>>Hey everybody. Welcome back. Good afternoon. Lisa Martin here with John Feer live in Detroit, Michigan. We are at Coon Cloud Native Con 2020s North America. John Thank is who. This is nearing the end of our second day of coverage and one of the things that has been breaking all day on this show is news. News. We have more news to >>Break next. Yeah, this next segment is a company we've been following. They got some news we're gonna get into. Managing Kubernetes life cycle has been a huge challenge when you've got large organizations, whether you're spinning up and scaling scale is the big story. Kubernetes is the center of the conversation. This next segment's gonna be great. It >>Is. We've got two guests from Specter Cloud here. Please welcome. It's CEO Chenery Fu and co-founder and it's c g a co-founder Sta Mallek. Guys, great to have you on the program. Thank >>You for having us. My pleasure. >>So Timary, what's going on? What's the big news? >>Yeah, so we just announced our Palace three this morning. So we add a bunch, a new functionality. So first of all we have a Nest cluster. So enable enterprise to easily provide Kubernete service even on top of their existing clusters. And secondly, we also support seamlessly migration for their existing cluster. We enable them to be able to migrate their cluster into our CNC for upstream Kubernete distro called Pallet extended Kubernetes, GX K without any downtime. And lastly, we also add a lot of focus on developer experience. Those additional capability enable developer to easily onboard and and deploy the application for. They have test and troubleshooting without, they have to have a steep Kubernetes lending curve. >>So big breaking news this morning, pallet 3.0. So you got the, you got the product. This is a big theme here. Developer productivity, ease of use is the top story here. As developers are gonna increase their code velocity cuz they're under a lot of pressure. This infrastructure's getting smarter. This is a big part of managing it. So the toil is now moving to the ops. Steves are now dev teams. Security, you gotta enable faster deployment of apps and code. This is what you guys solve while you getting this right. Is that, take us through that specific value proposition. What's the, what are the key things on in this news release? Yeah, >>You're exactly right. Right. So we basically provide our solution to platform engineering ship so that they can use our platform to enable Kubernetes service to serve their developers and their application ship. And then in the meantime, the developers will be able to easily use Kubernetes or without, They have to learn a lot of what Kubernetes specific things like. So maybe you can get in some >>Detail. Yeah. And absolutely the detail about it is there's a big separation between what operations team does and the development teams that are using the actual capabilities. The development teams don't necessarily to know the internals of Kubernetes. There's so much complexity when it comes, comes into it. How do I do things like deployment pause manifests just too much. So what our platform does, it makes it really simple for them to say, I have a containerized application, I wanna be able to model it. It's a really simple profile and from there, being able to say, I have a database service. I wanna attach to it. I have a specific service. Go run it behind the scenes. Does it run inside of a Nest cluster? Which we'll talk into a little bit. Does it run into a host cluster? Those are happen transparently for >>The developer. You know what I love about this? What you guys are doing in the news, it really points out what I love about DevOps. Because cloud, let's face a cloud early adopters, we're all the hardcore cloud folks as it goes mainstream. With Kubernetes, you start to see like words like platform engineering. I mean I love that term. That means as a platform, it's been around for a while. For people who are building their own stuff, that means it's gonna scale and enable people to enable value, build on top of it, move faster. This platform engineering is becoming now standard in enterprises. It wasn't like that before. What's your eyes reactions that, How do you see that evolving faster? Or do you believe that or what's your take on >>It? Yeah, so I think it's starting from the DevOps op team, right? That every application team, they all try to deploy and manage their application under their own ING infrastructure. But very soon all these each application team, they start realize they have to repeatedly do the same thing. So these will need to have a platform engineering team to basically bring some of common practice to >>That. >>And some people call them SREs like and that's really platform >>Engineering. It is, it is. I mean, you think about like Esther ability to deploy your applications at scale and monitoring and observability. I think what platform engineering does is codify all those best practices. Everything when it comes about how you monitor the actual applications. How do you do c i CD your backups? Instead of not having every single individual development team figuring how to do it themselves. Platform engineer is saying, why don't we actually build policy that we can provide as a service to different development teams so that they can operate their own applications at scale. >>So launching Pellet 3.0 today, you also had a launch in September, so just a few weeks ago. Talk about what these two announcements mean from Specter Cloud's perspective in terms of proof points, what you're delivering to the end users and the value that they're getting from that. >>Yeah, so our goal is really to help enterprise to deploy and around Kubernetes anywhere, right? Whether it's in cloud data center or even at Edge locations. So in September we also announce our HV two capabilities, which enable very easy deployment of Edge Kubernetes, right at at at any any location, like a retail stores restaurant, so on and so forth. So as you know, at Edge location, there's no cloud endpoint there. It's not easy to directly deploy and manage Kubernetes. And also at Edge location there's not, it's not as secure as as cloud or data center environment. So how to make the end to end system more secure, right? That it's temper proof, that is also very, very important. >>Right. Great, great take there. Thanks for explaining that. I gotta ask cuz I'm curious, what's the secret sauce? Is it nested clusters? What's, what's the core under the hood here on 3.0 that people should know about it's news? It's what's, what's the, what's that post important >>To? To be honest, it's about enabling developer velocity. Now how do you enable developer velocity? It's gonna be able for them to think about deploying applications without worrying about Kubernetes being able to build this application profiles. This NEA cluster that we're talking about enables them, they get access to it in complete cluster within seconds. They're essentially having access to be able to add any operations, any capabilities without having the ability to provision a cluster on inside of infrastructure. Whether it's Amazon, Google, or OnPrem. >>So, and you get the dev engine too, right? That that, that's a self-service provisioning in for environments. Is that, Yeah, >>So the dev engine itself are the capabilities that we offer to developers so that they can build these application profiles. What the application profiles, again they define aspects about, my application is gonna be a container, it's gonna be a database service, it's gonna be a helm chart. They define that entire structure inside of it. From there they can choose to say, I wanna deploy this. The target environment, whether it becomes an actual host cluster or a cluster itself is irrelevant to them. For them it's complete transparent. >>So transparency, enabling developer velocity. What's been some of the feedback so far? >>Oh, all developer love that. And also same for all >>The ops team. If it's easy and goods faster and the steps >>Win-win team. Yeah, Ops team, they need a consistency. They need a governance, they need visibility, but in the meantime, developers, they need the flexibility then theys or without a steep learning curve. So this really, >>So So I hear a lot of people say, I got a lot of sprawl, cluster sprawl. Yeah, let's get outta hand does, let's solve that. How do you guys solve that problem? Yeah, >>So the Neste cluster is a profit answer for that. So before you nest cluster, for a lot of enterprise to serving developers, they have to either create a very large TED cluster and then isolated by namespace, which not ideal for a lot of situation because name stay namespace is not a hard isolation and also a lot of global resource like CID and operator does not work in space. But the other way is you give each developer a separate, a separate ADE cluster, but that very quickly become too costly. Cause not every developer is working for four, seven, and half of the time your, your cluster is is a sit there idol and that costs a lot of money. So you cluster, you'll be able to basically do all these inside the your wholesale cluster, bring the >>Efficiency there. That is huge. Yeah. Saves a lot of time. Reduces the steps it takes. So I take, take a minute, my last question to you to explain what's in it for the developer, if they work with Spec Cloud, what is your value? What's the pitch? Not the sales pitch, but like what's the value pitch that >>You give them? Yeah, yeah. And the value for us is again, develop their number of different services and teams people are using today are so many, there are so many different languages or so many different libraries there so many different capabilities. It's too hard for developers to have to understand not only the internal development tools, but also the Kubernetes, the containers of technologies. There's too much for it. Our value prop is making it really easy for them to get access to all these different integrations and tooling without having to learn it. Right? And then being able to very easily say, I wanna deploy this into a cluster. Again, whether it's a Nest cluster or a host cluster. But the next layer on top of that is how do we also share those abilities with other teams. If I build my application profile, I'm developing an application, I should be able to share it with my team members. But Henry saying, Hey Tanner, why don't you also take a look at my app profile and let's build and collaborate together on that. So it's about collaboration and be able to move >>Really fast. I mean, more develops gotta be more productive. That's number one. Number one hit here. Great job. >>Exactly. Last question before we run out Time. Is this ga now? Can folks get their hands on it where >>Yes. Yeah. It is GA and available both as a, as a SaaS and also the store. >>Awesome guys, thank you so much for joining us. Congratulations on the announcement and the momentum that Specter Cloud is empowering itself with. We appreciate your insights on your time. >>Thank you. Thank you so much. Right, pleasure. >>Thanks for having us. For our guest and John Furrier, Lisa Martin here live in Michigan at Co con Cloud native PON 22. Our next guests join us in just a minute. So stick around.

>>Welcome back everyone, to the special presentation of Cloud Native at scale, the Cube and Platform nine special presentation going in and digging into the next generation super cloud infrastructure as code and the future of application development. We're here with Bickley, who's the chief architect and co-founder of Platform nine Pick. Great to see you Cube alumni. We, we met at an OpenStack event in about eight years ago, or later, earlier when OpenStack was going. Great to see you and great to see congratulations on the success of Platform nine. Thank >>You very much. >>Yeah. You guys have been at this for a while and this is really the, the, the year we're seeing the, the crossover of Kubernetes because of what happens with containers. Everyone now has realized, and you've seen what Docker's doing with the new docker, the open source Docker now just a success Exactly. Of containerization. Right? And now the Kubernetes layer that we've been working on for years is coming, Bearing fruit. This is huge. >>Exactly, Yes. >>And so as infrastructure, as code comes in, we talked to Bacar, talking about Super Cloud. I met her about, you know, the new Arlon, our, our lawn you guys just launched, the infrastructure's code is going to another level, and then it's always been DevOps infrastructure is code. That's been the ethos that's been like from day one, developers just code. Then you saw the rise of serverless and you see now multi-cloud or on the horizon. Connect the dots for us. What is the state of infrastructures code today? >>So I think, I think I'm, I'm glad you mentioned it. Everybody or most people know about infrastructures code, but with Kubernetes, I think that project has evolved at the concept even further. And these dates, it's infrastructure is configuration, right? So, which is an evolution of infrastructure as code. So instead of telling the system, here's how I want my infrastructure by telling it, you know, do step A, B, C, and D. Instead, with Kubernetes, you can describe your desired state declaratively using things called manifest resources. And then the system kind of magically figures it out and tries to converge the state towards the one that you specify. So I think it's, it's a even better version of infrastructures code. Yeah, >>Yeah. And, and that really means it's developer just accessing resources. Okay. That declare, Okay, give me some compute, stand me up some, turn the lights on, turn 'em off, turn 'em on. That's kind of where we see this going. And I like the configuration piece. Some people say composability, I mean now with open source, so popular, you don't have to have to write a lot of code, this code being developed. And so it's into integrations, configuration. These are areas that we're starting to see computer science principles around automation, machine learning, assisting open source. Cuz you've got a lot of code that's right in hearing software, supply chain issues. So infrastructure as code has to factor in these new, new dynamics. Can you share your opinion on these new dynamics of, as open source grows, the glue layers, the configurations, the integration, what are the core issues? >>I think one of the major core issues is with all that power comes complexity, right? So, you know, despite its expressive power systems like Kubernetes and declarative APIs let you express a lot of complicated and complex stacks, right? But you're dealing with hundreds if not thousands of these yamo files or resources. And so I think, you know, the emergence of systems and layers to help you manage that complexity is becoming a key challenge and opportunity in, in this space. That's, >>I wrote a LinkedIn post today, it was comments about, you know, hey, enterprise is the new breed, the trend of SaaS companies moving our consumer comp consumer-like thinking into the enterprise has been happening for a long time, but now more than ever, you're seeing it the old way used to be solve complexity with more complexity and then lock the customer in. Now with open source, it's speed, simplification and integration, right? These are the new dynamic power dynamics for developers. Yeah. So as companies are starting to now deploy and look at Kubernetes, what are the things that need to be in place? Because you have some, I won't say technical debt, but maybe some shortcuts, some scripts here that make it look like infrastructure is code. People have done some things to simulate or or make infrastructure as code happen. Yes. But to do it at scale Yes. Is harder. What's your take on this? What's your >>View? It's hard because there's a per proliferation of methods, tools, technologies. So for example, today it's very common for DevOps and platform engineering tools, I mean, sorry, teams to have to deploy a large number of Kubernetes clusters, but then apply the applications and configurations on top of those clusters. And they're using a wide range of tools to do this, right? For example, maybe Ansible or Terraform or bash scripts to bring up the infrastructure and then the clusters. And then they may use a different set of tools such as Argo CD or other tools to apply configurations and applications on top of the clusters. So you have this sprawl of tools. You, you also have this sprawl of configurations and files because the more objects you're dealing with, the more resources you have to manage. And there's a risk of drift that people call that where, you know, you think you have things under control, but some people from various teams will make changes here and there and then before the end of the day systems break and you have no idea of tracking them. So I think there's real need to kind of unify, simplify, and try to solve these problems using a smaller, more unified set of tools and methodologies. And that's something that we tried to do with this new project. Arlon. >>Yeah. So, so we're gonna get into our line in a second. I wanna get into the why Arlon. You guys announced that at our GoCon, which was put on here in Silicon Valley at the, at the community invite in two where they had their own little day over there at their headquarters. But before we get there, vascar, your CEO came on and he talked about Super Cloud at our in AAL event. What's your definition of super cloud? If you had to kind of explain that to someone at a cocktail party or someone in the industry technical, how would you look at the super cloud trend that's emerging? It's become a thing. What's your, what would be your contribution to that definition or the narrative? >>Well, it's, it's, it's funny because I've actually heard of the term for the first time today, speaking to you earlier today. But I think based on what you said, I I already get kind of some of the, the gist and the, the main concepts. It seems like super cloud, the way I interpret that is, you know, clouds and infrastructure, programmable infrastructure, all of those things are becoming commodity in a way. And everyone's got their own flavor, but there's a real opportunity for people to solve real business problems by perhaps trying to abstract away, you know, all of those various implementations and then building better abstractions that are perhaps business or application specific to help companies and businesses solve real business problems. >>Yeah, I remember that's a great, great definition. I remember, not to date myself, but back in the old days, you know, IBM had a proprietary network operating system, so of deck for the mini computer vendors, deck net and SNA respectively. But T C P I P came out of the osi, the open systems interconnect and remember, ethernet beat token ring out. So not to get all nerdy for all the young kids out there, look, just look up token ring, you'll see, you've probably never heard of it. It's IBM's, you know, connection to the internet at the, the layer too is Amazon, the ethernet, right? So if T C P I P could be the Kubernetes and the container abstraction that made the industry completely change at that point in history. So at every major inflection point where there's been serious industry change and wealth creation and business value, there's been an abstraction Yes. Somewhere. Yes. What's your reaction to that? >>I think this is, I think a saying that's been heard many times in this industry and, and I forgot who originated it, but I think the saying goes like, there's no problem that can't be solved with another layer of indirection, right? And we've seen this over and over and over again where Amazon and its peers have inserted this layer that has simplified, you know, computing and, and infrastructure management. And I believe this trend is going to continue, right? The next set of problems are going to be solved with these insertions of additional abstraction layers. I think that that's really a, yeah, it's gonna continue. >>It's interesting. I just, when I wrote another post today on LinkedIn called the Silicon Wars AMD stock is down arm has been on a rise. We've remember pointing for many years now, that arm's gonna be hugely, it has become true. If you look at the success of the infrastructure as a serviced layer across the clouds, Azure, aws, Amazon's clearly way ahead of everybody. The stuff that they're doing with the silicon and the physics and the, the atoms, the pro, you know, this is where the innovation, they're going so deep and so strong at ISAs, the more that they get that gets come on, they have more performance. So if you're an app developer, wouldn't you want the best performance and you'd want to have the best abstraction layer that gives you the most ability to do infrastructures, code or infrastructure for configuration, for provisioning, for managing services. And you're seeing that today with service MeSHs, a lot of action going on in the service mesh area in in this community of, of co con, which we will be covering. So that brings up the whole what's next? You guys just announced Arlon at ar GoCon, which came out of Intuit. We've had Mariana Tessel at our super cloud event. She's the cto, you know, they're all in the cloud. So they contributed that project. Where did Arlon come from? What was the origination? What's the purpose? Why arlon, why this announcement? Yeah, >>So the, the inception of the project, this was the result of us realizing that problem that we spoke about earlier, which is complexity, right? With all of this, these clouds, these infrastructure, all the variations around and, you know, compute storage networks and the proliferation of tools we talked about the Ansibles and Terraforms and Kubernetes itself, you can think of that as another tool, right? We saw a need to solve that complexity problem, and especially for people and users who use Kubernetes at scale. So when you have, you know, hundreds of clusters, thousands of applications, thousands of users spread out over many, many locations, there, there needs to be a system that helps simplify that management, right? So that means fewer tools, more expressive ways of describing the state that you want and more consistency. And, and that's why, you know, we built our lawn and we built it recognizing that many of these problems or sub problems have already been solved. So Arlon doesn't try to reinvent the wheel, it instead rests on the shoulders of several giants, right? So for example, Kubernetes is one building block, GI ops, and Argo CD is another one, which provides a very structured way of applying configuration. And then we have projects like cluster API and cross plane, which provide APIs for describing infrastructure. So arlon takes all of those building blocks and builds a thin layer, which gives users a very expressive way of defining configuration and desired state. So that's, that's kind of the inception of, >>And what's the benefit of that? What does that give the, what does that give the developer, the user, in this case, >>The developers, the, the platform engineer, team members, the DevOps engineers, they get a a ways to provision not just infrastructure and clusters, but also applications and configurations. They get a way, a system for provisioning, configuring, deploying, and doing life cycle management in a, in a much simpler way. Okay. Especially as I said, if you're dealing with a large number of applications. >>So it's like an operating fabric, if you will. Yes. For them. Okay, so let's get into what that means for up above and below the, the, this abstraction or thin layer below as the infrastructure. We talked a lot about what's going on below that. Yeah. Above our workloads. At the end of the day, you, I talk to CXOs and IT folks that, that are now DevOps engineers. They care about the workloads and they want the infrastructure's code to work. They wanna spend their time getting in the weeds, figuring out what happened when someone made a push that that happened or something happened to need observability and they need to, to know that it's working. That's right. And here's my workloads running effectively. So how do you guys look at the workload side of it? Cuz now you have multiple workloads on these fabric, right? >>So workloads, so Kubernetes has defined kind of a standard way to describe workloads and you can, you know, tell Kubernetes, I wanna run this container this particular way, or you can use other projects that are in the Kubernetes cloud native ecosystem, like K native, where you can express your application in more at a higher level, right? But what's also happening is in addition to the workloads, DevOps and platform engineering teams, they need to very often deploy the applications with the clusters themselves. Clusters are becoming this commodity. It's, it's becoming this host for the application and it kind of comes bundled with it. In many cases it is like an appliance, right? So DevOps teams have to provision clusters at a really incredible rate and they need to tear them down. Clusters are becoming more, >>It's coming like an EC two instance, spin up a cluster. We very, people used words like that. >>That's right. And before arlon you kind of had to do all of that using a different set of tools as, as I explained. So with Arlon you can kind of express everything together. You can say I want a cluster with a health monitoring stack and a logging stack and this ingress controller and I want these applications and these security policies. You can describe all of that using something we call a profile. And then you can stamp out your app, your applications and your clusters and manage them in a very, >>So essentially standard like creates a mechanism. Exactly. Standardized, declarative kind of configurations. And it's like a playbook, deploy it. Now what there between say a script like I'm, I have scripts, I can just automate scripts >>Or yes, this is where that declarative API and infrastructures configuration comes in, right? Because scripts, yes you can automate scripts, but the order in which they run matters, right? They can break, things can break in the middle and, and sometimes you need to debug them. Whereas the declarative way is much more expressive and powerful. You just tell the system what you want and then the system kind of figures it out. And there are these things got controllers which will in the background reconcile all the state to converge towards your desire. It's a much more powerful, expressive and reliable way of getting things done. >>So infrastructure has configuration is built kind of on it's super set of infrastructures code because it's >>An evolution. >>You need edge re's code, but then you can configure the code by just saying do it. You basically declaring it's saying Go, go do that. That's right. Okay, so, alright, so cloud native at scale, take me through your vision of what that means. Someone says, Hey, what does cloud native at scale mean? What's success look like? How does it roll out in the future as you, not future next couple years. I mean people are now starting to figure out, okay, it's not as easy as it sounds. Kubernetes has value. We're gonna hear this year coan a lot of this. What does cloud native at scale mean? >>Yeah, there are different interpretations, but if you ask me, when people think of scale, they think of a large number of deployments, right? Geographies, many, you know, supporting thousands or tens or millions of, of users there, there's that aspect to scale. There's also an equally important a aspect of scale, which is also something that we try to address with Arran. And that is just complexity for the people operating this or configuring this, right? So in order to describe that desired state, and in order to perform things like maybe upgrades or updates on a very large scale, you want the humans behind that to be able to express and direct the system to do that in, in relatively simple terms, right? And so we want the tools and the abstractions and the mechanisms available to the user to be as powerful but as simple as possible. So there's, I think there's gonna be a number and there have been a number of CNCF and cloud native projects that are trying to attack that complexity problem as well. And Arlon kind of falls in in that >>Category. Okay, so I'll put you on the spot. Rogue got Coan coming up and obviously this'll be shipping this segment series out before. What do you expect to see at this year? What's the big story this year? What's the, what's the most important thing happening? Is it in the open source community and also within a lot of the, the people jogging for leadership. I know there's a lot of projects and still there's some white space in the overall systems map about the different areas get run time, there's ability in all these different areas. What's the, where's the action? Where, where's the smoke? Where's the fire? Where's the piece? Where's the tension? >>Yeah, so I think one thing that has been happening over the past couple of cub cons and I expect to continue and, and that is the, the word on the street is Kubernetes is getting boring, right? Which is good, right? >>Boring means simple. >>Well, >>Well maybe, >>Yeah, >>Invisible, >>No drama, right? So, so the, the rate of change of the Kubernetes features and, and all that has slowed, but in, in a, in a positive way. But there's still a general sentiment and feeling that there's just too much stuff. If you look at a stack necessary for hosting applications based on Kubernetes, there are just still too many moving parts, too many components, right? Too much complexity. I go, I keep going back to the complexity problem. So I expect Cube Con and all the vendors and the players and the startups and the people there to continue to focus on that complexity problem and introduce further simplifications to, to the stack. >>Yeah. Vic, you've had an storied career, VMware over decades with them, obviously in 12 years with 14 years or something like that. Big number co-founder here at Platform now you's been around for a while at this game. We, man, we talked about OpenStack, that project you, we interviewed at one of their events. So OpenStack was the beginning of that, this new revolution. I remember the early days it was, it wasn't supposed to be an alternative to Amazon, but it was a way to do more cloud cloud native. I think we had a cloud a Rod team at that time. We would joke we, you know, about, about the dream. It's happening now, now at Platform nine. You guys have been doing this for a while. What's the, what are you most excited about as the chief architect? What did you guys double down on? What did you guys pivot from or two, did you do any pivots? Did you extend out certain areas? Cuz you guys are in a good position right now, a lot of DNA in Cloud native. What are you most excited about and what does Platform Nine bring to the table for customers and for people in the industry watching this? >>Yeah, so I think our mission really hasn't changed over the years, right? It's been always about taking complex open source software because open source software, it's powerful. It solves new problems, you know, every year and you have new things coming out all the time, right? Open Stack was an example where the Kubernetes took the world by storm. But there's always that complexity of, you know, just configuring it, deploying it, running it, operating it. And our mission has always been that we will take all that complexity and just make it, you know, easy for users to consume regardless of the technology, right? So the successor to Kubernetes, you know, I don't have a crystal ball, but you know, you have some indications that people are coming up of new and simpler ways of running applications. There are many projects around there who knows what's coming next year or the year after that. But platform will, a, platform nine will be there and we will, you know, take the innovations from the, the, the community. We will contribute our own innovations and make all of those things very consumable to customers. >>Simpler, faster, cheaper. Exactly. Always a good business model technically to make that happen. Yes. Yeah. I think the, the reigning in the chaos is key, you know, Now we have now visibility into the scale. Final question before we depart Yeah. On this segment, what is at scale, how many clusters do you see that would be a, a watermark for an at scale conversation around an enterprise? Is it workloads we're looking at or, or clusters? How would you Yeah, I would you describe that when people try to squint through and evaluate what's a scale, what's the at scale kind of threshold? >>Yeah. And, and the number of clusters doesn't tell the whole story because clusters can be small in terms of the number of nodes or they can be large. But roughly speaking when we say, you know, large scale cluster deployments, we're talking about maybe hundreds, two thousands. Yeah. >>And final final question, what's the role of the hyperscalers? You got AWS continuing to do well, but they got their core ias, they got a PAs, they're not too too much putting a SaaS out there. They have some SaaS apps, but mostly it's the ecosystem. They have marketplaces doing, doing over $2 billion billions of transactions a year. And, and it's just like, just sitting there. It hasn't really, they're now innovating on it, but that's gonna change ecosystems. What's the role the cloud play in the cloud Native at scale? >>The the hyper square? >>Yeah. Yeah. Abras, Azure, Google, >>You mean from a business perspective, they're, they have their own interests that, you know, that they're, they will keep catering to, They, they will continue to find ways to lock their users into their ecosystem of services and, and APIs. So I don't think that's gonna change, right? They're just gonna keep Well, >>They got great I performance, I mean from a, from a hardware standpoint, yes. That's gonna be key, right? >>Yes. I think the, the move from X 86 being the dominant way and platform to run workloads is changing, right? That, that, that, that, and I think the, the hyperscalers really want to be in the game in terms of, you know, the, the new risk and arm ecosystems and the >>Platforms. Yeah. Not joking aside, Paul Morritz, when he was the CEO of VMware, when he took over once said, I remember our first year doing the cube. Oh, the cloud is one big distributed computer. It's, it's hardware and you got software and you got middleware. And he kinda over, well he kind of tongue in cheek, but really you're talking about large compute and sets of services that is essentially a distributed computer. Yes, >>Exactly. >>It's, we're back in the same game. Thank you for coming on the segment. Appreciate your time. This is cloud native at scale special presentation with Platform nine. Really unpacking super cloud Arlon open source and how to run large scale applications on the cloud, Cloud native develop for developers. And John Feer with the cube. Thanks for Washington. We'll stay tuned for another great segment coming right up.

>>Hello, and welcome to the cubes presentation of the AWS startup showcase. This is season two, episode four, the ongoing series covering exciting startups from the AWS ecosystem to talk about cyber security. I'm your host, John feer. And today we're excited to join by a Mediatel Walker, CEO of Quin security and sub IER, vice president of product management of sequence security gentlemen, thanks for joining us today on this showcase. >>Thank you, John PRAs. >>So the title of this session is continuous API protection life cycle to discover, detect, and defend security. APIs are part of it. They're hardened, everyone's using them, but they're they're target for malicious behavior. This is the focus of this segment. You guys are in the leading edge of this. What are the biggest challenges for organizations right now in assessing their security risks? Because you're seeing APIs all over the place in the news, just even this week, Twitter had a whistleblower come out from the security group, talking about their security plans, misleading the FTC on the bots and some of the malicious behavior inside the API interface of Twitter. This is really a mainstream Washington post is reporting on it. New York times, all the global outlets are talking about this story. This is the risk. I mean, yeah, this is what you guys do protect against this. >>Yeah, this is absolutely top of mind for a lot of security folks today. So obviously in the media and the type of attack that that is being discussed with this whistleblower coming out is called reputation bombing. This is not new. This has been going on since I would say at least eight to 10 years where the, the bad actors are using bots or automation and ultimately using APIs on these large social media platforms, whether it's Facebook, whether it's Twitter or some other social media platform and messing with the reputation system of those large platforms. And what I mean by that is they will do fake likes, fake commenting, fake retweeting in the case of Twitter. And what that means is that things that are, should not be very popular, all of a sudden become popular. That that way they're able to influence things like elections, shopping habits, personnel. >>We, we work with similar profile companies and we see this all the time. We, we mostly work on some of the secondary platforms like dating and other sort of social media platforms around music sharing and things like video sharing. And we see this all the time. These, these bots are bad. Actors are using bots, but ultimately it's an API problem. It's not just a bot problem. And that's what we've been trying to sort of preach to the world, which is your bot problem is subset of your API security challenges that you deal as an organization. >>You know, IMIA, we talked about this in the past on a previous conversation, but this really is front and center mainstream for the whole world to see around the challenges. All companies face, every CSO, every CIO, every board member organizations out there looking at this security posture that spans not just information technology, but physical and now social engineering. You have all kinds of new payloads of malicious behavior that are being compromised through, through things like APIs. This is not just about CSO, chief information security officer. This is chief security officer issues. What's your reaction >>Very much so I think the, this is a security problem, but it's also a reputation problem. In some cases, it's a data governance problem. We work with several companies which have very restrictive data governance and data regulations or data residency regulations there to conform to those regulations. And they have to look at that. It's not just a CSO problem anymore. In case of the, the news of the day to day, this is a platform problem. This goes all the way to the, that time CTO of Twitter. And now the CEO of Twitter, who was in charge of dealing with these problems. We see as just to give you an example, we, we work, we work with a similar sort of social media platform that allows Oop based login to their platform that is using tokens. You can sort of sign in with Facebook, sign in with Twitter, sign in with Google. These are API keys that are generated and trusted by these social media platforms. When we saw that Facebook leaked about 50 million of these login credentials or API keys, this was about three, four years ago. I wrote a blog about it. We saw a huge spike in those API keys being used to log to other social media platforms. So although one social platform might be taking care of its, you know, API or what problem, if something else gets reached somewhere else, it has a cascading impact on a variety of platforms. >>You know, that's a really interesting dynamic. And if you think about just the token piece that you mentioned, that's kind of under the coverage, that's a technology challenge, but also you get in the business logic. So let's go back and, and unpack that, okay, they discontinue the tokens. Now they're being reused here. In the case of Twitter, I was talking to an executive here in Silicon valley and they said, yeah, it's a cautionary tale, for sure. Although Twitter's a unique situation, but they abstract out the business value and say, Hey, they had an M and a deal on the table. And so if someone wants to unwind that deal, all I gotta say is, Hey, there's a bot problem. And now you have essentially new kinds of risk in the business have nothing to do with some sign the technology, okay. They got a security breach, but here with Twitter, you have an, an, an M and a deal, an acquisition that's being contested because of the, the APIs. So, so if you're in business, you gotta think to yourself, what am I risking with my API? So every organization should be assessing their security risks, tied to their APIs. This is a huge awakening for them. Where should they start? And that's the, that's the core question. Okay. You got my attention risks with the API. What do I do? >>So when I talked to you in my previous interview, the start is basically knowing what to, in most cases, you see these that are hitting the wire much. Every now there is a major in cases you'll find these APIs are targeted, that are not poorly protected. They're absolutely just not protected at all, which means the security team or any sort of team that is responsible for protecting these APIs are just completely unaware of these APIs being there in the first place. And this is where we talk about the shadow it or shadow API problem. Large enterprises have teams that are geo distributed, and this problem is escalated after the pandemic even more because now you have teams that are completely distributed. They do M and a. So they acquire new companies and have no visibility into their API or security practices. And so there are a lot of driving factors why these APIs are just not protected and, and just unknown even more to the security team. So the first step has to be discover your API attack surface, and then prioritize which APIs you wanna target in terms of runtime protection. >>Yeah. I wanna dig into that API kind of attack surface area management, runtime monitoring capability in a second, but so I wanna get you in here too, because we're talking about APIs, we're talking about attacks. What does an API attack look like? >>Yeah, that's a very good question, John, there are really two different forms of attacks of APIs, one type of attack, exploits, APIs that have known vulnerabilities or some form of vulnerabilities. For instance, APIs that may use a weak form of authentication or are really built with no authentication at all, or have some sort of vulnerability that makes them very good targets for an attacker to target. And the second form of attack is a more subtle one. It's called business logic abuse. It's, it's utilizing APIs in completely legitimate manner manners, but exploiting those APIs to exfiltrate information or key sensitive information that was probably not thought through by the developer or the designers or those APIs. And really when we do API protection, we really need to be able to handle both of those scenarios, protect against abuse of APIs, such as broken authentication, or broken object level authorization APIs with that problem, as well as protecting APIs from business logic abuse. And that's really how we, you know, differentiate against other vendors in this >>Market. So just what are the, those key differentiated ways to identify the, in the malicious intents with APIs? Can you, can you just summarize that real quick, the three ways? >>Sure. Yeah, absolutely. There are three key ways that we differentiate against our competition. One is in the, we have built out a, in the ability to actually detect such traffic. We have built out a very sophisticated threat intelligence network built over the entire lifetime of the company where we have very well curated information about malicious infrastructures, malicious operators around the world, including not just it address ranges, but also which infrastructures do they operate on and stuff like that, which actually helps a lot in, in many environments in especially B2C environments, that alone accounts for a lot of efficacy for us in detecting our weed out bad traffic. The second aspect is in analyzing the request that are coming in the API traffic that is coming in and from the request itself, being able to tell if there is credential abuse going on or credential stuffing going on or known patterns that the traffic is exhibiting, that looks like it is clearly trying to attack the attack, the APM. >>And the third one is, is really more sophisticated as they go farther and farther. It gets more sophisticated where sequence actually has a lot of machine learning models built in which actually profile the traffic that is coming in and separate. So the legitimate or learns the legitimate traffic from the anomalous or suspicious traffic. So as the traffic, as the API requests are coming in, it automatically can tell that this traffic does not look like legitimate traffic does not look like the traffic that this API typically gets and automatically uses that to figure out, okay, where is this traffic coming from? And automatically takes action to prevent that attack? >>You know, it's interesting APIs have been part of the goodness of cloud and cloud scale. And it reminds me of the old Andy Grove quote, founder of, in one of the founders of Intel, you know, let chaos, let, let the chaos happen, then reign it in it's APIs. You know, a lot of people have been creating them and you've got a lot of different stakeholders involved in creating them. And so now securing them and now manage them. So a lot of creation now you're starting to secure them and now you gotta manage 'em. This all is now big focus. As you pointed out, what are some of the dynamics that customers who have to deal with on the product side and, and organization, let, let chaos rain, and then rain in the chaos, as, as the saying goes, what, what do companies do? >>Yeah. Typically companies start off with like, like a mayor talked about earlier. Discovery is really the key thing to start with, like figuring out what your API attack surfaces and really getting your arms around that problem. And typically we are finding customers start that off from the security organization, the CSO organization to really go after that problem. And in some cases, in some customers, we even find like dedicated centers of excellence that are created for API security, which go after that problem to be able to get their arms around the whole API attack surface and the API protection problem statement. So that's where usually that problem starts to get addressed. >>I mean, organizations and your customers have to stop the attacks. A lot of different techniques, you know, run time. You mentioned that earlier, the surface area monitoring, what's the choice. What's the, where are, where are, where is everybody? Is everyone in the, in the boiling water, like the frog and boiling water or they do, they know it's happening? Like what did they do? What's their opportunity to get in >>Position? Yeah. So I, I think let's take a step back a little bit, right? What has happened is if you draw the cloud security market, if you will, right. Which is the journey to the cloud, the security of these applications or APIs at a container level, in terms of vulnerabilities and, and other things that market grew with the journey to the cloud, pretty much locked in lockstep. What has happened in the API side is the API space has kind of lacked behind the growth and explosion in the API space. So what that means is APIs are getting published way faster than the security teams are able to sort of control and secure them. APIs are getting published in environments that the security completely unaware of. We talked about in the past about the parameter, the parameter, as we know, it doesn't exist anymore. It used to be the case that you hit a CDN, you terminate your SSL, you stop your layer three and four DDoS. >>And then you go into the application and do the business logic. That parameter is just gone because it's now could be living in multi-cloud environment. It could be living in the on-prem environment, which is PubNet is friendly. And so security teams that are used to protecting apps, using a perimeter defense plus changes, it's gone. You need to figure out where your perimeter is. And therefore we sort of recommend an approach, which is have a uniform view across all your APIs, wherever they could be distributed and have a single point of control across those with a solution like sequence. And there are others also in this space, which is giving you that uniform view, which is first giving you that, you know, outside and looking view of what APIs to protect. And then let's, you sort of take the journey of securing the API life cycle. >>So I would say that every company now hear me out on this indulges me for a second. Every company in the world will be non perimeter based, except for maybe 5% because of maybe unique reason, proprietary lockdown, information, whatever. But for most, most companies, everyone will be in the cloud or some cloud native, non perimeter based security posture. So the question is, how does your platform fit into that trajectory? And specifically, why are you guys in the position in your mind to help customers solve this API problem? Because again, APIs have been the greatest thing about the cloud, right? Yeah. So the goodness is there because of APS. Now you gotta reign it in reign in the chaos. Yeah. What, what about your platform share? What is it, why is it win? Why should customers care about this? >>Absolutely. So if you think about it, you're right, the parameter doesn't exist. People have APIs deployed in multiple environments, multicloud hybrid, you name it sequence is uniquely positioned in a way that we can work with your environment. No matter what that environment is. We're the only player in this space that can protect your APIs purely as a SA solution or purely as an on-prem deployment. And that could be a SaaS platform. It doesn't need to be RackN, but we also support that and we could be a hybrid deployment. We have some deployments which are on your prem and the rest of this solution is in our SA. If you think about it, customers have secured their APIs with sequence with 15 minutes, you know, going live from zero to life and getting that protection instantaneously. We have customers that are processing a billion API calls per day, across variety of different cloud environments in sort of six different brands. And so that scale, that flexibility of where we can plug into your infrastructure or be completely off of your infrastructure is something unique to sequence that we offer that nobody else is offering >>Today. Okay. So I'll be, I'll be a naysayer. Yeah, look, it, we are perfectly coded APIs. We are the best in the business. We're locked down. Our APIs are as tight as a drum. Why do I need you? >>So that goes back to who's answer. Of course, >>Everyone's say that that's, that's great, but that's my argument. >>There are two types of API attacks. One is a tactic problem, which is exploiting a vulnerability in an API, right? So what you're saying is my APIs are secure. It does not have any vulnerability I've taken care of all vulnerabilities. The second type of attack that targets APIs is the business logic. Use this stuff in the news this week, which is the whistleblower problem, which is, if you think APIs that Twitter is publishing for users are perfectly secure. They are taking care of all the vulnerabilities and patching them when they find new ones. But it's the business logic of, you know, REWE liking or commenting that the bots are targeting, which they have no against. Right. And then none of the other social networks too. Yeah. So there are many examples. Uber wrote a program to impersonate users in different geo locations to find lifts, pricing, and driver information and passenger information, completely legitimate use of APIs for illegitimate, illegitimate purpose using bots. So you don't need bots by the way, don't, don't make this about bot versus not. Yeah. You can use APIs sort of for the, the purpose that they're not designed for sort of exploiting their business logic, either using a human interacting, a human farm, interacting with those APIs or a bot form targeting those APIs, I think. But that's the problem when you have, even when you've secured all your problem, all your APIs, you still have to worry about these of challenges. >>I think that's the big one. I think the business logic one, certainly the Twitter highlights that the Uber example is a good one. That is basically almost the, the backlash of having a simplistic API, which people design to. Right. Yeah. You know, as you point out, Twitter is very simple API, hardened, very strong security, but they're using it to maliciously manipulate what's inside. So in a way that perimeter's dead too. Right. So how do you stop that business logic? What's the, what's the solution what's the customer do about that? Because their goal is to create simple, scalable APIs. >>Yeah. I'll, I'll give you a little bit, and then I think Subaru should maybe go into a little bit of the depth of the problem, but what I think that the answer lies in what Subaru spoke earlier, which is our ML. AI is, is good at profiling plus split between the API users, are these legitimate users, humans versus bots. That's the first split we do. The split second split we do is even when these, these are classified users as bots, we will say there are some good bots that are necessary for the business and bad bots. So we are able to split this across three types of users, legitimate humans, good bots and bad bots. And just to give you an example of good bots is there are in the financial work, there are aggregators that are scraping your data and aggregating for end users to consume, right? Your, your, and other type of financial aggregators FinTech companies like MX. These are good bots and you wanna allow them to, you know, use your APIs, whereas you wanna stop the bad bots from using your APIs super, if you wanna add so, >>So good bots versus bad bots, that's the focus. Go ahead. Weigh in, weigh in on your thought on this >>Really breaks down into three key areas that we talk about here, sequence, right? One is you start by discovering all your APIs. How many APIs do I have in my environment that ly immediately highlight and say, Hey, you have, you know, 10,000 APIs. And that usually is an eye opener to many customers where they go, wow. I thought we had a 10th of that number. That usually is an eyeopener for them to, to at least know where they're at. The second thing is to tell them detection information. So discover, detect, and defend detect will tell them, Hey, your APIs are getting traffic from. So and so it addresses so and so infrastructure. So and so countries and so on that usually is another eye opener for them. They then get to see where their API traffic is coming from. Let's say, if you are a, if you're running a pizza delivery service out of California and your traffic is coming from Eastern Europe to go, wait a minute, nobody's trying, I'm not, I'm not, I don't deliver pizzas in Eastern Europe. Why am I getting traffic from that part of the world? So that sort of traffic immediately comes up and it will tell you that it is hitting your unauthenticated API. It is hitting your API. That has, that is vulnerable to a broken object level, that authorization, vulnerable be and so on. >>Yeah, I think, and >>Then comes the different aspect. Yeah. The different aspect is where you can take action and say, I wanna block certain types of traffic, or I wanna rate limit certain types of traffic. If, if you're seeing spikes there or you could maybe insert header so that it passes on to the end application and the application team can use that bit to essentially take a, a conscious response. And so, so the platform is very flexible in allowing them to take an action that suits their needs. >>Yeah. And I think this is the big trend. This is why I like what you guys are doing. One APIs we're built for the goodness of cloud. They're now the plumbing, you know, anytime you see plumbing involved, connection points, you know, that's pretty important. People are building it out and it has made the cloud what it is. Now, you got a security challenge. You gotta add more intelligence, more smarts to it. This is where I think platform versus tools matter. Can you guys just quickly share your thoughts on that? Cuz a lot of your customers and, and future customers have dealt with the sprawls of all these different tools. Right? I got a tool for this. I got a tool for that, but people are gravitating towards platforms, but how many platforms can a customer have? So again, this brings up the point point around how you guys are engaging with customers. Can you share your thoughts on tooling platforms? Your customers are constantly inundated with the same tsunami. Isn't new thing. Why, what, how should they look at this? >>Yeah, I mean, we don't wanna be, we don't wanna add to that alert fatigue problem that affects much of the cybersecurity industry by generating a whole bunch of alerts and so on. So what we do is we actually integrate very well with S IEM systems or so systems and allow customers to integrate the information that we are detecting or mitigating and feed them onto enterprise systems like a Splunk or a Datadog where they may have sophisticated processes built in to monitor, you know, spikes in anomalous traffic or actions that are taken by sequence. And that can be their dashboard where a whole bunch of alerting and reporting actually happens. So we play in the security ecosystem very well by integrating with other products and integrate very tightly with them, right outta the box. >>Okay. Mia, this is a wrap up now for the showcase. Really appreciate you guys sharing your awesome technology and very relevant product for your customers and where we are right now in this we call Supercloud or now multi-cloud or hybrid world of cloud. Share a, a little bit about the company, how people can get involved in your solution, how they can consume it and things they should know about, about sequence security. >>Yeah, we've been on this journey, an exciting journey it's been for, for about eight years. We have very large fortune 100 global 500 customers that use our platform on a daily basis. We have some amazing logos, both in Europe and, and, and in us customers are, this is basically not the shelf product customers not only use it, but depend on sequence. Several retailers. We are sitting in front of them handling, you know, black Friday, cyber, Monday, Christmas shopping, or any sort of holiday seasonality shopping. And we have handled that the journey starts by, by just simply looking at your API attack surface, just to a discover call with sequence, figure out where your APIs are posted work with you to prioritize how to protect them in a sort of a particular order and take the whole life cycle with sequence. This is, this is an exciting phase exciting sort of stage in the company's life. We just raised a very sort of large CDC round of funding in December from Menlo ventures. And we are excited to see, you know, what's next in, in, in the next, you know, 12 to 18 months. It certainly is the, you know, one of the top two or three items on the CSOs, you know, budget list for next year. So we are extremely busy, but we are looking for, for what the next 12 to 18 months are, are in store for us. >>Well, congratulations to all the success. So will you run the roadmap? You know, APIs are the plumbing. If you will, you know, they connection points, you know, you want to kind of keep 'em simple, as they say, keep the pipes dumb and make the intelligence around it. You seem to see more and more intelligence coming around, not just securing it, but does, where does this go in your mind? Where, where do we go beyond once we secure everything and manage it properly, APRs, aren't going away, they're only gonna get better and smarter. Where's the intelligence coming share a little bit. >>Absolutely. Yeah. I mean, there's not a dull moment in the space. As digital transformation happens to most enterprise systems, many applications are getting transformed. We are seeing an absolute explosion in the volume of APIs and the types of APIs as well. So the applications that were predominantly limited to data centers sort of deployments are now splintered across multiple different cloud environments are completely microservices based APIs, deep inside a Kubernetes cluster, for instance, and so on. So very exciting stuff in terms of proliferation of volume of APIs, as well as types of APIs, there's nature of APIs. And we are building very sophisticated machine learning models that can analyze traffic patterns of such APIs and automatically tell legitimate behavior from anomalous or suspicious behavior and so on. So very exciting sort of breadth of capabilities that we are looking at. >>Okay. I mean, yeah. I'll give you the final words since you're the CEO for the CSOs out there, the chief information security officers and the chief security officers, what do you want to tell them? If you could give them a quick shout out? What would you say to them? >>My shout out is just do an assessment with sequence. I think this is a repeating thing here, but really get to know your APIs first, before you decide what and where to protect them. That's the one simple thing I can mention for thes >>Am. Thank you so much for, for joining me today. Really appreciate it. >>Thank you. >>Thank you. Okay. That is the end of this segment of the eight of his startup showcase. Season two, episode four, I'm John for your host and we're here with sequin security. Thanks for watching.

>>Okay, welcome back everyone. This is the Cube's coverage here. Monaco took a trip all the way out here to cover the Monaco crypto summit. I'm John feer, host of the cube, a lot of action happening presented by digital bits and this ecosystem that's coming together, building on top of digital bits and other blockchains to bring value at the application. These new app, super apps are emerging. Almost every category's gonna be decentralized. This is our opinion and the world believes it. And they're here as well. We've got Oscar ballet CEO co-founder of Agora verse ago is a shopping metaverse coming out soon. We'll get the dates, Oscar. Welcome to the cube. >>Thank you very much for having me. >>We were just talking before you came on camera. You're a young gun, young entrepreneur. You're a gamer. Yeah, a little bit too old to miss the eSports windows. You said, you know, like 25. It's great until that's you missed the window. I wish I was 25 gaming the pandemic with remote work, big tailwind acceleration around the idea of this new digital VI virtual hybrid world. We're living in where people want to have experiences that are similar to physical and virtual. You're doing something really cool around shopping. Yeah. Take a explain. What's going on when the, I know it's not out yet. It's in preview. Yeah. Take a minute to explain. >>Absolutely. So a goers really is a way to create those online storefront environments, virtual environments that are really much inspired by video games in their usage and kind of how the experience goes forward. We want to recreate the brand's theme, aesthetic storytelling or the NFT project as well. All of that created in a virtual setting, which is way more interesting than looking at a traditional webpage. And also you can do some crazy stuff that you can't do in real life, in a real life store, you know, with some crazy effects and lighting and stuff. So it's, it's a whole new frontier that we are trying to cover. And we believe that there is a real use case for shopping centric S experiences and to actually make the S a bit more than a buzzword than that. It is at the moment. >>Okay. So a Agora is the shopping. Metaverse a Agora verse is the company name and product name. You're on the Solona blockchain. Got my notes here, but I gotta ask you, I mean, people are trying to do this right now. We see a lot of high end clients like Microsoft showroom, showroom vibes. Yeah. Not so much. E-commerce per se, but more like the big, I mean it's low hanging fruit. Yeah. How do you guys compare to some other apps out there? Other metaverses? >>I think compared to the bigger companies, we are way more flexible and we can act way more quickly than they can. They still have a lot of ground to cover. And a lot of convincing to do with their communities of users metaverse is not really the most popular topic at the moment. It's still very much kind of looked at as a trend, as something that is just passing and they have to deal with this community interaction that is not really favorable for them. There are other questions about the metaverse that are not being talked about as often, but the ecological costs, for example, of running a metaverse like Facebook envisions it, of running those virtual headsets, running those environments. It's very costy on, on, on the ecological side of things and it's not as often mentioned. And I think that's actually their biggest challenge. >>Can you get an example for folks that don't are in the weeds on that? What's the what's what do you mean by that? The cost of build the headsets? Is it the >>Servers? It's more of the servers, really? You need to run a lot of servers, which is really costly on the environment and environmental questions are at the center of public debates. Anyways, and companies have to play that game as well. So they will have to find kind of this balance between, well, building this cool metaverse, but doing it in an ecological friendly manner as well. I think that's their toughest challenge. >>And what's your solution just using the blockchain? Well, an answer to that, cause some people say, Hey, that's not that's, that's not. So eco-friendly either, >>That's part of it. And it's also part of why we're choosing an ecosystem such as Lana as a starter. It's not limited to only Salana, but Salala is, is known as a blockchain. That is very much ecological. Inclined transactions are less polluting. And definitely this problem is, is tackled in the fact that we are offering this product on a case by case scenario brands come to us, we build this environment and we run something that is proper to them. So the scale of it is also way less important that what Facebook is trying to build. >>Yeah. They're trying to build the all encompassing. Yeah. All singing old dancing, as we say system, and then they're not getting a lot of luck. They just got slammed dunked this week on the news, I saw the, you know, FTC moved against them on the acquisition of the exercise app. >>It's it's a tough, it's a tough battle for them. Let's say they >>Still have, they got a headwind. I wouldn't say tailwind. They broke democracy. So they gotta pay for it. Right. Exactly. I always say definitely revenge going on there. I'm not a big fan of what they did. The FTC. I think that's bad move. They shouldn't block acquisitions, but they do buy, they don't really build much. That's well documented. Facebook really hasn't built anything except for Facebook. That's right. Mean what's the one thing Facebook has done besides Facebook. >>I mean, >>It's everything they've tried is failed except for Facebook. Yeah. >>So we'll see what's going on with the Methodist side. >>Well, so successful, not really one trick bony. Yeah. They bought Instagram. They bought WhatsApp, you know, and not really successful. >>That's true. They do have the, the means though, to maybe become successful with something. So >>You're walking out there, John just said, Facebook's not successful. I meant they don't. They have a one product company. They use their money to buy everything. Yeah. And that's some people don't like that, but anyway, the startups like to get bought out. Yeah. Okay. So let's get back to the metaverse it's coming out is the business model to build for others. Are you gonna have a system for users? What's what's the approach? How do you, how are we view viewing this? What's the, the business you're going after? >>So we are very much a B2B type of service where we can create custom kind of tailor made virtual environments for brands, where we dedicate our team to building those environments, which has been what we have been at the start to really kickstart the initiative. But we're also developing the tool that will allow antibody to develop their own shop themselves, using what we give them to do something kind of like the Sims for those that know, building their environment and building their shop, which will they, they, they will then be to put online and for anybody of their user base customers to have a look at. So it's, it's kind of, yeah, the tailor made experience, but also the more broader experience where we want to create this tool, develop this tool, make it accessible to the public with a subscription based model where any individual that has an idea and maybe a product that is interesting for the metaverse be able to create this virtual storefront and upload it directly. >>How long does it take to build an environment? Let's say I was, I wanna do a cube. Yeah. I go to a lot of venues all around the world. Yeah. MOSCON and San Francisco, the San convention center in Las Vegas, we're here in Monaco. How do I replicate these environments? Do I call you up and say, Hey, I need some artists. Do you guys render it? What's the take us through the process. >>Yeah. It's, it's basically a case by case scenario at the moment, very much. We're working with our partners that find brands that are interested in getting into the metaverse and we then design the shops. Well, it depends on the brands. Some have a really clear idea of what they want. Some are a bit more open to it and they're like, well, we have this and this, can you build something? >>I mean, I mean, I can see the apple store saying, Hey, you know, they're pretty standard apple stores. You got cases of iWatches. Yeah. I mean that's easily to, replicateable probably good ROI for them. >>Exactly. It's it's is that what you're thinking? Their team. Exactly. Yeah. It depends. And we, we want to add a layer of something cuz just replicating the store simply. Yeah. It's it's maybe not as interesting, you know, it just, oh, okay. I'm in the store. It's white, everywhere. It's apple. Right. It's like, oh I'm in at the dentist, but we want to add some video game elements to the, to those experiences. But very subtle ones, ones that won't make you feel, oh, I'm playing one of these games, you know? It's yeah. Very supple. >>You can, you can jump into immersive experience as defined by the brand. Yeah. I mean the brand will control the values. So you're say apple and you're at the iWatch table. Yeah. You could have a digital assistant pop in there with an avatar. Exactly. You can jump down a rabbit hole and say, Hey, I want this iWatch. I'm a bike mountain biker. For example, I could get experience of mountain biking with my watch on I fall off, ambulance sticks me up. I mean, all these things that they advertise is what goes >>On. Yeah. And we can recreate these experiences and what they're advertising and into a more immersive experience is what we're trying to our, our goal is to create experiences. We know that, you know, why does someone is someone spend so much at Disneyland? It's like triple the price of whatever, because you know, it's Mickey mouse around you. It's, that's the experience that comes around. And often the experience is more important than the product. Sometimes >>It's hard. It's really hard to get that first class citizen experience with the event or venue physical. Yeah. Which is a big challenge. I know the metaverse are gonna try to solve this. So I gotta ask you what's your vision on solving that? Okay. Cause that's the holy grail. That's what we're talking about here. Yeah. I got a physical event or place. I wanna replicate it in the metaverse but create that just as good first party citizen like experience. >>Yeah. I mean that's the whole event event type of business side of the metaverse is also a huge one. It's one that we are choosing to tackle after the e-commerce one. But it's definitely something that has been asked a lot by the brands where like we want to create, like, we want to release this store for an event that is in real life, but we want to make it accessible to the largest number. That's why we saw with Fortnite as well. All those events, the fashion week in the central land. And >>Sand's a Cub in the Fortnite too. >>There you go. And so the, the event aspect is super important and we want those meta shops to be places where a brand can organize an event. Let's say they want to make the entrance paid. They can do an NFD for that if they want. And then they have to, the user has to connect the NFD to access the event with an idea. Right. But that's definitely possible. And that's how we leverage blockchain as well with those companies and say, you know, you're not familiar with >>This method. You're badging, you know, you're the gaming where we were talking earlier. Yeah. Badging and credentials and access methods. A tech concept can be easily forwarded to NFTs. Yeah, >>Exactly. Exactly. And brands are interested in that. >>Sure. Of course. Yeah. By being the NFT. That's cool. Yeah. Yeah. So I gotta ask you the origination story. Take me through the, the, how this all started. Yeah. Was it a seat of an idea you and your friends get together? Yeah. It was an it scratch. And when you're really into this, what's the origination story and where you're at now. >>So we started off in January really with a, quite a, a different idea. It was called the loft business club. It's an NFT collection on the Salina blockchain. And the whole idea beyond it is that NFT holders would have access to their virtual apartments that we called the lofts. It got very popular. We got a really big following at the start. It was really the trend back in January, February. And we managed to, to sell out successfully the whole collection of 5,000 NFTs. And yeah, we started as a group of friends, really like-minded friends from my hometown in, in, met in France who are today, the co-founders and the associates with different backgrounds. Leo has the marketing side of things. A club has the 3d designing. We had all our different skills coming into it. Obviously my English was quite helpful as well cause French people in English it's, it's not often the best French English. Yeah. And I was, the COO has been doing amazing on the kind of the serious stuff. You know, the taxis lawyers >>Operational to all of trains running on time. >>Exactly >>Sure. People get their jobs done. >>Yeah, exactly. So >>It's well too long of a lunch cuz you know, French would take what, two hour lunches. Yeah. You >>Have to enjoy it. Yeah. >>Coffee and stuff. That's wine, you know about creative, >>But yeah, it's, it's a friend stuff that started as a, as a passion project and got so quick. And today I'm here talking to you in this setting. It's like, >>You're pretty excited. >>I mean it's super excited. It's such a we're you know, we feel like we're building something that's new and our developer team, we're now a team of 15 in total with developers based in Paris, mostly. And everybody is, is feeling like, you know, they're contributing to something new and that's, what's exciting about it. You know, it's something that's not really done or it's trying to be done, but nobody really knows the way >>It's pioneering days. But the, but the pandemic has shifted the culture faster because people like certainly the gen Zs are like, I don't wanna reuse that old stuff. Yeah. And, but they still want to go to like games or events or go to stores. Yeah. But once to go to a store, I mean, I go to apple store all the time where I live in Palo Alto, California. And it's like, yeah, I love that store. And I know it by heart. I don't, I don't have to go there. Yeah. Walking into the genius bar virtually I get the same job done. Yeah, >>Exactly. That's that's what we want to do. And the other pandemic is just it's it's been all about improving, you know, people's condition, life conditions at home, I think. And that's what kind of boosted the whole metaverse conversation and Facebook really grabbing onto it as well. It's just that people were stuck at home and for gamers, that's fine. We used to be stuck at home playing video games all day. Yeah. We survived the pandemic fine. But for other people it was a bit more of a new >>Experience. Well, Oscar, one of the cool things is that you said like mind you and your founding team, always the secret to success. But now you see a lot of old guys like me and gals coming in too, your smart people are like-minded they get it. Especially ones that have seen the ways before, when you have this kind of change, it's a cultural shift and technology shift and business model shift at the same time. Yeah. And to me there's gonna be chaos, but at the end of the day, >>I mean there's fun and >>Chaos. That's opportunity. There's a fun and fun and opportunity. >>It's fun and chaos, you know, and yeah. Likeminded people and the team has really been the driving factor with our company. We are all very much excited about what we're doing and it's been driving us forward. >>Well, keep in touch. Thanks for coming on the cube and sharing, sharing a story with us in the world. We really appreciate we'll keep in touch with you guys. Do love what you do. Oscar ballet here inside the cube Argo verse eCommerce shop. The beginning of this wave is happening. The convergence of physical virtual is a hybrid mode. It's a steady state. It is not gonna go away. It's only gonna get bigger, more cooler, more relevant than ever before. Cube covering it like a blanket here in Monaco, crypto summit. I'm John furrier. We'll be right back after this short break.

>>Hello, Ron. Welcome to AWS reinforce here. Live in Boston, Massachusetts. I'm John feer, host of the cube. We're here at Carl Matson. CSO at no name security. That's right, no name security, no name securities, also a featured partner at season two, episode four of our upcoming eightish startup showcase security themed event happening in the end of August. Look for that at this URL, AWS startups.com, but we're here at reinforc Carl. Thanks for joining me today. Good to see >>You. Thank you for having us, John. >>So this show security, it's not as packed as the eight of us summit was in New York. That just happened two weeks ago, 19,000 people here, more focused crowd. Lot at stake operations are under pressure. The security teams are under a lot of pressure as apps drive more and more cloud native goodness. As we say, the gen outta the bottle, people want more cloud native apps. Absolutely. That's put a lot of pressure on the ops teams and the security teams. That's the core theme here. How do you see it happening? How do you see this unfolding? Do you agree with that? And how would you describe today's event? >>Well, I think you're, you're spot on. I think the, the future of it is increasingly becoming the story of developers and APIs becoming the hero, the hero of digital transformation, the hero of public cloud adoption. And so this is really becoming much more of a developer-centric discussion about where we're moving our applications and, and where they're hosted, but also how they're designed. And so there's a lot of energy around that right now around focusing security capabilities that really appeal to the sensibilities and the needs of, of modern applications. >>I want to get to know name security a second, and let you explain what you guys do. Then I'll have a few good questions for you to kind of unpack that. But the thing about the structural change that's happened with cloud computing is kind of, and kind of in the past now, DevOps cloud scale, large scale data, the rise of the super cloud companies like snowflake capital, one there's examples of companies that don't even have CapEx investments building on the cloud. And in a way, our, the success of DevOps has created another sea of problems and opportunities that is more complexity as the benefits of DevOps and open source, continue to rise, agile applications that have value can be quantified. There's no doubt with the pandemic that's value there. Yeah. Now you have the collateral damage of success, a new opportunity to abstract away, more complexity to go to the next level. Yep. This is a big industry thing. What are the key opportunities and areas as this new environment, cuz that's the structural change happening now? Yep. What's the key dynamics right now. That's driving this new innovation and what are some of those problem areas that are gonna be abstracted away that you see? >>Well, the, the first thing I I'd suggest is is to, to lean into those structural changes and take advantage of them where they become an advantage for governance, security risk. A perfect example is automation. So what we have in microservices, applications and cloud infrastructures and new workloads like snowflake is we have workloads that want to talk, they want to be interoperated with. And because of that, we can develop new capabilities that take advantage of those of those capabilities. And, and so we want to have on our, on our security teams in particular is we wanna have the talent and the tools that are leaning into and capitalizing on exactly those strengths of, of the underlying capabilities that you're securing rather than to counter that trend, that the, the security professional needs to get ahead of it and, and be a part of that discussion with the developers and the infrastructure teams. >>And, and again, the tructure exchange could kill you too as well. I mean, some benefits, you know, data's the new oil, but end of the day it could be a problematic thing. Sure. All right. So let's get that. No names talk about the company. What you guys do, you have an interesting approach, heavily funded, good success, good buzz. What's going on with the company? Give the quick overview. >>Well, we're a company that's just under three years old and, and what APIs go back, of course, a, a decade or more. We've all been using APIs for a long time, but what's really shifted over the last couple of years is the, is the transition of, of applications and especially business critical processes to now writing on top of public facing APIs where API used to be the behind the scenes interconnection between systems. Now those APIs are exposed to their public facing. And so what we focus on as a company is looking at that API as a, as a software endpoint, just like any other endpoint in our environments that we're historically used to. That's an endpoint that needs full life cycle protection. It needs to be designed well secure coding standards for, for APIs and tested. Well, it also has to be deployed into production configured well and operated well. And when there's a misuse or an attack in progress, we have to be able to protect and identify the, the risks to that API in production. So when you add that up, we're looking at a full life cycle view of the API, and it's really it's about time because the API is not new yet. We're just starting to now to apply like actual discipline and, and practices that help keep that API secure. >>Yeah. It's interesting. It's like what I was saying earlier. They're not going anywhere. They're not going, they're the underpinning, the underlying benefit of cloud yes. Cloud native. So it's just more, more operational stability, scale growth. What are some of the challenges that, that are there and what do you guys do particularly to solve it? You're protecting it. Are you scaling it? What specifically are you guys addressing? >>But sure. So I think API security, even as a, as a discipline is not new, but I think the, the, the traditional look at API security looks only at, at the quality of the source code. Certainly quality of the source code of API is, is sort of step one. But what we see in, in practices is most of the publicly known API compromises, they weren't because of bad source code that they because of network misconfiguration or the misapplication of policy during runtime. So a great example of that would be developer designs, an API designs. It in such a way that Gar that, that enforces authentication to be well designed and strong. And then in production, those authentication policies are not applied at a gateway. So what we add to the, we add to the, to the conversation on API security is helping fill all those little gaps from design and testing through production. So we can see all of the moving parts in the, the context of the API to see how it can be exploited and, and how we can reduce risk in independent of. >>So this is really about hardening the infrastructure yep. Around cuz the developer did their job in that example. Yep. So academic API is well formed working, but something didn't happen on the network or gateway box or app, you know, some sort of network configuration or middleware configuration. >>Absolutely. So in our, in our platform, we, we essentially have sort of three functional areas. There's API code testing, and then we call next is posture management posture. Management's a real thing. If we're talking about a laptop we're talking about, is it up to date with patches? Is it configured? Well, is it secure network connectivity? The same is true with APIs. They have to be managed and cared for by somebody who's looking at their posture on the network. And then of course then there's threat defense and run time protection. So that posture management piece, that's really a new entrant into the discussion on API security. And that's really where we started as a company is focusing on that sort of acute gap of information, >>Posture, protection, >>Posture, and protection. Absolutely >>Define that. What does that, what does posture posture protection mean? How would you define that? >>Sure. I think it's a, it's identifying the inherent risk exposure of an API. Great example of that would be an API that is addressable by internal systems and external systems at the same time. Almost always. That is, that is an error. It's a mistake that's been made so well by, by identifying that misconfiguration of posture, then we can, we can protect that API by restricting the internet connectivity externally. That's just a great example of posture. We see almost every organization has that and it's never intended. >>Great, great, great call out. Thanks for sharing. All right, so I'm a customer. Yep. Okay. Look at, Hey, I already got an app firewall API gateway. Why do I need another tool? >>Well, first of all, web application firewalls are sort of essential parts of a security ecosystem. An API management gateway is usually the brain of an API economy. What we do is we, we augment those platforms with what they don't do well and also when they're not used. So for example, in, in any environment, we, we aspire to have all of our applications or APIs protected by web application firewall. First question is, are they even behind the web? Are they behind the w at all? We're gonna find that the WAFF doesn't know if it's not protecting something. And then secondary, there are attack types of business logic in particular of like authentication policy that a WAFF is not gonna be able to see. So the WAFF and the API management plan, those are the key control points and we can help make those better. >>You know what I think is cool, Carl, as you're bringing up a point that we're seeing here and we've seen before, but now it's kind of coming at the visibility. And it was mentioned in the keynote by one of the presenters, Kurt, I think it was who runs the platform. This idea of reasoning is coming into security. So the idea of knowing the topology know that there's dynamic stuff going on. I mean, topes aren't static anymore. Yep. And now you have more microservices. Yep. More APIs being turned on and off this runtime is interesting. So you starting to see this holistic view of, Hey, the secret sauce is you gotta be smarter. Yep. And that's either machine learning or AI. So, so how does that relate to what you guys do? Does it, cuz it sounds like you've got something of that going on with the product. Is that fair or yeah. >>Yeah, absolutely. So we, yeah, we talked about posture, so that's, that's really the inherent quality or secure posture of a, of an API. And now let's talk about sending traffic through that API, the request and response. When we're talking about organizations that have more APIs than they have people, employees, or, or tens of thousands, we're seeing in some customers, the only way to identify anomalous traffic is through machine learning. So we apply a machine learning model to each and every API in independently for itself because we wanna learn how that API is supposed to be behave. Where is it supposed to be talking? What kind of data is it supposed to be trafficking in, in, in all its facets. So we can model that activity and then identify the anomaly where there's a misuse, there's an attacker event. There's an, an insider employee is doing something with that API that's different. And that's really key with APIs is, is that no, a no two APIs are alike. Yeah. They really do have to be modeled individually rather than I can't share my, my threat signatures for my API, with your organization, cuz your APIs are different. And so we have to have that machine learning approach in order to really identify that >>Anomaly and watch the credentials, permissions. Absolutely all those things. All right. Take me through the life cycle of an API. There's pre-production postproduction what do I need to know about those two, those two areas with respect to what you guys do? >>Sure. So the pre-production activities are really putting in the hands of a developer or an APSEC team. The ability to test that API during its development and, and source code testing is one piece, but also in pre-production are we modeling production variables enough to know what's gonna happen when I move it into production? So it's one thing to have secure source code, of course, but then it's also, do we know how that API's gonna interact with the world once it's sort of set free? So the testing capabilities early life cycle is really how we de-risk in the long term, but we all have API ecosystems that are existing. And so in production we're applying the, all of those same testing of posture and configuration issues in runtime, but really what it, it may sound cliche to say, we wanna shift security left, but in APIs that's, that's a hundred percent true. We want to keep moving our, our issue detection to the earliest possible point in the development of an API. And that gives us the greatest return in the API, which is what we're all looking for is to capitalize on it as an agent of transformation. >>All right, let's take the customer perspective. I'm the customer, Carl, Carl, why do I need you? And how are you different from the competition? And if I like it, how do I get started? >>Sure. So the, the, the first thing that we differentiate selves from the customer is, or from our competitors is really looking at the API as an entire life cycle of activities. So whether it's from the documentation and the design and the secure source code testing that we can provide, you know, pre-development, or pre-deployment through production posture, through runtime, the differentiator really for us is being a one-stop shop for an entire API security program. And that's very important. And as that one stop shop, the, the great thing about that when having a conversation with a customer is not every customer's at the same point in their journey. And so if, if a customer discussion really focuses on their perhaps lack of confidence in their code testing, maybe somebody else has a lack of confidence in their runtime detection. We can say yes to those conversations, deliver value, and then consider other things that we can do with that customer along a whole continuum of life cycle. And so it allows us to have a customer conversation where we don't need to say, no, we don't do that. If it's an API, the answer is, yes, we do do that. And that's really where we, you know, we have an advantage, I think, in, in looking at this space and, and, and being able to talk with pretty much any customer in any vertical and having a, having a solution that, that gives them something value right away. >>And how do I get started? I like it. You sold me on, on operationalizing it. I like the one stop shop. I, my APIs are super important. I know that could be potential exposure, maybe access, and then lateral movement to a workload, all kinds of stuff could happen. Sure. How do I get started? What do I do to solve >>This? Well, no name, security.com. Of course we, we have, you know, most customers do sandboxing POVs as part of a trial period for us, especially with, you know, being here at AWS is wonderful because these are customers who's with whom we can integrate with. In a matter of minutes, we're talking about literally updating an IAM role. Permission is the complexity of implementation because cloud friendly workloads really allow us to, to do proofs of concept and value in a matter of minutes to, to achieve that value. So whether it's a, a dedicated sandbox for one customer, whether it's a full blown POC for a complicated organization, you know, whether it's here at AWS conference or, or, or Nona security.com, we would love to do a, do a, like a free demo test drive and assessment. >>Awesome. And now you guys are part of the elite alumni of our startup showcase yep. Where we feature the hot startups, obviously it's the security focuses episodes about security. You guys have been recognized by the industry and AWS as, you know, making it, making it happen. What specifically is your relationship with AWS? Are you guys doing stuff together? Cuz they're, they're clearly integrating with their partners. Yeah. I mean, they're going to companies and saying, Hey, you know what, the more we're integrated, the better security everyone gets, what are you doing with Amazon? Can you share any tidbits? You don't have to share any confidential information, but can you give us a little taste of the relationship? >>Well, so I think we have the best case scenario with our relationship with AWSs is, is as a, as a very, very small company. Most of our first customers were AWS customers. And so to develop the, the, the initial integrations with AWS, what we were able to do is have our customers, oftentimes, which are large public corporations, go to AWS and say, we need, we need that company to be through your marketplace. We need you to be a partner. And so that partnership with, with AWS has really grown from, you know, gone from zero to 60 to, you know, miles per hour in a very short period of time. And now being part of the startup program, we have a variety of ways that a customer can, can work with us from a direct purchase through the APS marketplace, through channel partners and, and VA, we really have that footprint now in AWS because our customers are there and, and they brought our customers to AWS with us. >>It's it nice. The customers pulls you to AWS. Yes. Its pulls you more customers. Yep. You get kind of intermingled there, provide the value. And certainly they got, they, they hyperscale so >>Well, that creates depth of the relationship. So for example, as AWS itself is evolving and changing new services become available. We are a part of that inner circle. So to speak, to know that we can make sure that our technology is sort of calibrated in advance of that service offering, going out to the rest of the world. And so it's a really great vantage point to be in as a startup. >>Well, Carl, the CISO for no name security, you're here on the ground. You partner with AWS. What do you think of the show this year? What's the theme. What's the top story one or two stories that you think of the most important stories that people should know about happening here in the security world? >>Well, I don't think it's any surprise that almost every booth in the, in the exhibit hall has the words cloud native associated with it. But I also think that's, that's, that's the best thing about it, which is we're seeing companies and, and I think no name is, is a part of that trend who have designed capabilities and technologies to take advantage and lean into what the cloud has to offer rather than compensating. For example, five years ago, when we were all maybe wondering, will the cloud ever be as secure as my own data center, those days are over. And we now have companies that have built highly sophisticated capabilities here in the exhibit hall that are remarkably better improvements in, in securing the cloud applications in, in our environments. So it's a, it's a real win for the cloud. It's something of a victory lap. If, if you hadn't already been there, you should be there at this point. >>Yeah. And the structural change is happening now that's clear and I'd love to get your reaction if you agree with it, is that the ops on security teams are now being pulled up to the level that the developers are succeeding at, meaning that they have to be in the boat together. Yes. >>Oh, lines of, of reporting responsibility are becoming less and less meaningful and that's a good thing. So we're having just in many conversations with developers or API management center of excellence teams to cloud infrastructure teams as we are security teams. And that's a good thing because we're finally starting to have some degree of conversions around where our interests lie in securing cloud assets. >>So developers ops security all in the boat together, sync absolutely together or win together. >>We, we, we win together, but we don't win on day one. We have to practice like we as organizations we have to, we have to rethink our, we have to rethink our tech stack. Yeah. But we also have to, you have to rethink our organizational models, our processes to get there, to get >>That in, keep the straining boat in low waters. Carl, thanks for coming on. No name security. Why the name just curious, no name. I love that name. Cause the restaurant here in Boston that used to be of all the people that know that. No name security, why no name? >>Well, it was sort of accidental at, in the, in the company's first few weeks, the there's an advisory board of CISOs who provides feedback on, on seed to seed companies on their, on their concept of, of where they're gonna build platforms. And, and so in absence of a name, the founders and the original investor filled out a form, putting no name as the name of this company that was about to develop an API security solution. Well, amongst this board of CSOs, basically there was unanimous feedback that the, what they needed to do was keep the name. If nothing else, keep the name, no name, it's a brilliant name. And that was very much accidental, really just a circumstance of not having picked one, but you know, a few weeks passed and all of a sudden they were locked in because sort of by popular vote, no name was, >>Was formed. Yeah. And now the legacy, the origination story is now known here on the cube call. Thanks for coming on. Really appreciate it. Thank you, John. Okay. We're here. Live on the floor show floor of AWS reinforced in Boston, Massachusetts. I'm John with Dave ALO. Who's out and about getting the stories in the trenches in the analyst meeting. He'll be right back with me shortly day tuned for more cube coverage. After this short break.

>>Okay, welcome back everyone. This is the Cube's coverage of S reinve rein Mars. I said reinvent all my VES months away. Re Mars machine learning, automation, robotics, and space. I'm John feer, host of the cube, an exciting guest here, bringing on special guest more robot robots are welcome on the cube. We're gonna have that segment here. Mike Dooley co-founder and CEO of Labrador systems. Mike, welcome to the cube. Thanks. >>Coming on. Thank, thank you so much. Yeah. Labrador systems. We're a company is developing a new type of assistive robot for people in the home. And you know, our mission is really to help people live independently. And so we're about to show a robot that's it looks like my, what used to be in a warehouse or other places, but it's being designed to be both robust enough to operate in real world settings, help people that may be aging and using a Walker wheelchair. A cane could have early onset health conditions like Parkinson's and things like that. So >>Let me, let me set this up first, before you get into the, the demo, because I think here at re Mars, one of the things that's coming outta the show besides the cool vibe, right? Is that materials handling? Isn't the only thing you've seen with robotics. Yeah. You're seeing a lot more life industrial impact. And this is an example of one of that, isn't >>It? Yeah. We just actually got an award. It's a Joseph EGL Bergo was the first person to actually put robots in factories and automation. And in doing that, um, he set up grant for robots going beyond that, to help people live in it. So we're the first recipient of that. But yeah, I think that robots, they're not the, what you think about with Rosie yet. We're the wrong way from that, but they're, they can do really meaningful things. >>And before we get the demo, your mission hearing, what you're gonna show here is a lot of hard work and we know how hard it is. What's the mission. What's the vision. >>The mission is to help people live more independently on their own terms. Uh, we're, there's, it's an innate part of the human condition that at some point in our lives, it becomes more difficult to move ourselves or move things around it. And that is a huge impact on our independence. So when we're putting this robot in pilots, we're helping people try to regain degrees of independence, be more active deal with whatever situation they want, but under their terms and have, have control over their life. >>Okay, well, let's get into it. May I offer you a glass of water? Well, you >>Know, I have a robot that just happens to be really good at delivering things, including water. Um, we just actually pulled these out of our refrigerator on our last demo. So why don't we bring over the retriever? And so we're gonna command it to come on in. So this is a Labrador retriever. These robots have been in homes. This robot itself has been in homes, helping people do activities like this. It's able to sort of go from place to place it automatically navigates itself. Uh, just like we've been called a self-driving shelf, um, as an example, but it's meant to be very friendly, can come to a position like this could be by my armchair and it would automatically park. And then I could do something like I can pick up, okay, I want some water and maybe I want to drink it out of a cup and I can do this. And if I have a cough or something else, cough drops. My phone, all sorts of things can be in there. Um, so the purpose of the retriever is really to be this extra pair of hands, to keep things close by and move things. And it can automatically adjust to any hide or position. And if I, even if I block it like a safety, it, it >>Stops. And someone who say disabled or can't move is recovering or has some as aging or whatever the case is. This comes to them. It's autonomous in it sense. Is that that what works or yeah. Is it guided? How does >>It, it works on a series of bus stops. So the in robotics, we call those way points. But when we're talking to people, the bus stops are the places you want it to go. You have a bus stop by the front door, your kitchen sink, the refrigerator, your armchair, the laundry machine, you won't closet it. <laugh>. And with that simple metaphor, we, we train the robot in a couple hours. We create all these routes, just like a subway map. And then the robot is autonomous. So I can hit a button. I can hit my cell phone, or I can say Alexa ass lab, one to come to the kitchen. The robot will autonomously navigate through everything, go around the pets park itself. And it raises and lowers to bring things with and reach. So I'm sitting and it might lower itself down. So I can just comfortably get something at the kitchen. I, it could just go right to the level of the countertop. So it's very easy for someone that has an issue to move things with with limited, uh, challenges. >>And this really illustrates to this show again. Yeah. Talk about the impact here. Cause we're at a historic moment in robotics. >>We are. Yeah. >>What's your reaction to that? Tell your, share your vision >>On that. I've been in robotics for 25 years. Um, and I started, I actually started working actually at Lego and launching Lego Mindstorms, the end of the nineties. So I have like CEO just last night again, they gush over like you did that. Yeah. <laugh> and again, I'm pretty old school. And so we've my career. If I've been working through from toys onto like robotic floor cleaners, the algorithms that are on Roomba today came from the startup that we were all part of. We're, we're moving things to be bigger and bigger and have a bigger >>Impact. What's it feel like? I mean, cuz I mean I can see the experience and by the way, it's hardcore robotics communities out there, but now it's still mainstream. It's opening up the aperture of robotics. Yeah. It's the prime time is right now and it's an inflection point. >>Well, and it's also a point where we desperately need it. So we have incredible work for shortages <laugh> and it's not that we're, these robots are not to take people jobs away it's to do the work that people don't want to do and try to make, you know, free them up for things that are more important. Yeah. In senior care, that's the high touch we want caregivers to be helping people get outta their bed, help them safely move from place to place things that robots aren't at yet. Yeah. But for getting the garbage, for getting a drink or giving the person the freedom to say, do I wanna ask my caregiver or my spouse to do that? Or do I wanna do it myself? And so robots can be incredibly liberating experience if they're, if they're done in the right way and they're done well, >>It's a choice. It actually comes down to choice. I remember this argument way back when, oh, ATM's gonna kill the bank teller. In fact more bank tellers emerged. Right. And so there's choices come out there and, but there's still more advances to do. What is you, what do you see as milestones for the industry as you start to seeing better handling better voice activation cameras on board. I noticed some cameras in there. Yeah. So we're starting to see the, some of the smaller, faster, cheaper >>It's it's especially yeah. Faster. Cheaper is what we're after. So can we redo? So like the gyros that are on this type of robot used to be like in the tens of thousands of dollars 20 or 30 years ago. And, and then when you started seeing Roomba and the floor cleaners come out, those started what happened was basically the gyro on here that what's happening in consumer electronics, the ability for the iPhone to play, you know, the game in turn and, and do portrait and landscape. That actually is what enables all these robots that clean your floors to do very tight angles. What we're doing is this migration of consumer electronics then gets robbed and, and adopted over in that. So it's really about it's I, it's not that you're gonna see things radically change. It's just that you're gonna see more and more applications get more sophisticated and become more affordable. Our target is to bring this for a few hundred dollars a month into people's homes. Yeah. Yeah. Um, and make that economy work for as many people as >>Possible. Yeah. Mike, what a great, great illustration of great point there now on your history looking forward. Okay. Smaller Fest are cheaper. Yeah. You're gonna see a human aspect. So technology's kind of getting out of the way now you got a lot in the cloud, you got machine learning, big thing here. There's a human creative side now gonna be a big part of this. Yeah. Can you talk about like how you see that unfolding? Because again, younger people gonna come in, you got a lot more things pre-built I just saw a swaping on stage saying, oh, we, we write subroutines automatically the machine learning like, oh my God, that's so cool. Like, so more is coming for, to, for builders, right. To build what's the playbook gonna look like? How do you see the human aspect, creative crafting building? >>I, I it's, you know, it's a hard Fu future to predict. I think the issue is that humans are always gonna have to be more clever than the AI <laugh>, you know, I, I can't say that enough is that AI can solve some things and it can get smarter and smarter. You task that over and then let's work on the things that can't do. And I think that's intellectually challenging. Like, and I, and I think we have a long way to go, uh, to sort of keep on pushing that forward. So the whole mission is people get to do more interesting things with their life, more dynamic. Think about what the machines should be working on. Yeah. And then move on to the next things. >>Well, a lot of good healthcare implications. Yeah. Uh, senior living people who are themselves, >>All those are place. Yeah. >>Now that you have, um, this kind of almost a perfect storm of innovation coming, and I just think it's gonna be the beginning. You're gonna see a lot of young people come in. Yeah. And a lot of people in school now going down to the elementary school level yeah. Are really immersed in robotics. They're born with it. And certainly as they get older, what kind of disciplines do you see coming into robot? I used to be pretty clear. Yeah. Right. Nerdy, builder, builder. Now it's like what? I got Mac and rice. My code. >>Yeah. My, my co-founder and CEO has a good example. Anybody we interview, we say we really like it. If you think of yourself as an astronaut, going on to a space mission. And, and it's really appropriate being here at R Mars is that normally the astronaut has one specialty, but they have to know enough of the other skills to be able to help out. In case of an emergency robotics is so complex. There's so there's mechanical, there's electrical, there's software, they're perceptual, there's user interface, all of those Fs together. So when we're trying to do a demo and something goes wrong, I can't say why. I only do mechanical. Yeah. You got it. You really have to have a system. So I think if any system architects, people that if you're gonna, if, if you're gonna be, if mechanical is your thing, you better learn a little bit electrical and software. Yeah. If software is your thing, you better not just write code because you need to understand where you're >>Your back. Well, the old days you have to know for trend to run any instrumentation in the old days. So same kind of vibe. So what does that impact on the teamwork side? Because now I can imagine, okay, you got some general purpose knowledge, so math, science, all the disciplines, but the specialties there, I love that right now. Teamwork. Yeah. Because you, you know, I could be a generalism at some point. There's another component I'm gonna need to call my teammate for. >>Yeah. Yeah. And you have to have, yeah. So it, yeah, we're a small team, so it's a little bit easier right now, but even the technology. So like there's a, what, this is, this runs on Linux and that runs on Ross, which is a robotics operating system. The modules are, are the, are sorry, the modules, I mean redundant there, but the, the part that makes the robot go, okay, I'm gonna command it to go here. It's gonna go around it, see an obstacle. This module kicks in, even the elements become module. So that's part of how teams work is that, and, and Amazon has a rule around that is that everything has to have an API. Yeah. I have to be able to express my work and the way that somebody else can come in and talk to it in a very easy way. So you're also going away from like, sort of like the hidden code that only I touch you can't have ownership of that. You have to let your team understand how it works and let them control it and edit it. Well, >>Super exciting. Dan, first of all, great to bring robots on the cube set. Thanks to your team here. Doing that. Yeah. Um, talk about the company. Um, put a plug in, what are you guys doing? Sure. Raising money, getting more staff, more sales. We're give, give a commercial. >>Yeah. So we, we closed the seed round. So we've been around it's actually five years next month. Um, did pre-seed and then we closed the seed round that we announced back at CS. So we debuted the retriever for the first time we had it under wraps. We had it in people's homes for a year before we did that. Um, I, Amazon was one of our early investors and they actually co-led on this last round, along with our friends at iRobot. So yeah. Uh, so we've raised that we're right in the next phase of deploying this, especially going more into senior living now that that's opening up with COVID coming down and looking at helping these workforce issues where there's that crisis. So we'll be raising later this year. So we're starting to sort of do the preview for series a. We're starting to take those pre-orders for robots and for Lois. And then our goal is we're and we're actually already at the factory. So we've been converting this, these there's a version of this robot underway right now at the factory that will probably have engineering units at the end of this year. Yeah. Goal is for, uh, full production with all the supply chain issues for second half of, of next >>Year. Yeah. Well, congratulations. It's a great product. And I gotta ask you what's on the roadmap, how you see this product unfolding. What's the wishlist look like if you had all the dough in the world, what would you do next? What would you be putting on there? Sure. If you had the magic wand what's happening, >>It's a couple variables. I think it's scale. So it's driving the, this whole thing is designed to go down in cost, which improves basically accessibility. More people can afford it. The health system, Medicare, those sorts of folks. See it one. So basically get us into reduction and get us into volume is one part, I think the other ones is adding layers. I, what we, when we see our presentation and the speech we're doing tomorrow, we see this as a force multiplier for a lot of other things in healthcare. So if I bring the blood pressure cuff, like we have on the retrieval, I can be a physical reminder to take your medication, to take the, my, my readings, or we are just con having a conversation with some of our friends of Amazon is bringing an echo show to you when you want to have a conversation and take it away. >>When you don't think about that metaphor of how do I wanna live my life and what do I have control over? And then on top of it, the sensors on the robot, they're pretty sophisticated. So in my case, my mom is still around she's 91, but now in a hospital beded wheelchair could, we've seen her walking differently early, early on, and using things like Intel, real sense and, and computer vision and AI to detect things and just say to her, don't even tell anybody else, we're noticing this. Do you wanna share this with your doctor? Yeah. That's the world. I think that what we're trying to do is lay this out as version 1.0, so that when folks like us are around, it'll something like decades from now, life is so much more better for the options and choices we have. It's >>Really interesting. You know, I liked, um, kind of the theme here. There's a lot of day to day problems that people like to solve. And then there's like the new industrial problems that are emerging that are opportunities. And then there's the save the world kind of vibe. <laugh>, there's help people make things positive, right. You know, solve the climate problems, help people. And so we're kind of at this new era and it's beyond just like sustainability and, you know, bias. That's all gotta get done a new tipping point around the human aspect of >>Things. And you do it economically. I think sometimes you think that, okay, well, you're just doing this cuz you're, you're socially motivated and doesn't, you don't care how many you sell it to just so you can accomplish it. It's their link. The, the cheaper that we can make this, the more people you can impact. I think you're talking about the kids today is the work we did at Lego. In the end of the nineties, you made a, a robotics kit for 200 bucks and millions of kids. Yeah. Did that. And >>Grape pie. I mean, you had accessories to it. Make a developer friendly. >>Yeah, no, exactly. And we're getting all those requests. So I think that's the thing is like, get a new platform, learn what it's like to have this sort of capability and then let the market drive. It, let the people sort of the folks who are gonna be using it that are in a wheelchair, are dealing with Parkinson's or Ms, or other issues. What can we add to that ecosystem? So you it's, it's all about being very human centric in that. Yeah. And making the other parts of the economy make it work for them, make it so that the health system, they get an ROI on this so that, Hey, this is a good thing to put into people's homes. >>And well, I think you have the nice, attractive value proposition to investors. Obviously robotics is super cool and really relevant. Cool, cool. And relevant to me always is nice to have that. So check that, then you got the economics on price, pressure, prove the price down lower. Yeah. Open up the Tams of the market. Right. Make it more viable economically. >>Yeah, definitely. And then, and what we're having, what's driving us that wasn't around seven when we started this about four and a half years ago. Uh, my joke and I don't mean to offend them, but after doing pitching the vision of this in six months, don't be, >>Don't be afraid. We're do we, >>My, my joke. And I'm sort to see more bold about is that VCs don't think they're gonna get old. They're just gonna get rich. And so the idea is that they didn't see themselves in this position and we not Gloo and doom, you can work out, you can be active, but we're living older, longer. We are it's. My mom is born in the depression. She's been in a wheelchair for five years. She might be around for a good, another 10 or 15. And that's wonderful for her, but her need for care is really high. >>Yeah. And the pressure on the family too, there's always, there's always collateral damage on all these impacts. >>There's 53 million unpaid family caregivers in the us. Yeah. Just in the time that we've grown, been doing this, it's grown 4% a year and it's a complicated thing. And it's, it's not just the pressure on you to help your mom or dad or whoever. It's the frustration on their face when they have to always ask for that help. So it's, it's twofold. It's give them some freedom back so they can make a choice. Like my classic example is my mom wants tea. My dad's trying to watch the game. He, she asks for it. It's not hot enough. Sends it back. And that's a currency. Yeah, yeah. That she's losing and, and it's frustration as opposed to give her a choice to say, I'm gonna do this on my own. And I that's just, >>You wanna bring the computer out, do a FaceTime with the family, send it back. Or you mentioned the Alexa there's so many use cases. Oh >>No. We talked about, uh, we talked about putting like a, a device with a CA with a screen on it so she could chat and see pictures. And it says, I don't want to have this in my bedroom. That's my private space. Yeah. But if we could have the robot, bring it in when it's appropriate and take it on go the retriever that's that's >>The whole go fetch what I need right now. That's and then go lie down. Yeah. >>That's what I, I called >>Labrador. Doesn't lie down >>Actually. But well, it lowers down, it lowers down about 25 inches. That's about lying. >>Down's super exciting. And congratulations. I know, um, how passionate you are. It's obvious. Yeah. And being in the business so long, so many accomplishment you had. Yeah. But now is a whole new Dawn. A new era here. >>Yeah. Oh yeah. No, I, we just, it was real. It was on impromptu. It wasn't scheduled. There's a, a post circle on LinkedIn where all the robots got together. <laugh> you know, and they were seeing to hang out. No, and you're seeing stuff that wasn't possible. You look at this and you go, well, what's the big thing. It's a box on wheels. It's like, it wasn't possible to navigate something around the complexity of a home 10 years ago for the price we're doing. Yeah. It wasn't possible to wa have things that walk or spot that can go through construction sites. I, I think people don't realize it's it. It really is changing. And then we're, I think every five years you're gonna be seeing this more bold deployment of these things hitting our lives. It's >>It's super cool. And that's why this show's so popular. It's not obvious to mainstream, but you look at the confluence of all those forces coming together. Yeah. It's just a wonderful thing. Thanks for coming on. Appreciate >>It really, really appreciate you for this >>Time. Great success. Great demo. Mike, do cofounder, the CEO of Labrador systems. Check him out. They have the retriever, uh, future of robotics here. It's all impact all life on the planet. And more space. Two is to keep coverage here at re Mars, stay tuned for more live coverage. After this short break.