>>We're back with the cube at Falcon 2022, Dave ante and Dave Nicholson. We're at the aria. We do of course, a lot of events in Las Vegas. It's the, it's the place to do events. Dave, I think is my sixth or seventh time here this year. At least. I don't know. I lose track. Jeff Swain is here. He's the vice president of global programs store and tech alliances at CrowdStrike. Jeff. Good to see you again. We saw each other at reinvent in July in Boston. >>Yes. Yeah, it was great to see you again, Dave, thank >>Very much. And we talked about making this happen so thrilled to be here at, at, at CrowdStrike Falcon. We're gonna talk today about the CrowdStrike XDR Alliance partners. First of all, what's XDR >>Well, I hope you were paying attention to George's George's keynote this morning. I guess. You know, the one thing we know is that if you ask 10, five people, what XDR is you'll get 10 answers. >>I like this answer a holistic approach to endpoint security. I, that was, >>It was good. Simple. >>That was a good one at black hat. So, but tell us about the XDR Alliance partners program. Give us the update there. >>Yeah, so I mean, we spoke about it reinforced, you know, the XDR program is really predicated on having a robust ecosystem of partners to help us share that telemetry across all of the different parts of our customers' environment. So we've done a lot of work over the last few weeks and trying to bolster that environment specifically, putting a lot of focus on firewall. You'll see that Cisco and fortunate have both joined the XD XDR Alliance. So we're working on that right now. A lot of customer demand for firewall data into the telemetry set. You know, obviously it's a very rich data environment. There's a lot of logs on firewalls. And so it drives a lot of, of, of information that we can, we can leverage. So we're continuing to grow that. And what we're doing is building out different content packs that support different use cases. So firewall is one CAS B is another emails another and we're building, building out the, the partner set right across the board. So it's, it's, it's been a, a great set of >>Activity. So it's it's partners that have data. Yep. There's probably some, you know, Joe Tuchi year old boss used to say that that overlap is better than gaps. So there's sometimes there's competition, but that's from a customer standpoint, overlap is, is better than gaps. So as gonna mention Cisco forte and there are a number of others, they've got data. Yes. And they're gonna pump it into your system, our platform, and you've got the, your platform. You've got the ability to ingest. You've got the cloud native architecture, you've got the analytics and you've got the near real time analysis capability. Right, right. >>Augmented by people as well, which is a really important part of our value proposition. You know, we, it's not just relying purely on AI, but we have a human, a human aspect to it as well to make sure we're getting extremely accurate responses. And then there's the final phase is the response phase. So being able to take action on a CASB, for example, when we have a known bad actor operating in the cloud is a really important, easy action for our customer to take. That's highly valuable. You're >>Talking about your threat hunting capability, right? >>So it's threat hunting and our Intel capability as well. We use all of that information as well as the telemetry to make sure we're making good, actionable >>Decisions, Intel being machine intelligence or, or human and machine >>Human and human and machine intelligence that we have. We have a whole business that's out there gathering Intel. I believe you think to Adam Myers who runs that business. And you know, that Intel is critical to making good decisions for our customers. >>So the X and XDR is extended, correct. Extending to things like firewalls. That's pretty obvious in the security space. Are there some less obvious data sources that you look to extend to at some point? >>Yeah, I think we're gonna continually go with where the customer demand is. And firewalls is one of the first and is very significant. Other one, you'll see that we're announcing support for Microsoft 365 as well as part of this, this announcement, but then we'll still grow out into the other areas. NDR is, you know, a specific area where we've already got a number of partners in that, in that space. And, and we'll grow that as we go. I think one of the really exciting additional elements is the, the OCS F announcement that we made at at, at, at, at reinforced, which also is a shared data scheme across a number of vendors as well. So talking to Mike's point, Microsoft ST's point this morning in his keynote, it's really about the industry getting together to do better job for our customers. And XDR is the platform to do that. And crowd strikes it way of doing it is the only really true, visible way for a customer to get their hands on all that information, make the decision, see the good from the bad and take the action. So I feel like we're really well placed to help our customers in >>That space. Well, Kevin mania referenced this too today, basically saying the industry's doing a better job of collaborations. I mean, sometimes I'm skeptical because we've certainly seen people try to, you know, commercialize private information, private reports. Yeah. But, but, but you're talking about, you know, some of your quasi competitors cooperatives, you know, actually partnering with you now. So that's a, that's a good indicator. Yeah. I want to step back a little bit, talk about the macro, the big conversation on wall street. Everybody wants to talk about the macro of course, for obvious reasons, we just published our breaking analysis, talking about you guys potentially being a generational company and sort of digging into that a little bit. We've seen, you know, cyber investments hold up a little bit better, both in terms of customer spending and of course the stock market better than tech broadly. Yeah. So in that case it would, it would suggest that cyber investments are somewhat non-discretionary. So, but that is my question are cyber investments non-discretionary if, if so, how, >>You know, I think George George calls that out directly in our analyst reports as well that, you know, we believe that cyber is a non-discretionary spend, but I, I actually think it's more than that. I think in this current macro or economic environment where CIOs and CSOs are being asked to sweat their assets for significantly longer period of time, that actually creates vulnerabilities because they have older kit, that's running for a longer period that they normally, you know, round out or churn out of their environment. They're not getting the investment to replace those laptops. They're not getting the, I placement to replace those servers. We have to sweat them for a little bit longer, longer, which means they need to be on top of the security posture of those devices. So that means that we need the best possible telemetry that we can get to protect those in the best possible way. So I actually think not only is it makes it non-discretionary, it actually increases the, the business case for, for, for taking on a, a cyber project. >>And I buy that. I buy that the business case is better potentially for cyber business case. And cyber is about, about risk reduction, right? It's about, it's about reducing expected loss. I, I, I, I, but the same time CISOs don't have an open wallet. They have to compete with other P and L managers. I also think the advantage for CrowdStrike I'm, I'm getting deeper into the architecture and beginning to understand the power of a lightweight agent that can do handle. I think you're up to 22 modules now, correct? Yes. I've got questions on how you keep that lightweight, but, but nonetheless, if you can consolidate the point tools, which is, you know, one of the biggest challenges that, that SecOps teams face that strengthens the ROI as well. >>Absolutely. And if you look at what George was saying this morning in the keynote, the combination of being able to provide tools, not only to the SecOps team, but the it ops team as well, being able to give the it ops team visibility on how many assets they have. I mean, these simple, these are simple questions that we should be able to answer. But often when we ask, you know, an operations leader, can you answer it? It sometimes it's hard for them. We actually have a lot of that information. So we are able to bring that into the platform. We're able to show them, we're able to show them where the assets are, where the vulnerabilities are against those assets and help it ops do a better job as well as SecOps. So the, the strength, the case strengthens, as you said, the CSO can also be talking to the it ops budget. >>The edge is getting more real. We're certainly hearing a lot about it now we're seeing a lot more and you kind of got the, the near edge, like the home Depot and the lows, you know, stores. Yeah. Okay. That I, I can get a better handle on, okay. How do I secure that? I've got some standards, but that's the far edge. It's, it's the, the OT yes. Piece of it. That's sort of the brave new world. What are you seeing there? How do you protect those far flowing estates? >>I think this gets back to the question of what's what's new or what's coming and where do we see the, the next set of workloads that we have to tackle? You know, when we came along first instance, we were really doing a lot of the on-prem on-prem and, and, and known cloud infrastructure suites. Then we started really tackling the broader crowd market with tools and technology to give visibility and control of the overall cloud environment. OT represents that next big addressable market for us, because there are so many questions around devices where they are, how old they are, what they're running. So visibility into the OT network is extremely, extremely important. And, you know, the, the wall that has existed again between the CISO and the OT environments coming down, we're seeing that's closer, closer alignment between the security on both those worlds. So the announcement that we've made around extending our Falcon discover product, to be able to receive and understand device information from the OT network and bring it into the same console as the, the it and the OT in the same console to give one cohesive picture of, of visibility of all of our devices is a major step forward for our customers and for, for the industry as well. >>And we see that being, being able to get the visibility will then lead us to a place of being able to build our AI models, build our response frameworks. So then we can go to a full EDR and then beyond that, there's, you know, all the other things that CrowdStrike do so well, but this is the first step to really the first step on control is visibility. And >>The OT guys are engineers. So they're obviously conscious of this stuff. It's, it's more it's again, you're extending that culture, isn't >>It? Yeah, yeah, yeah. Now when you're looking at threats, great, you want to do things to protect against those threats, but how much, how much of CrowdStrike's time is spent thinking about the friction that's involved in transactions? If I wanna go to the grocery store, think of me as an end point. If I wanna go to the grocery store, if I had to drive through three DUI checkpoints or car safety inspections. Yeah. Every time I went to the grocery store, I wouldn't be happy as an end point as an end user in this whole thing. Ideally, we'd be able just to be authenticated and then not have to worry about anything moving forward. Do you see that as your role, reducing friction 1%, >>That's again, one of the core tenants of, of, of why George founded the company. I mean, he tells the story of sitting on an airplane and seeing an executive who was also on the airplane, trying to boot their machine up and try and get an email out before the plane took off and watching the scanning happen, you know, old school virus scanning happening on the laptop and, and that executive not making it because, and he is like in this day and age, how can we be holding people back with that much friction in their day to day life? So that's one of the, again, founding principles of what we do at CrowdStrike was the security itself needs to support business growth, support, user growth, and actually get out of the way of how people do things. And we've seen progression along that lines. I think the zero trust work that we're doing right now really helps with that as well. >>Our integrations into other companies that play within the zero trust space makes that frictionless experience for the user, because yeah, we, we, we want to be there. We want to know everything that's happening, but we don't wanna see where we always want control points, but that's the value of the telemetry we take. We're taking all the data so we can see everything. And then we pick what we want to review rather than having to do the, the checkpoint approach of stop here. Now, let me see your credentials. Stop here. Let me see your credentials because we have a full field of, of knowledge and information on what the device is doing and what the user is doing. We're able to then do the trust with verify style approach. >>So coming back to the, to the edge in IOT, you know, bringing that zero trust concept to the, to the edge you've got, you've got it. And OT. Okay. So that's a new constituency, but you're consolidating that view. Your job gets harder. Doesn't it? So, so, so talk about how you resolve that. Do do the, do the concepts that you apply to traditional it endpoints apply at the edge. >>So first things we have to do is gain the visibility. And, and so the way in which we're doing that is effectively drawing information out from the OT environment at, by, by having a collector that's sitting there and bringing that into our console, which then will give us the ability to run our AI models and our other, you know, indications of attack or our indicators of misconfiguration into the model. So we can see whether something's good or bad whilst we're doing that. Obviously we're also working on building specific senses that will then sit in OT devices down, you know, one layer down from rather being collected and pulled and brought into the platform, being collected at the individual sensor level when we have that completed. And that requires a whole different ecosystem for us, it means that we have to engage with organizations like Rockwell and Siemens and Schneider, because they're the people who own the equipment, right? Yeah. And we have to certify with them to make sure that when we put technology onto their equipment, we're not going to cause any kind of critical failure that, you know, that could have genuine real world physical disastrous consequences. So we have to be super careful with how we build that, which we're we're in the process of >>Doing are the IOA signatures indicator as a tax. So I don't have to throw a dollar in the jar. Are the IOA signatures substantially similar at, at the edge, or >>I think we learn as we go, you know, first we have to gain the information and understand what good and bad looks like, what the kind of behaviors are there. But what we will see is that, you know, as someone's trying to, there's an actor, you know, making an attack, you know, will be able to see how they're affecting each of those endpoints individually, whether they're trying to take some form of control, whether they're switching them on and off in the edge and the far edge, it's a little bit more binary in terms of the kind of function of the device. It is the valve open or is the valve closed? It's is the production line running or is the production not line running, not running. So we need to be able to see that it's more about protecting the outcomes there as well. But again, you know, it's about first, we have to get the information. That's what this product will help us do, get it into the platform, get our teams over the top of it, learn more about what's going on there and then be able to take action. >>But the key point is the architecture will scale. And that's where the cloud native things comes >>Into. Yeah, it'll, it'll it'll scale. But to your, to your point about the lack of investment and infrastructure means older stuff means potentially wider gaps, bigger security holes, more opportunity for the security sector. Yep. I buy that. That makes sense. I think if it's a valid argument, when you, when you, when you know, we, we loosely talk about internet of things, edge, a lot of those things on the edge, there's probably a trillion dollars worth of a hundred year old garbage, and I'm only slightly exaggerating on the trillion and the a hundred years old, a lot of those critical devices that need to be sensed that are controlling our, our, our, our electrical grid. For example, a lot of those things need to be updated. So, so as you're pushing into that frontier, are you, you know, are, are you extending out developer kits and APIs to those people as they're developing those new things? Well, because some of the old stuff will never work. >>And that's what we're we're seeing is that there is a movement within the industrial control side of things to actually start, you know, doing this. Some, some simple things like removing the air gap from certain systems because you, now we can build a system around it. That's trustable and supportable. So now we can get access there over, over and over a network over the internet to, to, to kind of control a valve set that's down a pipeline or something like that. So there is, there is, there is willingness within the ecosystem, the, the IOT provider ecosystem to give us access to some of those, those controls, which, which wasn't there, which has led to some of some of these issues. Are we gonna be able to get to all of them? No, we're gonna have to make decisions based on customer demand, based on where the big, the big rock lie. And, and so we will continue to do that based on customer feedback on again, on what we see >>And the legacy air gaps in the OT worlds were by design for security reasons, or just sort of >>Mostly because there was no way to, to do before. Right. So it was, was like black >>Connectivity is >>So, so, so it was, people felt more comfortable sending an engineer route to the field truck roll. Yeah, yeah, yeah. To do it rather than expensive, rather. And, and exactly that, again, going back to our macro economic situation, you know, it's a very expensive way of managing and maintaining your fleet if you have to send someone to it every time. So there is a lot of there's, there's a lot of customer demand for change, and we're engaging in that change. And we want, we see a huge opportunity there >>Coming back to the X XDR Alliance, cuz that's kind of where we started. Where do you wanna see that go? What's your vision for that? >>So the Alliance itself has been fundamental in terms of now where we go with the overall platform. We are always constantly looking for customer feedback on where we go next on what additional elements to add that the Alliance members have been this fantastic time and effort in terms of engaging with us so that we can build in responses to their platforms, into, you know, into, into what we do. And they're seeing the value of it. I, I feel that over the next, you know, over the next two year period, we're gonna see those, our XDR Alliance and other XDR alliances growing out to get to each other and they will they'll touch each other. We will have to do it like the OSF project at AWS. And as that occurs, we're gonna be able to focus on customer outcomes, which is, you know, again, if you listen to George, you listen to Mike protecting the customers, the mission of CrowdStrike. So I think that's core to that, to, to that story. What we will see now is it's a great vehicle for us to give a structured approach to partnership. So we'll continue to invest in that. We've, we've got, we've got a pipeline of literally hundreds of, of partners who want to join. We've just gotta do that in a way that's consumable for us and consumable for the customer. >>Jeff Swain. Thanks so much for coming back in the cube. It's great to have you. Yeah. Thanks guys. Thank you. Okay. And thank you for watching Dave Nicholson and Dave ante. We'll be back right after this short break. You're watching the cube from Falcon 22 in Las Vegas, right back.

>>Welcome back to the aria in Las Vegas, Dave Valante with Dave Nicholson, Falcon 22, the Cube's continuous coverage. Sean Henry is here. He's the president of the services division and he's the chief security officer at CrowdStrike. And he's joined by Kevin mania, CEO of Mandy. Now part of Google Jens. Welcome to the cube. Thank you. Congrats on closing the Google deal. Thank you. That's great. New chapter, >>New >>Chapter coming fresh off the keynote, you and George. I really en enjoyed that. Let's start there. One of the things you talked about was the changes you've been, you've been in this business for a while. I think you were talking about, you know, doing some of these early stuff in the nineties. Wow. Things have changed a lot the queen, right? Right. You used to put the perimeter around the queen. Yeah. Build the Mo the Queen's left or castle new ballgame. But you were talking about the board level knowledge of security in the organization. Talk about that change. That's occurred in the last >>Decade. You know, boards are all about governance, right? Making sure everybody's doing the right things. And they've kind of had a haul pass on cybersecurity for a long time. Like we expect them to be great at financial diligence, they understand the financials of an organization. You're gonna see a maturity, I think in cybersecurity where I think board members all know, Hey, there's risk out there. And we're on our own to kind of defend ourselves from it, but they don't know how to quantify it. And they don't know how to express it. So bottom line boards are interested in cyber and we just have to mature as an industry to give them the tools they need to measure it appropriately. >>Sean, one of the things I wanted to ask you. So Steven Schmidt, I noticed changed his title from CISOs chief inf information security officer, the chief security officer. Your title is chief security officer. Is that a nuance that has meaning to you or is it just less acronym? >>It depends on the organization that you're in, in our organization, the chief security officer owns all risks. So I have a CISO that comes underneath me. Yep. And I've got a security folks that are handling our facilities, our personnel, those sorts of things, all, all of our offices around the globe. So it's all things security. One of the things that we've found and Kevin and I were actually talking about this earlier is this intersection between the physical world and the virtual world. And if you've got adversaries that want gain access to your organization, they might do it remotely by trying to hack into your network. But they also might try to get one of your employees to take an action on their behalf, or they might try to get somebody hired into your company to take some nefarious acts. So from a security perspective, it's about building an envelope around all things valuable and then working it in a collaborative way. So there's a lot of interface, a lot of interaction and a lot of value in putting those things together. And, >>And you're also president of the services division. Is that a P and L role or >>It is, we have a it's P P O P and L. And we have an entire organization that's doing incident response and it's a lot of the work that we're doing with, with Kevin's folks now. So I've got both of those hats today. >>Okay. So self-funded so in a way, okay. Where are companies most at risk today? >>Huh? You wanna go on that one first? Sean, you talk fast than me. So it's bigger bang for the buck. If >>You >>Talk, you know, when I, when I think about, about companies in terms of, of their risk, it's a lot of it has to do with the expansion of the network. Companies are adding new applications, new devices, they're expanding into new areas. There are new technologies that are being developed every day and that are being embraced every day. And all of those technologies, all of those applications, all of that hardware is susceptible to attack. Adversaries are looking for the vulnerabilities they can exploit. And I think just kind of that sprawl is something that is, is disconcerting to me from a security perspective, we need to know where our assets are, where the vulnerabilities lie, how do we plug the holes? And having that visibility is really critical to ensure that you're you're in, involved in mitigating that, that new architecture, >>Anything you >>Did. Yeah. I would like when I, so I can just tell you what I'm hearing from CISOs out there. They're worried about identity, the lateral movement. That's been kind of part of every impactful breach. So in identity's kind of top three of mind, I would say zero trust, whatever that means. And we all have our own definitions of migration to zero trust and supply chain risk. You know, whether they're the supplier, they wanna make sure they can prove to their customers, they have great security practices. Or if they're a consumer of a supply chain, you need to understand who's in their supply chain. What are their dependencies? How secure are they? Those are just three topics that come up all the time. >>As we extend, you know, talking about XDR the X being extend. Do you see physical security as something that's being extended into? Or is it, or is it already kind of readily accepted that physical security goes hand in hand with information security? >>I, I don't think a lot of people think that way there certainly are some and Dave mentions Amazon and Steve Schmidt as a CSO, right? There's a CSO that works for him as well. CJ's clear integration. There's an intelligence component to that. And I think that there are certain organizations that are starting to recognize and understand that when we say there's no real perimeter, it, it expands the network expands into the physical space. And if you're not protecting that, you know, if you don't protect the, the server room and somebody can actually walk in the doors unlocked, you've got a vulnerability that might be exploited. So I think to, to recognize the value of that integration from a security perspective, to be holistic and for organizations to adopt a security first philosophy that all the employees recognize they're, they're the, the first line of defense. Oftentimes not just from a fish, but by somebody catching up with them and handing 'em a thumb drive, Hey, can you take a look at this document? For me, that's a potential vulnerability as well. So those things need to be integrated. >>I thought the most interesting part of the keynote this morning is when George asked you about election security and you immediately went to the election infrastructure. I was like, yeah. Okay. Yeah. But then I was so happy to hear you. You went to the disinformation, I learned something there about your monitoring, the network effects. Sure. And, and actually there's a career stream around that. Right. The reason I had so years ago I interviewed was like, this was 2016, Robert Gates. Okay. Former defense. And I, I said, yeah, but don't we have the best cyber can't we go on the offense. He said, wait a minute, we have the most to lose. Right. But, but you gave an example where you can identify the bots. Like let's say there's disinformation out there. You could actually use bots in a positive way to disseminate the, the truth in theory. Good. Is, is that something that's actually happening >>Out there? Well, I think we're all still learning. You know, you can have deep fakes, both audible files or visual files, right. And images. And there's no question. The next generation, you do have to professionalize the news that you consume. And we're probably gonna have to professionalize the other side critical thinking because we are a marketplace of ideas in an open society. And it's hard to tell where's the line between someone's opinion and intentional deception, you know, and sometimes it could be the source, a foreign threat, trying to influence the hearts and minds of citizens, but there's gonna be an internal threat or domestic threat as well to people that have certain ideas and concepts that they're zealots about. >>Is it enough to, is it enough to simply expose where the information is coming from? Because, you know, look, I, I could make the case that the red Sox, right. Or a horrible baseball team, and you should never go to Fenway >>And your Yankees Jersey. >>Right. Right. So is that disinformation, is that misinformation? He'd say yes. Someone else would say no, but it would be good to know that a thousand bots from some troll farm, right. Are behind us. >>There's, it's helpful to know if something can be tied to identity or is totally anonymous. Start just there. Yeah. Yeah. You can still protect the identity over time. I think all of us, if you're gonna trust the source, you actually know the source. Right. So I do believe, and, and by the way, much longer conversation about anonymity versus privacy and then trust, right. And all three, you could spend this whole interview on, but we have to have a trustworthy internet as well. And that's not just in the tech and the security of it, but over time it could very well be how we're being manipulated as citizens and people. >>When you guys talk to customers and, and peers, when somebody gets breached, what's the number one thing that you hear that they wished they'd done that they didn't. >>I think we talked about this earlier, and I think identity is something that we're talking about here. How are you, how are you protecting your assets? How do you know who's authorized to have access? How do you contain the, the access that they have? And the, the area we see with, with these malware free attacks, where adversaries are using the existing capabilities, the operating system to move laterally through the network. I mean, Kevin's folks, my folks, when we respond to an incident, it's about looking at that lateral movement to try and get a full understanding of where the adversary's been, where they're going, what they're doing, and to try to, to find a root cause analysis. And it really is a, a critical part. >>So part of the reason I was asking you about, was it a P and L cuz you, you wear two hats, right? You've got revenue generation on one side and then you've got you protect, you know, the company and you've got peer relationships. So the reason I bring this up is I felt like when stucks net occurred, there was a lot of lip service around, Hey, we, as an industry are gonna work together. And then what you saw was a lot of attempts to monetize, you know, private data, sell private reports and things of that nature you were referencing today, Kevin, that you think the industry's doing a much better job of, of collaboration. Is it, can you talk about that and maybe give some examples? >>Absolutely. I mean, you know, I lived through it as a victim of a breach couple years ago. If you see something new and novel, I, I just can't imagine you getting away with keeping it a secret. I mean, I would even go, what are you doing? Harboring that if you have it, that doesn't mean you tell the whole world, you don't come on your show and say, Hey, we got something new novel, everybody panic, you start contacting the people that are most germane to fixing the problem before you tell the world. So if I see something that's new in novel, certainly con Sean and the team at CrowdStrike saying, Hey, there's because they protect so many endpoints and they defend nations and you gotta get to Microsoft. You have to talk to pan. You have to get to the companies that have a large capability to do shields up. And I think you do that immediately. You can't sit on new and novel. You get to the vendor where the vulnerability is, all these things have to happen at a great rate to speak. >>So you guys probably won't comment, but I'm betting dollars to donuts. This Uber lapses hack you guys knew about. >>I turned to you. >>No comment. I'm guessing. I'm guessing that the, that wasn't novel. My point being, let me, let me ask it in a more generic fashion that you can maybe comment you you're. I think you're my, my inference is we're com the industry is compressing the time between a zero day and a fix. Absolutely. Absolutely. Like dramatically. >>Yes. Oh, awareness of it and AIX. Yes. Yeah. >>Okay. Yeah. And a lot of the hacks that we see as lay people in the media you've known about for quite some time, is that fair or no, not necessarily. >>It's, you know, it's harder to handle an intrusion quietly and discreetly these days, especially with what you're up against and, and most CEOs, by the way, their intent isn't, let's handle it quietly and discreetly it's what do we do about it? And what's the right way to handle it. And they wanna inform their customers and they wanna inform people that might be impacted. I wouldn't say we know it all that far ahead of time >>And, and depends. And, and I, I think companies don't know it. Yeah. Companies don't know they've been breached for weeks or months or years in some cases. Right. Which talks about a couple things, first of all, some of the sophistication of the adversaries, but it also talks about the inability of companies to often detect this type of activity when we're brought in. It's typically very quickly after the company finds out because they recognize they've gotta take action. They've got liability, they've got brand protection. There, whole sorts of, of things they need to take care of. And we're brought in it may or may not be, become public, but >>CrowdStrike was founded on the premise that the unstoppable breach is a myth. Now that's a, that's a bold sort of vision. We're not there yet, obviously. And a and a, and a, a CSO can't, you know, accept that. Right. You've gotta always be vigilant, but is that something that is, that we're gonna actually see manifest, you know, in any, any time in the near term? I mean, thinking about the Falcon platform, you guys are users of that. I don't know if that is part of the answer, but part of it's technology, but without the cultural aspects, the people side of things, you're never gonna get there. >>I can tell you, I started Maning in 2004 at the premise security breaches are inevitable, far less marketable. Yeah. You know, stop breaches. >>So >>Yeah. I, I think you have to learn how to manage this, right? It's like healthcare, you're not gonna stop every disease, but there's a lot of things that you can do to mitigate the consequences of those things. The same thing with network security, there's a lot of actions that organizations can take to help protect them in a way that allows them to live and, and operate in a, in a, a strong position. If companies are lackadaisical that irresponsible, they don't care. Those are companies that are gonna suffer. But I think you can manage this if you're using the right technology, the right people, you've got the right philosophy security first >>In, in the culture. >>Well, I can tell you very quickly, three reasons why people think, why is there an intrusion? It should just go away. Well, wherever money goes, crime follows. We still have crime. So you're still gonna have intrusions, whether it has to be someone on the inside or faulty software and people being paid the right faulty software, you're gonna have war. That's gonna create war in the cyber domain. So information warriors are gonna try to have intrusions to get to command and control. So wherever you have command and control, you'll have a war fighter. And then wherever you have information, you have ESP Espino. So you're gonna have people trying to break in at all times. >>And, and to tie that up because everything Kevin said is absolutely right. And what he just said at the very end was people, there are human beings that are on the other side of every single attack. And think about this until you physically get physically get to the people that are doing it and stop them. Yes, this will go on forever because you can block them, but they're gonna move and you can block them again. They're gonna move their objectives. Don't change because the information you have, whether it's financial information, intellectual property, strategic military information, that's still there. They will always come at it, which is where that physical component comes in. If you're able to block well enough and they can't get you remotely, they might send somebody in. Well, >>I, in the keynote, I, I'm not kidding. I'm looking around the room and I'm thinking there's at least one person here that is here primarily to gather intelligence, to help them defeat. What's being talked about here. >>Well, you said it's, >>It's kind >>Of creepy. You said the adversary is, is very well equipped and motivated. Why do you Rob banks? Well, that's where the money is, but it's more than that. Now with state sponsored terrorism and, you know, exfiltration of state secrets, I mean, there's, it's high stake's games. You got, this >>Has become a tool of nation states in terms from a political perspective, from a military perspective, if you look at what happened with Ukraine and Russia, all the work that was done in advanced by the Russians to soften up the Ukrainians, not just collection of intelligence, not just denial of services, but then disruptive attacks to change the entire complexity of the battlefield. This, this is a, an area that's never going away. It's becoming ingrained in our lives. And it's gonna be utilized for nefarious acts for many, many decades to come. >>I mean, you're right, Sean, we're seeing the future of war right before us is, is there's. There is going to be, there is a cyber component now in war, >>I think it signals the cyber component signals the silent intention of nations period, the silent projection of power probably before you see kinetics. >>And this is where gates says we have a lot more to lose as a country. So it's hard for us to go on the offense. We have to be very careful about our offensive capabilities because >>Of one of the things that, that we do need to, to do though, is we need to define what the red lines are to adversaries. Because when you talk about human beings, you've gotta put a deterrent in place so that if the adversaries know that if you cross this line, this is what the response is going to be. It's the way things were done during nuclear proliferation, right? Right. During the cold war, here's what the actions are gonna be. It's gonna be, it's gonna be mutual destruction and you can't do it. And we didn't have a nuclear war. We're at a point now where adversaries are pushing the envelope constantly, where they're turning off the lights in certain countries where they're taking actions that are, are quite detrimental to the host governments and those red lines have to be very clear, very clearly defined and acted upon if they're >>Crossed as security experts. Can you always tie that signature back to say a particular country or a particular group? >>Absolutely. 100% every >>Time I know. Yeah. No, it it's. It's a great question. You, you need to get attribution right. To get to deterrence, right. And without attribution, where do you proportionate respond to whatever act you're responding to? So attribution's critical. Both our companies work hard at doing it and it, and that's why I think you're not gonna see too many false flag operations in cyberspace, but when you do and they're well crafted or one nation masquerades is another, it, it, it's one of the last rules of the playground I haven't seen broken yet. And that that'll be an unfortunate day. >>Yeah. Because that mutually assure destruction, a death spot like Putin can say, well, it wasn't wasn't me. Right. So, and ironically, >>It's human intelligence, right. That ultimately is gonna be the only way to uncover >>That human intelligence is a big component. >>For sure. Right. And, and David, like when you go back to, you were referring to Robert Gates, it's the asymmetry of cyberspace, right? One person in one nation. That's not a control by asset could still do an act. And it, it just adds to the complexity of, we have attribution it's from that nation, but was it in order? Was it done on behalf of that nation? Very complicated. >>So this is an industry of superheroes. Thank you guys for all you do and appreciate you coming on the cube. Wow. >>I love your Cape. >>Thank all right. Keep it right there. Dave Nicholson and Dave ante be right back from Falcon 22 from the area you watching the cue.