hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

>>from around the globe. >>It's the cube with coverage of Kublai khan and cloud Native >>Con, Europe 2021 Virtual >>brought to you by >>red hat, cloud >>Native Computing foundation >>and ecosystem partners. >>Welcome back to the cubes coverage of coupon 21 cloud native con 21 part of the C N C s annual event this year. It's Virtual. Again, I'm john Kerry host of the cube and we have two great guests from the C N C. F. Cheryl Hung VP of ecosystems and Katie Manji who's the ecosystem advocate for C N C F. Thanks for coming on. Great to see you. I wish we were in person soon, maybe in the fall. Cheryl Katie, thanks for coming on. >>Um, definitely hoping to be back in person again soon, but john great to see you and great to be back on the >>cube. You know, I have to say one of the things that really surprised me is the resilience of the community around what's been happening with the virtual in the covid. Actually, a lot of people have been, um, you know, disrupted by this, but you know, the consensus is that developers have used to been working remotely and virtually in a home and so not too much disruption, but a hell of a lot of productivity. You're seeing a lot more cloud native, um, projects, you're seeing a lot more mainstreaming and the enterprise, you're starting to see cloud growth, just a really kind of nice growth. And we've been saying for years, rising tide floats, all boats, Cheryl, but this year you're starting to see real mainstream adoption with cloud native and this has really been part of the work of the community you guys have done. So what's your take on this? Because we're going to be coming out of this Covid pretty soon. There's a post covid light at the end of the tunnel. What's your view? >>Yeah, definitely, fingers crossed on that. I mean, I would love Katie to give her view on this. In fact, because she came from Conde Nast and American Express, both huge companies that were adopting have adopted cloud Native successfully. And then in the middle of the pandemic, in the middle of Covid, she joined CN CF. So Katie really has a view from the trenches and Katie would love to hear your thoughts. >>Yeah, absolutely. Uh, definitely cloud native adoption when it comes to the tooling has been more permanent in the enterprises. And that has been confirmed of my role at American Express. That is the role I moved from towards C N C F. But the more surprising thing is that we see big companies, we see banks and financial organization that are looking to adopt open source. But more importantly, they're looking for ways to either contribute or actually to direct it more into these areas. So from that perspective, I've been pretty much at the nucleus of enterprise of the adoption of cloud Native is definitely moving, it's slow paced, but it's definitely forward moving as well. Um and now I think while I'm in the role with C N C F as an ecosystem advocate and leading the end user community, there has been definitely uh the community is growing um always intrigued to find out more about the cloud Native usage is one of the things that I find quite intriguing is the fact that not one cloud native usage, like usage of covering just one platform, which is going to be called, the face is going to be the same. So it's always intriguing to find new use cases, find those extremist cases as well, that it really pushes the community forward. >>I want to do is unpack. The end user aspect of this has been a hallmark of the CNC F for years, always been a staple of the organization. But this year, more than ever it's been, seems to be prominent as people are integrating in what about the growth? I mean from last year this year and the use and user ecosystem, how have you guys seen the growth? Is there any highlights because have any stats and or observations around how the ecosystem is growing around the end user piece? >>Sure, absolutely. I mean, I can talk directly about C N C F and the C N C F. End user community, much like everything else, you know, covid kind of slowed things down, so we're kind of not entirely surprised by that, But we're still going over 2020 and in fact just in the last few months have brought in some really, really big names like Peloton, Airbnb, Citibank, um, just some incredible organizations who are, who have really adopted card native, who have seen the success and the benefits of it. And now we're looking to give back to the community, as Katie said, get involved with open source and be more than just a passive consumer of the technologies, but actually become leaders in their own right, >>Katie talk about the dynamic of developers that end user organizations. I mean, you have been there, you're now you've been on both sides of the table if you will not to the sides of the table, it's more like a round table if you will, but community driven. But traditional, uh, end user organizations, not the early adopters, not the hyper scale is, but the ones now are really embedding hybrid, um, are changing how I t to how modern applications being built. That's a big theme in these mainstream organizations. What's the dynamic going on? What's your view? >>I think for any organization, the kind of the core, what moves the organization towards cloud Native is um pretty much being ahead of your competitors. And now we have this mass of different organization of the cloud native and that's why we see more kind of ice towards this area. So um definitely in this perspective when it comes to the technology aspect, companies are looking to deploy complex application in an easier manner, especially when it comes to pushing them to production system securely faster. Um and continuously as well. They're looking to have this competitive edge when it comes to how can they quickly respond to customer feedback? And as well they're looking for this um hybrid element that has been, has been talked about. Again, we're talking about enterprise is not just about public cloud, it's about how can we run the application security and getting both an element of data centers or private cloud as well. And now we see a lot of projects which are balancing around that age but more importantly there is adoption and where there's adoption, there is a feedback loop and that's how which represents the organic growth. >>That's awesome. Cheryl like you to define what you mean when you say end user driven open source, what does that mean? >>Mm This is a really interesting dynamic that I've seen over the last couple of years. So what we see is that more and more of the open source project, our end users who who are solving their own problems and creating their own projects and donating these back to the community. An early example of this was Envoy and lift and Yeager from Uber but Spotify also recently donated backstage, which is a developer portal which has really taken off. We've also got examples from Intuit Donating Argo. Um I'm sure there are some others that I've just forgotten. But the really interesting thing I see about this is that class classically right. Maybe a few years ago, if you were an end user organization, you get involved through a vendor, you'd go to a red hat or something and say, hey, you fix this on my behalf because you know that's what I'm paying you to do. Whereas what I see now is and user saying we want to keep this expertise in house and we want to be owners of our own kind of direction and our own fate when it comes to these open source projects. And that's been a big driver for this trend of open source and user driven, open source. >>It's really the open model is just such a great thing. And I think one of the interesting thing is that fits in with a lot of people who want to work from mission driven companies, but here there's actually a business benefit as you pointed out as in terms of the dynamic of bringing stuff to the community. This is interesting. I'm sure that the ability to do more collaboration, um, either hiring or contributing kind of increases when you have this end user dynamic because that's a pretty big decision to donate and bring something into the open source. What's the playbook though? If I'm sitting in an end user organization like american express Katie or a big company, say, hey, you know, we really developed this really killer use cases niche to us, but we want to bring it to the community. What do they do? Is there like a, like a manager? Do they knock on someone's door? Zara repo is, I mean, how does someone, I mean, how does an end user get this done? >>Mm. Um, I think one of the best resources out there is called the to do group, which is a organization underneath the Linux foundation. So it's kind of a sister group to C N C F, which is about open source program offices. And how do you formalize such an open source program? Because it's pretty easy to say, oh well just put something on get hub. But that's not the end of the story, right? Um, if you want to actually build a community, if you want other people to contribute, then you do actually have to do more than just drop it and get up and walk away. So I would say that if you are an end user company and you have created something which scratches your own itch and you think other people could benefit from it then definitely come. And like you could email me, you could email Chris and chick who is the ceo of C N C F and just get in touch and sort of ask around about what are the things that you could do in terms of what you have to think about the licensing, How do you develop a community governance program, um, trademark issues, all of these things. >>It's interesting how open source is growing so much now, chris has got so much action going on. New verticals are opening up, you know, so, so much action Cheryl you had posted on the internet predictions for cloud native, which I found interesting because there's so much action going on, you have to break things out into pillars, tech devops and ecosystem, each one kind of with a slew event of key trends. So take us through the mindset, why break it out like that? You got tech devops and ecosystem tradition that was all kind of bundled in one. Why? Why the pillars? And is it because there's so much action, what's, what's the basis behind the prediction? >>Um so originally this was just a giant list of things I had seen from talking to people and reading around and seeing what people are talking about on social media. Um And when, once I invested at these 10, I thought about what, what does this actually mean for the people who are going to look at this list and what should they care about? So I see tech trends as things related to tools, frameworks. Um, perhaps architects I see develops as people who are more as a combination of process, things that a combination of process and people and culture best practices and then ecosystem was kind of anything else broader than that. Things that happened across organizations. So you can definitely go to my twitter, you can go to at boy Chevelle, O I C H E R Y L and take a look at this and This is my list of 10. I would love to hear from you whether you agree with it, whether you think there are other things that I've missed or what would your >>table. I love. I love the top. Well, first of all I think this is very relevant. The one that I would ask you on is more rust and cloud native. That's the number one item. Um, I think cross cloud is definitely totally happening, I think people are really starting to think about that and so I'd love to get your comments on that. But I think the thing that jumped out at me was the devops piece because this is a trend that I've been seeing a lot more certainly even in academic institutions, for folks in school, right? Um going to college for computer science and engineering. This idea of, sorry, large scale, cloud is not so much an IT practice, it's much more of a cloud native mindset. So I think this idea of of ops so much more about scale. I use SRE only because I can't think of a better word around it and certainly the edge pieces with kubernetes, I think this is the, I think the biggest story to me that's where all the action seems to be when I talk to people around what they're working on in terms of training new people on boarding and what not Katie, you're shaking your head, you're like Yeah, what's your thoughts? Yeah, >>I have definitely been uh through all of these stages from having a team where the develops, I think it's more of a culture of like a pattern to adopt within an organization more than anything. So I've been pre develops within develops and actually during the evolution of it where we actually added an s every team as well. Um I think having these cultural changes with an organization, they are necessary, especially they want to iterate iterate quicker and actually deliver value to the customers with minimal agency because what it actually does there is the collaboration between teams which were initially segregated. And that's why I think there is a paradigm nowadays which is called deficit ops, which actually moves security more to its left. This has been very popular, especially in the, in the latest a couple of months. Lots of talks around it and even there is like a security co located event of Yukon just going to focus on that mainly. Um, but as well within the Devil's area, um, one of the models that has been quite permanent has been get ups as well, which pretty much uses the power of gIT repositories to describe the state of the applications, how it actually should be within the production system and within the cloud native ecosystem. There are two main tools that pretty much leave this area and there's going to be Argo City which has been donated by, into it, which is our end user And we have flux as well, which has been donated by we've works and both of these projects currently are within the incubation stage, which pretty much by default um showcases there is a lot of adoption from the organizations um more than 100 of for for some of them. So there is a wider adoption um, and everything I would like to mention is the get ups working group which has emerged I think between que con europe and north America last year and that again is more to define a manifest of how exactly get expert and should be adopted within organizations. So there is a lot of, I would say initiatives and this is further out they confirmed with the tooling that we have within the ecosystem. >>That's really awesome insight. I want to just, if you don't mind follow up on that, why is getups so important right now, Is it because the emphasis of security is that the emphasis of more scale, Is it just because it's pretty much kid was okay just because storing it over there, Is it because there's so much more inspections are going on around it? I mean code reviews have been going on for a long time. What's what's the big deal? Why is it so hot right now? In your opinion? >>I think there is definitely a couple of aspects that are quite important. You mentioned security, that's definitely one of them with the get ups battery. And there is a pool model rather than a push model. So you have the actual tool, for example, our great city of flux watching for repository and if any changes are identified is going to pull those changes automatically. So the first thing that we actually can see from this model is that we always will have a delta between what's within our depositors and the production system. Usually if you have a pool model, you can pull it uh can push the changes towards death staging environment but not always the production because you have the change window sometimes with the get ups model, you'll always be aware of what's the Dell. Can you have quite a nice way to visualize that especially for your city, which has the UI as well as well with the get ups pattern, there is less necessity to share the credentials with the actual pipeline tool. All of because Argo flux there are natively build around communities, all the secrets are going to be residing within the cluster. There is no need to share any extra credentials or an extra permissions with external tools as well. There are scale, there is again with kids who have historical data points which allows us to easily revert um to stable points of the applications in the past. So multiple, multiple benefits I would say, but definitely secured. I think it's one of the main one and it has been talked about quite a lot as well. >>A lot of these end user stories revolve around these dynamics and the ones you guys are promoting and from your members as well as in the community at large is I hate to use the word day two operations, but that really is the issue like okay, we're up and running. I want more automation. This is again tops kind of vibe here where it's like okay we gotta go troubleshoot all this, but it should be working as more stuff comes in. This becomes more and more the dynamic is that is that because of just more edges, more things, more devices, what's what's the what's the push behind all these stories around this automation and day to operation things? What do you guys think? >>I think, I think the expectations are getting higher and higher to be honest, a few years ago it was enough to use containers and start using the barest minimum, you know, to orchestrate those containers. But now what we see is that, you know, it's easy to choose the technology, it's easy to install it and even configure it. But as you said, john those data operations are really, really hard. For example, one of the ones that we've seen up and coming and we care about from CNCF is kubernetes on the edge. And we see this as enabling telco use cases and 5G and IOT and really, really broad, difficult use cases that just a few years ago would have been nice on impossible, Katie, your zone, Katie Katie, you also talk about edge. Right? >>Absolutely. I think I I really like to watch some of the talks that keep going, especially given by the big organizations that have to manage thousands or tens of thousands, hundreds of thousands of customers. And they have to deliver a cluster to these to these teams. Now, from their point of view, they pretty much have to manage clusters at scale. There is definitely the edge out there and they really kind of pushing the technology towards how can we get closer to the physical devices within the customers? Kind of uh, let's say bubble or area in surface. So age has been definitely something which has been moving a lot when it comes to the cloud native ecosystem. We've had a lot of projects moving to towards the incubation stage, carefree as has been there, um, for for a while and again, has a lot of adoption is known for its stability. But another thing that I would like to mention is that now currently we have a lot of projects that are age focus but within some box, so there is again, a lot of potential if there's gonna be a higher demand for this, I would expect this tools move from sandbox to incubation and even graduation. So that's definitely something which, uh, it's moving and there is dynamism around it. >>Well, Cheryl kid, you guys are awesome, love the work you're doing. I gotta ask the final question since you brought it up about the expectations. Cheryl, if you guys could both end the segment with the comment around expectations as the industry and companies and developers and participants continue to grow. What, what's changed with C N C F koo Kahne cloud, native khan as the expectation has been growing and the stakes are higher too, frankly, I mean you've got security, you mentioned these things edge get up, so you start to see the maturation of this ecosystem, what's new and what's expected of you guys, What do you see and how are you guys organizing? >>I think we can definitely say the ecosystem has matured a lot compared to a few years ago. Same with CNTF, same with Cuba con, I think the very first cubic on I went to was Berlin, which was about 1800 people. Um, the kind of mind boggling to see how much, how much it's grown since then. I mean one of the things that we try and do is to expand the number of people who can reach the community. So for example, we launched kubernetes community days and we launched, that means community organized events in africa, for example, for people who couldn't come to large events in north America or europe, um we also launching things to help students. I actually love talking to students because quite often now you talk to them and they say, oh, I've never run software in anything other than a container. You're like, yeah, well this was a new thing, this is brand new a few years ago and now you can be 18 and have never tried anything else. So it's pretty amazing. But yeah, there's definitely, there's always space to go to the community. >>Yeah, once you go cloud native, it's like, you know, like you've never load Lennox on them server before. I mean, what, what's going on? Get your thoughts as expectations go higher And certainly there's more in migration, not only for young folks because they're jumping into this was that engineering meets computer science is now cross discipline. You're seeing scale, you mentioned scaling up those are huge factors, you've got younger, you got cross training, you got cybersecurity and you've got Fin tech ops that's chris is working on so much is happening. What, what, what you guys keep up with your, how you gonna raise the ball? >>Absolutely. I think there's definitely technology moving forward, but I think nowadays there is a more need for actual end user stories while at the beginning of cube cons there is a lot of focus on the technical aspects. How can you fix this particular problem of deploying between two clusters are deploying at scale. There is like a lot of technical aspects nowadays they're looking for the stories because as I mentioned before, not one platform is gonna be the same when it comes to cloud native and I think there's still, the community is still trying to look for some patterns or some standards and we actually can see like especially when it comes to the open standards, we can see this moving within um the observe abilities like that application delivery will have for example cross plane and Que Bella we have open metrics and open tracing as well, which focuses on observe ability and all of the interfaces that we had around um, Cuban directory service men and so forth. All of these pretty much try to bring a benchmark, making it easier to integrate these special use cases um when it comes to actual extreme technology kind of solutions that you need to provide and um, I was mentioning the end user stories that are there more in demand nowadays mainly because these are very, very necessary from the community like for example the six or the project maintainers, they require feedback to actually move forward. And as part of that, I would like to mention that we've recently soft launched the injuries lounge, which really focuses on this particular aspect of end user stories. We try to pretty much question our end users and really understand what really moved them to adopt, coordinative, what keeps them on this path and what like future challenges they would like to um to tackle or are they facing the moment I would like to solve in the future. So we're trying to create the speed back home between the inducers and the projects out there. So I think this is something which needs to be a bit more closely together these two spheres, which currently are segregated, but we're trying to just solve that. >>Also you guys do great work, great job. Cheryl wrap us up real, take a minute to put a plug in for the C. N. C. F. In the ecosystem. What's the fashion this year? What's hot? What's the trend? What are you guys doing? Share some quick update on what's going on the ecosystem from your perspective? >>Yeah, I mean the ecosystem, even though I just said that we're maturing, you know, the growth has not stopped now, what we're seeing is these as Casey was saying, you know, more specific use cases, even bigger, even more demanding environments, even more kind of crazy use cases. I mean I love the story from the U. S. Department of Defense about putting kubernetes on their fighter jets and putting ston fighter jets, you know, it's just absurd to think about it, but I would say definitely come and be part of the community, share your stories, share what you know, help other people um if you are end user of these technologies then go to see NCF dot io slash and user and just come and be part of our community, you know, meet your peers and hear what everybody else is doing >>well. Having kubernetes and stu on jets, that's the Air Force, I would call that technical edge Katie to you know, bring, bring back the edge carol kitty, thank you so much for sharing the inside ecosystem is robust. Rising tide is floating all the boats as we always say here in the cube, it's been great to watch and continue to watch the rise. I think it's just the beginning, we're starting to see post pandemic visibility cloud native, more standards, more visibility into the economics and value and great to see the ecosystem rising up with the end users as well. So congratulations and thanks for coming up. >>Thank you so much, john it's a pleasure, appreciate >>it. Thank you for having us, john >>Great to have you on. I'm john for with the cube here for Coop Con Cloud, Native Con 21 virtual soon we'll be back in real life. Thanks for watching. Mhm.

>> Announcer: It's theCUBE! Covering the Virtual Vertica Big Data Conference 2020 brought to you by Vertica. >> Hi, everybody. Welcome back. You're watching theCUBE's coverage of the Vertica Virtual Big Data Conference. It was, of course, going to be in Boston at the Encore Hotel. Win big with big data with the new casino but obviously Coronavirus has changed all that. Our hearts go out and we are empathy to those people who are struggling. We are going to continue our wall-to-wall coverage of this conference and we're here with Larry Lancaster who's the founder and CTO of Zebrium. Larry, welcome to theCUBE. Thanks for coming on. >> Hi, thanks for having me. >> You're welcome. So first question, why did you start Zebrium? >> You know, I've been dealing with machine data a long time. So for those of you who don't know what that is, if you can imagine servers or whatever goes on in a data center or in a SAS shop. There's data coming out of those servers, out of those applications and basically, you can build a lot of cool stuff on that. So there's a lot of metrics that come out and there's a lot of log files that come. And so, I've built this... Basically spent my career building that sort of thing. So tools on top of that or products on top of that. The problem is that since at least log files are completely unstructured, it's always doing the same thing over and over again, which is going in and understanding the data and extracting the data and all that stuff. It's very time consuming. If you've done it like five times you don't want to do it again. So really, my idea was at this point with machine learning where it's at there's got to be a better way. So Zebrium was founded on the notion that we can just do all that automatically. We can take a pile of machine data, we can turn it into a database, and we can build stuff on top of that. And so the company is really all about bringing that value to the market. >> That's cool. I want to get in to that, just better understand who you're disrupting and understand that opportunity better. But before I do, tell us a little bit about your background. You got kind of an interesting background. Lot of tech jobs. Give us some color there. >> Yeah, so I started in the Valley I guess 20 years ago and when my son was born I left grad school. I was in grad school over at Berkeley, Biophysics. And I realized I needed to go get a job so I ended up starting in software and I've been there ever since. I mean, I spent a lot of time at, I guess I cut my teeth at Nedap, which was a storage company. And then I co-founded a business called Glassbeam, which was kind of an ETL database company. And then after that I ended up at Nimble Storage. Another company, EMC, ended up buying the Glassbeam so I went over there and then after Nimble though, which where I build the InfoSight platform. That's where I kind of, after that I was able to step back and take a year and a half and just go into my basement, actually, this is my kind of workspace here, and come up with the technology and actually build it so that I could go raise money and get a team together to build Zebrium. So that's really my career in a nutshell. >> And you've got Hello Kitty over your right shoulder, which is kind of cool >> That's right. >> And then up to the left you got your monitor, right? >> Well, I had it. It's over here, yeah. >> But it was great! Pull it out, pull it out, let me see it. So, okay, so you got that. So what do you do? You just sit there and code all night or what? >> Yeah, that's right. So Hello Kitty's over here. I have a daughter and she setup my workspace here on this side with Hello Kitty and so on. And over on this side, I've got my recliner where I basically lay it all the way back and then I pivot this thing down over my face and put my keyboard on my lap and I can just sit there for like 20 hours. It's great. Completely comfortable. >> That's cool. All right, better put that monitor back or our guys will yell at me. But so, obviously, we're talking to somebody with serious coding chops and I'll also add that the Nimble InfoSight, I think it was one of the best pick ups that HP, HPE, has had in a while. And the thing that interested me about that, Larry, is the ability that the company was able to take that InfoSight and poured it very quickly across its product lines. So that says to me it was a modern, architecture, I'm sure API, microservices, and all those cool buzz words, but the proof is in their ability to bring that IP to other parts of the portfolio. So, well done. >> Yeah, well thanks. Appreciate that. I mean, they've got a fantastic team there. And the other thing that helps is when you have the notion that you don't just build on top of the data, you extract the data, you structure it, you put that in a database, we used Vertica there for that, and then you build on top of that. Taking the time to build that layer is what lets you build a scalable platform. >> Yeah, so, why Vertica? I mean, Vertica's been around for awhile. You remember you had the you had the old RDBMS, Oracles, Db2s, SQL Server, and then the database was kind of a boring market. And then, all of a sudden, you had all of these MPP companies came out, a spade of them. They all got acquired, including Vertica. And they've all sort of disappeared and morphed into different brands and Micro Focus has preserved the Vertica brand. But it seems like Vertica has been able to survive the transitions. Why Vertica? What was it about that platform that was unique and interested you? >> Well, I mean, so they're the first fund to build, what I would call a real column store that's kind of market capable, right? So there was the C-Store project at Berkeley, which Stonebreaker was involved in. And then that became sort of the seed from which Vertica was spawned. So you had this idea of, let's lay things out in a columnar way. And when I say columnar, I don't just mean that the data for every column is in a different set of files. What I mean by that is it takes full advantage of things like run length and coding, and L file and coding, and block--impression, and so you end up with these massive orders of magnitude savings in terms of the data that's being pulled off of storage as well as as it's moving through the pipeline internally in Vertica's query processing. So why am I saying all this? Because it's fundamentally, it was a fundamentally disruptive technology. I think column stores are ubiquitous now in analytics. And I think you could name maybe a couple of projects which are mostly open source who do something like Vertica does but name me another one that's actually capable of serving an enterprise as a relational database. I still think Vertica is unique in being that one. >> Well, it's interesting because you're a startup. And so a lot of startups would say, okay, we're going with a born-in-the-cloud database. Now Vertica touts that, well look, we've embraced cloud. You know, we have, we run in the cloud, we run on PRAM, all different optionality. And you hear a lot of vendors say that, but a lot of times they're just taking their stack and stuffing it into the cloud. But, so why didn't you go with a cloud-native database and is Vertica able to, I mean, obviously, that's why you chose it, but I'm interested from a technologist standpoint as to why you, again, made that choice given all these other choices around there. >> Right, I mean, again, I'm not, so... As I explained a column store, which I think is the appropriate definition, I'm not aware of another cloud-native-- >> Hm, okay. >> I'm aware of other cloud-native transactional databases, I'm not aware of one that has the analytics form it and I've tried some of them. So it was not like I didn't look. What I was actually impressed with and I think what let me move forward using Vertica in our stack is the fact that Eon really is built from the ground up to be cloud-native. And so we've been using Eon almost ever since we started the work that we're doing. So I've been really happy with the performance and with reliability of Eon. >> It's interesting. I've been saying for years that Vertica's a diamond in the rough and it's previous owner didn't know what to do with it because it got distracted and now Micro Focus seems to really see the value and is obviously putting some investments in there. >> Yeah >> Tell me more about your business. Who are you disrupting? Are you kind of disrupting the do-it-yourself? Or is there sort of a big whale out there that you're going to go after? Add some color to that. >> Yeah, so our broader market is monitoring software, that's kind of the high-level category. So you have a lot of people in that market right now. Some of them are entrenched in large players, like Datadog would be a great example. Some of them are smaller upstarts. It's a pretty, it's a pretty saturated market. But what's happened over the last, I'd say two years, is that there's been sort of a push towards what's called observability in terms of at least how some of the products are architected, like Honeycomb, and how some of them are messaged. Most of them are messaged these days. And what that really means is there's been sort of an understanding that's developed that that MTTR is really what people need to focus on to keep their customers happy. If you're a SAS company, MTTR is going to be your bread and butter. And it's still measured in hours and days. And the biggest reason for that is because of what's called unknown unknowns. Because of complexity. Now a days, things are, applications are ten times as complex as they used to be. And what you end up with is a situation where if something is new, if it's a known issue with a known symptom and a known root cause, then you can setup a automation for it. But the ones that really cost a lot of time in terms of service disruption are unknown unknowns. And now you got to go dig into this massive mass of data. So observability is about making tools to help you do that, but it's still going to take you hours. And so our contention is, you need to automate the eyeball. The bottleneck is now the eyeball. And so you have to get away from this notion of a person's going to be able to do it infinitely more efficient and recognize that you need automated help. When you get an alert agent, it shouldn't be that, "Hey, something weird's happening. Now go dig in." It should be, "Here's a root cause and a symptom." And that should be proposed to you by a system that actually does the observing. That actually does the watching. And that's what Zebrium does. >> Yeah, that's awesome. I mean, you're right. The last thing you want is just another alert and it say, "Go figure something out because there's a problem." So how does it work, Larry? In terms of what you built there. Can you take us inside the covers? >> Yeah, sure. So there's really, right now there's two kinds of data that we're ingesting. There's metrics and there's log files. Metrics, there's actually sort of a framework that's really popular in DevOp circles especially but it's becoming popular everywhere, which is called Prometheus. And it's a way of exporting metrics so that scrapers can collect them. And so if you go look at a typical stack, you'll find that most of the open source components and many of the closed source components are going to have exporters that export all their stacks to Prometheus. So by supporting that stack we can bring in all of those metrics. And then there's also the log files. And so you've got host log files in a containerized environment, you've got container logs, and you've got application-specific logs, perhaps living on a host mount. And you want to pull all those back and you want to be able to associate this log that I've collected here is associated with the same container on the same host that this metric is associated with. But now what? So once you've got that, you've got a pile of unstructured logs. So what we do is we take a look at those logs and we say, let's structure those into tables, right? So where I used to have a log message, if I look in my log file and I see it says something like, X happened five times, right? Well, that event types going to occur again and it'll say, X happened six times or X happened three times. So if I see that as a human being, I can say, "Oh clearly, that's the same thing." And what's interesting here is the times that X, that X happened, and that this number read... I may want to know when the numbers happened as a time series, the values of that column. And so you can imagine it as a table. So now I have table for that event type and every time it happens, I get a row. And then I have a column with that number in it. And so now I can do any kind of analytics I want almost instantly across my... If I have all my event types structured that way, every thing changes. You can do real anomaly detection and incident detection on top of that data. So that's really how we go about doing it. How we go about being able to do autonomous monitoring in a way that's effective. >> How do you handle doing that for, like the Spoke app? Do you have to, does somebody have to build a connector to those apps? How do you handle that? >> Yeah, that's a really good question. So you're right. So if I go and install a typical log manager, there'll be connectors for different apps and usually what that means is pulling in the stuff on the left, if you were to be looking at that log line, and it will be things like a time stamp, or a severity, or a function name, or various other things. And so the connector will know how to pull those apart and then the stuff to the right will be considered the message and that'll get indexed for search. And so our approach is we actually go in with machine learning and we structure that whole thing. So there's a table. And it's going to have a column called severity, and timestamp, and function name. And then it's going to have columns that correspond to the parameters that are in that event. And it'll have a name associated with the constant parts of that event. And so you end up with a situation where you've structured all of it automatically so we don't need collectors. It'll work just as well on your home-grown app that has no collectors or no parsers to find or anything. It'll work immediately just as well as it would work on anything else. And that's important, because you can't be asking people for connectors to their own applications. It just, it becomes now they've go to stop what they're doing and go write code for you, for your platform and they have to maintain it. It's just untenable. So you can be up and running with our service in three minutes. It'll just be monitoring those for you. >> That's awesome! I mean, that is really a breakthrough innovation. So, nice. Love to see that hittin' the market. Who do you sell to? Both types of companies and what role within the company? >> Well, definitely there's two main sort of pushes that we've seen, or I should say pulls. One is from DevOps folks, SRE folks. So these are people who are tasked with monitoring an environment, basically. And then you've got people who are in engineering and they have a staging environment. And what they actually find valuable is... Because when we find an incident in a staging environment, yeah, half the time it's because they're tearing everything up and it's not release ready, whatever's in stage. That's fine, they know that. But the other half the time it's new bugs, it's issues and they're finding issues. So it's kind of diverged. You have engineering users and they don't have titles like QA, they're Dev engineers or Dev managers that are really interested. And then you've got DevOps and SRE people there (mumbles). >> And how do I consume your product? Is the SAS... I sign up and you say within three minutes I'm up and running. I'm paying by the drink. >> Well, (laughs) right. So there's a couple ways. So, right. So the easiest way is if you use Kubernetes. So Kubernetes is what's called a container orchestrator. So these days, you know Docker and containers and all that, so now there's container orchestrators have become, I wouldn't say ubiquitous but they're very popular now. So it's kind of on that inflection curve. I'm not exactly sure the penetration but I'm going to say 30-40% probably of shops that were interested are using container orchestrators. So if you're using Kubernetes, basically you can install our Kubernetes chart, which basically means copying and pasting a URL and so on into your little admin panel there. And then it'll just start collecting all the logs and metrics and then you just login on the website. And the way you do that is just go to our website and it'll show you how to sign up for the service and you'll get your little API key and link to the chart and you're off and running. You don't have to do anything else. You can add rules, you can add stuff, but you don't have to. You shouldn't have to, right? You should never have to do any more work. >> That's great. So it's a SAS capability and I just pay for... How do you price it? >> Oh, right. So it's priced on volume, data volume. I don't want to go too much into it because I'm not the pricing guy. But what I'll say is that it's, as far as I know it's as cheap or cheaper than any other log manager or metrics product. It's in that same neighborhood as the very low priced ones. Because right now, we're not trying to optimize for take. We're trying to make a healthy margin and get the value of autonomous monitoring out there. Right now, that's our priority. >> And it's running in the cloud, is that right? AWB West-- >> Yeah, that right. Oh, I should've also pointed out that you can have a free account if it's less than some number of gigabytes a day we're not going to charge. Yeah, so we run in AWS. We have a multi-tenant instance in AWS. And we have a Vertica Eon cluster behind that. And it's been working out really well. >> And on your freemium, you have used the Vertica Community Edition? Because they don't charge you for that, right? So is that how you do it or... >> No, no. We're, no, no. So, I don't want to go into that because I'm not the bizdev guy. But what I'll say is that if you're doing something that winds up being OEM-ish, you can work out the particulars with Vertica. It's not like you're going to just go pay retail and they won't let you distinguish between tests, and prod, and paid, and all that. They'll work with you. Just call 'em up. >> Yeah, and that's why I brought it up because Vertica, they have a community edition, which is not neutered. It runs Eon, it's just there's limits on clusters and storage >> There's limits. >> But it's still fully functional though. >> So to your point, we want it multi-tenant. So it's big just because it's multi-tenant. We have hundred of users on that (audio cuts out). >> And then, what's your partnership with Vertica like? Can we close on that and just describe that a little bit? >> What's it like. I mean, it's pleasant. >> Yeah, I mean (mumbles). >> You know what, so the important thing... Here's what's important. What's important is that I don't have to worry about that layer of our stack. When it comes to being able to get the performance I need, being able to get the economy of scale that I need, being able to get the absolute scale that I need, I've not been disappointed ever with Vertica. And frankly, being able to have acid guarantees and everything else, like a normal mature database that can join lots of tables and still be fast, that's also necessary at scale. And so I feel like it was definitely the right choice to start with. >> Yeah, it's interesting. I remember in the early days of big data a lot of people said, "Who's going to need these acid properties and all this complexity of databases." And of course, acid properties and SQL became the killer features and functions of these databases. >> Who didn't see that one coming, right? >> Yeah, right. And then, so you guys have done a big seed round. You've raised a little over $6 million dollars and you got the product market fit down. You're ready to rock, right? >> Yeah, that's right. So we're doing a launch probably, well, when this airs it'll probably be the day before this airs. Basically, yeah. We've got people... Like literally in the last, I'd say, six to eight weeks, It's just been this sort of pique of interest. All of a sudden, everyone kind of gets what we're doing, realizes they need it, and we've got a solution that seems to meet expectations. So it's like... It's been an amazing... Let me just say this, it's been an amazing start to the year. I mean, at the same time, it's been really difficult for us but more difficult for some other people that haven't been able to go to work over the last couple of weeks and so on. But it's been a good start to the year, at least for our business. So... >> Well, Larry, congratulations on getting the company off the ground and thank you so much for coming on theCUBE and being part of the Virtual Vertica Big Data Conference. >> Thank you very much. >> All right, and thank you everybody for watching. This is Dave Vellante for theCUBE. Keep it right there. We're covering wall-to-wall Virtual Vertica BDC. You're watching theCUBE. (upbeat music)

>>live from Las Vegas. It's the Cube covering Splunk dot com. 19. Brought to you by spunk >>Welcome back Everyone's two cubes Live coverage from Las Vegas. Four Splunk dot com 2019 The 10th anniversary of their and user conference I'm John Free host of the key that starts seventh year covering Splunk Riding the wave of Big Data Day three of our three days were winding down. Our show are great to have on next guest Didn't Medoc executive director be Ibis Intelligence? Advanced Data Analytics at Clemson University Big A C C. Football team Everyone knows that. Great stadium. Great to have you on. Thanks for spending the time to come by and on Day three coverage. >>Thanks, John, for having me over. >>So, you know, hospitals, campuses, some use cases just encapsulate the digital opportunities and challenges. But you guys air have that kind of same thing going on. You got students, you got people who work there. You got a I ot or campus to campus is you guys are living the the real life example of physical digital coming together. Tell us about what's going on in your world that Clemson wouldn't your job there. What's your current situation? >>So, like you mentioned, we have a lot of students. So Clemson's about 20,000 undergraduate, children's and 5000 graduate students way faculty and staff. So you're talking about a lot of people every semester. We have new devices coming in. We have to support the entire network infrastructure, our student information systems on and research computing. So way we're focused on how convene make students lives better than experience. Better on how convene facilitated education for them. So way try toe in my role. Specifically, I'm responsible for the advanced eight analytics, the data that we're collecting from our systems. How can we? How can you use that on get more insides for better decision making? So that's that's >>Is a scope university wide, or is it specifically targeted for certain areas? >>So it does interest divide. So we have. We have some key projects going on University wide way, have a project for sure and success. There's a project for space utilization and how how, how we can utilize space and campus more efficiently. And then we're looking at energy energy usage across buildings campus emergency management idea. So we've got a couple of projects, and then Pettersson projects that most hired edge motion overseas work on this father's retention enrollment, graduation rates. How how the academics are. So so we're doing the same thing. >>What's interesting is that the new tagline for Splunk is data to everything. You got a lot of things. Their data. Ah, lot of horizontal use cases. So it seems to me that you have, ah, view and we're kind of talking on camera before we went live here was Dana is a fluid situation is not like just a subsystem. It's gotta be every native everywhere in the organization on touched, touches everything. How do you guys look at the data? Because you want to harness the data? Because data getting gathering on, say, energy. Your specialization might be great data to look at endpoint protection, for instance. I don't know. I'm making it up, but data needs to be workable. Cross. How do you view that? What's what's the state of the art thinking around data everywhere? >>So the key thing is, we've got so many IOC's. We've got so many sensors, we've got so many servers, it's it's hard when you work with different technologies to sort of integrate all of them on in the industry that have bean Some some software companies that try to view themselves as being deking, but really the way to dress it does you look at each system, you look at how you can integrate all of that, all of that data without being deking. So you basically analyze the data from different systems. You figured out a way to get it into a place where you can analyze it on, then make decisions based on that. So so that's essentially what we've been focused on. Working on >>Splunk role in all this is because one of things that we've been doing spot I've been falling spunk for a long time in a very fascinated with law. How they take log files and make make value out of that. And their vision now is that Grew is grow is they're enabling a lot of value of the data which I love. I think it's a mission that's notable, relevant and certainly gonna help a lot of use cases. But their success has been about just dumping data on display and then getting value out of it. How does that translate into this kind of data space that you're looking at, because does it work across all areas? What should what specifically are you guys doing with Splunk and you talk about the case. >>So we're looking at it as a platform, like, how can we provide ah self service platform toe analysts who can who can go into system, analyze the data way not We're not focusing on a specific technology, so our platform is built up of multiple technologies. We have tableau for visual analytics. We're also using Splunk. We also have a data warehouse. We've got a lot of databases. We have a Kafka infrastructure. So how can we integrate all of these tools and give give the choice to the people to use the tools, the place where we really see strong helping us? Originally in our journey when we started, our network team used to long for getting log data from switches. It started off troubleshooting exercise of a switch went down. You know what was wrong with it? Eventually we pulled in all for server logs. That's where security guard interested apart from the traditional idea of monitoring security, saw value in the data on. And then we talked about the whole ecosystem. That that's one provides. It gives you a way to bring in data withdrawal based access control so you can have data in a read only state that you can change when it's in the system and then give access to people to a specific set of data. So so that's that's really game changing, even for us. Like having having people be comfortable to opening data to two analysts for so that they can make better decisions. That's that's the key with a lot of product announcements made during dot com, I think the exciting thing is it's Nargis, the data that you index and spunk anymore, especially with the integration with With Dew and s three. You don't have to bring in your data in response. So even if you have your data sitting in history, our audio do cluster, you can just use the data fabric search and Sarge across all your data sets. And from what I hear that are gonna be more integrations that are gonna be added to the tool. So >>that's awesome. Well, that's a good use. Case shows that they're thinking about it. I got to ask you about Clemson to get into some of the things that you guys do in knowing Clemson. You guys have a lot of new things. You do your university here, building stuff here, you got people doing research. So you guys are bringing on new stuff, The network, a lot of new technology. Is there security concerns in terms of that, How do you guys handle that? Because you want to encourage innovation, students and faculty at the same time. You want gonna have the data to make sure you get the security without giving away the security secrets are things that you do. How do you look at the data when you got an environment that encourages people to put more stuff on the network to generate more data? Because devices generate data project, create more data. How do you view that? How do you guys handle that? >>So our mission and our goal is not to disrupt the student experience. Eso we want to make it seem less. And as we as we get influx of students every semester, we have way have challenges that the traditional corporate sector doesn't have. If you think about our violence infrastructure. We're talking about 20 25,000 students on campus. They're moving around. When, when? When they move from one class to another, they're switching between different access points. So having a robust infrastructure, how can we? How can we use the data to be more proactive and build infrastructure that's more stable? It also helps us plan for maintenance is S O. We don't destruct. Children's so looking at at key usage patterns. How what time's Our college is more active when our submissions happening when our I. D. Computing service is being access more and then finding out the time, which is gonna be less disruptive, do the students. So that's that's how we what's been >>the biggest learnings and challenges that you've overcome or opportunities that you see with data that Clemson What's the What's the exciting areas and or things that you guys have tripped over on, or what I have learned from? We'll share some experiences of what's going on in there for you, >>So I think Sky's the limit here. Really like that is so much data and so less people in the industry, it's hard to analyze all of the data and make sense of it. And it's not just the people who were doing the analysis. You also need people who understand the data. So the data, the data stores, the data trustees you need you need buy in from them. They're the ones who understand what data looks like, how how it should be structured, how, how, how it can be provided for additional analysis s Oh, that's That's the key thing. What's >>the coolest thing you're working on right now? >>So I'm specifically working on analyzing data from our learning management system canvas. So we're getting data informer snapshots that we're trying to analyze, using multiple technologies for that spunk is one of them. But we're loading the data, looking at at key trends, our colleges interacting, engaging with that elements. How can we drive more adoption? How can we encourage certain colleges and departments, too sort of moved to a digital classroom Gordon delivery experience. >>I just l a mess part of the curriculum in gym or online portion? Or is it integrated into the physical curriculum? >>So it's at this time it's more online, But are we trying to trying to engage more classes and more faculty members to use the elements to deliver content. So >>right online, soon to be integrated in Yeah, you know, I was talking with Dawn on our team from the Cube and some of the slum people this week. Look at this event. This is a physical event. Get physical campuses digitizing. Everything is kind of a nirvana. It's kind of aspiration is not. People aren't really doing 100% but people are envisioning that the physical and digital worlds are coming together. If that happens and it's going to happen at some point, it's a day that problem indeed, Opportunity date is everything right? So what's your vision of that as a professional or someone in the industry and someone dealing with data Clemson Because you can digitize everything, Then you can instrument everything of your instrument, everything you could start creating an official efficiencies and innovations. >>Yes, so the way I think you you structure it very accurately. It's amalgam of the physical world and the digital world as the as the as the world is moving towards using more more of smartphones and digital devices, how how can we improve experience by by analyzing the data on and sort of be behind the scenes without even having the user. The North is what's going on trading expedience. If the first expedience is in good that the user has, they're not going to be inclined to continue using the service that we offer. >>What's your view on security now? Splunk House League has been talking about security for a long time. I think about five years ago we started seeing the radar data. Is driving a lot of the cyber security now is ever Everyone knows that you guys have a lot of endpoints. Security's always a concern. How do you guys view the security of picture with data? How do you guys talk about that internally? How do you guys implement data without giving me a secret? You know, >>way don't have ah ready Good Cyber Security Operation Center. That's run by students on. And they do a tremendous job protecting our environment. Way monitored. A lot of activity that goes on higher I deserve is a is a challenge because way have in the corporate industry, you can you can have a set of devices in the in the higher education world We have students coming in every semester that bringing in new, important devices. It causes some unique set of challenges knowing where devices are getting on the network. If if there's fishing campaigns going on, how can be, How can we protect that environment and those sort of things? >>It is great to have you on. First of all, love to have folks from Clemson ons great great university got a great environment. Great Great conversation. Congratulations on all your success on their final question for you share some stories around some mischief that students do because students or students, you know, they're gonna get on the network and most things down. Like when when I was in school, when we were learning they're all love coding. They're all throwing. Who knows? Kitty scripts out there hosting Blockchain mining algorithms. They gonna cause some creek. Curiosity's gonna cause potentially some issues. Um, can you share some funny or interesting student stories of caught him in the dorm room, but a server in there running a Web farm? Is there any kind of cool experiences you can share? That might be interesting to folks that students have done that have been kind of funny mistress, but innovative. >>So without going into Thio, I just say, Like most universities, we have, we have students and computer science programs and people who were programmers and sort of trying to pursue the security route in the industry. So they, um, way also have a lot of research going on the network on. And sometimes research going on may affect our infrastructure environment. So we tried toe account for those use cases and on silo specific use cases and into a dedicated network. >>So they hit the honeypot a lot. They're freshmen together. I'll go right to the kidding, of course. >>Yes. So way do we do try to protect that environment on Dhe. Makes shooting experience better. >>I know you don't want to give any secrets. Thanks for coming on. I always find a talk tech with you guys. Thanks so much appreciated. Okay. Cube coverage. I'm shot for a year. Day three of spunk dot com for more coverage after this short break

>> live from Boston, Massachusetts. It's the Cube covering A W s reinforce 2019. Brought to you by Amazon Web service is and its ecosystem partners. >> Hey, welcome back and run cubes. Live coverage of A W S Amazon Webster's reinforced their inaugural conference around security here in Boston. Messages. I'm John for a day. Volante Day we've been talking about Blockchain has been part of security, but no mention of it here. Amazon announced a Blockchain intention, but was more of a service model. Less of a pure play infrastructure or kind of a new game changes. So we thought we would get our friends to come on, the Cuban tell. Tell us about it. Val Birch, Avicii CEO and founder. A pencil day that Cube alumni formerly of NetApp, among other great companies, and Ed You, founder and CEO of Strong Salt. Welcome to the Q. Tell us why aren't we taught him a Blockchain at a security conference on cloud computing, where they always resource is different. Paradigm is decentralized. What's your take? >> So maybe having been in this world for about 18 24 months now, Enterprise lodging reinvents about six months ago and jazz he mentioned that he finally understood US enterprise an opportunity, and it was the integrity value, finest complex, even announced a specific product announced database available, >> maybe bythe on cryptographic verifiability of transactions minus the complexity of smart contract wallets. Wait, you party with Amazon way too. Versions right? One for distributed use cases. When I call, everyone rises. Never like you need to know what >> the Amazon wants to be that hard on top like complexity. But the reality is, they're they're They're world is targeting a new generation star 14 show is the new generation of developing >> a >> new generation of David. They were. Some of those are in trouble, and I'm hard core on this because it's just so obvious. >> I just can't get him behind myself if you don't >> see this out quicker. The new developers are younger and older systems people. There's a range of ages doing it. They're they're seeing the agility, and it's a cultural shift, not just the age thing. Head this. They're not here right now. This is the missing picture of this show, and my criticism of reinforces big, gaping hole around crypto and blocks, >> and I actually know that people I don't see anything here because it is difficult to currency. >> Blocking is very important that people understand way. Launch strong allows you to see the launching. I don't think that works. Basically, Just like Well, well said everything you do, you always have a single source. I think that's something that people doing this thing here. You want to get your thoughts on this because you made a comment >> about security native being the team here and security native implying that Dev ops what they did for configuration hardening the infrastructures code. You have to consider this token economic business model side of it with the apple cases, a decision application is still an application. Okay. Blockchain is still in infrastructure dynamic their software involved. I mean, we're talking about the same thing is they're lost in translation. In your opinion? >> Well, yeah, I think that you know, to your point, Val, if you can abstract that complexity away, But the fundamentals of of cryptography and software engineering and game theory coming together is what always has fascinated me about this space. And so you're right. I think certainly enterprise customers don't wanna you know, they hear crypto, though no, although it's interesting it was just a conference IBM yesterday. They talk a lot about Blockchain. Don't talk about crypto to me. They go together. Of course, IBM. They don't like to talk a lot about job loss and automation, but But the reality is it's there and it's it's it's has a lot of momentum, which is why you started the company. >> Yeah, we're actually seeing it all over right now. And again, our thing is around reducing, If not eliminating the friction towards adopting Blockchain so less is more. In our case, we're explicitly choosing not to do crypto wallets or currency transactions. It's that Andy Jassy observation the integrity value, the core integrity, value for financial reconciliation, for detecting supply chain counterfeiting for tracking assets and inventory across to your distribution. Unifying multiple source systems of record into a shared state. Those are the kinds of applications received >> culture, and there's so many different use cases, obviously, so >> an Amazon likes to use that word. Words raised the bar, which is more functionality, but on the other, phrases undifferentiated, heavy lifting. There's a lot of details involved in some of those complexity exactly what you're talking about that can be automated away. That's goodness. But you still have a security problem of mutability, which is a beautiful thing with Blockchain. >> Actually, a lot of times people actually forgot to mention one thing that blotchy and all you do that's actually different before was Actually privacy is actually not just security is also privacy, which actually is getting bigger and bigger. As we know, it's something that people feel very strongly about because it's something they feel personal about. And that's something that, in fact, took economics encourages a lot of things that enables privacy that was not able to do before. >> Well, look at Facebook. What do you think about >> face? I'm wonder that you know, I'm a public face book critic. I think they've been atrocious job on the privacy front so far in protecting our data. On the other hand, if you know it's kind of like the mullahs report, if you actually read Facebook's white paper, it's a it's not a launch. It's an announcement. That's a technical announcement. It's so well written, designed so far, and it's Facebook doesn't completely control it. They do have a vision for program ability. They're evolving it from being a permissions toe, ultimately a permission less system. So on paper, I like what I read. And I think it will start to, you know, popularizing democratize the notion of crypto amongst the broader population. I'm going to take a much more weight see approach. Just you know, >> I always love Facebook. I think the den atrocious job. But I'm addicted. I have all my stuff on there, um, centralized. They're bringing up, they bring in an education. Bitcoin is up for a reason. They're bringing the masses. They're showing that this is real market. This is kind of like when the web was still viewed as Kitty Playground for technologists say, Oh, well, it's so slow. And that was for dummies. And you had the Web World Wide Web. So when that hit, that same arguments went down right this minute, crypto things for years. But with Facebook coming, it really legitimizes that well, you bring 2,000,000,000 people to the party. Exactly a lot of good. Now the critics of Facebook is copied pass craft kind of model and there's no way they're gonna get it through because the world's not gonna let Facebook running run commerce and currents. It's like it's like and they don't do it well anyway. So I think it's gonna be a game changing market making move. I think they'll have a play in there, but I don't think that's not gonna have a global force. Says a >> lot that you get 100 companies to put up 10 >> 1,000,000 Starship is already the first accomplice. >> They don't need any more money. We have my dear to us, but >> still the power but the power of that ecosystem to me. I was a big fan of this because I think it gives credibility. So many companies get get interested in it, and I'm not sure exactly what's gonna come out of it. It's interesting that, you know, Bitcoins up. They said, Oh, cell, you're becoming like No, no, no, this is This is a very mature >> Well, I I think open is gonna always win. If you look at you know, the Web's kind of one example of kind of maturity argument. I think the rial analog for me, at least my generation value probably relate to this. David, you as well, you know, I've been born yet you are But, you know, T c p I p came after S n a which IBM on the deck net was the largest network at that time to >> not serious. Says >> mammal. Novell was land all three proprietary network operating systems. So proprietary Narcisse decimated by T c p i p. So to me, I think even their Facebook does go in there. They will recognize that unless they stay open, I think open will always win. I think I think this is the beginning of the death of the closed platform. >> Yeah, they're forced her. I think they have to open it up because if you didn't open up, people won't trust them, and people will use them. And if a Blockchain if you don't have a community behind it, there will be nothing. >> Well, so the thing about the crypto spraying everywhere with crypto winter, But but to your point d c p i p h t t p d >> N s SMTP >> Those were government funded or academic funded protocols. People stop spending money on him, and then the big Internet companies just co opted. No, no, that's what G mails built on. >> Well, I've always said >> so But when you finish the thought, is all this crypto money that came in drove innovation? Yeah, So you're seeing, you know, this new Internet emerge, and I think it's it's really think people, you know, sort of overlooked a lot of the innovation that's >> coming. I have always said, Dave, that Facebook is what the Web would look like if Tim Berners Lee took venture financing. Okay, because what they had at the time was a browser and the way that stand up websites for self service information. They kept it open and it drives. Facebook became basically the Web's version of a, well, lengthen does the same Twitter has opened. They have no developer community. So yeah, I think it is the only company in my opinion, actually does a good job opening up their data. Now they charge you for that. It brings up way still haven't encrypt those. The only community that's entire ethos is based on openness and community you mentioned. And that is a key word >> in traditional media. Of course, focus on the bad stuff that happens, but you know those of us in the business who will pay attention to it, see There's a lot of goodness to is a lot of mission driven, a lot of openness, and it's a model for innovation. What do you guys think about the narrative now to break up big tech? You know you're hearing Facebook, Amazon, Google coming under fire. What are your thoughts on that? >> So I wrote a block, maybe was ahead of its time about 18 months ago. Is coincided with Ginny Rometty, a Davos and 2018 2019 talking about data responsibility. Reason we're having this conversation is at the tech industry. By and large and especially the fang stocks or whatever we're calling them now have been irresponsible with our data. The backlash is palpable in Europe. It's law in Europe. Backlash we knew was going to start at the state level here. There's already ahead of my personal schedule. Federal discussions, FTC DOJ is in a couple weeks ago, so it's inevitable that this sort of tech reckoning is coming in. Maur responsibility is gonna have to be demonstrated by all the custodians of our data, and that's why we're positioning. Check it as a chain of custody is a service to demonstrate to the regulators your customers, your partners, suppliers, you know, transparency, irrefutable transparency, using Blockchain for how you're handling data. You know, if you don't have that, transparency can prove it. Or back to the same old discussions were back Thio Uninformed old legislators making you know Internet, his tubes type regulations. So here, here >> and DOJ, you could argue that they may be too slow to respond to Microsoft back in the nineties. I'm not sure breaking up big tech is the right thing, because I think it's almost like a t. The little Tex will become big checks again, but they should not be breaking the law. >> I think there's a reason why is there's actually a limitation off. What is possible in technology because they understand and also Facebook understands well, is that it's actually very, very hard to have data that's owned by your customers. But you are the one who's keeping track over everything, and you are the one using the data right. It's like a no win, because if you think about encryption cryptography, yes, you can make the data encrypted. That way, the customer has the key. They control it, but then Facebook can offer the service is. So now you have a Congress thinking, Well, if there's no technological way of doing this, what can you do in a legal perspective on a, you know, on the law perspective, toddy make it so that the customer actually owned the data. We actually think that is a perfect reason why you have to actually fix the book. Actually, technical should be built on our platform because we actually allow them to have a day that's encrypted and stupid able to operations holiday tha if the customer give them the permission to do so. And I think that's the perfect word way to go forward. And I think Blockchain is the fundamental thing that brings everybody together, you know, way that actually benefits everyone knows >> and take him into explain strong salt your project. What's it about? What's the mission? Where you >> so so we see strong saw as actually privacy. First, we literally are beauty, a platform where developers including Facebook linked and salesforce can't you build on top of platform, right? So what happens when you do this is that they actually give the data governess to the customers, customers Mashona data. But because our cryptography they actually can offer service is to the customers. When a customer allowed them to do so, for example, we have something. All search of encryption allows you to encrypt the data and still give the search. Aubrey on the data without decrypting the data. First, by giving the power to developers and also the community there, you can have our abstract you currently use. But they're not hard to use that frictionless and still offer the same service that Frank Facebook or sell stolen offer the favor. >> You could do some discovery on it. >> You can't do things >> some program ability around >> exactly, even though the data is encrypted. But custom owns the day. So the customer has to give them permission to do so Right this way. Actually, in fact, launched the first app that I told you it's called strong vote. You can Donald ios or Andrew it And you can't you see the Blockchain play little You can see the rocking your fingerprint. I think a fingertip to see what happens to a data. You see everything that happens when Sheriff I or you open a fire or something, I guess. >> Congratulations, Val. Give a quick plug for your project chain kid into the new branding. They're like it. Pencil data. Where are you on your project? >> So after nine months of hard selling, we're finding out what customers actually paying for right now. In our case, it's hardening their APS, their data and their logs and wrapping the chain of custody around those things. And the use case of the security conference like this is actually quite existential When you think about it, One of the things that the industry doesn't talk enough about is that every attack we read about in the headlines was three privilege escalation. So the attackers somehow hacked. Your Web server managed to get administrative credentials and network or domain administrative credentials. And here's what professional attackers do once they have godlike authority on your network. They identify all the installed security solutions, and they make themselves invisible because they can. After that, they operate with impunity. Our technology, the security use case that we're seeing a lot of traction is, is we can detect that we're applying Blockchain. We're agnostic, so bring your own Blockchain in our case. But we're able >> chain kit a product. Is it a development environment >> globally. Available service Jose on AWS rest ful AP eyes and fundamentally were enabling developers to harden their app stuff to wrap a chain of custody around key data or logs in their laps so that when the attacker's attempt a leverage at administrative authority and tamper with locks tamper >> with service, not a software, >> it's a apply. It's a developer oriented service, but >> this is one of the biggest problems and challenges security today. You see the stat after you get infiltrated. It takes 250 or 300 days to even detect, and I have not heard that number shrink. I've heard people aspire number streaking this. >> We can get it down to realize a crime tip of the spear. That's what we're excited to be here. We're excited to talk about One of the dirty secrets of the security industry is that it shouldn't take a year to detect in advance attack. >> Guys, Thanks for coming on. Cuban sharing your insight. Concussions in your head. Well, great to see you. >> Likewise. And thank you, j for having us on here, and we're looking forward to coming back and weigh. Appreciate. Absolutely >> thankful. Spj Thanks for you. >> It was always paying it forward. Of course, really the most important conversation, that security is gonna be a Blockchain type of implementation. This is a reality that's coming very soon, but we're here. They do is reinforce. I'm talking about the first conference with Amazon Web sources dedicated to sightsee. So's Cee Io's around security jumper. Develop the stables for more coverage. After this short break, >> my name is David.

>> live from Miami Beach, Florida It's the que covering demon 2019. Brought to you, by the way, >> Welcome back to Vima on 2019 in Miami. Everybody, we're here at the Fountain Blue Hotel. This is Day two of our coverage of the Cube, the leader in live Tech. And I'm David Dante with Peter Bors. Pippen. Jay Raj is here. He's the vice president and CEO of Make A Wish America. Just that awesome foundation nonprofit people. Thanks for coming on the Cube. >> Thank you for having me appreciate it. >> So make a wish. Children with wishes and have terminal illnesses. You guys make them come true. It's just a great organizations. Been around for a long time, I think, since the early eighties, right, >> 39 years and going >> years and hundreds of thousands of wishes made. So just how did you get Teo make a wish that all come about >> it? It wasn't interesting journey. I was consulting in I t for multiple big companies. And, you know, two years back, it was through a recruiting channel that I got an opportunity to start some conversations as the CIA and make a wish. Uh, the thing that got me in the opportunity was predominately about enterprises and just to give you a little bit off, make official operations. Make a Wish was Founded and Phoenix, Arizona. And but we also operate a 60 chapters across the United States that it is 60 chapters each of the chapter there 501 C three companies themselves with the CEO and abort. Essentially, it is 60 plus one. The national team kind of managing. All of the chapters are helping the chapters. National does not do any wish. Granting all the wish planning happens to the chapters. But National helps the chapters with the distribution of funding models brand. And thanks for That's a couple of years back in the national board talked about in our dream and mission, which is granting every eligible child the notion ofthe enterprise. You know, working as an enterprise came into four and it being a great piece off providing shared services and thanks for that. So I was brought on board and we took on I would call as the leader today said and dashes dream off. Bringing together all the 60 chapters and the city chapter's essentially are split across 120 locations. So Wade took on a project off. You know, combining our integrating all of their infrastructure needs into one place. And Phoenix without ada, sent a provider. You know, we worked with a partner. Phoenix. Now fantastic partners >> there. We had them on the other day. >> Yep, yep. Yeah, MacLaren. I mean, and the team, they did a great job. And, you know, when we had to move all of the data, everything from the 60 chapters applications everything into a centralized data center, locations that we managed right now from Make a Wish National office and provide a service back to the chapters That gives you a little bit off. You know, from behind the scenes. What happened? >> You provide the technical overview framework for all the 60 chapters. >> It almost sounds like a franchise model. >> It's what we call a Federated model back in the nonprofit. >> But but but but because make a wish is so driven by information. Yep. Both in the application as well as the programs to deliver thie brand promise. And the brand execution has got to be very, very closely tied to the quality of a shared services you provide >> exactly. Exactly. And like I said, the reason I talked about them being a separate companies themselves is you know, as I always say to my 60 CEOs, Ah, I should be able to provide the services because they wanted, because they have a choice to go outside and have their own partner. Another thing for that which they can. But they would want to work with the national team and get my, you know, work through our services rather than having have to because of the very it's A. It's a big difference when it comes to, but I've been lucky on privileged to you have these conversations with the CEO's. When I start talking to them about the need for centralization, the enterprise society assed much, there are questions when he start leading with the mission and the business notion of why we need to do that, it's It's fantastic. Everybody is in line with that. I mean, there's no question, then, as toe Hey, guys, uh, let me do all the Operation Manisha fight and leave it to me and I'll in a handler for you, and I let you guys go to what you do best. which is granting wishes. So then it becomes it doesn't become a question off, you know, should be a shouldn't way. And of course, to back that up. But I was talking to the dean, folks, It just solutions. Like VMware, Veeam. It makes it much simpler even from a cost prospect. You not for me to manage a bigger team s so that I can take those dollars and give it back to the business to grant another wish. So it's it's pretty exciting that >> way. So you set the standards. Okay, here's what you know, we recommend and then you're you're saying that adoption has been quite strong. Yeah, I remember Peter. Don't say easy. I used to run Kitty Sports in my local town in which is small town. And there was, you know, a lot of five or six or seven sports, and I was the sort of central organization I couldn't get six sports to agree that high man is 60 different CEO's. But that's okay. So not easy. But so how were you able to talk leadership or leading as we heard from Gino Speaker today? How were you able to get those guys, you know, aligned with your vision. >> Uh, it's it's been fantastic. I've had a lot ofthe good support from our executive came from a leadership team because leadership is always very important to these big initiatives are National board, which comprises off some of the that stuff best leaders in America and I have the fortune toe be mentored by Randy Sloan, who used to be the CEO of Southwest. And before that, you see a global CEO for, uh, you know, Popsicle. You know, he always told me, but but I mean CIA job. One thing is to no the technology, but completely another thing. Toe building relationships and lead with the business conversation. And so a typical conversation with the CEO about Hey, I need to take the data that you have all the I t things that you have and then me doing it. And then there are questions about what about my staff and the's conversations. Because you know, it's a nonprofit is a very noble, nice feeling, and you wouldn't want the conversations about, you know, being rift and things like that are being reduced producing the staff and thinks of that. But you know as he walked through that and show the benefits of why we doing it. They get it. And they've been able to repurpose many off the I. D functions back in tow, revenue generation model or ofhis granting in our team. And in many cases, I've been ableto absolve some off their folks from different places, which has worked out fine for me, too, because now I have kind of a power user model across the United States through which I can manage all these 120 locations. It's very interesting, >> you know, site Reliable and Engineering Dev Ops talks about thie error budget or which is this notion of doo. You're going tohave errors. You're going to have challenges. Do you want it in the infrastructure you wanted the functions actually generating value for the business? I don't know much about Make a wish. I presume, however, that the mission of helping really sick kids achieve make achieve a wish is both very rewarding, very stressful. He's gotta be in a very emotional undertaking, and I imagine it part of your message them has got to be let's have the stress or that emotional budget be dedicated to the kids and not to the technology >> completely agree. That's that. That's been one of my subjects, as you asked about How is it going about? It's about having the conversation within the context of what we talked about business and true business. Availability of data. You know, before this enterprise project data was probably not secure enough, which is a big undertaking that we're going down the path with cyber security. And you know, that is a big notion, misplaced notion out there that in a non profits are less vulnerable. Nobody. But that's completely untrue, because people have found out that nonprofits do not probably have the securing of walls and were much more weight being targeted nonprofits as a whole, targeted for cyber security crimes and so on and so forth. So some of these that I used to, you know, quote unquote help or help the business leaders understand it, And once they understand they get it, they ableto, you know, appreciate why we doing it and it becomes the conversation gets much more easier. Other What's >> the scope of the size of the chapters is that is a highly variable or there is. >> It is highly variable, and I should probably said, That's Thesixty chapters. We look at it as four categories, so the cat ones are what we call the Big Ice, the Metro New Yorkers and Francisco Bay Area. They're called Category one chapters anywhere between 4 1 60 to 70 staff. Grant's close to around 700 wishes you so as Make a Wish America, we ran close toe 15,600 wishes a year, and cat ones do kind of close to 700 15,600 400 to 700. And then you get into care to scare threes and cat for scat force are anywhere between, you know, given example Puerto Rico or Guam territory there. Cat Force New Mexico is a cat for three staff members Gammas operated by two staff members and 20 volunteers. They grant about 3 2 20 12 to 15 which is a year, so it's kind of highly variable. And then, you know, we talk about Hawaii chapter. It's a great example. They cat once predominate because of the fact that you know, they they do. There's not a lot ofthe wishes getting originated from how I but you know, Florida, California and how your three big chapters with a grand are a vicious ist with a lot of grant, you know, wish granting. So there's a lot off, you know, traffic through those chapters >> so so very distributed on diverse. What's the relationship between data and the granting of wishes? Talk about the role of data. >> Should I? I was say this that in a and I probably race a lot of fibrosis and my first introductory session a couple of years back when I John make a wish with the CEO's uh, when we had the CEO meeting and talk to them about I leaders the days off making decisions based on guts are gone. It has to be a data driven decision because that's where the world is leading to be. Take anything for that matter. So when we talk about that, it was very imperative going back to my project that the hall we had all of the data in one place or a semblance off one single place, as opposed to 60 different places to make decisions based on wish forecast, for example, how many wishes are we going to do? How many wishes are coming in? How's the demand? Was the supply matching up one of the things that we need to do. Budget purposes, going after revenue. And thanks for that. So data becomes very important for us. The other thing, we use data for the wish journeys. Essentially, that's a storytelling. You know, when I you know, it was my first foray into for profit Sorry, nonprofit. And me coming from a full profit is definitely a big culture shock. And one of the things they ask us, what are we selling? Its emotions and story. And that's our data. That is what you know. That's huge for us if we use it for branding and marketing purposes. So having a good semblance off data being ableto access it quickly and being available all the time is huge for us. >> Yeah, and you've got videos on the site, and that's another form of data. Obviously, as we as we know here, okay. And then, from a data protection standpoint, how do you approach that? Presume you're trying to standardize on V maybe is way >> are actually invested in veeam with them for a couple of years right now, as we did the consolidation of infrastructure pieces Veeam supporters with all of the backup and stories replication models. Uh, we're thinking, like Ratmir talked about act one wi be a part of the journey right now, and we're looking at active. What that brings to us. One of the things that you know, dream does for us is we have close to 60 terabytes of data in production and close to another 400 terabytes in the back of things. And, uh, it's interesting when they look about look at me equation, you think about disaster recovery back up. Why do you need it? What? The business use cases case in point. This classic case where we recently celebrated the 10th anniversary ofthe back wish bad kid in San Francisco, we have to go back and get all the archives you know, in a quick fashion, because they're always often requests from the media folks to access some of those. They don't necessarily come in a planned manner. We do a lot of things, a lot of planning around it, but still there are, you know, how How did that come about? What's the story behind? So you know, there are times we have to quickly go back. That's one second thing is having having to replicate our data immediately. Another classic case was in Puerto Rico. There was a natural disaster happened completely. Shut off. All the officers work down. We had to replicate everything what they had into a completely different place so that they could in a vpn, into an access that other chapters and our pulled in to help. They were close to 10 wish families close to 10 which families were stranded because of that. So, you know, gaining that data knowledge of where the family is because the minute of his journey starts. Everything is on us till the witch's journey ends. So we need to make sure everything is proper. Everything goes so data becomes very crucial from those pants >> you're tracking us. I mean, if you haven't been on the make a Wish site is some amazing stories. There I went on the other day. There's a story of ah, of 13 year old girl who's got a heart condition. Who wanted to be a ballerina. A kid with leukemia five years old wants to be a You want to be a chef. My two favorites, I'll share What? It was this kid Brandon a 15 year old with cystic fibrosis. I wanted to be a Navy seal. You guys made that happen. And then there was this child. Colby was 12 years old and a spinal muscular issue. You want to be a secret agent so very creative, you know, wishes that you ran >> way had another wish a couple of years last year in Georgia, where they wish kid wanted to go to Saturn. Yes, yes, it was huge. I mean, and you know the best part about us once we start creating those ideas, it's amazing how much public support we get. The community comes together to make them wish granting process. Great. Now. So I got involved in that. They gave the wish Kato training sessions to make sure that he is equipped when he goes into. And we had a bushel reality company create the entire scene. It was fabulous. So, you know, the way you talk about data and the technology is now some of the things I'm very excited about us usage off thes next Gen technology is like our winter reality to grant a wish. I mean, how cool would that be for granting a wish kid who is not able to get out of the bed. But having able to experience a the Hawaii is swimming. Are being in Disney World enough a couple of days? That's That's another use case that we talked about. That other one is to put the donors who pay the money in that moment off granting, you know, they are big major gift, uh, donors for make a wish. Sometimes we were not able to be part of a fish, but that would be pretty cool if you can bring the technology back to them and you know not going for them. You know pretty much everybody and make the ass through that rather than a PowerPoint or a storytelling, when the storytelling has to evolve to incorporate all of that so pretty excited >> and potentially make a participatory like, say, the virtual reality and then even getting in more into the senses and the that the smells. And I mean this is the world that we're entering the machine intelligence, >> which you still have to have, But you still have to be a functioning, competent, operationally sound organization. There've been a number of charities, make a wish is often at the top of the list of good charities. But there were a number of charities where the amount of money that's dedicated to the mission is a lot less an amount of money, dedicated administration of fundraising, and they always blame it. Systems were not being able to track things. So no, it's become part of the mission to stay on top of how information's flowing because it's not your normal business model. But the services you provide is really useful. Important. >> Sure, let me percent you the business conundrum that I have personally as a 90 leader. It takes close to $10,400 on an average to grant a wish. Uh, and, uh, partly because of me. But being part of the mission, plus me as a 90 leader wanting to understand the business more, I signed up. I'm a volunteer at the local Arizona chapter. I've done couple of expanding myself, and, uh, the condom is, if asked, if you want to go, uh, you know, do the latest and greatest network upgrade for $10,400 are what do you want to, uh, you know and make the network more resilient cyber security and all that stuff. What do you want to go grant? Another wish as a 90 leader probably picked the former. But as a volunteer, I would be like, No, it needs to go to the kid. It's Ah, it's It's an interesting kind of number, you know? You have to find the right balance. I mean, you cannot be left behind in that journey because at many points of time s I talked about it being a cost center. It being a back office. I think those days have clearly gone. I mean, we we evolved to the point where it is making you steps to be a participant b A b a enabler for the top line to bring in more revenues, tow no augment solutions for revenue and things. For that sofa >> rattles the experience or exact role citizens. And in your case, it's the experience is what's being delivered to the degree that you can improve the experience administratively field by making operations cheaper. Great. But as you said, new digital technologies, they're going to make it possible to do things with the experience that we could even conceive of. Five >> wears a classic example. Williams and Beam. I couldn't have taken the data from 60 chapters 120 locations into one single location manageable, and it reduced the cost literally reduce the cost of the 60 instances in one place without technology is like, you know what Sharia virtual machines. And and then to have a backup robust backup solution in a replication off it. It's fantastic. It's amazing >> there. And that's against here. You could give back to the dash chapters and backing, But thanks so much for sharing your story. You Thank you. Thank you. You're welcome. Alright, keep it right there. Buddy. Peter and I were back with our next guest. You watching the Cube live from V mon from Miami? 2019. We're right back. Thank you.