identical to what they found last year because the older that report, the one the date itself gets stale, the context changes and so on. And then eventually you just don't even bother fixing it. Or if you fix a problem, you don't have the skills to verify that has been fixed. So I think that consulting led model was acceptable when you viewed security as a compliance checkbox, where once a year was sufficient to meet your like PCI requirements. But if you're really operating with a wartime mindset and you actually need to harden and secure your environment, you've got to be running pen test regularly against your organization from different perspectives, inside, outside, from the cloud, from work, from home environments and everything in between. >> So for the CISOs out there, for the CSOs and the CXOs, what's the pitch to them because I see your jacket that says Horizon3 AI, trust but verify. But this trust is, but is canceled out, just as verify. What's the product that you guys are offering the service. Describe what it is and why they should look at it. >> Yeah, sure. So one, when I back when I was the CIO, don't tell me we're secure in PowerPoint. Show me we're secure right now. Show me we're secure again tomorrow. And then show me we're secure again next week because my environment is constantly changing and the adversary always has a vote and they're always evolving. And this whole idea of show me we're secure. Don't trust that your security tools are working, verify that they can detect and respond and stifle an attack and then verify tomorrow, verify next week. That's the big mind shift. Now what we do is-- >> John: How do they respond to that by the way? Like they don't believe you at first or what's the story. >> I think, there's actually a very bifurcated response. There are still a decent chunk of CIOs and CSOs that have a security is a compliance checkbox mindset. So my attitude with them is I'm not going to convince you. You believe it's a checkbox. I'll just wait for you to get breached and sell to your replacement, 'cause you'll get fired. And in the meantime, I spend all my energy with those that actually care about proactively securing and hardening their environments. >> That's true. People do get fired. Can you give an example of what you're saying about this environment being ready, proving that you're secure today, tomorrow and a few weeks out. Give me an example. >> Of, yeah, I'll give you actually a customer example. There was a healthcare organization and they had about 5,000 hosts in their environment and they did everything right. They had Fortinet as their EDR platform. They had user behavior analytics in place that they had purchased and tuned. And when they ran a pen test self-service, our product node zero immediately started to discover every host on the network. It then fingerprinted all those hosts and found it was able to get code execution on three machines. So it got code execution, dumped credentials, laterally maneuvered, and became a domain administrator, which in IT, if an attacker becomes a domain admin, they've got keys to the kingdom. So at first the question was, how did the node zero pen test become domain admin? How'd they get code execution, Fortinet should have detected and stopped it. Well, it turned out Fortinet was misconfigured on three boxes out of 5,000. And these guys had no idea and it's just automation that went wrong and so on. And now they would've only known they had misconfigured their EDR platform on three hosts if the attacker had showed up. The second question though was, why didn't they catch the lateral movement? Which all their marketing brochures say they're supposed to catch. And it turned out that that customer purchased the wrong Fortinet modules. One again, they had no idea. They thought they were doing the right thing. So don't trust just installing your tools is good enough. You've got to exercise and verify them. We've got tons of stories from patches that didn't actually apply to being able to find the AWS admin credentials on a local file system. And then using that to log in and take over the cloud. In fact, I gave this talk at Black Hat on war stories from running 10,000 pen tests. And that's just the reality is, you don't know that these tools and processes are working for you until the bad guys have shown. >> The velocities there. You can accelerate through logs, you know from the days you've been there. This is now the threat. Being, I won't say lazy, but just not careful or just not thinking. >> Well, I'll do an example. We have a lot of customers that are Horizon3 customers and Splunk customers. And what you'll see their behavior is, is they'll have Horizon3 up on one screen. And every single attacker command executed with its timestamp is up on that screen. And then look at Splunk and say, hey, we were able to dump vCenter credentials from VMware products at this time on this host, what did Splunk see or what didn't they see? Why were no logs generated? And it turns out that they had some logging blind spots. So what they'll actually do is run us to almost like stimulate the defensive tools and then see what did the tools catch? What did they miss? What are those blind spots and how do they fix it. >> So your price called node zero. You mentioned that. Is that specifically a suite, a tool, a platform. How do people consume and engage with you guys? >> So the way that we work, the whole product is designed to be self-service. So once again, while we have a sales team, the whole intent is you don't need to have to talk to a sales rep to start using the product, you can log in right now, go to Horizon3.ai, you can run a trial log in with your Google ID, your LinkedIn ID, start running pen test against your home or against your network against this organization right now, without talking to anybody. The whole idea is self-service, run a pen test in three clicks and give you the power of that 20 year pen testing expert. And then what'll happen is node zero will execute and then it'll provide to you a full report of here are all of the different paths or attack paths or sequences where we are able to become an admin in your environment. And then for every attack path, here is the path or the kill chain, the proof of exploitation for every step along the way. Here's exactly what you've got to do to fix it. And then once you've fixed it, here's how you verify that you've truly fixed the problem. And this whole aha moment is run us to find problems. You fix them, rerun us to verify that the problem has been fixed. >> Talk about the company, how many people do you have and get some stats? >> Yeah, so we started writing code in January of 2020, right before the pandemic hit. And then about 10 months later at the end of 2020, we launched the first version of the product. We've been in the market for now about two and a half years total from start of the company till present. We've got 130 employees. We've got more customers than we do employees, which is really cool. And instead our customers shift from running one pen test a year to 40, 50 pen test. >> John: And it's full SaaS. >> The whole product is full SaaS. So no consulting, no pro serve. You run as often as you-- >> Who's downloading, who's buying the product. >> What's amazing is, we have customers in almost every section or sector now. So we're not overly rotated towards like healthcare or financial services. We've got state and local education or K through 12 education, state and local government, a number of healthcare companies, financial services, manufacturing. We've got organizations that large enterprises. >> John: Security's diverse. >> It's very diverse. >> I mean, ransomware must be a big driver. I mean, is that something that you're seeing a lot. >> It is. And the thing about ransomware is, if you peel back the outcome of ransomware, which is extortion, at the end of the day, what ransomware organizations or criminals or APTs will do is they'll find out who all your employees are online. They will then figure out if you've got 7,000 employees, all it takes is one of them to have a bad password. And then attackers are going to credential spray to find that one person with a bad password or whose Netflix password that's on the dark web is also their same password to log in here, 'cause most people reuse. And then from there they're going to most likely in your organization, the domain user, when you log in, like you probably have local admin on your laptop. If you're a windows machine and I've got local admin on your laptop, I'm going to be able to dump credentials, get the admin credentials and then start to laterally maneuver. Attackers don't have to hack in using zero days like you see in the movies, often they're logging in with valid user IDs and passwords that they've found and collected from somewhere else. And then they make that, they maneuver by making a low plus a low equal a high. And the other thing in financial services, we spend all of our time fixing critical vulnerabilities, attackers know that. So they've adapted to finding ways to chain together, low priority vulnerabilities and misconfigurations and dangerous defaults to become admin. So while we've over rotated towards just fixing the highs and the criticals attackers have adapted. And once again they have a vote, they're always evolving their tactics. >> And how do you prevent that from happening? >> So we actually apply those same tactics. Rarely do we actually need a CVE to compromise your environment. We will harvest credentials, just like an attacker. We will find misconfigurations and dangerous defaults, just like an attacker. We will combine those together. We'll make use of exploitable vulnerabilities as appropriate and use that to compromise your environment. So the tactics that, in many ways we've built a digital weapon and the tactics we apply are the exact same tactics that are applied by the adversary. >> So you guys basically simulate hacking. >> We actually do the hacking. Simulate means there's a fakeness to it. >> So you guys do hack. >> We actually compromise. >> Like sneakers the movie, those sneakers movie for the old folks like me. >> And in fact that was my inspiration. I've had this idea for over a decade now, which is I want to be able to look at anything that laptop, this Wi-Fi network, gear in hospital or a truck driving by and know, I can figure out how to gain initial access, rip that environment apart and be able to opponent. >> Okay, Chuck, he's not allowed in the studio anymore. (laughs) No, seriously. Some people are exposed. I mean, some companies don't have anything. But there's always passwords or so most people have that argument. Well, there's nothing to protect here. Not a lot of sensitive data. How do you respond to that? Do you see that being kind of putting the head in the sand or? >> Yeah, it's actually, it's less, there's not sensitive data, but more we've installed or applied multifactor authentication, attackers can't get in now. Well MFA only applies or does not apply to lower level protocols. So I can find a user ID password, log in through SMB, which isn't protected by multifactor authentication and still upon your environment. So unfortunately I think as a security industry, we've become very good at giving a false sense of security to organizations. >> John: Compliance drives that behavior. >> Compliance drives that. And what we need. Back to don't tell me we're secure, show me, we've got to, I think, change that to a trust but verify, but get rid of the trust piece of it, just to verify. >> Okay, we got a lot of CISOs and CSOs watching this showcase, looking at the hot startups, what's the message to the executives there. Do they want to become more leaning in more hawkish if you will, to use the military term on security? I mean, I heard one CISO say, security first then compliance 'cause compliance can make you complacent and then you're unsecure at that point. >> I actually say that. I agree. One definitely security is different and more important than being compliant. I think there's another emerging concept, which is I'd rather be defensible than secure. What I mean by that is security is a point in time state. I am secure right now. I may not be secure tomorrow 'cause something's changed. But if I'm defensible, then what I have is that muscle memory to detect, respondent and stifle an attack. And that's what's more important. Can I detect you? How long did it take me to detect you? Can I stifle you from achieving your objective? How long did it take me to stifle you? What did you use to get in to gain access? How long did that sit in my environment? How long did it take me to fix it? So on and so forth. But I think it's being defensible and being able to rapidly adapt to changing tactics by the adversary is more important. >> This is the evolution of how the red line never moved. You got the adversaries in our networks and our banks. Now they hang out and they wait. So everyone thinks they're secure. But when they start getting hacked, they're not really in a position to defend, the alarms go off. Where's the playbook. Team springs into action. I mean, you kind of get the visual there, but this is really the issue being defensible means having your own essentially military for your company. >> Being defensible, I think has two pieces. One is you've got to have this culture and process in place of training like you fight because you want to build that incident response muscle memory ahead of time. You don't want to have to learn how to respond to an incident in the middle of the incident. So that is that proactively verifying your posture and continuous pen testing is critical there. The second part is the actual fundamentals in place so you can detect and stifle as appropriate. And also being able to do that. When you are continuously verifying your posture, you need to verify your entire posture, not just your test systems, which is what most people do. But you have to be able to safely pen test your production systems, your cloud environments, your perimeter. You've got to assume that the bad guys are going to get in, once they're in, what can they do? So don't just say that my perimeter's secure and I'm good to go. It's the soft squishy center that attackers are going to get into. And from there, can you detect them and can you stop them? >> Snehal, take me through the use. You got to be sold on this, I love this topic. Alright, pen test. Is it, what am I buying? Just pen test as a service. You mentioned dark web. Are you actually buying credentials online on behalf of the customer? What is the product? What am I buying if I'm the CISO from Horizon3? What's the service? What's the product, be specific. >> So very specifically and one just principles. The first principle is when I was a buyer, I hated being nickled and dimed buyer vendors, which was, I had to buy 15 different modules in order to achieve an objective. Just give me one line item, make it super easy to buy and don't nickel and dime me. Because I've spent time as a buyer that very much has permeated throughout the company. So there is a single skew from Horizon3. It is an annual subscription based on how big your environment is. And it is inclusive of on-prem internal pen tests, external pen tests, cloud attacks, work from home attacks, our ability to harvest credentials from the dark web and from open source sources. Being able to crack those credentials, compromise. All of that is included as a singles skew. All you get as a CISO is a singles skew, annual subscription, and you can run as many pen tests as you want. Some customers still stick to, maybe one pen test a quarter, but most customers shift when they realize there's no limit, we don't nickel and dime. They can run 10, 20, 30, 40 a month. >> Well, it's not nickel and dime in the sense that, it's more like dollars and hundreds because they know what to expect if it's classic cloud consumption. They kind of know what their environment, can people try it. Let's just say I have a huge environment, I have a cloud, I have an on-premise private cloud. Can I dabble and set parameters around pricing? >> Yes you can. So one is you can dabble and set perimeter around scope, which is like manufacturing does this, do not touch the production line that's on at the moment. We've got a hospital that says every time they run a pen test, any machine that's actually connected to a patient must be excluded. So you can actually set the parameters for what's in scope and what's out of scope up front, most again we're designed to be safe to run against production so you can set the parameters for scope. You can set the parameters for cost if you want. But our recommendation is I'd rather figure out what you can afford and let you test everything in your environment than try to squeeze every penny from you by only making you buy what can afford as a smaller-- >> So the variable ratio, if you will is, how much they spend is the size of their environment and usage. >> Just size of the environment. >> So it could be a big ticket item for a CISO then. >> It could, if you're really large, but for the most part-- >> What's large? >> I mean, if you were Walmart, well, let me back up. What I heard is global 10 companies spend anywhere from 50 to a hundred million dollars a year on security testing. So they're already spending a ton of money, but they're spending it on consultants that show up maybe a couple of times a year. They don't have, humans can't scale to test a million hosts in your environment. And so you're already spending that money, spend a fraction of that and use us and run as much as you want. And that's really what it comes down to. >> John: All right. So what's the response from customers? >> What's really interesting is there are three use cases. The first is that SOC manager that is using us to verify that their security tools are actually working. So their Splunk environment is logging the right data. It's integrating properly with CrowdStrike, it's integrating properly with their active directory services and their password policies. So the SOC manager is using us to verify the effectiveness of their security controls. The second use case is the IT director that is using us to proactively harden their systems. Did they install VMware correctly? Did they install their Cisco gear correctly? Are they patching right? And then the third are for the companies that are lucky to have their own internal pen test and red teams where they use us like a force multiplier. So if you've got 10 people on your red team and you still have a million IPs or hosts in your environment, you still don't have enough people for that coverage. So they'll use us to do recon at scale and attack at scale and let the humans focus on the really juicy hard stuff that humans are successful at. >> Love the product. Again, I'm trying to think about how I engage on the test. Is there pilots? Is there a demo version? >> There's a free trials. So we do 30 day free trials. The output can actually be used to meet your SOC 2 requirements. So in many ways you can just use us to get a free SOC 2 pen test report right now, if you want. Go to the website, log in for a free trial, you can log into your Google ID or your LinkedIn ID, run a pen test against your organization and use that to answer your PCI segmentation test requirements, your SOC 2 requirements, but you will be hooked. You will want to run us more often. And you'll get a Horizon3 tattoo. >> The first hits free as they say in the drug business. >> Yeah. >> I mean, so you're seeing that kind of response then, trial converts. >> It's exactly. In fact, we have a very well defined aha moment, which is you run us to find, you fix, you run us to verify, we have 100% technical win rate when our customers hit a find, fix, verify cycle, then it's about budget and urgency. But 100% technical win rate because of that aha moment, 'cause people realize, holy crap, I don't have to wait six months to verify that my problems have actually been fixed. I can just come in, click, verify, rerun the entire pen test or rerun a very specific part of it on what I just patched my environment. >> Congratulations, great stuff. You're here part of the AWS Startup Showcase. So I have to ask, what's the relationship with AWS, you're on their cloud. What kind of actions going on there? Is there secret sauce on there? What's going on? >> So one is we are AWS customers ourselves, our brains command and control infrastructure. All of our analytics are all running on AWS. It's amazing, when we run a pen test, we are able to use AWS and we'll spin up a virtual private cloud just for that pen test. It's completely ephemeral, it's all Lambda functions and graph analytics and other techniques. When the pen test ends, you can delete, there's a single use Docker container that gets deleted from your environment so you have nothing on-prem to deal with and the entire virtual private cloud tears itself down. So at any given moment, if we're running 50 pen tests or a hundred pen tests, self-service, there's a hundred virtual private clouds being managed in AWS that are spinning up, running and tearing down. It's an absolutely amazing underlying platform for us to make use of. Two is that many customers that have hybrid environments. So they've got a cloud infrastructure, an Office 365 infrastructure and an on-prem infrastructure. We are a single attack platform that can test all of that together. No one else can do it. And so the AWS customers that are especially AWS hybrid customers are the ones that we do really well targeting. >> Got it. And that's awesome. And that's the benefit of cloud? >> Absolutely. And the AWS marketplace. What's absolutely amazing is the competitive advantage being part of the marketplace has for us, because the simple thing is my customers, if they already have dedicated cloud spend, they can use their approved cloud spend to pay for Horizon3 through the marketplace. So you don't have to, if you already have that budget dedicated, you can use that through the marketplace. The other is you've already got the vendor processes in place, you can purchase through your existing AWS account. So what I love about the AWS company is one, the infrastructure we use for our own pen test, two, the marketplace, and then three, the customers that span that hybrid cloud environment. That's right in our strike zone. >> Awesome. Well, congratulations. And thanks for being part of the showcase and I'm sure your product is going to do very, very well. It's very built for what people want. Self-service get in, get the value quickly. >> No agents to install, no consultants to hire. safe to run against production. It's what I wanted. >> Great to see you and congratulations and what a great story. And we're going to keep following you. Thanks for coming on. >> Snehal: Phenomenal. Thank you, John. >> This is the AWS Startup Showcase. I'm John John Furrier, your host. This is season two, episode four on cybersecurity. Thanks for watching. (upbeat music)

>>You want us to >>Look at that camera? Okay. We're back in Boston, everybody. This is Dave ante for the cube, the leader in enterprise tech coverage. This is reinforce 2022 AWS's big security conference. We're here in Boston, the convention center where the cube started in 2010. Highend song is here. She's head of security and distributed cloud services at F five. And she's joined by Dan woods. Who's the global head of intelligence at F five. Great to see you again. Thanks for coming in the cube, Dan, first time I believe. Yeah. Happy to be here. All right. Good to see you guys. How's the, how's the event going for? Y'all >>It's been just fascinating to see all those, uh, new players coming in and taking security in a very holistic way. Uh, very encouraged. >>Yeah. Boston in, in July is, is good. A lot of, a lot of action to Seaport. When I was a kid, there was nothing here, couple mob restaurants and that's about it. And, uh, now it's just like a booming, >>I'm just happy to see people in, in person. Finally, is >>This your first event since? Uh, maybe my second or third. Third. Okay, >>Great. Since everything opened up and I tell you, I am done with >>Zoom. Yeah. I mean, it's very clear. People want to get back face to face. It's a whole different dynamic. I think, you know, the digital piece will continue as a compliment, but nothing beats belly to belly, as I like absolutely say. All right. Hi on let's start with you. So you guys do a, uh, security report every year. I think this is your eighth year, the app security report. Yeah. Um, I think you, you noted in this report, the growing complexity of apps and integrations, what did you, what are, what were your big takeaways this year? >>And so, like you said, this is our eighth year and we interview and talk to about 1500 of like companies and it decision makers. One of the things that's so prevalent coming out of the survey is complexity that they have to deal with, continue to increase. It's still one of the biggest headaches for all the security professionals and it professionals. And that's explainable in a way, if you look at how much digital transformation has happened in the last two years, right? It's an explosion of apps and APIs. That's powering all our digital way of working, uh, in the last two years. So it's certainly natural to, to see the complexity has doubled and tripled and, and we need to do something about it. >>And the number of tools keeps growing. The number of players keeps growing. I mean, so many really interesting, you know, they're really not startups anymore, but well funded new entrance into the marketplace. Were there any big surprises to you? You know, you're a security practitioner, you know, this space really well, anything jump out like, whoa, that surprised >>Me. Yeah. It's been an interesting discussion when we look at the results, right. You know, some of us would say, gosh, this is such a big surprise. How come people still, you know, willing to turn off security for the benefits of performance. And, and, and as a security professional, I will reflect on that. I said, it's a surprise, or is it just a mandate for all of us in security, we got to do better. And because security shouldn't be the one that prevents or add friction to what the business wants to do, right? So it's a surprise because we, how can, after all the breaches and, and then security incidents, people are still, you know, the three quarters of the, uh, interviewees said, well, you know, if we were given a choice, we'll turn off security for performance. And I think that's a call to action for all of us in security. How do we make security done in a way that's frictionless? And they don't have to worry about it. They don't have to do a trade off. And I think that's one of the things, you know, Dan in working our entire anti automation, uh, solution one is to PR protect. And the other thing is to enable. >>Yeah. You think about Dan, the, I always say the, the adversary is extremely capable. The ROI of cyber tech just keeps getting better and better. And your jobs really is to, to, to lower the ROI, right. It decrease the value, increase the cost, but you're, I mean, fishing continues to be prevalent. You're seeing relatively new technique island hopping, self forming malware. I mean, it's just mind boggling, but, but how are you seeing, you know, the attack change? You know, what what's the adversary do differently over the last, you know, several years maybe pre and post pandemic, we've got a different attack service. What are you seeing? >>Well, we're seeing a lot higher volume attacks, a lot higher volume and velocity. Mm-hmm, <affirmative> it isn't uncommon at all for us to go in line and deploy our client side signals and see, uh, the upper 90%, um, is automated, unwanted automation hitting the application. Uh, so the fact that the security teams continue to underestimate the size of the problem. That is something I see. Every time we go in into an enterprise that they underestimate the size of the problem, largely because they're relying on, on capabilities like caps, or maybe they're relying on two of a and while two of a is a very important role in security. It doesn't stop automated attacks and cap certainly doesn't stop automated >>Tax. So, okay. So you said 90% now, as high as 90% are, are automated up from where maybe dial back to give us a, a marker as to where it used to be. >>Well, less than 1% is typically what all of our customers across the F five network enjoy less than 1% of all traffick hitting origin is unwanted, but when we first go online, it is upper 90, we've seen 99% of all traffic being unwanted >>Automation. But Dan, if I dial back to say 2015, was it at that? Was it that high? That, that was automated >>Back then? Or, you know, I, I don't know if it was that high then cuz stuffing was just, you know, starting to kind take off. Right? No. Right. Um, but as pre stuffing became better and better known among the criminal elements, that's when it really took off explain the pays you're right. Crime pays >>Now. Yeah. It's unfortunate, but it's true. Yeah. Explain the capture thing. Cause sometimes as a user, like it's impossible to do the capture, you know, it's like a twister. Yeah. >>I >>Got that one wrong it's and I presume it's because capture can be solved by, by bots. >>Well, actually the bots use an API into a human click farming. So they're humans to sit around, solving captures all day long. I actually became a human capture solver for a short time just to see what the experience was like. And they put me to the training, teaching me how to solve, captures more effectively, which was fascinating, cuz I needed that training frankly. And then they tested to make sure I solve caps quickly enough. And then I had solved maybe 30 or 40 caps and I hadn't earned one penny us yet. So this is how bots are getting around caps. They just have human solve them. >>Oh, okay. Now we hear a lot at this event, you gotta turn on multifactor authentication and obviously you don't want to use just SMS based MFA, but Dan you're saying not good enough. Why explain >>That? Well, most implementations of two a is, you know, you enter in username and password and if you enter in the correct username and password, you get a text message and you enter in the code. Um, if you enter in the incorrect username and password, you're not sent to code. So the, the purpose of a credential stocking attack is to verify whether the credentials are correct. That's the purpose. And so if it's a two, a protected log in, I've done that. Admittedly, I haven't taken over the account yet, but now that I have a list of known good credentials, I could partner with somebody on the dark web who specializes in defeating two, a through social engineering or port outs or SIM swaps S so seven compromises insiders at telcos, lots of different ways to get at the, uh, two, a text message. >>So, wow, <laugh>, this is really interesting, scary discussion. So what's the answer to, to that problem. How, how have five approach >>It highend touched on it. We, we want to improve security without introducing a lot of friction. And the solution is collecting client side signals. You interrogate the users, interactions, the browser, the device, the network, the environment, and you find things that are unique that can't be spoof like how it does floating point math or how it renders emojis. Uh, this way you're able to increase security without imposing friction on, on the customer. And honestly, if I have to ever have to solve another capture again, I, I, I just, my blood is boiling over capture. I wish everyone would rip it out >>As a user. I, I second that request I had, um, technology got us into this problem. Can technology help us get out of the problem? >>It has to. Um, I, I think, uh, when you think about the world that is powering all the digital experiences and there's two things that comes to mind that apps and APIs are at the center of them. And in order to solve the problem, we need to really zero in where, you know, the epic center of the, the, uh, attack can be and, and had the max amount of impact. Right? So that's part of the reason from a F five perspective, we think of application and API security together with the multitier the defense with, you know, DDoS to bots, to the simple boss, to the most sophisticated ones. And it has to be a continuum. You don't just say, Hey, I'm gonna solve this problem in this silo. You have to really think about app and APIs. Think about the infrastructure, think about, you know, we're here at AWS and cloud native solutions and API services is all over. You. Can't just say, I only worry about one cloud. You cannot say, I only worry about VMs. You really need to think of the entire app stack. And that's part of the reason when we build our portfolio, there is web application firewall, there's API security there's bot solution. And we added, you know, application infrastructure protection coming from our acquisition for threat stack. They're actually based in Boston. Uh, so it's, it's really important to think holistically of telemetry visibility, so you can make better decisions for detection response. >>So leads me to a number of questions first. The first I wanna stay within the AWS silo for a minute. Yeah. Yeah. What do you, what's the relationship with AWS? How will you, uh, integrating, uh, partnering with AWS? Let's start there. >>Yeah, so we work with AWS really closely. Uh, a lot of our solutions actually runs on the AWS platform, uh, for part of our shape services. It's it's, uh, using AWS capabilities and thread stack is purely running on AWS. We just, uh, actually had integration, maybe I'm pre announcing something, uh, with, uh, the cloud front, with our bot solutions. So we can be adding another layer of protection for customers who are using cloud front as the w on AWS. >>Okay. So, um, you integrate, you worry about a APIs, AWS APIs and primitives, but you have business on prem, you have business, other cloud providers. How do you simplify those disparities for your customers? Do you kind of abstract all that complexity away what's F fives philosophy with regard then and creating that continuous experience across the states irrespective of physical >>Location? Yeah, I think you're spot on in terms of, we have to abstract the complexity away. The technology complexity is not gonna go away because there's always gonna be new things coming in the world become more disaggregated and they're gonna be best of brain solutions coming out. And I think it's our job to say, how do we think about policies for web application? And, you know, you're, on-prem, you're in AWS, you're in another cloud, you're in your private data center and we can certainly abstract out the policies, the rules, and to make sure it's easier for a customer to say, I want this particular use case and they push a button. It goes to all the properties, whether it's their own edge or their own data center, and whether it's using AWS, you know, cloud front as you using or web. So that is part of our adapt. Uh, we call it adaptive application. Vision is to think delivery, think security, think optimizing the entire experience together using data. You know, I come from, uh, a company that was very much around data can power so many things. And we believe in that too. >>We use a, we use a term called super cloud, which, which implies a layer that floats above the hyperscale infrastructure hides the underlying complexity of the primitives adds value on top and creates a continuous experience across clouds, maybe out to the edge even someday on prem. Is that, does that sound like, it sounds like that's your strategy and approach and you know, where are you today? And that is that, is that technically feasible today? Is it, is it a journey? Maybe you could describe >>That. Yeah. So, uh, in my title, right, you talked about a security and distribute cloud services and the distribute cloud services came from a really important acquisition. We did last year and it's about, uh, is called Wil Tara. What they brought to F five is the ability not only having lot of the SAS capabilities and delivery capabilities was a very strong infrastructure. They also kept have capability like multi-cloud networking and, you know, people can really just take our solution and say, I don't have to go learn about all the, like I think using super cloud. Yeah, yeah. Is exactly that concept is we'll do all the hard work behind the scenes. You just need to decide what application, what user experience and we'll take care of the rest. So that solutions already in the market. And of course, there's always more things we can do collect more telemetry and integrate with more solutions. So there's more insertion point and customer can have their own choice of whatever other security solution they want to put on top of that. But we already provide, you know, the entire service around web application and API services and bot solution is a big piece of that. >>So I could look at analytics across those clouds and on-prem, and actually you don't have to go to four different stove pipes to find them, is that >>Right? Yeah. And I think you'd be surprised on what you would see. Like you, you know, typically you're gonna see large amounts of unwanted automation hitting your applications. Um, it's, I, I think the reason so many security teams are, are underestimating. The size of the problem is because these attacks are coming from tens of thousands, hundreds of thousands, even millions of IP addresses. So, you know, for years, security teams have been blocking by IP and it's forced the attackers to become highly, highly distributed. So the security teams will typically identify the attack coming from the top hundred or 1500 noisiest IPS, but they missed the long tail of tens of thousands, hundreds of thousands of IPS that are only used one or two times, because, you know, over time we forced the attackers to do this. >>They're scaling. >>Yeah, they are. And, and they're coming from residential IPS now, uh, not just hosting IPS, they're coming from everywhere. >>And, and wow. I mean, I, we know that the pandemic changed the way that organization, they had to think more about network security, rethinking network security, obviously end point cloud security. But it sounds like the attackers as well, not only did they exploit that exposure, but yeah, yeah. They were working from home and then <laugh> >>The human flick farms. They're now distributor. They're all working from home. >>Now we could take advantage >>Of that when I was solving captures, you could do it on your cell phone just by walking around, solving, captures for money. >>Wow. Scary world. But we live in, thank you for helping making it a little bit safer, guys. Really appreciate you coming on the queue. >>We'll continue to work on that. And our motto is bring a better digital world to life. That's what we can set out >>To do. I love it. All right. Great. Having you guys. Thank you. And thank you for watching. Keep it right there. This is Dave ante from reinforce 2022. You're watching the cube right back after this short break.

(upbeat music) >> Hey everyone. Welcome back to theCUBE's coverage of Coupa Inspire 2022. We are in Las Vegas at the beautiful Cosmopolitan hotel. I'm your host, Lisa Martin. Brian McKillips joins me next, a managing director at Accenture. Brian, it's great to have you on the program. >> Thanks for having me, I'm glad to be here. >> So you have an interesting, you lead a lot of stuff at Accenture and I want to read this off, so I get it right. You lead the intelligent platform services strategy and the industry and functions platform group. Talk to me about those responsibilities. >> Yeah, so the intelligent platform services is the place in the business where we have kind of our large software partners, SAP, Oracle, Microsoft, Workday, Salesforce and Adobe. And we kind of think of ourselves as kind of the engine that powers industry and functional solutions, right? And the way Accenture's gone to market over the last couple of years has been kind of bringing together our breadth of experience all the way from strategy, all the way through operations and these big technology transformations are at the core of that. So that's what we do in intelligent platform services. And we recently launched this what we call the industry and functions platforms group because we realized there's a lot of strategic partners that are critical for us to be have a strong practice around, COUPA being one of them, you know in the supply chain and sourcing and procurement space so that we could create a home to be able to deliver these solutions globally and at scale. So I lead both kind of the strategy across all of IPS and then the new industry and functions platform group. >> Got it. All right. So you're here to talk to me about composable technology. First of all, define that for the audience so they understand what you're talking about. >> Yeah, you bet. So, you know, at Accenture, we're talking a lot about this is the age of compressed transformation, meaning, you know, change is only going to speed up and the need to change and so our clients are really struggling with not only kind of moving fast but that pressure around having to change as dynamics around the world change. So in the age of compressed transformation, we were really talking about how our clients should be kind of reorienting the way they think about their tech stack. And because, you know, historically a lot of us grew up in kind of monolithic implementations with, you know one software provider. But today it's really about composing technology to create new industry, new ways to solve industry problems, functional processes, customer experiences, right? And so composable technology we think about it in three parts. One is a cloud foundation that is, you know, the hyperscalers are a critical part of that. Secondly, our digital core and these are the kind of the historic software packages at the center of a lot of the industry and functional business processes. So you think about SAP and Oracle and Salesforce and things like that. But then around that digital core you have composable elements to be able to plug in. And that could be things like other software packages but it's also kind of industry IP or you know, edge devices, you know think IOT, think smart appliances, think and when you put, pull all those things together you need to be able to not only configure it once but configure and reconfigure as the dynamics of the marketplace change. >> So composable technology isn't necessarily new but has the pandemic been an accelerator of some of the things that you're seeing now in terms of why it's important, what's different about it now as being a foundation for competitive differentiation? >> Yeah, for sure. And it's, you know, I, anybody who's in technology say, you know, you tell them about this idea, they're like, well this isn't new, we've had service oriented architectures for 20 years. >> Right. >> You know, we've been talking about integrating things forever, but the you know, much like we all five to seven years ago we knew that we'd be using our phones to pay for pretty much everything but the tech hadn't caught up, right. Not every restaurant or store that you went to had the point of sale set up, right. So we all kind of knew that was coming. And the same thing has kind of happened around this idea of about composable technology and the three things that are new are one is that the cloud foundation is here, right. >> Yes. >> Where, you know, you now have not only kind of hyperscale high speed compute in at the core you actually have at the edge as well. And the same thing with high speed network, you know you have Starlink, you have 5G rolling out. So you have that cloud foundation that really wasn't there before. The second thing that's happening is the posture of a lot of the ecosystem, major ecosystem players has changed, right. And this started, you know when Satya Nadella took over Microsoft where Microsoft was very much a kind of a closed environment. >> Right. >> Where Satya under his leadership has really kind of changed the posture of being able to integrate into that. And we've seen that really pretty much across the entire landscape. And then lastly, it's become, you know, cheaper and, you know, quicker to be able to integrate with platforms like MuleSoft and others where there's kind of full scale integration platforms. So those are, those are the kind of the things that are new that allows for composable technology to be here in the real world. >> So it's something that's tangible, it's real organizations need to be on this bandwagon I imagine or they're going to be left behind. Gartner had some interesting stats that your team sent over and they were talking about these stats that were very compelling in terms of a seismic shift which always, you hear seismic living in California I think earthquakes, but something substantial. And they said, this seismic shift is going to happen by 2023. And I thought, hang on, that's less than a year away. >> Yeah. >> And they talked about by 2023, organizations that have adopted an intelligent composable approach will outpace competition 80% in the speed of new feature implementation. So if an organization hasn't started on that now is it too late? >> I would say not necessarily too late but they need to look for ways to change their disposition, right. And one of the ways that we've been helping clients do this is through pre-integrated solutions, right. So you know, in the past, the motion would be we would work with a client, they would work with our kind of strategists and consultants and say, what does the the future of supply chain look like for example. And if the client liked it, they would say, okay, I love it, what do I do next? Right. Then there would be another consulting engagement, another consulting engagement and then there would be a blueprint and architecture and at some point there was an implementation and a run. We've actually said we're investing heavily with our ecosystem partners to be able to pre-integrate solutions. So when that supply chain strategist says this is what the post COVID supply chain should look like and the client says, I love it what do I do next, that strategist can turn around and say, well, we've got a pre-integrated solution with SAP at the core sitting on a Microsoft Azure stack integrated with Coupa, wrapped with AI and machine learning and we can drop that and configure it for an environment. So that's how we're working with clients who are in that position that really need to kind of change their disposition is to bring these pre-integrated solutions and drop them in. >> Where are your conversations at the C- Suite level? Because this is, I hear many things in what you just said. Part of it is change management, which is very challenging. There's, people are very resistant to that. >> Brian: Yeah. >> One of the things that we've learned in the last two years is if it's going to come it's going to come but where are your conversations within that executive suite in terms of getting buy-in and going this is the direction we have to go in. >> Brian: Yeah. >> Because our business needs to be not just survive but thrive. >> Yeah. Yeah. These are, I mean, there are certainly of course in kind of traditional channels of tech whether it's, you know, the CIO or the CTO, but increasingly we're seeing this is a CEO discussion and, you know, our CEO Julie Sweet, is very, very market pacing and is having top to top conversations talking about compressed transformation, talking about composable technology because it's no longer just a, you know, a back office function as you know, right. I mean, this is really core to how companies you know, are, change their business models, make money, right. And it's a constant evolution. And that's why we talk about that kind of configuring and reconfiguring, it's not just coming in, implementing once, run it for five years and then when it's time to upgrade, we come back. >> No. >> We really want to be the partner with our clients to basically move in and, you know, across the patch whether it's specific industry processes, specific functional processes, specific customer experiences, we want to be the partner that is constantly tuning and configuring and reconfiguring and composing these solutions from across the ecosystem. >> And helping those businesses in any industry evolve as you talked about this compressed timeline, compressed transformation, such an interesting way of describing it but it's really true, it's what we've been living the last couple of years. >> Brian: Yeah. And so I want to get into Accenture's technology vision. You touched on this a little bit but there was some stats that your team provided that I thought were really, really interesting, a survey that Accenture did, 77% of executives, and we were just talking about the C-suite, state that their tech architecture is becoming critical to the overall success of the organization. So that awareness is there for sure en masse. Another thing that, stat that was interesting was 90% of business and IT execs agree that to be agile we always talk about agility, right, be resilient, organizations need to fast forward this digital transformation at the core. There's that compressed transformation. >> Brian: Yeah. >> Those are very high numbers. >> Brian: Yeah. >> In terms of where organizations say we see where we need to be. What's the vision at Accenture to help organizations get there fast? >> Yeah. Well, I think it's, you know, the thing that came to mind as you were talking is that we have, you know, major clients that have had this had in the, you know consumer packaged goods and apparel space that have had one way that they've done business is directly through retailers, you know, for pretty much their whole existence. Suddenly they need to shift to a direct to consumer model both in terms of marketing, in terms of commerce and that's not, you know, you don't just flip a switch in the back office and, you know, call IT and say hey, hey, can you change around a few things? It's actually shifting the entire core, it touches everything, it touches point of sale, it touches the customer experience, it touches supply chain, it touches employee experience even, right. >> Yeah. >> And so that's why I think it's so important for, you know technology leaders and business leaders to continue to kind of integrate themselves more tightly. >> Yes. >> To be able to make these business model transformations not just, you know, the tech that supports things. >> It's essential. >> Yeah. >> You know, we often in so many shows, Brian, we talk about alignment of business and technology, but it's not trivial. >> Yeah, yeah. >> It's absolutely fundamental to the success of every organization. And they've got to do so and as you said, I'm going to use your, your word, the compressed transformation. >> Yeah. >> A compressed timeframe. So talk to me about some customer examples where you really feel that Accenture and Coupa have helped this organization transform its supply chain to be able to be, use composable technology. >> Brian: Yeah. >> To be a leader in its industry. >> Yeah. Well, one example of that is a major industrial client that we have that has global operations across the world. And they're on a journey to kind of upgrade their digital core ERP that they've been on for a long time. And that's a multi-year journey. But at, you know, today they have needs for sourcing and procurement solutions in specific geographies around the world like Japan, for example. So what we've been able to do and it's a relatively simple example but quickly work with the client and Coupa to identify the right Coupa solution that's born in the cloud that has a great kind of user experience and implement that quickly as well as integrated it into the digital core, right. So they're not separate things. And it becomes part of that architecture, right. It just starts to kind of show the flexibility of when you have, when you come with a kind of composable technology point of view, the way we can help our clients do that. And in some other cases it's even more, you know, more cutting edge. So think about a utilities client, for example that has IOT sensors on their wires and when the, when that wire swings too far they say something's wrong. Automatically it goes back to the digital core cuts a ticket and finds the closest worker. >> Lisa: Okay. >> To then dispatch. The worker then can put on their hollow lens, for example and climb the pole and get directions on how to solve the problem right then and there, right? That's another example of you know, multiple systems, edge devices things coming together in order to create that. And it's only going to get faster, you know, with the metaverse. >> Lisa: Right. >> You know, with web 3.0 coming, with blockchain becoming more and more mainstream, companies need to be thinking about in this age of compressed transformation how to do that composable technology that you can figure and reconfigure. >> Do you think that we're in an age of compressed transformation or is that how it's going to be going forward given the global climate the last two years? >> Yeah. It's definitely going to be that way going forward over the next, you know, probably for the large part of the, the remainder of our career. I mean, we're, our CTO, Paul Daugherty, talks about us being an mega cycle, right? There's so many things changing. And even without these externalities of, you know, political issues and pandemics, you know, the introduction of AI and machine learning, a lot of these technologies I just mentioned, it's, the change is happening in every industry, in every, you know kind of area of the marketplace and in a way that's, you know, that's really exciting, right. And we get to help our clients be able to kind of solve those things not just once, but continually >> There's a tremendous amount of opportunity that's come from compressed transformation, right. A lot of opportunity, a lot of potential. What are some of the things that you're looking forward to say in the next year, as we talked about some of those business and lines of business and IT folks understand we've got to move in this direction. What excites you about the potential that you have to help these organizations really transform? >> Yeah, well, I think, I mean, the, we just came out with our new tech vision which is about the metaverse. And I think that the things that excite me are there's brand new ways like we've lived in a world where transactions take place in a very predictable way with local currencies through a single channel. And that was, that's been sort of fixed for a long time. The fundamentals of the economy or actually in the marketplace are starting to change in terms of how do we transact with things like cryptocurrencies, things like non fungible tokens, you know, all these things that we didn't, you know, they weren't, even the metaverse these were not main line words, even six you know, months ago, 12 months ago. >> Lisa: Right, right. >> Now these things, you know, every it seems like every month there's something new that is, you know, seismic to use your word that is shifting the fundamentals of the marketplace. And I think that's what's really exciting. I mean, that's where, I mean, it's probably one of the most exciting times to be in business, be in the marketplace. It certainly has a lot of challenges. >> Lisa: Yes. >> But, you know, I think we're really about using, you know, the promise of technology to unlock human ingenuity and this is a great time to be able to unlock that human ingenuity. >> And that's such a great alignment with Coupa. I was just in the keynote and there was an Accenture video, Julie Sweet was talking to some other folks about that. Great alignment in the partnership. Brian, thank you for joining me talking about composable technology, what's new, why and the potential that organizations and every business have to use it to unlock competitive advantages. >> Brian: Yeah. >> We appreciate your insights and your time. >> You bet. Pleasure to be here. >> All right. With Brian McKillips, I'm Lisa Martin. You're watching theCUBEe from Coupa Inspire 2022. (upbeat music)

>> Live from Las Vegas, it's theCUBE, covering Informatica World 2019. Brought to you by Informatica. >> Welcome back, everyone, to theCUBE's live coverage of Informatica World 2019. I'm your host, Rebecca Knight, along with my cohost, John Furrier. We have two guests for this segment. We have Charlie Emer. He is the senior director data management and governance strategy at Honeywell. Thanks for joining us. >> Thank you. >> And Randy Mickey, senior vice president global professional services at Informatica. Thanks for coming on theCUBE. >> Thank you. >> Charlie, I want to start with you. Honeywell is a household name, but tell us a little bit about the business now and about your role at Honeywell. >> Think about it this way. When I joined Honeywell, even before I knew Honeywell, all I thought was thermostats. That's what people would think about Honeywell. >> That's what I thought. >> But Honeywell's much bigger than that. Look, if you go back to the Industrial Revolution, back in, I think, '20s, we talked about new things. Honeywell was involved from the beginning making things. But we think this year and moving forward in this age, Honeywell is looking at it as the new Industrial Revolution. What is that? Because Honeywell makes things. We make aircraft engines, we make aircraft parts. We make everything, household goods, sensors, all types of sensors. We make things. So when we say the new Industrial Revolution is about the Internet of Things, who best to participate because we make those things. So what we are doing now is what we call IIOT, Industrial Internet of Things. Now, that is what Honeywell is about, and that's the direction we are heading, connecting those things that we make and making them more advancing, sort of making life easier for people, including people's quality of life by making those things that we make more usable for them and durable. >> Now, you're a broad platform customer of Informatica. I'd love to hear a little bit from both of you about the relationship and how it's evolved over the years. >> Look, we look at Informatica as supporting our fundamentals, our data fundamentals. For us to be successful in what we do, we need to have good quality data, well governed, well managed, and secure. Not only that, and also accessible. And we using Informatica almost end to end. We are using Informatica for our data movement ETL platform. We're using Informatica for our data quality. We're using Informatica for our master data management. And we have Informatica beginning now to explore and to use Informatica big data management capabilities. And more to that, we also utilize Informatica professional services to help us realize those values from the platforms that we are deploying. IIoT, Industrial IoT has really been a hot trend. Industrial implies factories building big things, planes, wind farms, we've heard that before. But what's interesting is these are pre-existing physical things, these plants and all this manufacturing. When you add digital connectivity to it and power, it's going to change what they were used to be doing to new things. So how do you see Industrial IoT changing or creating a builder culture of new things? Because this connect first, got to have power and connectivity. 5G's coming around, Wi-Fi 6 is around the corner. This is going to light up all these devices that might have had battery power or older databases. What's the modernization of these industrial environments going to look like in your view? First of all, let me give you an example of the value that is coming with this connectivity. Think of it, if you are an aircraft engineer. Back in the day, a plane landed in Las Vegas. You went and inspected it, physically, and checked in your manual when to replace a part. But now Honeywell is telling you, we're connecting directly to the mechanic who is going to inspect the plane, and there will be sort of in their palms they can see and say wait a minute. This part, one more flight and I should replace this part. Now, we are advising you now, doing some predictive analytics, and telling you when this part could even fail. We're telling you when to replace it. So we're saying okay, the plane is going to fly from here to California. Prepare the mechanics in California when it lands with the part so they can replace it. That's already safety 101. So guaranteeing safety, sort of improving the equity or the viability of the products that we produce. When we're moving away from continue to build things because people still need those things built, safety products, but we're just making them more. We've heard supply chain's a real low-hanging fruit on this, managing the efficiency so there's no waste. Having someone ready at the plane is efficient. That's kind of low-hanging fruit. Any ideas on some of the creativity of new applications that's going to come from the data? Because now you start getting historical data from the connections, that's where I think the thing can get interesting here. Maybe new jobs, new types of planes, new passenger types. >> We are not only using the data to improve on the products and help us improve customer needs, design new products, create new products, but we also monitorizing that data, allowing our partners to also get some insights from that data to develop their own products. So creating sort of an environment where there is a partnership between those who use our products. And guess what, most of the people who use our products, our products actually input into their products. So we are a lot more business-to-business company than a B2C. So I see a lot of value in us being able to share that intelligence, that insight, in our data at a level of scientific discovery for our partners. >> Randy, I want to bring you into the conversation a little bit here (laughs). >> Thanks. >> So you lead Informatica's professional services. I'm interested to hear your work with Honeywell, and then how it translates to the other companies that you engage with. Honeywell is such a unique company, 130 years of innovation, inventor of so many important things that we use in our everyday lives. That's not your average company, but talk a little bit about their journey and how it translates to other clients. >> Sure, well, you could tell, listening to Charlie, how strategic data is, as well as our relationship. And it's not just about evolution from their perspective, but also you mentioned the historicals and taking advantage of where you've been and where you need to go. So Charlie's made it very clear that we need to be more than just a partner with products. We need to be a partner with outcomes for their business. So hence, a professional services relationship with Honeywell and Charlie and the organization started off more straightforward. You mentioned ETL, and we started off 2000, I believe, so 19 years ago. So it's been a journey already, and a lot more to go. But over the years you can kind of tell, using data in different ways within the organization, delivering business outcomes has been at the forefront, and we're viewed strategically, not just with the products, but professional services as well, to make sure that we can continue to be there, both in an advisory capacity, but also in driving the right outcomes. And something that Charlie even said this morning was that we were kind of in the fabric. We have a couple of team members that are just like Honeywell team members. We're in the fabric of the organization. I think that's really critically important for us to really derive the outcomes that Charlie and the business need. >> And data is so critical to their business. You have to be, not only from professional services, but as a platform. Yes. This is kind of where the value comes from. Now, I can't help but just conjure up images of space because I watch my kids that watch, space is now hot. People love space. You see SpaceX landing their rocket boosters to the finest precision. You got Blue Origin out there with Amazon. And they are Honeywell sensors either. Honeywell's in every manned NASA mission. You have a renaissance of activity going on in a modern way. This is exciting, this is critical. Without data, you can't do it. >> Absolutely, I mean, also sometimes we take a break. I'm a fundamentalist. I tell everybody that excitement is great, but let's take a break. Let's make sure the fundamentals are in place. And we actually know what is it, what are those critical data that we need to be tracking and managing? Because you don't just have to manage a whole world of data. There's so much of it, and believe me, there's not all value in everything. You have to be critical about it and strategic about it. What are the critical data that we need to manage, govern, and actually, because it's expensive to manage the critical data. So we look at a value tree as well, and say, okay, if we, as Honeywell, want to be able to be also an efficient business enabler, we have to be efficient inside. So there's looking out, and there's also looking inside to make sure that we are in the right place, we are understanding our data, our people understand data. Talking about our relationship with IPS, Informatica Professional Services, one of the things that we're looking at is getting the right people, the engineers, the people to actually realize that okay, we have the platform, we've heard of Clare, We heard of all those stuff. But where are the people to actually go and do the real stuff, like actually programming, writing the code, connecting things and making it work? It's not easy because the technology's going faster than the capabilities in terms of people, skills. So the partnership we're building with Informatica professional services, and we're beginning to nurture, inside that, we want to be in a position were Honeywell doesn't have to worry so much about the churn in terms of getting people and retraining and retraining and retraining. We want to have a reliable partner who is also moving with the certain development and the progress around the products that we bought so we can have that success. So the partnership with IPS is for the-- >> The skill gaps we've been talking about, I know she's going to ask next, but I'll just jump in because I know there's two threads here. One is there's a new generation coming into the workforce, okay, and they're all data-full. They've been experiencing the digital lifestyle, the engineering programs. To data, it's all changing. What are some of the new expertise that really stand out when evaluating candidates, both from the Informatica side and also Honeywell? What's the ideal candidate look like, because there's no real four-year degree anymore? Well, Berkeley just had their first class of data analytics. That's new two-generation. But what are some of those skills? There's no degree out there. You can't really get a degree in data yet. >> Do you want to talk about that? >> Sure, I can just kick off with what we're looking at and how we're evolving. First of all, the new graduates are extremely innovative and exciting to bring on. We've been in business for 26 years, so we have a lot of folks that have done some great work. Our retention is through the roof, so it's fun to meld the folks that have been doing things for over 10, 15 years, to see what the folks have new ideas about how to leverage data. The thing I can underscore is it's business and technology, and I think the new grads get that really, really well in terms of data. To them, data's not something that's stored somewhere in the cloud or in a box. It's something that's practically applied for business outcomes, and I think they get that right out of school, and I think they're getting that message loud and clear. Lot of hybrid programs. We do hire direct from college, but we also hire experienced hires. And we look for people that have had degrees that are balanced. So the traditional just CS-only degrees, still very relevant, but we're seeing a lot of people do hybrids because they know they want to understand supply chain along with CS and data. And there are programs around just data, how organizations can really capitalize on that. >> And also we're hearing, too, that having domain expertise is actually just as important as having the coding skills because you got to know what an outcome looks like before you collect the data. You got to know what checkmate is if you're going to play chess. That's the old expression, right? >> I think people with the domain, both the hybrid experience or expertise, are more valuable to the company because maybe from the product perspective, from building products, you could be just a scientist, code the code. But when you come to Honeywell, for example, we want you to be able to understand, think about materials. Want you to be able to understand what are the products, what are the materials that we use. What are the inputs that we have to put into these products? Now a simple thing like a data scientist deciding what the right correct value of what an attribute should be, that's not something that because you know code you can determine. You have to understand the domain, the domain you're dealing with. You have to understand the context. So that comes, the question of context management, understanding the context and bringing it together. That is a big challenge, and I can tell you that's a big gap there. >> Big gap indeed, and understand the business and the data too. >> Yes. >> Charles, Randy, thank you both so much for coming on theCUBE. It's been a great conversation. >> Thank you. >> Thank you. >> I'm Rebecca Knight for John Furrier. You are watching theCUBE. (funky techno music)

(upbeat music) >> Live from San Francisco it's theCUBE, covering RSA Conference 2019. Brought to you by Forescout. >> Hey welcome back everybody Jeff Frick here with theCUBE, we're at the RSA Conference in Moscone in San Francisco, they finally got the conversion done it looks beautiful, it's keeping the atmospheric river out (laughs) it didn't do that last week, but that's a different story for another day. We're excited to have our very next guest he's Joe Cardamone, he's the Senior Information & Security Analyst and North America Privacy Officer for Haworth. Joe great to meet you. >> Thank you, thanks for having me. >> So for the people that don't know Haworth, give us kind of the quick overview on Haworth. >> Well Haworth is a global leader in commercial office interiors. They create seating, desks, dynamic work spaces, raise floors and movable walls. >> Okay, so really outfitting beyond the shell when people move into a space. >> That's correct. >> So what are your security, that sounds like, like mobile walls and desks and the like, what are some of the security issues that you have to deal with? >> Well obviously intellectual property is a big concern, protection of our, we call our employees members. So the protection of our employee member data is important to us, customer data, supplier data, so protection of those key data elements and our assets is a priority in my role. >> Okay, so we're in a Forescout booth, you're using their solution, you come in and Mike tells us you're connected to the network, it crawls out and tells us all the devices. How did that go? How well did it work for you guys? >> It was a fantastic experience for us to be honest with you. From the point that we deployed the ISO onto a virtual instance, about seven hours later we had gotten 97% visibility on our network. And not just data, actionable data which was really important in our use case, >> Yeah keep going, So, well I was just going to say how many surprises did you get after those hours when you got to report back? >> Oh we had quite a number. We were anticipating about 8,000 IPs we landed at about 13,000, so there was quite a bit more end points that we discovered, after implementing the product. One of the bigger pieces that we found was that our showrooms out in global sectors like Asia and Europe, had a bunch of APs that were stood up, you know some sales people thought that they wanted to plug them into a network jack and stand up their own wireless networks, we had found them and we were able to squash them pretty quickly, and that was within 24 hours of implementing the product. >> So you're expecting 8,000 you got 13,000 more than a 50% increase over what you thought? >> Quick math, correct, yes. >> I'm no quick and dirty math guy. I'm not a data scientist. >> I'm not either. >> Okay, so and then how many things did you have that were custom that needed to be added to the library? >> I'm going to say about 10 or 15 units, we have some that we produce. Haworth creates a unit called the Workwear unit which is a screen presentation casting device, and what that device does, it sits on our production network and in order for us to be able to demo that device we had to punch holes in our firewall. Very manual process, those devices move around very often and it was really hard for our IT teams to keep up with. How those devices move, how dynamic they are and you know code revisions, we're living showrooms so nothing stays in one spot at one time. The Forescout was able to very easily identify them using a couple of pieces of information that it gathered, and by using the Palo Alto Networks plugin, we were able to then dynamically punch holes through our firewall to our guest network for just those IPs, in just those services, and just those ports to enable our guests coming in who are looking to purchase the product to actually test drive it, and really have a good use with the product before purchasing it. >> So the guests that you're talking about are your customers, right? >> Our customers, correct yes. >> And when you say they wanted to test drive it, were they, do you let them go test drive it at their local office? Or are you let them drive their own content on it back at your like, executive briefing center? >> How does that mean, cause you're talking about punching a holes, right so that doesn't just happen without some thought. >> No it doesn't, exactly, and the thought was we can't sell a product if we can't demo it, and you come into Haworth, you're my guest. I want you to see the power of my product. I want you to use your laptop, your content on my screens and my space. How can we do that while protecting my digital network? And that's what the Forescout enables us to be able to do as part of our microsegmentation strategy with the Forescout. >> And then you said that that was tied to sub-functionality in a Palo Alto Networks device. >> That's correct. Like I mentioned earlier, the ability to have actionable data was one of our key points in purchasing employing the Forescout unit. We're experiencing a lot of growth, and the way we're treating our growth is, we're treating these companies like they are BYOD. We want, we're buying their brand, we're buying their ability to sell their product. They know their product, they have passion about their product. >> So these are new product lines within your guys total offering? >> Correct, yes. >> Okay. >> And what we wanted to do when we started to integrate the IT side of the world, we wanted to be able to keep them operating on their own. So, we're using the Forescout to be able to look into their network, and looking at a couple of key variables on their machines, say, do you meet this criteria? If you do then we're going to allow you to egress through our Palo Alto firewall using the Palo Alto Networks module on the Forescout, to be able to egress into our environment. If you don't meet that criteria, then you're just not getting in period. So we're able to provide a measure of control, trust but verify to the other networks that we have before their devices come into ours. >> So you're doing that you're adding all these, all these devices, you talk a lot about stuff that's actionable. What did you have before, or did you have anything before? What types of stuff that is actionable, how do you define actionable and I wonder if you could give a couple of examples. >> Sure that's actually really easy. When I say actionable data, I'm able to look at let's just say your laptop sitting here, with the Forescout, I can gather any multitude of data off of it, patch levels, OS levels, software installed, processes running, what switch port you're on, what wireless AP you're on, and off of all that information, I can make any number of decisions. I could move you to another VLAN, I could move you to another security group, I can tag your machine, I can send a trap to my SIM, and be able to record whatever data I need to record. In our use case, using the data that we're gathering from the affiliate networks and from the work wears we're able to then take action to say, yes this device meets our criteria, we can now send that data up into the Palo Alto and then tie it to a rule that exists to allow or disallow traffic. You know, with the fact that it's a single pane of glass, the fact that I can have my help desk go in and make decisions based on data that they're getting, based on actionable data, based on other pieces of data that are getting fed in through my environment, like indicators of compromise. I can enable my level one staff to be able to make level three decisions without giving them keys to the kingdom. Which I think is a big value with the Forescout. >> That's pretty impressive, cause that really helps you leverage your resources in a major major way. >> Correct, I'm a team of three. >> You're a team of three. >> Yes. >> (laughs) So more specifically I guess generally you know, talk about the role of automation because I don't know how many transactions are going through your system and how many pings are coming in but you said 13,000 devices just on the initial, on the initial ping, so how are you leveraging automation? What what's kind of the future do you see in terms of AI, machine learning and all these things we hear about because you can't hire you're way out of the problem, you've only got three people. >> Correct, correct right now we have limited staff but our skill set's fantastic. I'm blessed to have a team of really fantastic engineers that I work with. That being said, how the Forescout's helped us is being able to take some of the load off of them by automating tasks and some of that might be we have a machine that is not patched. We can identify that machine, put it into a group. Our servers are actually being patched by the Forescout right now, we're using that as a way to identify vulnerabilities, missing patches and then stage them into groups using the policies within the Forescout to be able to push down patches and you mentioned earlier one of the products that we had they gave us this visibility. We didn't really have anything. We had Forescout a number of years ago but we had some administration changes and we revamped our entire tool set. We came back and repurchased and re put in the Forescout in 2015, and that's where we've really been able to develop our current use cases and the strength behind the Forescout implementation that we have now. >> Right. And I'm just curious before we close are you, are you putting more IP connectivity on all of your kind of core SKUs? Are you seeing a potential benefit to put an IP address on a, on a wall, on a cube, on a desk, on all that stuff? How do you kind of see that evolving? >> I honestly see IoT being, you know, it's evolving very quickly obviously. We've got, we have IP addresses on our window blinds, you know. >> On your window blinds. >> Yeah, on our window blinds, so that they can control the amount of sunlight coming and we're LEED certified building. So we have all of these different IoT devices that control sunlight, control climate control in the building and obviously our production facilities have a lot of IoT devices as well and the Forescout helps us to be able to segment them into the correct VLANs, apply virtual firewalls, apply different changes to their own network. It gives us a lot of visibility and gives us a lot of control because of the granularity that it just natively collects. >> Right right. Well Joe, it's such a cool story you know. IP on shades that's my, that's my lesson of the day. (laughs) That it just shows that there's just so many opportunities to leverage this new technology in a very special way, but the complexity grows even faster right? >> It certainly does. >> Alright well thanks for taking a few minutes and I really enjoyed it. >> Awesome. >> Alright he's Joe, I'm Jeff, you're watching theCUBE. We're in the Forescout booth at RSA North America in Moscone Center thanks for watching we'll see you next time. (upbeat music)