>> Hello and welcome to theCUBE's coverage of International Women's Day. I'm John Furrier, host of theCUBE. Got a variety of interviews across the gamut from topics, women in tech, mentoring, pipelining, developers, open source, executives. Stanford's having International Women's Day celebration with the women in data science, which we're streaming that live as well. Variety of programs. In this segment, Meagen Eisenberg, friend of theCUBE, she's the CMO of Laceworks, is an amazing executive, got a great journey story as a CMO but she's also actively advising startups, companies and really pays it forward. I want to say Meagen, thank you for coming on the program and thanks for sharing. >> Yeah, thank you for having me. I'm happy to be here. >> Well, we're going to get into some of the journey celebrations that you've gone through and best practice what you've learned is pay that forward. But I got to say, one of the things that really impresses me about you as an executive is you get stuff done. You're a great CMO but also you're advised a lot of companies, you have a lot of irons in the fires and you're advising companies and sometimes they're really small startups to bigger companies, and you're paying it forward, which I love. That's kind of the spirit of this day. >> Yeah, I mean, I agree with you. When I think about my career, a lot of it was looking to mentors women out in the field. This morning I was at a breakfast by Eileen and we had the CEO of General Motors on, and she was talking about her journey nine years as a CEO. And you know, and she's paying it forward with us. But I think about, you know, when you're advising startups, you know, I've gathered knowledge and pattern recognition and to be able to share that is, you know, I enjoy it. >> Yeah. And the startups are also fun too, but it's not always easy and it can get kind of messy as you know. Some startups don't make it some succeed and it's always like the origination story is kind of rewritten and then that's that messy middle. And then it's like that arrows that don't look like a straight line but everyone thinks it's great and you know, it's not for the faint of heart. And Teresa Carlson, who I've interviewed many times, former Amazon, now she's the president of Flexport, she always says, sometimes startups on certain industries aren't for the faint of heart so you got to have a little bit of metal, right? You got to be tough. And some cases that you don't need that, but startups, it's not always easy. What have you learned? >> Yeah, I mean, certainly in the startup world, grit, creativity. You know, when I was at TripActions travel company, pandemic hits, nobody's traveling. You cut budget, you cut heads, but you focus on the core, right? You focus on what you need to survive. And creativity, I think, wins. And, you know, as a CMO when you're marketing, how do you get through that noise? Even the security space, Lacework, it's a fragmented market. You've got to be differentiated and position yourself and you know, be talking to the right target audience and customers. >> Talk about your journey over the years. What have you learned? What's some observations? Can you share any stories and best practices that someone watching could learn from? I know there's a lot of people coming into the tech space with the generative AI things going on in Cloud computing, scaling to the edge, there's a lot more aperture for technical jobs as well as just new roles and new roles that haven't, you really don't go to college for anymore. You got cybersecurity you're in. What are some of the things that you've done over your career if you can share and some best practices? >> Yeah, I think number one, continual learning. When I look through my career, I was constantly reading, networking. Part of the journey is who you're meeting along the way. As you become more senior, your ability to hire and bring in talent matters a lot. I'm always trying to meet with new people. Yeah, if I look at my Amazon feed of books I've bought, right, it kind of chronicle of my history of things I was learning about. Right now I'm reading a lot about cybersecurity, how the, you know, how how they tell me the world ends is the one I'm reading most recently. But you've got to come up to speed and then know the product, get in there and talk to customers. Certainly on the marketing front, anytime I can talk with the customer and find out how they're using us, why they love us, that, you know, helps me better position and differentiate our company. >> By the way, that book is amazing. I saw Nicole speak on Tuesday night with John Markoff and Palo Alto here. What a great story she told there. I recommend that book to everyone. It goes in and she did eight years of research into that book around zero day marketplaces to all the actors involved in security. And it was very interesting. >> Yeah, I mean, it definitely wakes you up, makes you think about what's going on in the world. Very relevant. >> It's like, yeah, it was happening all the time, wasn't it. All the hacking. But this brings me, this brings up an interesting point though, because you're in a cybersecurity area, which by the way, it's changing very fast. It's becoming a bigger industry. It's not just male dominated, although it is now, it's still male dominated, but it's becoming much more and then just tech. >> Yeah, I mean it's a constantly evolving threat landscape and we're learning, and I think more than ever you need to be able to use the data that companies have and, you know, learn from it. That's one of the ways we position ourselves. We're not just about writing rules that won't help you with those zero day attacks. You've got to be able to understand your particular environment and at any moment if it changes. And that's how we help you detect a threat. >> How is, how are things going with you? Is there any new things you guys got going on? Initiatives or programs for women in tech and increasing the range of diversity inclusion in the industry? Because again, this industry's getting much wider too. It's not just specialized, it's also growing. >> Yes, actually I'm excited. We're launching secured by women, securedbywomen.com and it's very much focused on women in the industry, which some studies are showing it's about 25% of security professionals are women. And we're going to be taking nominations and sponsoring women to go to upcoming security events. And so excited to launch that this month and really celebrate women in security and help them, you know, part of that continual learning that I talked about, making sure they're there learning, having the conversations at the conferences, being able to network. >> I have to ask you, what inspired you to pursue the career in tech? What was the motivation? >> You know, if I think way back, originally I wanted to be on the art side and my dad said, "You can do anything as long as it's in the sciences." And so in undergrad I did computer science and MIS. Graduated with MIS and computer science minor. And when I came out I was a IT engineer at Cisco and you know, that kind of started my journey and decided to go back and get my MBA. And during that process I fell in love with marketing and I thought, okay, I understand the buyer, I can come out and market technology to the IT world and developers. And then from there went to several tech companies. >> I mean my father was an engineer. He had the same kind of thing. You got to be an engineer, it's a steady, stable job. But that time, computer science, I mean we've seen the evolution of computer science now it's the most popular degree at Berkeley we've heard and around the world and the education formats are changing. You're seeing a lot of people's self-training on YouTube. The field has really changed. What are some of the challenges you see for folks trying to get into the industry and how would you advise today if you were talking to your young self, what would you, what would be the narrative? >> Yeah, I mean my drawback then was HTML pages were coming out and I thought it would be fun to design, you know, webpages. So you find something you're passionate about in the space today, whether it's gaming or it's cybersecurity. Go and be excited about it and apply and don't give up, right? Do whatever you can to read and learn. And you're right, there are a ton of online self-help. I always try to hire women and people who are continual learners and are teaching themselves something. And I try to find that in an interview to know that they, because when you come to a business, you're there to solve problems and challenges. And the folks that can do that and be innovative and learn, those are the ones I want on my team. >> It's interesting, you know, technology is now impacting society and we need everyone involved to participate and give requirements. And that kind of leads my next question for you is, like, in your opinion, or let me just step back, let me rephrase. What are some of the things that you see technology being used for, for society right now that will impact people's lives? Because this is not a gender thing. We need everybody involved 'cause society is now digital. Technology's pervasive. The AI trends now we're seeing is clearly unmasking to the mainstream that there's some cool stuff happening. >> Yeah, I mean, I think ChatGPT, think about that. All the different ways we're using it we're writing content and marketing with it. We're, you know, I just read an article yesterday, folks are using it to write children's stories and then selling those stories on Amazon, right? And the amount that they can produce with it. But if you think about it, there's unlimited uses with that technology and you've got all the major players getting involved on it. That one major launch and piece of technology is going to transform us in the next six months to a year. And it's the ability to process so much data and then turn that into just assets that we use and the creativity that's building on top of it. Even TripActions has incorporated ChatGPT into your ability to figure out where you want when you're traveling, what's happening in that city. So it's just, you're going to see that incorporated everywhere. >> I mean we've done an interview before TripAction, your other company you were at. Interesting point you don't have to type in a box to say, I'm traveling, I want a hotel. You can just say, I'm going to Barcelona for Mobile World Congress, I want to have a good time. I want some tapas and a nice dinner out. >> Yes. Yeah. That easy. We're making it easy. >> It's efficiency. >> And actually I was going to say for women specifically, I think the reason why we can do so much today is all the technology and apps that we have. I think about DoorDash, I think about Waze you know, when I was younger you had to print out instructions. Now I get in the car real quick, I need to go to soccer practice, I enter it, I need to pick them up at someone's house. I enter it. It's everything's real time. And so it takes away all the things that I don't add value to and allows me to focus on what I want in business. And so there's a bunch of, you know, apps out there that have allowed me to be so much more efficient and productive that my mother didn't have for sure when I was growing up. >> That is an amazing, I think that actually illustrates, in my opinion, the best example of ChatGPT because the maps and GPS integration were two techs, technologies merged together that replace driving and looking at the map. You know, like how do you do that? Like now it's automatically. This is what's going to happen to creative, to writing, to ideation. I even heard Nicole from her book read said that they're using ChatGPT to write zero day exploits. So you seeing it... >> That's scary stuff. You're right. >> You're seeing it everywhere. Super exciting. Well, I got to ask you before you get into some of the Lacework things that you're involved with, cause I think you're doing great work over there is, what was the most exciting projects you've worked on in your career? You came in Cisco, very technical company, so got the technical chops, CSMIS which stands for Management of Information Science for all the young people out there, that was the state of the art back then. What are some of the exciting things you've done? >> Yeah, I mean, I think about, I think about MongoDB and learning to market to developers. Taking the company public in 2017. Launching Atlas database as a service. Now there's so much more of that, you know, the PLG motion, going to TripActions, you know, surviving a pandemic, still being able to come out of that and all the learnings that went with it. You know, they recently, I guess rebranded, so they're Navan now. And then now back in the security space, you know, 14 years ago I was at ArcSite and we were bought by HP. And so getting back into the security world is exciting and it's transformed a ton as you know, it's way more complicated than it was. And so just understanding the pain of our customers and how we protect them as is fun. And I like, you know, being there from a marketing standpoint. >> Well we really appreciate you coming on and sharing that. I got to ask you, for folks watching they might be interested in some advice that you might have for them and their career in tech. I know a lot of young people love the tech. It's becoming pervasive in our lives, as we mentioned. What advice would you give for folks watching that want to start a career in tech? >> Yeah, so work hard, right? Study, network, your first job, be the best at it because every job after that you get pulled into a network. And every time I move, I'm hiring people from the last job, two jobs before, three jobs before. And I'm looking for people that are working hard, care, you know, are continual learners and you know, add value. What can you do to solve problems at your work and add value? >> What's your secret networking hack or growth hack or tip that you can share? Because you're a great networker by the way. You're amazing and you do add a lot of value. I've seen you in action. >> Well, I try never to eat alone. I've got breakfast, I've got lunch, I've got coffee breaks and dinner. And so when I'm at work, I try and always sit and eat with a team member, new group. If I'm out on the road, I'm, you know, meeting people for lunch, going for dinner, just, you know, don't sit at your desk by yourself and don't sit in the hotel room. Get out and meet with people. >> What do you think about now that we're out of the pandemic or somewhat out of the pandemic so to speak, events are back. >> Yes. >> RSA is coming up. It's a big event. The bigger events are getting bigger and then the other events are kind of smaller being distributed. What's your vision of how events are evolving? >> Yeah, I mean, you've got to be in person. Those are the relationships. Right now more than ever people care about renewals and you are building that rapport. And if you're not meeting with your customers, your competitors are. So what I would say is get out there Lacework, we're going to be at RSA, we're going to be at re:Inforce, we're going to be at all of these events, building relationships, you know, coffee, lunch, and yeah, I think the future of events are here to stay and those that don't embrace in person are going to give up business. They're going to lose market share to us. >> And networking is obviously very key on events as well. >> Yes. >> A good opportunity as always get out to the events. What's the event networking trick or advice do you give folks that are going to get out to the networking world? >> Yeah, schedule ahead of time. Don't go to an event and expect people just to come by for great swag. You should be partnering with your sales team and scheduling ahead of time, getting on people's calendars. Don't go there without having 100 or 200 meetings already booked. >> Got it. All right. Let's talk about you, your career. You're currently at Lacework. It's a very hot company in a hot field, security, very male dominated, you're a leader there. What's it like? What's the strategies? How does a woman get in there and be successful? What are some tricks, observations, any data you can share? What's the best practice? What's the secret sauce from Meagen Eisenberg? >> Yes. Yeah, for Meagen Eisenberg. For Lacework, you know, we're focused on our customers. There's nothing better than getting, being close to them, solving their pain, showcasing them. So if you want to go into security, focus on their, the issues and their problems and make sure they're aware of what you're delivering. I mean, we're focused on cloud security and we go from build time to run time. And that's the draw for me here is we had a lot of, you know, happy, excited customers by what we were doing. And what we're doing is very different from legacy security providers. And it is tapping into the trend of really understanding how much data you have and what's happening in the data to detect the anomalies and the threats that are there. >> You know, one of the conversations that I was just having with a senior leader, she was amazing and I asked her what she thought of the current landscape, the job market, the how to get promoted through the careers, all those things. And the response was interesting. I want to get your reaction. She said interdisciplinary skills are critical. And now more than ever, the having that, having a set of skills, technical and social and emotional are super valuable. Do you agree? What's your reaction to that and what would, how would you reframe that? >> Yeah, I mean, I completely agree. You can't be a leader without balance. You've got to know your craft because you're developing and training your team, but you also need to know the, you know, how to build relationships. You're not going to be successful as a C-level exec if you're not partnering across the functions. As a CMO I need to partner with product, I need to partner with the head of sales, I need to partner with finance. So those relationships matter a ton. I also need to attract the right talent. I want to have solid people on the team. And what I will say in the security, cybersecurity space, there's a talent shortage and you cannot hire enough people to protect your company in that space. And that's kind of our part of it is we reduce the number of alerts that you're getting. So you don't need hundreds of people to detect an issue. You're using technology to show, you know, to highlight the issue and then your team can focus on those alerts that matter. >> Yeah, there's a lot of emerging markets where leveling up and you don't need pedigree. You can just level up skill-wise pretty quickly. Which brings me to the next question for you is how do you keep up with all the tech day-to-day and how should someone watching stay on top of it? Because I mean, you got to be on top of this stuff and you got to ride the wave. It's pretty turbulent, but it's still growing and changing. >> Yeah, it's true. I mean, there's a lot of reading. I'm watching the news. Anytime something comes out, you know, ChatGPT I'm playing with it. I've got a great network and sharing. I'm on, you know, LinkedIn reading articles all the time. I have a team, right? Every time I hire someone, they bring new information and knowledge in and I'm you know, Cal Poly had this learn by doing that was the philosophy at San Luis Obispo. So do it. Try it, don't be afraid of it. I think that's the advice. >> Well, I love some of the points you mentioned community and network. You mentioned networking. That brings up the community question, how could people get involved? What communities are out there? How should they approach communities? 'Cause communities are also networks, but also they're welcoming people in that form networks. So it's a network of networks. So what's your take on how to engage and work with communities? How do you find your tribe? If someone's getting into the business, they want support, they might want technology learnings, what's your approach? >> Yeah, so a few, a few different places. One, I'm part of the operator collective, which is a strong female investment group that's open and works a lot with operators and they're in on the newest technologies 'cause they're investing in it. Chief I think is a great organization as well. You've got a lot of, if you're in marketing, there's a ton of CMO networking events that you can go to. I would say any field, even for us at Lacework, we've got some strong CISO networks and we do dinners around you know, we have one coming up in the Bay area, in Boston, New York, and you can come and meet other CISOs and security leaders. So when I get an invite and you know we all do, I will go to it. I'll carve out the time and meet with others. So I think, you know, part of the community is get out there and, you know, join some of these different groups. >> Meagen, thank you so much for spending the time. Final question for you. How do you see the future of tech evolving and how do you see your role in it? >> Yeah, I mean, marketing's changing wildly. There's so many different channels. You think about all the social media channels that have changed over the last five years. So when I think about the future of tech, I'm looking at apps on my phone. I have three daughters, 13, 11, and 8. I'm telling you, they come to me with new apps and new technology all the time, and I'm paying attention what they're, you know, what they're participating in and what they want to be a part of. And certainly it's going to be a lot more around the data and AI. I think we're only at the beginning of that. So we will continue to, you know, learn from it and wield it and deal with the mass amount of data that's out there. >> Well, you saw TikTok just got banned by the European Commission today around their staff. Interesting times. >> It is. >> Meagen, thank you so much as always. You're a great tech athlete. Been following your career for a while, a long time. You're an amazing leader. Thank you for sharing your story here on theCUBE, celebration of International Women's Day. Every day is IWD and thanks for coming on. >> Thank you for having me. >> Okay. I'm John Furrier here in theCUBE Studios in Palo Alto. Thank you for watching, more to come stay with us. (bright music)

(upbeat music) >> We're back in Boston, theCUBE's coverage of Re:Inforce 2022. My name is Dave Vellante. Dave Hatfield is here. He's the co-CEO of Lacework. Dave, great to see again. Hat. >> Thanks Dave. >> Do you still go by Hat? >> Hat is good for me. (Dave V laughing) >> All right cool. >> When you call me David, I'm in trouble for something. (Dave V Laughing) So just call me Hat for now. >> Yeah, like my mom, David Paul. >> Exactly. >> All right. So give us the update. I mean, you guys have been on a tear. Obviously the Techlash, >> Yep. >> I mean, a company like yours, that has raised so much money. You got to be careful. But still, I'm sure you're not taking the foot off the gas. What's the update? >> Yeah no. We were super focused on our mission. We want to de deliver a cloud security for everybody. Make it easier for developers and builders, to do their thing. And we're fortunate to be in a situation, where people are in the early innings of moving into the cloud, you know. So our customers, largely digital natives. And now increasingly cloud migrants, are recognizing that in order to build fast, you know, in the cloud, they need to have a different approach to security. And, you know, it used to be that you're either going be really secure or really fast. And we wanted to create a platform that allowed you to have both. >> Yeah. So when you first came to theCUBE, you described it. We are the first company. And at the time, I think you were the only company, thinking about security as a data problem. >> Yeah. >> Explain what that means. >> Well, when you move to the cloud, you know, there's literally a quintillion data sets, that are out there. And it's doubling every several days or whatever. And so it creates a massive problem, in that the attack surface grows. And different than when you're securing a data center or device, where you have a very fixed asset, and you kind of put things around it and you kind of know how to do it. When you move to the shared ephemeral massive scale environment, you can't write rules, and do security the way you used to do it, for a data centers and devices. And so the insight for us was, the risk was the data, the upside was the data, you know? And so if you can harness all of this data, ingest it, process it, contextualize it, in the context of creating a baseline of what normal is for a company. And then monitor it constantly in real time. Figure out, you know, identify abnormal activity. You can deliver a security posture for a company, unlike anything else before. Because it used to be, you'd write a rule. You have a known adversary or a bad guy that's out there, and you constantly try and keep up with them for a very specific attack service. But when you move to the cloud, the attack service is too broad. And so, the risk of the massive amount of data, is also the solution. Which is how do you harness it and use it with machine learning and AI, to solve these problems. >> So I feel like for CISOs, the cloud is now becoming the first line of defense. >> Yep. The CISOs is now the second line. Maybe the auditing is the third line. I don't know. >> Yeah. >> But, so how do you work with AWS? You mentioned, you know, quadrillion. We heard, I think it was Steven Schmidt, who talked about in his keynote. A quadrillion, you know, data points of a month or whatever it was. That's 15 zeros. Mind boggling. >> Yeah. >> How do you interact with AWS? You know, where's your data come from? Are you able to inspect that AWS data? Is it all your own kind of first party data? How does that all work? >> Yeah, so we love AWS. I mean we ultimately, we started out our company building our own service, you know, on AWS. We're the first cloud native built on the cloud, for the cloud, leveraging data and harnessing it. So AWS enabled us to do that. And partners like Snowflake and others, allowed us to do that. But we are a multi-cloud solution too. So we allow builders and customers, to be able to have choice. But we'd go deep with AWS and say, the shared responsibility model they came up with. With partners and themselves to say, all right, who ultimately owns security? Like where is the responsibility? And AWS does a great job on database storage, compute networking. The customer is responsible for the OS, the platform, the workloads, the applications, et cetera, and the data. And that's really where we come in. And kind of help customers secure their posture, across all of their cloud environments. And so we take a cloud trail data. We look at all of the network data. We look at configuration data. We look at rules based data and policies, that customers might have. Anything we can get our hands on, to be able to ingest into our machine learning models. And everybody knows, the more data you put into a machine learning model, the finer grain it's going to be. The more insightful and the more impactful it's going to be. So the really hard computer science problem that we set out to go do seven years ago, when we founded the company, was figure out a way to ingest, process, and contextualize mass amounts of data, from multiple streams. And the make sense out of it. And in the traditional way of protecting customers' environments, you know, you write a rule, and you have this linear sort of connection to alerts. And so you know, if you really want to tighten it down and be really secure, you have thousands of alerts per day. If you want to move really fast and create more risk and exposure, turn the dial the other way. And you know, we wanted to say, let's turn it all the way over, but maintain the amount of alerts, that really are only the ones that they need to go focus on. And so by using machine learning and artificial intelligence, and pulling all these different disparate data systems into making sense of them, we can take, you know, your alert volume from thousands per day, to one or two high fidelity critical alerts per day. And because we know the trail, because we're mapping it through our data graph, our polygraph data platform, the time to remediate a problem. So figure out the needle in the haystack. And the time to remediate is 90, 95% faster, than what you have to do on your own. So we want to work with AWS, and make it really easy for builders to use AWS services, and accelerate their consumption of them. So we were one of the first to really embrace Fargate and Graviton. We're embedded in Security Hub. We're, you know, embedded in all of the core platforms. We focus on competencies, you know. So, you know, we got container competency. We've got security and compliance competencies. And we really just want to continue to jointly invest with AWS. To deliver a great customer outcome and a really integrated seamless solution. >> I got a lot to unpack there. >> Okay. >> My first question is, what you just described, that needle in the haystack. You're essentially doing that in near real time? >> Yep. >> Or real time even, with using AI inferencing. >> Yeah. >> Describe it a little better. >> You're processing all of this data, you know, how do you do so efficiently? You know. And so we're the fastest. We do it in near real time for everything. And you know, compared to our competitors, that are doing, you know, some lightweight side scanning technology, and maybe they'll do a check or a scan once a day or twice a day. Well, the adversaries aren't sleeping, you know, over the other period of time. So you want to make it as near real time as you can. For certain applications, you know, you get it down into minutes. And ideally over time, you want to get it to actual real time. And so there's a number of different technologies that we're deploying, and that we're putting patents around. To be able to do as much data as you possibly can, as fast as you possibly can. But it varies on the application of the workload. >> And double click in the technology. >> Yeah. >> Like tell me more about it. What is it? Is it a purpose-built data store? >> Yeah. Is it a special engine? >> Yeah. There's two primary elements to it. The first part is the polygraph data platform. And this is this ingestion engine, the processing engine, you know, correlation engine. That has two way APIs, integrates into your workflows, ingests as much data as we possibly can, et cetera. And unifies all the data feeds that you've got. So you can actually correlate and provide context. And security now in the cloud, and certainly in the future, the real value is being able to create context and correlate data across the board. And when you're out buying a bunch of different companies, that have different architectures, that are all rules based engines, and trying to stitch them together, they don't talk to each other. And so the hard part first, that we wanted to go do, was build a cloud native platform, that was going to allow us to build applications, that set on top of it. And that, you know, handled a number of different security requirements. You know, behavior based threat detection, obviously is one of the first services that we offered, because we're correlating all this data, and we're creating a baseline, and we're figuring out what normal is. Okay, well, if your normal behavior is this. What's abnormal? So you can catch not only a known bad threat, you know, with rules, et cetera, that are embedded into our engines, but zero day threats and unknown unknowns. Which are the really scary stuff, when you're in the cloud. So, you know, we've got, you know, application, you know, for behavioral threat detection. You have vulnerability management, you know. Where you're just constantly figuring out, what vulnerabilities do I have across my development cycle and my run time cycle, that I need to be able to keep up on, and sort of patch and remediate, et cetera. And then compliance. And as you're pulling all these data points in, you want to be able to deliver compliance reports really efficiently. And the Biden Administration, you know, is issuing, you know, all of these, you know, new edicts for regulations. >> Sure. Obviously countries in, you know, in Europe. They have been way ahead of the US, in some of these regulations. And so they all point to a need for continuous monitoring of your cloud environment, to ensure that you're, you know, in real time, or near real time complying with the environments. And so being able to hit a button based on all of this data and, you know, deliver a compliance report for X regulation or Y regulation, saves a lot of time. But also ensures customers are secure. >> And you mentioned your multi-cloud, so you started on AWS. >> Yeah. >> My observation is that AWS isn't out trying to directly, I mean, they do some monetization of their security, >> Yep. >> But it's more like security here it is, you know. Use it. >> Yeah. >> It comes with the package. Whereas for instance, take Microsoft for example, I mean, they have a big security business. I mean, they show up in the spending surveys. >> Yeah. >> Like wow, off the charts. So sort of different philosophies there. But when you say you're Multicloud, you're saying, okay, you run on AWS. Obviously you run on Azure. You run on GCP as well. >> Yeah. Yep. >> We coin this term, Supercloud, Dave. It's it's like Multicloud 2.0. The idea is it's a layer above the clouds, that hides the underlying complexity. >> Yep. >> You mentioned Graviton. >> Yep. >> You worry about Graviton. Your customer don't, necessarily. >> We should be able to extract that. >> Right. But that's going to be different than what goes on Microsoft. With Microsoft primitives or Google primitives. Are you essentially building a Supercloud, that adds value. A layer, >> Yeah. >> on top of those Hyperscalers. >> Yeah. >> Or is it more, we're just going to run within each of those individual environments. >> Yeah. No we definitely want to build the Security OS, you know, that sort of goes across the Supercloud, as you talk about. >> Yeah. >> I would go back on one thing that you said, you know, if you listen to Andy or Adam now, talk about AWS services, and all the future growth that they have. I mean, security is job one. >> Yeah. Right, so AWS takes security incredibly seriously. They need to. You know, they want to be able to provide confidence to their customers, that they're going to be able to migrate over safely. So I think they do care deeply it. >> Oh, big time. >> And are delivering a number of services, to be able to do it for their customers,. Which is great. We want to enhance that, and provide Multicloud flexibility, deeper dives on Kubernetes and containers, and just want to stay ahead, and provide an option for companies. You know, when you're operating in AWS, to have better or deeper, more valuable, more impactful services to go layer on top. >> I see. >> And then provide the flexibility, like you said, of, hey look, I want to have a consistent security posture across all of my clouds. If I choose to use other clouds. And you don't, the schema are different on all three. You know, all of the protocols are different, et cetera. And so removing all of that complexity. I was just talking with the CISO at our event last night, we had like 300 people at this kind of cocktail event. Boston's pretty cool in the summertime. >> Yeah. Boston in July is great. >> It's pretty great. They're like going, look, we don't want to hire a Azure specialist, and a AWS specialist, and you know, a GCP specialist. We don't want to have somebody that is deep on just doing container security, or Kubernetes security. Like we want you to abstract all of that. Make sense of it. Stay above it. Continue to innovate. So we can actually do what we want to do. Which is, we want to build. We want to build fast. Like the whole point here, is to enable developers to do their job without restriction. And they intuitively want to have, and build secure applications. And, you know, because they recognize the importance of it. But if it slows them down. They're not going to do it. >> Right. >> And so we want to make that as seamless as possible, on top of AWS. So their developers feel confident. They can move more and more applications over. >> So to your point about AWS, I totally agree. I mean, security's job one. I guess the way I would say it is, from a monetization standpoint. >> Yeah. >> My sense is AWS, right now anyway, is saying we want the ecosystem, >> Yeah. >> to be able to monetize. >> Yeah. >> We're going to leave that meat on the bone for those guys. Whereas Microsoft is, they sometimes, they're certainly competitive with the ecosystem, sometimes. End point. >> Yeah. >> They compete with CrowdStrike. There's no question about it. >> Yeah. >> Are they competitive with you in some cases? Or they're not there yet. Are you different. >> Go talk to George, about what he thinks about CrowdStrike and I, versus Microsoft. (Dave V laughing) >> Well, yeah. (Dave H laughing) A good point in terms of the depth of capability. >> Yeah. >> But there's definitely opportunities for the ecosystem there as well. >> Yeah. But I think on certain parts of that, there are more, there's higher competitiveness, than less. I think in the cloud, you know, having flexibility and being open, is kind of core to the cloud's premise. And I think all three of the Hyperscalers, want to provide a choice for customers. >> Sure. >> And they want to provide flexibility. They obviously, want to monetize as much as they possibly can too. And I think they have varying strategies of those. And I do think AWS is the most open. And they're also the biggest. And I think that bodes well for what the marketplace really wants. You know, if you are a customer, and you want to go all in for everything, with one cloud. All right, well then maybe you use their security stack exclusively. But that's not the trend on where we're going. And we're talking about a $154 billion market, growing at, you know, 15% for you. It's a $360 billion market. And one of the most fragmented in tech. Customers do want to consolidate on platforms. >> Absolutely. >> If they can consolidate on CSPs, or they consolidate on the Supercloud, I'm going to steal that from you, with the super cloud. You know, to be able to, you know, have a consistent clarity posture, for all of your workloads, containers, Kubernetes, applications, across multiple clouds. That's what we think customers want. That's what we think customers need. There's opportunity for us to build a really big, iconic security business as well. >> I'm going to make you laugh. Because, so AWS doesn't like the term Supercloud. And the reason is, because it implies that they're the infrastructure, kind of commodity layer. And my response is, you'll appreciate this, is Pure Storage has 70% gross margin. >> Yeah. Yep. >> Right. Look at Intel. You've got Graviton. You control, you can have Intel, like gross margin. So maybe, your infrastructure. But it's not necessarily commodity, >> Yeah. >> But it leaves, to me, it leaves the ecosystem value. Companies like Lacework. >> Amazon offers 220 something services, for customers to make their lives easier. There's all kinds of ways, where they're actually focusing on delivering value, to their customers that, you know, is far from commodity and always will be. >> Right. >> I think when it comes to security, you're going to have, you're going to need security in your database. Your storage. Your network compute. They do all of that, you know, monetize all of that. But customers also want to, you know, be able to have a consistent security posture, across the Supercloud. You know, I mean, they don't have time. I think security practitioners, and security hiring in general, hasn't had unemployment for like seven or 10 years. It's the hardest place to find quality people. >> Right. >> And so our goal, is if we can up level and enable security practitioners, and DevSecOps teams, to be able to do their job more efficiently, it's a good thing for them. It's a win for them. And not having to be experts, on all of these different environments, that they're operating in. I think is really important. >> Here's the other thing about Supercloud. And I think you'll appreciate this. You know, Andreesen says, all companies are software companies. Well, all companies are becoming SAS and Cloud companies. >> Yeah. >> So you look at Capital One. What they're doing with on Snowflake. You know, Goldman what they're doing with AWS. Oracle by Cerner, you know that. So industries, incumbents, are building their own Superclouds. They don't want to deal with all this crap. >> Yeah. >> They want to add their own value. Their own tools. Their own software. And their own data. >> Yeah. >> And actually serve their specific vertical markets. >> Yeah. A hundred percent. And they also don't want tools, you know. >> Right. >> I think when you're in the security business. It's so fragmented, because you had to write a rule for everything, and they were super nuanced. When you move to a data driven approach, and you actually have a platform, that removes the need to actually have very nuanced, specific expertise across all these different. Because you're combining it into your baseline and understanding it. And so, customers want to move from, you know, one of the biggest banks in North America, has 550 different point solutions for security. Thousands of employees to go manage all of this. They would love to be able to consolidate around a few platforms, that integrate the data flows, so they can correlate value across it. And this platform piece is really what differentiates our approach. Is that we already have that built. And everybody else is sort of working backwards from Legacy approaches, or from a acquired companies. We built it natively from the ground up. Which we believe gives us an advantage for our customers. An advantage of time to market speed, efficacy, and a much lower cost. Because you can get rid of a bunch of point solutions in the process. >> You mentioned Devs. Did you, you know, that continuous experience across clouds. >> Yep. >> Do you have like the equivalent of a Super PAs layer, that is specific to your use case? Or are you kind of using, I mean, I know you use off the shelf tooling, >> Yep. >> you allow your developers to do so, but is, is the developer experience consistent across the clouds? That's really what I'm asking? >> Well, I think it is. I mean, I was talking to another CEO of a company, you know, on the floor here, and it's focusing on the build side. You know we focus on both the build and the run time. >> Right. >> And we were talking about, you know, how many different applications, or how fragmented the developer experience is, with all the different tools that they have. And it's phenomenal. I mean, like this, either through acquisition or by business unit. And developers, like to have choice. Like they don't like to be told what to do or be standardized, you know, by anybody. Especially some compliance organization or security organization. And so, it's hard for them to have a consistent experience, that they're using a bunch of different tools. And so, yeah. We want to be able to integrate into whatever workload, a workflow a customer uses, in their Dev cycle, and then provide consistent security on top of it. I mean, for our own company, you know, we got about a thousand people. And a lot of them are developers. We want to make it as consistent as we possibly can, so they can build code, to deliver security efficacy, and new applications and new tools for us. So I think where you can standardize and leverage a platform approach, it's always going to be better. But the reality is, especially in large existing companies. You know, they've got lots of different tools. And so you need to be able to set above it. Integrate with it and make it consistent. And security is one of those areas, where having a consistent view, a consistent posture, a consistent read, that you can report to the board, and know that your efficacy is there. Whatever environment you're in. Whatever cloud you're on. Is super, super critical. >> And in your swim lane, you're providing that consistency, >> Yep. >> for Devs. But you're right. You've got to worry about containers. You got to worry about the run time. You got to worry about the platform. The DevSecOps team is, you know, becoming the new line of defense, right? I mean, security experts. >> Absolutely. Well, we have one customer, that we just have been working with for four years ago. And it's, you know, a Fortune, a Global 2000 company. Bunch of different industries grew through acquisition, et cetera. And four years ago, their CTO said, we're moving to the cloud. Because we want to drive efficiency and agility, and better service offerings across the board. And so he has engineering. So he has Dev, you know. He has operations. And he has security teams. And so organizationally, I think that'll be the model, as companies do follow entries in to sort of, you know, quote. Become software companies and move on their digital journeys. Integrating the functions of DevSecOps organizationally, and then providing a platform, and enabling platform, that makes their jobs easier for each of those personas. >> Right. >> Is what we do. You want to enable companies to shift left. And if you can solve the problems in the code, on the front end, you know, before it gets out on the run time. You're going to solve, you know, a lot of issues that exist. Correlating the data, between what's happening in your runtime, and what's happening in your build time, and being able to fix it in near realtime. And integrate with those joint workflows. We think is the right answer. >> Yeah. >> Over the long haul. So it's a pretty exciting time. >> Yeah. Shift left, ops team shield right. Hat, great to see you again. >> Good to see you, Dave. >> Thanks so much for coming on theCUBE. >> Thanks a lot. >> All Right. Keep it right there. We'll be back. Re:Inforce 2022. You're watching theCUBE from Boston. (calming music)

>> Welcome to today's session of theCUBE's presentation of the AWS Startup Showcase, The Next Big Thing in AI, Security and Life Sciences. Today featuring Lacework for the security track. I'm your host Natalie Erlich. Thank you for joining us. And we will discuss today how LendingTree automates AWS security for DevOps teams and stays compliant with Lacework. Now we're joined by Adam Leftik the VP of Product at Lacework as well as a Arun Sankaran, CISO of LendingTree. Thank you both very much for joining us today. >> Thank you for having us. >> Well, wonderful. Adam, let's start with you. Lacework positions itself as, "cloud security at the speed of cloud innovation." What does that mean to you and how are you helping your customers? >> Great question, Natalie. I think one of the things that's really important to understand about Lacework really comes back to essentially what's happening at cloud speed, which is customers are aggressively moving more and more of their applications to the cloud, but they're doing so with the same number of resources to secure that environment. And as the cloud continues to grow, both in terms of complexity, as well as overall ability to unlock new styles of applications that were never before even possible without this new technology landscape. Fundamentally, Lacework is designed to enable those builders to go faster without worrying about all the different intricacies and threats that they face out there on the internet. And so the core mission of Lacework is really about enabling builders to build those applications and leverage those cloud resources and new cloud technologies to move quicker and quicker. >> Natalie: Fascinating. >> Yeah, thanks. If you go back to the sort of foundation of the company there we took a very different approach to how we think about security. Often, you know, security approaches in the past have been a rules driven model where you try and think of all the different vectors that attacks can come at. And fundamentally, you end up writing a series of these rules that are impossible to maintain, they atrophy over time, and that you can't possibly think ahead of all these nefarious actors. So one of the things that Lacework did from the very beginning was take a very different approach which is leveraging security as a data problem. And the way we do this is through what we refer to as our polygraph. And the polygraph essentially looks at all the exhaust telemetry that we're able to ingest both from your cloud accounts as well as the underlying infrastructure. And we take that and we build a baseline and a behavioral model for how the application should behave when it's normal. And this baseline represents the state of normalcy. And so then we leverage modern data science techniques to essentially build a model that can identify potential threats without requiring our users to build rules and ultimately play catch up to all the different threats that they face. And this is a really, really powerful capability because it allows our customers both to identify misconfigurations and remediate them, monitor all the activity to reduce the overall overhead on their security organization, and of course help them build faster and identify threats as they come into the system. And we differentiate in lots of different ways as well. So one of the things we're looking to do as part of the overall cloud transformation is really meet the DevOps teams and the security teams where they are. And so all of the information that Lacework captures, synthesizes, and produce through our automation ultimately feed into the different channels that our users are really leveraging that skill today. Whether that's through their ChatOps windows or ultimately into their CICD pipeline so that we give broad coverage both at build time as well as run time and give them full visibility and insights and the ability to remediate those quickly. You know, one of the other things that we're really proud of and this is core to our product philosophy is building more and more partnerships with our customers and LendingTree is really at the forefront of that partnership and we're super excited to be partnering with them. And that's certainly something that we've done to differentiate our product offering and I'd love to hear from Arun, how have you been working with Lacework and how has that been going so far? >> Yeah, thank you, Adam. You know, frankly I think that's a huge differentiator for us. There's a lot of players that can solve technology problems but what we've really appreciated is that as a smaller shop and a smaller organization, the level of connectedness that we feel with the development teams at Lacework. We raise a opportunity. You know, this can make things more efficient for us or this can reduce our time to triage, or this visualization or this UI could be modified to support certain security operations center use cases, maybe that's not what it's designed for. And we've enjoyed just a lot of success in kind of shaping the product in order to meet all the different use cases. And as Adam mentioned, you know, as a CISO, my primary responsibility is security, but frankly there's a lot of DevOps and tech use cases within the polygraph visualization tool, and understanding our environment and troubleshooting has frankly it saved us quite a bit of time and we're looking forward to the partnership to continue to grow out the tool. As we, as a company, scale in today's world, it's very important that we're able to scale our capability 2-3X without a corresponding 2-3X in staff and resources. I think this is the kind of tool that's going to help us get there. >> Well, speaking to you Arun, Lacework has recently grown tremendously and gotten a lot of industry attention but you saw something before everyone else. Can you tell us what really caught your attention? What stood out to you and why you decided to become an early adopter? >> Yeah, great question. Honestly, I wish it was a super tricky kind of answer but the real honest answer is it was a very easy decision because we had a need. We knew that we needed robust monitoring capability and detection of threats within containerized environments. And, you know, there are other players in the space but we have a very diverse environment. We're a combination of multiple container technologies and multiple cloud platforms. And we needed something that had the greatest diversity of coverage across our environments. And this was really the only solution that would work for us. I'd love to be able to say that it was like an aggressive bake-off and there's all these different options. But really, from a capability, and scope, and coverage, it was a fairly easy decision for us. >> And how has your threat detection and investigation process changed since you brought on Lacework? >> Yeah, it certainly has. Our environment within 24 hour period, it might generate 300, 400 million events and that's process level data from hosts and network data access. It's just a very noisy amount of alerts. With the Lacework's platform, those 300, 400 million get reduced to about a hundred alerts a day that we see and of those, five are critical and those tend to all be very actionable. So from an alert fatigue perspective, we really rely on this to give us actionable data, actionable alerts that teams can really focus on and reduces that noise. So I would say that's probably the number one way that our detection process has changed and frankly, a lot of it is what Adam mentioned as far as the underlying self-learning, self-tuning engine. There's not a whole lot of active rules that we had to create or configuration that we had to do. It's kind of a learning system and I think it's really, probably, I would estimate maybe 50-60% reduction in triage and response time for alerts as well. >> And Adam, now going to you, while 2020 was a really rough year for a lot of people, a lot of businesses, Lacework realized 300% revenue growth. So now that the economy is bouncing back and seemingly so in full force, what are your expectations for Lacework in the next year? >> Great question. I think one of the things we're seeing broadly across the industry is an acceleration, a realization that companies that are going through digital transformations have accelerated their pace and so we anticipate even faster growth. Additionally, you know, the companies that may have not been on that trajectory are now realizing that they need to move to the cloud. There's not a lot of folks right now thinking that they're going to be racking and stacking in physical data centers going forward. So we fully expect a continuation of massive growth. And increasingly as customers are moving into the cloud, they're looking for tools to help them build a secure footprint but also enable them to go faster. So, we have a point of view that we're going to continue to see this massive growth and if not, how to accelerate from here. >> Well, you're also the man behind the product. So could you go behind some of the key features that it offers? >> Sure. So, if you think about our overall product portfolio, we really have both breadth and depth. So, first and foremost, most customers who are moving to the cloud or have a large cloud footprint, the first concern they have is, do I have a series of misconfigurations? We really help our customers both identify best practices with those configurations in the cloud, and then also help them move quickly towards potential compliance standards that they need to adhere to. Everyone's operating in a regulated environment these days. And then of course, once you've got that footprint to a place where it's healthy, you really, really want to be able to monitor and track the changes to the configurations over time to ensure you're continuing to maintain that footprint. And so we provide a polygraph based model that essentially identifies potential behavioral risks that we're observing through our data clustering algorithms to help you identify potential holes that you may have created over time and help you remediate those things. And then of course, you know, every customer faces a significant challenge when it comes to just keeping up with the overall landscape changes in terms of overall vulnerability footprint in their environments. And so we have a great capability with what we call vulnerability discovery, which enables our customers to understand where they're vulnerable and not simply tell them how many vulnerabilities they have, but help them isolate, leveraging all the run time and bill time contexts we have so that they can really prioritize what's important to them and what represents the highest risk. And then of course, lastly, you know, where the company really got started is in helping customers protect their cloud workloads. And we do this by identifying threats that we're able to leverage our machine learning and data clustering algorithms so that once we have those baseline behaviors identified and modeled, we can leverage all of our threat intelligence to identify anomalies in that system and help customers really identify those risks as they're coming into the system and deal with those in a really timely manner. So those are kind of the overall key capabilities that they really help teams scale and drive their overall cloud security programs. >> And Arun, really quickly from your perspective, what is a key feature that is really beneficial to LendingTree? >> It's kind of what Adam mentioned with the kind of the self-tuning capability, the reduction of alerts and data based on behavioral-based detection versus rule-based. A lot of people have, you have fancy words, they call AI and machine learning, this and that, but I've rarely seen it work effectively. I think this is a situation where it does work really effectively and does free up time and resources on our side that we can apply to other problems we're trying to solve so I think that's the number one. >> Okay, terrific. Well, I'm really curious Adam. Got to ask you this question. I mean, we saw a really big software IPO last year. What do you think is in store for Lacework? >> Yeah, well, you know, the IPO is just a point in time as opposed to it's part of the journey. Lacework's continuing to invest and really focus on fundamentally changing the security landscape. One of the reasons why I joined Lacework and continue to be really excited about the opportunity comes back to the fundamental challenge that all security tools have. We do not want to create a platform that drives wet blanket behavior, but really fundamentally enables teams like Arun's to move faster and enable the builders to build the applications that fundamentally drive great business outcomes for our customers. And so that's what gets me out of bed. And I think everyone at Lacework is really focused on helping drive great outcomes for our customers. >> Fascinating to hear how Lacework is securing cloud around the world. Lovely to have you on the show. Adam Leftik, the VP of Lacework, as well Arun Sankaran, the CISO of LendingTree. I'm your host for the AWS Startup Network here on theCUBE. Thank you very much for watching.

(upbeat music) >> Hello, welcome to this CUBE conversation. I'm John Furrier your host of theCUBE here in our Palo Alto studio. We got a great conversation with the CEO of Lacework, David Hatfield. Who's in on theCUBE remote. David great to see you guys, a security platform at Lacework, you're at the helm as CEO. Welcome to theCUBE conversation. >> Thank you, John. Great to see you congrats to you and the team and all the success. I think what you guys are doing is really important so happy to be part of it. >> Great to have you in the community and you guys are doing great work. I know about Lacework I've done some due diligence on you guys. I love your business model, but for the folks who don't know what you guys do, take a minute to explain who is Lacework? What do you guys do? What's your positioning? And what's your focus? >> Yeah, well, we're a modern data security platform for the cloud. And so I think data science meets cloud security ultimately. The company has been around since 2015. We received one of the largest financing rounds that we're aware of I think in history in security business, $525 million in January. Led by Sutter Hill Ventures which many people may know about they founded PureStorage with the notion that we're going to go fundamentally change and revamp the ownership model for a high speed data storage using flash versus using spinning disc drives. I spent eight years with that company. Love with what we built there. Then Mike Speiser considered an investment in a company called Snowflake computing. I think you're aware of what Snowflake does which is bringing data warehousing into the cloud. And the third big investment that Sutter Hill made is really to help disrupt security, and that's in Lacework. So north of a billion dollar valuation a 300% year over year growth and have a ton of momentum. So at the core of what we do, it's really trying to merge, when we look at we look at security as a data problem, security and compliance the data problem. And when you apply that to the cloud, it's a massive data problem. you literally have trillions of data points across shared infrastructure that we need to be able to ingest and capture and then you need to be able to process efficiently and provide context back to the end-user. And so we approached it very differently than how legacy approaches have been in place, you know largely rules-based engines that are written to be able to try and stop the bad guys. And they miss a lot of things. And so our data-driven approach that we patented is called a polygraph. It's a, it's a security architecture and there are three primary benefits. It does a lot of things, but the three things that we think are most profound first is it eliminates the need for, you know dozens of point solutions. I was shocked when I, you know kind of learned about security. I was at Symantec back in the day. And just to see how fragmented this market is, it's one of the biggest markets in tech. $124 billion in annual spend growing at, to $300 billion in the next three years. And it's massively fragmented. And the average number of point solutions that customers have to deal with is dozens. Like literally 75 is the average number. And so we wanted to take a platform approach to solve this problem where the larger the attack surface that you put in the more data that you put into our machine learning algorithms the smarter it gets and the higher, the efficacy. So eliminating point solutions is his value proposition one. Point two is that we have to be 10 X better than everybody else in the business. Otherwise the merchant companies don't get a breakout and become long and during companies. And so there's a number of different dimensions. The first dimension that I think is probably the most important is efficacy, you know in anomaly detection or in, you know threat detection where you're trying to identify what risks we have in the business. It's, it's generally a very noisy activity. And so rules-based approaches on average will produce a hundred alerts to our one or two. Those, the signal to noise ratio, is, is, you know is a massive a 100x, but call it 10x a reduction. And so we're actually delivering the needle versus the haystack for security administrators and dev developers to actually solve the problem. So it's 10x, higher efficacy it's 10x faster to be able to resolve the problems. And obviously the ROI is, is a no-brainer because you're eliminating all these points which is in having to manage it. And the third, and probably the thing that I'm most excited about what we're doing and what our customers are already realizing is that we're transforming security and compliance teams from kind of compliance into business enablers. when you automate all these processes and you build it into, you know the CICD platforms for the developers you actually enable the developers to write code to differentiate their business, you know to create new customer experiences to get competitive advantage and drive revenue for their businesses. And, and you know that's not what security has done up to this point. We oftentimes, they're the ones we're the ones having to say, no, you know we're slow down or it's too risky, etc. But when you automate that and you increase the efficacy you can enable the developers to do their thing. And it allows the CSOs and allows the security professionals to up level their responsibility into selling and driving revenue. And that is increasingly going to become more and more important for supply chains and partners of these cloud native businesses of how secure am I working with you, etc. And so we think that that transformation of the role of security is going to be as, as meaningful as the technology that we're providing the business. So we're super excited about it. >> I could tell you have so much going on this investment team Sutter Hill, you mentioned big time players huge success track record. Just saw them written up in the wall street journal as one of the best venture capital firms and returns. It's just that the bets are all coming home, but their bet strategy is simple. Disrupting the market that's growing and changing PureStorage, you mentioned company you've worked for, you know people were saying, oh, they'll never get escape velocity. They disrupted an existing, boring storage market changed the game there, security, right for change. A lot of tools, a lot of people have buying tools off the shelf, you know and everyone fighting for the platform. That seems to be the conversation. So I have to ask you, you guys want to be the player that that platform you are, that platform what's different in this platform where everyone's trying to be a security platform, what's makes you different. >> Yeah. So I mean, I think the platform wars are, are clearly, upon us, you know I think what's different about our approach is that we were built on the cloud, for the cloud so we're a cloud native business that, you know runs our business on AWS and everything that we do. We don't have hardware, we don't own data centers. we don't have any of the legacy elements that are there. we use software run on the cloud to enable this. So that's point number one point number two is we did the hard work of mapping the data elements that are out there and adjusting them in and then have this polygraph, you know behavioral anomaly detection, that is it can be applied to today. It's being applied to vulnerability and discovery management and containers and Kubernetes. But over time we believe it extends very naturally to a larger part of the attack server. So we don't have to rewrite the data engine to develop solutions across broader attack services. We already have that, you know so I think our time to develop and innovate will be profound. And I think the third thing that we're seeing companies do and largely the legacy bigger companies is that they're just acquiring their way there. And, it's very, very difficult to acquire 8 to 10 to 20, 30 companies, 30 different CTOs 30 different code bases and try and integrate them to provide a delightful customer experience. And, the parallels, you know in the storage business are, are are pretty similar actually, Dell bought EMC, EMC bought a hundred companies. And, we went after a platform approach to be able to go attack them with a unified file system in a in a unified customer experience that was native for the media that we're working with. We're doing the same playbook here, you know which is you have to have the hard work of the foundation elements in place to be cloud native to deliver great outcomes, great efficacy and and a really great customer experience. So when we get head to head with any of these points coming out and trying to solve something for containers or Kubernetes, or just vulnerability discovery and management, etc, or we're competing with the legacy companies that have, a hodgepodge of acquisitions that they're trying to pull together we went North of 95% of the time. our POC win rates are phenomenal better than anything I've ever seen. We had a pretty good one to appear too. And the, the product and the experience and the efficacy kind of stand on their own once we're in those fights. So part of why we enjoy working with AWS and are really focused on building the partnership together is that it creates awareness of what could be and what possibilities all we want is a shot. And, our approach is such that you can be up and running in minutes, you know and every single one of our customers does a POC. So we'll stand behind our technology as our real differentiator compared to anybody else that's out there. >> Great. You guys had great traction going on with the company certainly saw the investment news that you mentioned earlier at the top. Why did you come on as CEO? And when did you come on and join the team? And what was the reason? What, what, what attracted you to join as the CEO of Lacework? >> Well, I've been involved in the company for since the beginning actually I invested in the early rounds participated on the board and I've always bought into this. The thesis that security is fundamentally a data problem. And if we can get the data problem and the data processing right, you know you can fundamentally change the industry but you need to have a major inflection. And that inflection is people moving to the cloud. And we all have seen it during the pandemic. things are accelerating. AWS just did their earnings yesterday. I think they increased their top-line guidance from 46 billion to 56 billion this year. I mean, it's a machine that is continuing to move forward. They have 30% market share. Azure's investing at 20% GCP still investing people are moving their businesses online aggressively. And as they shift to the cloud the rules-based approach just doesn't work. It doesn't scale. And so a new approach needs to be done. And so by being cloud native and best of breed and solving the thorny problem of this data processing problem first, you know it gives us an opportunity to use that to then extend and build a business, you know at an enduring level over the next 10 to 20 years. And that's Sutter's model, that's their playbook. They don't invest in 400 companies and kind of spray and pray, which is what most venture funds do. And I love them. They're great. And we appreciate the investment in tech, but Sutter's focus is find a really big market find a catalyst for change. In our case, it's moving to the cloud and then build a modern approach. that is 10x better in every dimension. And that attracted to me. I mean, it's, it's a, it's one of the biggest markets in tech and it's one of the most important things that we can do is a digital business is to ensure that we're secure and we're safe and the threats are becoming much more skilled much more deliberate, much better funded. And so the importance for us to ensure that company's security is really tight is, is increasingly critical. So the combination of those factors, and then as I dove back into it and talked to a bunch of customers and talk to partners and seeing the outcomes and enthusiasm that they had and the, the team is phenomenal. And so talking to them, and I just kind of got energized by the opportunity to go build a really important company that really delivers great outcomes. So I'm having a ball great to be back into it. >> Yeah. It's great to have leadership that has experienced that you have and go to the next level because this is classic next level. When you talk about Amazon's earnings and cloud scale and hybrid and edge right around the corner at scale as well. So you start to see that transformation really hit the tipping point, which is changing the landscape on the developer side, which I think is super valuable. I think you hit that. You mentioned core problem. You guys look at that through the lens of data problem. How does this trend of everything going hybrid and soon to be, you know edge core to edge impact your businesses of tailwind? How do you see you capturing that next level of scale from a business perspective for lease work? >> Well, I think that the trend, you know from core to edge, you know, hybrid and, you know ultimately cloud a hundred percent, there we've started with the cloud native businesses. Like, we've been focusing on those companies that are already there, you know and so now we're we just had finished a phenomenal record-breaking Q1 and multiple seven figure deals, you know with very complex global environments where they do have a hybrid environment and they are leveraging the edge. And we're perfect for that. I mean, as you think about what we deliver in its most simplistic context, you know we're effectively delivering a security solution from the container to control plane, right. You know we want to be able to have a granular understanding of operated trillions of data points coming in and those can be collected in the core. They can be collected on-prem. They can be collected in the cloud. Ultimately they need to be collected and then contextualized so, you know and this is where our behavioral polygraph technology transitions data into information that's useful via the polygraph. And so we think that, the complexity that's added with environments that are hybrid environments that are leveraging the edge environments that are leveraging the cloud native all need a control plane to run across that to deliver efficacy, you know, for our customers. And, we work with, you know AWS has their own security tools. Azure has some security tools UCPs security tools, but ultimately, our, our challenge and opportunity is to be best of breed to deliver incremental value on top of that and that horizontal value across it. so customers have choice but they know that their security posture is, is, is secure. And so we, we see it as a tailwind for our businesses as we go forward. >> I always said the companies that have the horizontal scalability with cloud and then have that vertical AI kind of vibe where you can get in the context of the data is there to win it all. And I think that you guys have a great solution potentially there. I want to get more information if you don't mind double clicking on that with me, this is kind of a different take on cloud security because you've got the scalability, which gives you the observation space. And then you got to get the context to get the right patterns or whatever magic you guys have in the, in the secret sauce. But you doing that on top of massive exponential velocity. >> Yeah. >> Where's that secret sauce? Is it in the compute? Is it in the software? What's different about what you guys have in security to give us a- >> It's all in the, it's all in the software. Ultimately, it's the intelligence of how you capture it how you ingest it, how you, you process it but then ultimately how you, how you contextualize it and then how you apply it to different problems. and so the attack surface area and security is a very broad, that's why there's so many point solutions that are out there. And so the breadth of solutions, you know we just want to continue to add solutions and capabilities on top of this polygraph security architecture that allows for the same kind of simple experience, the same kind of 10x value proposition, but, but, but wider. And so we can eliminate more and more of those of those point solutions. So, our, our thinking on it is that, you know we can participate once we have a customer the land and expand motion of what we have. We want to make it really really frictionless for customers to try our technology. And so that's why we do POC. That's why it only takes a couple of minutes and you can do it for just Kubernetes or just containers or just vulnerability discovery and managed like wherever your specific pain point is. We want to help identify what that is, you know give you a chance to try it. And then once we prove ourselves it's very easy to extend that across the board. So we get natural growth in velocity from people moving to cloud and just, you know more usage of, of compute and storage and sort of etc, but breadth of actually the security or posture or a tax service that they have as well. So, you know so I think we have an opportunity to benefit from, from both the depth and the breadth, you know but the value that we're delivering is ultimately the software that we're running on top of the infrastructure. And you mentioned observability, there's a number of companies that are leveraging the data and insights collected in different ways to converge security and observability over time. And, we see that, you know that ultimately there's a very very big security company that needs to be built. That really is best of breed, but the data and the insights that we're providing to our primary customer, which is really DevOps. I mean, it's really the development communities and the builders or who we're changing security for and enabling, in addition to the security teams, you know we think that we're going to continue to drive software that adds value on that data set and it can be applied to multiple problems in the future. So today security is a massive market. We're going to focus there, but it does. It does extend pretty naturally to other markets >> It's a hot market security. Everyone needs to have the latest and greatest and also has to be effective. I got to ask you specifically around startup transition to a rapidly growing company to now you're going to the next level where you're starting to having to get into some serious, big complex enterprise go to market sales motions. So what's in it for the customer. What's the, what's the pain point? What's the customer orientation. What do you marketing into as a solution? Is it the developer? Is it the CSO? Is it the CXO, what's in it for the enterprise? Why Lacework, why are they engaging? You guys get record numbers. What's the, what's in it for them. What's the, if I'm the customer what's in it for me? >> Ultimately efficacy, which is your security posture is it goes up significantly, simplicity, which is makes it easier for you to do your other jobs, you know and I'll have to look for those needles in a haystack and ROI, you know which is it's just compelling, and much, much more efficient than what, what you're doing today. So that that's a pretty universal value proposition and applies to cloud native businesses that are high growth that applies to government agencies. It applies to a large complex enterprises. We have a wonderful kind of go to market motion right now. I think Andy Byron and the team who've been here have really done a wonderful job of really making the customer buying experience and the journey really efficient, you know and help them quantify the impact and the risks and then deliver value. And I think, that that applies in sort of the commercial mid-market and cloud native space. And like I mentioned, we had, a number of deals in the quarter that were seven figure deals, you know in very complex organizations with massive demands. And, you know it ultimately selling is a team sport and, you know and still having the process and the rigor, that's there fine tuning that to make sure you have the people and the partnerships, you know, that deliver solutions in the way that customers want to buy them and then ultimately deliver a value proposition that is just unquestionably better. And I think we have all of those elements, you know we'll be entering the, the large enterprise very aggressively in the quarters to come. I that's where I've come from, you know running a multi-tool, you know, kind of go to market engines where you've got mid-market commercial enterprise large enterprise government across all geographies is, is really fun to expand. And, we're we're hiring as fast as we can maintain quality, you know? And so we're out of that startup phase now and entering into real scale. And, I think that, you know in the AWS marketplace I think we're the number one startup vendor. If I, if I got my facts, right. for, for private offers, we're one of the top security players and top 50 ISBs in the marketplace overall. And so in order for us to get the motion we need to make sure that we're delivering our value in the context of how companies want to buy it. And people want to use AWS credits, you know to apply to their solutions. And so it's really important for us to make that frictionless buying experience occur. And so we're excited about it. I think we've got a really nice start and it's the fun part of building companies, which is how do you attune things to make sure you're making it really really easy for the market to absorb your technology. And then once you're there, delight the hell out of them and just make sure that, that there's that they're excited in our, our net retention rates are the best I've seen in the marketplace. Our net promoter scores, you know, are in the high fifties low sixties, which, which is fantastic in this space. I think it's best in class by order of magnitude some players, big SIM players that are out there, you know have a customer in net promoter score of four. You know that means 96% of the people or 96 boats that says they wouldn't recommend the solution to their, to their peers. So, at pure, we've got this at scale. So from 70 to, in the, in the low eighties I think we have the opportunity to do the same thing here. So, combination of tailoring the motion that we have making it really easy for the buyer to buy what they want with whom they want from whom they want, you know and then just spreading a value proposition. That is a no brainer is, is I think the secret recipe >> If anything, it's interesting, you know you're so much experience in the enterprise and tech with cloud native you're basically laying out the success formula, which is if you have a value proposition you should be able to get it in quickly. You don't need the top down. win everything you can have a value proposition that can be enabled for usage and then grow rapidly when it's successful and that's cloud, that's the cloud business model. So it's not so much about organic versus this. It's really what the preferred motion is. >> It's speed, and I think developers in particular it's why the cloud happened, right? I.T wasn't delivering services in, in the speed and the efficacy that, that, that the developers wanted. And so in order to appeal to the developer community you need to deliver something that's frictionless and easy and fits into JIRA and fits into their workflow processes and speaks their language. And so we built our platform and our solutions for builders because that's where the money is. That's where the pain point is and that's and they want to build secure code. They just don't want to be told no. And so, we want to automate that process and make code secure and do that, you know in the build phase and then do it in the runtime. And then across the CICD pipeline we want to continuously be adding value across that. And, and the developers, candidly when pure bought the solution, many years ago and I introduced him to the company, it was it was the general manager of our software business unit that bought it not the security team. And I think that's a trend that is continuing that we're going to focus on. >> A lot of people realize that security and compliance and automation kind of all go together where you don't want to disrupt developers to kind of engineer something just to do an integration, for instance. So there's a real business model impact that you're hitting on here. That's not just a technical solution. It's really how the business is operating. And I think that to me is super interesting use case. What's your reaction to that? Do you see this as a, as a- >> No it's, that's that's that third part that I was talking about, you know which is that's most exciting is that, you know people are calling shift left, right. so moving, you know security into the development pipeline as it's happening and in integrating security architects as value added into the development organizations themselves and leveraging automated machine learning tools like ours to be able to simplify and automate the process versus slowing it down. So we think that shift left is, is super exciting and, and will continue. And we actually think we're the leaders in that space. We want to continue to be the leaders in that. >> Congratulations, great insight. Awesome to have you on and to hear from your experience and also the great venture that your scaling up and to the next level. Lacework, David thanks for coming on, but I'll give you the last minute to close us out. Give us a quick plug for the company vitals, what you're working on now, what you're looking for, you're obviously hiring give a quick plug for Lacework. What you, what are you working on? >> So, number one, we love our partnership with AWS. And so we're going to continue to invest, invest there. Two the businesses growing North of 300% year over year. That means that we've got record breaking growth and lots of hiring. So we're hiring across all functions. And three give us an opportunity. I, I think that, you know, you can fundamentally we want to be the bar of what you define all other security companies and all the technology companies. So it's a high bar. We want to make it frictionless, frictionless to try give us a shot, give us some feedback. And I'm grateful and privileged to be part of this, this wonderful team. So look forward to spending more time with you, John, in the future. >> Man, looking forward to a lot lots of talk about David Hatfield CEO of Lacework great company scaling up again. Another success story in cloud, cloud native as Po, COVID comes to a close, if you will for this phase and people get back to real life. The scale of cloud is going to be leading it and a new technology is going to be powering it. This is theCube conversation. I'm John Furrier. Thanks for watching. (soft music playing) (music fades)

>> Narrator: From theCUBE Studios in Palo Alto in Boston, connecting with thought leaders around the globe, these are Cloud Native Insights. >> Hi, I'm Stu Miniman the host of cloud native insights. And when we started this weekly program, we look at Cloud Native and you know, what does that mean? And of course, one of the most important topics in IT coming into 2020 was security. And once the global pandemic hit, security went from the top issue to oh my gosh, it's even more important. I've said a few times on the program while most people are working from home, it did not mean that the bad actors went home, we've actually seen an increase in the need for security. So really happy to be able to dig in and talk about what is Cloud Native security, and what should that mean to users? And to help me dig into this important topic, happy to welcome back to the program one of our CUBE alumni Dan Hubbard, he is the CEO of Lacework. Dan thanks so much for joining us. >> Thanks Stu. Happy to be here. >> Alright, so we don't want to argue too much on the Cloud Native term, I agree with you and your team. It's a term that like cloud before, it doesn't necessarily have a lot of meaning. But when we talk about modernization, we talked about customers leveraging the opportunity in innovation and cloud security of course is super important. You know most of us probably remember back, you go back a few years and it's like, "Oh well I adopt cloud. "It's secure, right? "I mean, it should just be built into my platform. "And I should have to think about that." Well, I don't think there's anybody out there at least hopefully there's not anybody out there that thinks that anything that I go to will just be inherently fully secure. So give us a little bit if you would, you know where you see us here in 2020 security's a complex landscape. What are you seeing? >> Yeah, so you know a lot of people as you said, used to talk about what's called the shared responsibility model, which was the cloud provider is responsible for a bunch of things. Like the physical access to the data center, the network, the hypervisor and you know that the core file system and operating system and then you're responsible for everything else that you could configure. But there's something that's not talked about as much. And that's kind of the shared irresponsibility model that's happening within companies where developers are saying they're not responsible for security saying that they're moving too fast. And so what we are seeing is that you know, as people migrate to the cloud or of course are born in the cloud, this notion of DevSecOps, or you know SecDevOps whatever you want to call it, is really about the architecture and the organization. It's not just about technology, and it's not just about people. And it's more about layer seven and eight, than it is about layer one to three. And so there's a bunch of trends that we're seeing in successful companies and customers and prospects will be seeing the market around how do they get to that level of cooperation between the security and the developers in the operation teams? >> Yeah Dan, first of all fully agree with what you're saying. I know when I go to like serverless.com they've got everybody chanting that security is everyone's responsibility. You know I think back to DevOps as a trend, when I read the Phoenix project it was, oh hey, the security is not something that you do bolt on, we're looking at after it's something that you need to shift into everyone thinking about it. Security is just going to be baked in along the process all the way. So the DevOps fail us when it comes to security, why do we need DevSecOps? You know why are you know as you say seven and eight the you know, political and organizational challenges still so much of an issue you know, decades into this discussion? >> Yeah. You know I think there's a few moving parts here and kind of post COVID is even more interesting is that companies have incredibly strategic initiatives to build applications that are core to their business. And in post COVID it's almost existential to their business. If you think of you know, markets like retail and hospitality and restaurants you know, they have to figure out how to digitize and how to deliver their business without potentially physical you know, access to two locations. So as that speed has happened, some of the safety has been left behind. And it's easy to say you have to kind of you know, one of our mantras is to run with speed and safety. But it's kind of hard to run with scissors you know, and be safe at the same time. So some of it is just speed. And the other is that unfortunately, the security people in many ways and the security products and a lot of the security solutions that are out there, the incumbents if you will, are trying to deliver their current solution in a cloud way. So they're doing sometimes it's called Cloud built or you know what I call Cloud washing and they're delivering a system that's not applicable to the modern infrastructure in the modern way that developers are building. So then you have a clash between the teams of like, "Hey I want to do this." And then I'd be like, "No you can't do that get out of our way. "This is strategic to the business." So a lot of it has just been you know, kind of combination of all those factors. >> Alright so Dan, we'll go back to Cloud Native security, you talked about sometimes people are Cloud washing, or they're just taking what they had putting it in the cloud. Sometimes it's just, oh hey we've got a SaaS model on this. Other times I hear cloud native security, and it just means hey I've got some hooks into Containers or Kubernetes. What does modern security look like? Help us understand a little bit. You mentioned some of the you know, legacy vendors what they're doing. I see lots of new security startups, some in you know specifically in that, you know, Kubernetes space. There's already been some acquisitions there. So you know, what do you see out there? You know what's good, what's bad in the trends that you're seeing? >> Yeah so I think the one thing that we really believe is that this is such a large problem that you have to be 100% focused on it. You know if you're doing this, you know, securing your infrastructure and securing your modern applications, and doing other parts of the business whether it's you know securing the endpoints of the laptops of the company and the firewall and authentication and all kinds of other things you have competing interests. So focus is pretty key. And it's obviously a very large addressable problem. What the market is telling us is a few things. The first one is that automation is critical. They may not have as many people to solve the problem. And the problem set is moving at such a scale that it's very, very hard to keep up. So a lot of people ask me you know, what do I worry about? You know, how do I stay awake at night? Or how do I get to sleep? And really the things I'm worried most about in the way where I spend most of my time on the product side is about how fast are builders building? Not necessarily about the bad guys. Now the bad guys are coming and they're doing all kinds of innovative and interesting things. But usually it starts off with the good guys and how they're deploying and how they're building. And you know, the cloud providers literally are releasing API's and new acronyms almost weekly it seems. So like new technology is being created such a scale. So automation the ability to adapt to that is one key message that we hear from the customers. The other is that it has to solve or go across multiple categories. So although things like Kubernetes and Containers are very popular today. The cloud security tackle and challenges is much more complex than that. You've got infrastructure as code, you've got server lists, you've got kind of fragmented workloads, whether some are Containers, some are VMs, maybe some are armies and then some are Kubernetes. So you've got a very fragmented world out there, and all of it needs to be secured. And then the last one is probably the most consistent theme we're hearing is that as DevOps becomes involved, because they know the application and the stack much better than security, it has to fit into your modern workflow of DevOps. So that means you know, deep integrations into Jira and Slack and PagerDuty and New Relic and Datadog are a lot more important in integrating to your you know, Palo Alto firewall and your Cisco IDs system and your endpoint you know antivirus. So those are the real key trends that we're seeing from the customers. >> Yeah Dan, you bring up a really important point, leveraging automation. I'm wondering what you're hearing from customers, because there definitely is a little bit of concern, especially if you take something like security and say, okay well, automation. Is that something that I'm just going to let the system do it? Or is it giving me to getting me to a certain point that then a human makes the final decision and enacts what's going to happen there? Where are we along that journey? >> Yeah, so I think of automation in two lenses. The first lens is efficacy, which is you know do I have to write rules? And do I have to tune train and alter the system over time? Or can it do that on my behalf? Or is there a combination of both? So the notion of people writing rules and building rules is very, very hard in this world because things are moving so quickly. You know, what is the KMS you know threat surface? The threat attacks are just changing. And typically what happens when you write rules is they're either too narrow and you messed up or they're too broad you just get way too much noise. So there's automating the efficacy of the system. That's one that's really critical. The other one that is becoming more important is in the past it was called enforcement. And this is how do I automate a response to your efficacy. And in this scenario it were very, very early days. Some vendors have come out and said you know, we can do full remediation and blocking. And typically what happens is the DevOps team kind of gives the Heisman to the security team it says, "No, you're not doing that." You know this is my production servers, and my infrastructure that's you know running our business, you can't block anything without us knowing about it. So I think we're really early. I believe that you know we're going to move to a world that's more about orchestration and automation, where there's a set of parameters where you can orchestrate certain things or maybe an ops assist mode. You know for example, we have some customers that will send our alerts to Slack, then they have a Slack bot and they say, "Okay, is it okay that Bob just opened "an S3 bucket in this region, yes or no?" No, and then it runs a serverless function and closes it. So there's kind of a what we call driver assist mode versus you know full you know, no one behind the steering wheel today. But I think it's going to mature over time. >> Yeah, Dan one of the other big challenges customer has is that their environments are even more fragmented than they would in the past. So often they're leveraging multiple cloud providers, multiple SaaS providers then they have their hosting providers. And security is something that I need to have holistically across these environments but not have to worry about okay, do I have the skill set and understanding between those environments? Hopefully you know that's something you see out there and want to understand, you know how the security industry in general and maybe Lacework specifically is helping customers, get their arms a little bit more around that multi cloud challenge if you will? >> Yeah. So I totally agree things are you know, I think we have this Silicon Valley, West Coast bias that the world is all you know, great. And it says to utopia Kubernetes, modern infrastructure, everything runs up and down, and it's all you know super easy. The reality is much different. Even in the most sophisticated sets of infrastructure in the most sophisticated customers are very fragmented and diverse. The other challenge that security runs into is security in the past a lot of traditional security mindsets are all about point in time. And they're really all about inventory. So you know, I know used to be able to ask, you know a security person, how many servers do you have? Where are they? What are they doing this? They say, "Oh, you know we have 10 racks with 42 servers in each rack. "And here's our IP addresses." Nowadays, the answer is kind of like, "I don't know what time is it you know, "how busy is a service?" It's very ephemeral. So you have to have a system which can adapt with the ephemeral nature of everything. So you know in the past it was really difficult to spin up, say 10,000 servers in a Asia data center for four hours to do research you know. Security probably know if that's happening, you know they would know through a number of different ways could make big change control window would be really hard they have to ship the units, they bake them in you know, et cetera. Nowadays that's like three lines of code. So the security people have to know and get visibility into the changes and have an engine which can determine those changes and what the risk profile of those in near real time. >> Yeah it's the what we've seen is the monitoring companies out there now talking all about observability. Its real time, it's streamings. You know it reminds me of you know my physics. So you know Heisenberg's uncertainty principle when you try to measure something, you already can't because it's already changed. So what does that mean-- >> Dan: Yeah. >> You know what does security look like in my you know, real time serverless ever changing world? You know, how is it that we are going to be able to stay secure? >> Yeah, so I think there are some really positive trends. The first one is that this is kind of a reboot. So this is kind of a restart. You know there are things we've learned in the past that we can bring forward but it's also an opportunity to kind of clean the slate and think about how we can rebuild the infrastructure. The first kind of key one is that over time security in the traditional data center started understanding less and less about the application over time, what they did was they built this big fortress around it, some called it defense in depth you know, the Security Onion whatever you want to call it you know, the M&M'S. But they were really lacking in the understanding of the application. So now security really has to understand the application because that's the core of what's important. And that allows them to be smarter about what are the changes in their environment, and if those are good, bad or indifferent. The other thing that I think is interesting is that compliance was kind of a dirty word that no one really wanted to talk about. It was kind of this boring thing or auditors would show up once every six months go through a very complex checklist and say you're okay. Now compliance is actually very sophisticated. And the ability to look at your configuration in near real time and understand if you are compliant or following best practices is real. And we do that for our customers all the time. You know we can tell them how they're doing against the compliance standard within a you know, a minute timeframe. And we can tell that they're drifting in and out of that. And the last one and the one that I think most are excited about is really the journey towards least privileges and minimizing the scope of your attack surface within your developers and their access in your infrastructure. Now it's... We're pretty far from there, it's an easy thing to say it's a pretty hard thing to do. But getting towards and driving towards that journey of least privilege I think is where most people are looking to go. >> Alright Dan, I want to go back to something that we talked about early in the conversation, that relationship with the cloud providers themselves, so you know talking AWS, Azure, Google Cloud and the like. How should customers be thinking about how they manage security, dealing with them dealing with companies like Lacework and the ecosystem you mentioned in companies like Datadog and the New Relic? You know how do they sort through and manage how they can maintain those relationships? >> So there's kind of the layer eight relationships, of course which are starting you know in particular with the cloud providers, it's a lot more about bottoms up relationships and very technical understanding of product and features, than it is about being on the golf course, and you know eating steak dinners. And that's very different you know, security and buying IT infrastructure was very relationship driven in the past. Now you really especially with SaaS and subscriptions, you're really proving out your technology every day. You know I say kind of trust is built on consistent positive results over time. So you really have to have trust within your solution and within that service and that trust is built on obviously a lot of that go to market business side. But more often than not it's now being built on the ability for that solution to get better over time because it's a subscription. You know how do you deliver more features and increase value to the customer as you do more things over time? So that's really, really important. The other one is like, how do I integrate the technology together? And I believe it's more important for us to integrate our stack with the cloud provider with the adjacent spaces like APM and metrics and monitoring and with open source, because open source really is a core component to this. So how do we have the API's and integrations and the hooks and the visibility into all of those is really, really important for our customers in the market? >> Well Dan as I said at the beginning, security is such an important topic to everyone out there. You know we've seen from practitioners we talked to for the last few years not only is it a top issue it's a board level discussion for pretty much every company out there. So I want to give you the final word as to in today's you know modern era, what advice do you give to users out there to make sure that they are staying as secure as possible? >> Yeah so you know first and foremost, people often say, "Hey you know, when we build our business, "you know, it'd be a good problem to start have to worry "about customers and you know, "all kinds of people using the service. "And you know, we'll worry about security then." And it's easy lip service to say start it as early as possible. The reality is sometimes it's hard to do that. You've got all kinds of competing interests, you're trying to build a business and an application and everything else depending obviously, the maturity of your organization. I would say that this is a great time to kind of crawl, walk, run. And you don't have to think about it. If you're building in the cloud you don't have to think of the end game you know right away, you can kind of stair step into that. So you know my suggestion to people that are moving into the cloud is really think about compliance and configuration best practices first and visibility, and then start thinking of the more complex things like triage alerts and how does that fit into my workflow? How do I look at breaches down the line? Now for the more mature orgs that are taking, you know an application or a new application or Stack and just dropping it in, those are the ones that should really think about how do I fit security into this new world order? And how do I make it as part of the design process? And it's not about how do I take my existing security stack and move it over? That's like taking, you know a centralized application moving to the cloud and calling it cloud. You know if you're going to build in the cloud, you have to secure it the same way that you're building it in a modern way. So really think about you know, modern, you know new generation vendors and solutions and a combination of kind of your provider, maybe some open source and then a service, of course like Lacework. >> Alright well Dan Hubbard, thank you so much for helping us dig into this important topic Cloud Native security, pleasure talking with you. >> Thank you. Have a great day. >> And I'm Stu Miniman your hosts for Cloud Native Insights and looking forward to hearing more of your Cloud Native Insights in the future. (upbeat music)

>>LA from Las Vegas. It's the cube covering AWS reinvent 2019 brought to you by Amazon web services and along with its ecosystem partners. >>Good afternoon. Welcome back to the cubes coverage of AWS reinvent 19 from Las Vegas. I'm Lisa Martin. Co-host is Justin Warren, the founder and chief, endless at pivot nine. Justin, great to have you. Great to be here next to me in the hosting chair today. Always fun. Let's have a great conversation next. Shall we? All right, please be a couple of our guests have joined Justin and me. I've got Dan Hubbard to my love CEO of Lacework and Ilan Rabinovitch, the VP of product at Datadog. Guys, welcome. Our pleasure to be here. Love anytime we can talk about dogs, even if there's no relation to the actual technology. Two thumbs up for me. So, but let's go ahead. I know that you guys have both been on or your companies have, but give our audience, Dan, we'll start with you on a refresher and overview. Lacework what do you guys >>sure. Yeah. Lacework we wake up every morning with a goal of trying to help our customers secure their public cloud infrastructure and, or any type of cloud native technologies such as Kubernetes or containers or any microservices. So our security company for the cloud and cloud native technologies. >>Awesome. Any long, give us a refresher about Datadog, >>Datadog as a monitoring and analytics platform for your modern infrastructure and applications. So micro services, containers, cloud providers like AWS. We're here at reinvent. Our goal is to help teams collaborate and understand the health of their business and their applications and their infrastructure. >>So how do you guys work together? >>So we recently announced a partnership and an integration of the intelligence and the data of all the risks and the threats that at least work as identifying, um, being, sending those, uh, automatically inside of the Datadog platform. So we're, we're putting the data that from our platform, uh, directly into obviously the monitoring the metrics, uh, platform, uh, Datadog's. Yep. And so, uh, what we, when we, we were pulling, um, that intelligence from, from Lacework into our, um, into our platform for our new security monitoring platform. In addition to enriching it with metrics from our infrastructure and application monitoring. Um, we find that a lot of the, a lot of times the first signs that something's going wrong might be a change in how your infrastructure or your applications are performing or a request that came in. And so if we're able to marry the two together, it's just a much better to get, it's a better together story. >>Um, give people much, much clearer insights into what's going on. The security has been a really tricky thing to solve. Well, as long as I've been in computing, which is longer than I can remember, but, uh, walk us through what does this extra visibility actually provide to customers? One of the big issues that seems to be that security is just too hard. So how does this make security easier for customers? >> So one of the big trends that we're seeing is that security and infrastructure were in the past very separate groups. Silos didn't men, many of them didn't know each other or talk to each other. But dev ops has become becoming a unifying force of data intelligence and infrastructure. You know, it's infrastructure as code. It's a little bit different like AWS for example, but it still is infrastructure. And so the combination of security and infrastructure comes together. >>When you get dev ops, some people call it secure dev ops, dev, sec ops, dev ops, whatever you want to call it. But really bringing those two together is finally the first time really where there's a meaningful connection at the data level. It allows you to actually combine both. >> Exactly. And so as all of these teams are taking advantage of infrastructure as code and other DevOps best practices, the security teams are looking at this and saying, how do I get earlier in the cycle? How do I make sure that code is enforcing this? Some scaling, you know, I'm scaling with automation, scaling with code rather than with people. Uh, and then as, as they start to do that, they realize that the data that's in the security silo and that's an application or infrastructure silo, uh, is actually very relevant to one another. Right? If a crypto miner shows up on your systems, the first thing it's going to do is spike your CPU. Um, the, you know, something like Lacework will also, you know, will, will detect that as well if we both look at both of those signals with detective faster. >>Yeah. So go ahead Justin. Sorry. This is a bit of it. That's the reactive side of, of security, which is, you know, there's a threat happens and you react to that, but part of DevSecOps or whichever term you want to actually use, part of that is act to actually shift left and try to get rid of these security flows before they even happen in the code, which is a lot of software development. I like to say that the first 80% of software development is putting the bugs in and the second 90% is taking them out again. So how do you help developers actually remove all of the security vulnerabilities before they even make it into production code? Yeah, >>so just like metrics and monitoring allow you to look at the quality of your infrastructure are very early in the pipeline. A security needs to go there also. Um, and it's, it's really, there is no time. It's just a continuous cycle. Um, early, what we allow you to do is to look at your configuration and check to see if your configuration is changing in a way that is leaving you at risk or an exposure. What's particularly interesting about this partnership is that quite often security people don't know enough about the application or the infrastructure to know if it's a risk. It's actually the dev ops people then now, so security people when when we send an alert many times to security person, they scratch their heads and go, I don't know if this is good, bad, or indifferent. The dev ops people look at it and go, Oh yeah, this is definitely okay. >>Yeah, that's the way our infrastructure should work. This is the way our application should work. Or they say, Oh no, this is a big problem. Let's get security involved. So doing that early is really critical and again, >> it's all about breaking down. I mean if dev ops was all about breaking down silos between Devin operations and and other parts of the business, dev, sec ops or secure dev ops or whatever we want to call it, is just bringing more people into the fold and helping security join that party, um, and get at things earlier in the cycle so we can catch it before it, you know, before, before there's a breach that's in the news, >>right? To be able to be predictive, which is, and then prescriptive, which is about a lot of businesses would love to be able to be, I'd like to get your opinion, Dan, on how cloud >>native cloud and the tra, the transformation of cloud technologies is changing the conversation within the customer base. One of the things Andy Jassy said yesterday is that transformation has gotta be driven from the top down like true business transformation. So that you know, a company is an Uber I's for example. Are you seeing that? Are these, are these, for example, what you're talking about with enlightening the DevOps folks in the security folks bringing them together so that they can be more collaborative? Are you seeing that come from more of a top down approach in terms of how do we leverage our data better, make sure that we have security and are able to securely extract insights from the data? Or is it still kind of from both ends? It depends on the, >>but he, it's, it's very diverse. Uh, what we see a lot is in large, uh, large companies that are migrating to the cloud but weren't born in the cloud. Every company they're buying is a cloud native company. So they buy these new companies and they look, everyone looks at the new company goes, wow, that's amazing. They can move so fast. They, they are, you know, super forward thinking and they're pushing code and are more efficient than us. We want to do that also. So it just kind of breeds the innovation and the speed from an M and a perspective. You know, in the, in the cloud native side, what we see is, it depends on your tenure as a company when you really want to take security seriously. You know, usually B2B companies take it more seriously in B to C for example. But it's usually, it's when your customers start asking you how secure are you, is when people start paying attention. >>We would like it to be before that. Right? And it's not always, you know, before that. Yup. I mean, I think it's from both directions. It depends on the size of the company and the culture, but you can't dictate culture. Right? So, uh, and a lot of, a lot of this, a lot of these silos and a lot of these sort of, these camps and fiefdoms that start to exist within organizations that have caused these groups to be separate. Um, they weren't necessarily top down. It's just, you know, it's a, it's human to human interactions. And so you, you, you can't just walk in and say, you must now be collaborative. Um, the executives have to beat that drum and help people understand why that's important to the business. But the folks on the ground have to actually want to be at one, want to be friends, want to talk, want to collaborate on projects, want to pull people in earlier. >>Um, and once they have that human connection, it's a lot more successful. So you have to do both. Yeah. Well, I mean what we're seeing is as it becomes more distributed and security is more centralized, you run to problems. So the people that are getting it right or are distributing security as close to those teams, whether it's a scrum team, a weekly get together, you know, whatever it is to get that human interaction together because you don't understand the application and what people are working on. How are you going to understand the risks and the threats in the models. So distributing it is really key and it's important those security teams understand the business requirements as well. Sometimes the most secure answer isn't necessarily the answer that actually serves their customers. Sometimes some, and sometimes app teams don't understand the trade offs that security people may understand. So it has to be, it has to be a partnership. Yep. >>You mentioned called change is probably >>harder than anything else, especially if there's a legacy organization. And Dan, to your point, a lot of the acquisitions they're doing are a cloud native companies who are presumably much fresher, maybe have a younger workforce. That's hard to do. Ultimately though, what a business needs to look at is legacy business. There's probably somebody in my rear view mirror is a lot closer than I might think that is more agile, more nimble than we are, has great technology and the aptitude and the culture to be able to move faster. How do you see some of these enterprises that you work with together? Let's put them in the context of they're an AWS customer. How are you seeing these enterprise organizations that are adopting and acquiring cloud native businesses? How are they able to pivot at the speed they need to use cloud technology, understand the security issues that they can remediate and really take that data to what it should be, which is a business differentiator. >>Yeah, I mean, you know, a lot of the times you run into the dev ops people say security slows us down. They're getting in our way and security says developers are insecure that, you know, we're totally gonna get breached. So, um, you know, one of our mottoes is you got to move with speed and safety. Um, as soon as you get in the way of anything. You know, typically the developer and the application's going to win. So you got to figure out where to get involved in that. And really big companies, what we've seen that are very inquisitive is they're moving the security to a central governance role, um, and maybe have tooling and uh, you know, some specialty teams and then they're distributing security baked as deep into the development infrastructure as they can. And then they have groups which kind of work together, uh, you know, broadly across that. >>So you can structurally set it up that way I think. And if you have the incentives right now, you know, nobody's looking to create a security breach, there are a vulnerability there. Gold engine engineers and your employees have your best, the company's best intentions at heart, otherwise they wouldn't, they wouldn't work, you know, work there. So they're looking to do the right thing. You just have to make it easy for them with, and some that's tooling. Some of that's culture. Some of that's just starting the conversation, not the day of the release started, you know, start it when the, when the, when the, when the first line of code is being written, what would it take for us to solve this problem in a secure fashion? And then everybody was happy to work together. They just don't want to redo things. You know, the, the, the day before the launch should have to, you know, be slowed down. >>Well that technical debt becomes a real problem. Right? Yeah. I think one of the great things about, uh, you know, our technical, uh, partnership and integration here is security in the past has always been just very binary. Are we insecure, secure? That's it. We're actually, there's all kinds of nuances around it and that's what lends itself to metrics. If, you know, what are our metrics? How are we doing, what's our risk? What's our exposures? Is getting better over time? Is it worse over time? So there's always the doomsday scenario, but there's also the, what's happening over time and are we getting better at what we do? And metrics really lends itself to that. And that comes right back to that, to that, uh, you know, some of dev ops philosophies of continuous improvement and continuous learning, uh, you know, bringing that into the world of security is, is just as critical. >>So you, so you mentioned, you've mentioned culture, you mentioned transformation, you mentioned metrics. So three things very close to my heart. Uh, we keep hearing this security is becoming a board level conversation. So a lot of this is very technical and, and DevSecOps is down here with the technical people, but that structure of the organization that you referred to and, and changing that structure and setting the culture that tends to come from the top level. And we heard from Andy in the keynote yesterday that that is very, very important. So what are the sorts of conversations you're having with senior management and board level from what your products do together? What does that look like from the board's perspective? So learning to manage risk, looking at how are we doing, how much of what of what you do is actually available to the board for them to make their job easier. >>I think one of the exciting trends is that compliance is cool again, right complaints. It's never a cool thing, you know, flight's kind of a boring thing. The auditors come in once a year, you know, you get stuck with it and the way you go. Um, but now compliance is continuous. It's always running and it's more about risks and exposures and Mia adhering to compliance via the risks and exposures executives get, ER, it's very challenging to explain things like Kubernetes and pods and nodes and all this technical acronyms and mumbo jumbo that we live in every day, you know, in this world. But compliance is real. Are we PCI, SOC two NIST, are we, are we applying best standards and best practices? So the ability to pull that in either via a metrics dashboard or through measurable things over time, I think is really key. As part of that. >>And similarly as, as, as filter moving, you know, whether whether they're moving new application, existing applications from, uh, you know, legacy or on prem environment into the cloud or building something from scratch. Um, it's, you know, visibility on compliance is important. We can bring that into our dashboards, into our, into the tooling that executives can look at over time. But also just understanding, am I done with the migration? Is my application there? Um, taking this nebulous thing that is a cloud and making it a tangible asset that you can look at and see the health and progress on overtime and Datadog has significantly sped up. Many of our customers cloud migrations, um, they often get stuck in a sort of analysis paralysis. Are we, are we performing the same as we did in the data center? I don't know. Uh, are we as secure? Can we move this workload and tooling like Datadog, like Lacework and the two together helps them put that into something concrete that they can say, actually, yes, we're ready to go. >>Or no, there's these three things we need to do first, let's go do them. Um, it's really challenging if for, um, traditional security people and this new world order because it's very ephemeral. Things change all the time. You know, it used to be like, I got five racks, I got 22, you know, 2200 servers. These are the IPS and that's it. Now it's like, what time is it? I don't know what I have, you know? So I think visibility's key, you used to be able to have a server that you might've monitored throughout your tenure at a company. Now you probably can't monitor it through the tenure of your lunch. Yeah. Yeah. >>Last question for you guys is how much do you see a lift or an impact from something the capital one data >>breach that happened a few months ago? You talked about, you know, B2B being more on it in terms of B to C, but we S we see these breaches that and many generations that are alive today understand to some degree is that in terms of getting insight into where are all of our risks and vulnerabilities and needing to get that visibility on it, do you see some of these big breaches as, um, catalysts for businesses to go, Oh, we have a lot of stake here. We don't really, and try to understand what the heck's going on and what we own. >>I mean, security has a very bad reputation of fear, uncertainty and doubt. And, you know, I've been in the, in the industry for a long time. Um, that said, you know, those moments do, uh, get up very high. Um, especially somebody like capital one who, who's one of them, no one to be one of the most sophisticated cloud security organizations on the planet. Um, so it certainly piques people's interests. Um, you know, I think people get carried away maybe on the messaging side of things, but you know, in order for security market to get really big, you have to have a big it transformation trend. You have to have a very diverse attack surface and you have to have the beginnings of breach. If you don't have the beginnings of breach, you spent all your time convincing people there may be a problem. And because there is problems that are happening almost every weekend are getting published. >>Um, they know many of them are, are, are being acknowledged. Uh, you know, publicly it does help, you know, it definitely helps the conversation. You know, I don't think that there's a lot more, there are a lot more breaches in the news off to some extent because there's a lot more tech companies using going through these digital transmissions, having tech news. I don't know that this is cloud versus not cloud. What cloud does, however introduces new concepts and new workflows that security teams need to understand and that application teams, they understand. And so this is where the new breed of tooling and education comes in, is helping people be ready for that. Um, and yeah, of course anytime there's a headline on, you know, the big on any of the big news shows, of course the first thing we're going to do is say, well clearly there's a, they're going to bring on, they're going to bring on Dan or you know, you know, uh, one of our security experts or somebody in industry to talk about how you prevent that in the future. >>And so it, it does bring some attention in our way, but it's, uh, I think that's great. It's just finding people that what's important. And one of the conversations we have with our prospects is, uh, have you ever had a breach before? You know, they're always going to say no, of course. But then you ask, how do you know, how do you know? How do you really know that? And then let's walk through how you would actually find that out if you did know. And that's a very different conversation than, Oh, my traditional data center, I would know this way. So it's just very different. >>Interesting stuff, guys. Thank you for sharing with us and congratulations on the integration with Datadog and Lacework. We appreciate your time. Our pleasure for Justin Warren. I am Lisa Martin and you're watching the cube live from AWS, reinvent 19 from Vegas. Thanks for watching.

>>Live from San Diego, California at the cube covering to clock in cloud native con brought to you by red hat, the cloud native computing foundation and its ecosystem Marsh. >>Welcome back. This is the cubes coverage of CubeCon cloud native con 2019 in San Diego, 12,000 in attendance. I'm zoomin and my co host is John Troyer and welcome to the program, the co founder and CTO of Lacework. Vikrum. Kapore's yeah. Thank you so much for joining us that to be here. So we had your CEO on at the first cloud security show, uh, earlier this year. A security definitely, you know, it's a board level discussion from center. I can never pass up the opportunity when I have a founder on the program. Just step us back for a second kind of book. The why of Lacework. Yeah, yeah. So I think if you look at the cloud ecosystem and communities now with containers, it's very clear that it requires like a new kind of way to look at security. Like all the traditional security tools for the data center were really built for like, you know, based on network. >>And then since they can know and as you move to the cloud, you know it's very hard to take 100 bucks to the cloud. You know, even with the virtual, you know boxes, it's really not that clean and good architecture. So what we found was that, you know, you really need a new way to think about it and me think about it as really a big data problem that you collect a lot of data, you process it, you analyze it, you get people to come with compliance and governance and breach protection automatically without having them light necessarily a lot of rules. Yeah. There's a term that this show cloud native and the maturity I've heard this year is some people say when I do cloud data, that means I like bake it into Kubernetes and that means you know, I can take my database across all the environments, I can take them there. >>Does that line up with how we should think about cloud security or is it more a little bit different than that? It's a little bit different than that. And the reason being that if you do all that, then what cloud native typically would also bring with itself would be things like your VMs and containers are not long than English short learning. And like in my world, in the old world, like I've been developing for 20 years, I knew the IP address on my airways and it didn't change and I knew the port number. But now if you ask me on cloud native environments, where is my database? Like I don't know there a five instances that ain't gonna hit their head in there. So there's a lot of elasticity, dynamic stuff that comes along with a network layer is not relevant at all to like what the applications are doing. >>So you need to get into the application layer and therefore particularly becomes a little bit different in that environment. So it's kind of, you know, the fact that I can run like thousand containers for no GS in like an instance which allows me to do that also means that, you know, I have no idea where they're running and what the IPS are. And I don't know, security on IP, I do it on, no Jess, like that's really what it is. So with Lacework though, you're, you're really monitoring this a, it's a platform. It's watching in real time. All this data is coming in. So it's both analyzing the history and it's got the stuff coming in. So you have a multiple layers. I mean we're here, uh, we're here at CubeCon. Coobernetti's is kind of the engine of what's going on, but there are other layers going on here. >>There's, yeah, there's all the application code and the pods. There's a, there's a cloud underneath and you all support, you know, different public clouds and on parameter and things like that. Yeah. Can you talk a little bit about maybe what's con some of the patterns of things you are dealing with, with all those different layers and those environments? >> Yeah, so I think it's actually a very relevant question. Like if you're going to think about like, you know, Coobernetti's you know, and as you said, like nothing really guns in isolation, right? Governance has to use containers. At some level. It has to run in either, even if it's managed, it's nothing in some VM somewhere. And the VM is basically the cloud native on VMware or it's hosted on some AWS cloud account and the cloud account probably has an API access to you to be able to set these things up or unset them if an attacker gets access to that. >>So we kind of think of security as comprehensively doing across the board. Like starting from like you know, build environments to run environments where before a developer does a build, you want to do one everyday analysis and make sure you're not building something with known problems in there. So you fix them as you go. Once you deploy them you need to look at like cloud configuration and you know, buckets on Autobahn or security groups are not, you know, incorrect. And then beyond that you actually really need a breach detection system, which kind of tells you when something does go wrong. And that can't be just inside Kubernetes or just containers. You kind of have to go look at every layer because you know, I've seen it personally, like, you know, as an, you know, having to look at some of the attacks, like when an attacker gets into one layer, he'll move into any layer he wants. Like there is really no way to say, I'll isolate him in this day only. So you have to going to protect everything and you're to Derbyshire Christian across the board. Yeah, I remember >>felt like it was a couple of years ago there was a security issue inside a Coobernetti's community freaked out a little bit, but you know, ended up moving past that. What are really kind of those security risks inside where does, where does Lacework fit fit into that discussion? >>Yeah, so I think it's really around like, you know, thinking like, you know, not companies as an isolated platform but actually part of the tech stack and ecosystem and looking at holistic lacrosse. It so fundamentally some of the security concepts haven't changed. You need to make sure you don't leave those open. Right. So if I have a door open on my uh, you know, API level, well it doesn't really matter if I close it on coronaries it's going to get exploded. Whoever is also comes with its own API SOA so that you have to monitor that. Also it has its own pod and it has its own port policies. So we're going to have to figure that too. So fundamentally I think at some level it boils down to making sure you kind of work with our tech security and dev ops. You need to work together to make sure that before the deploy it, it's kind of architected the right way. >>It has the correct VPCs and the port policies and the product texture and at the same time at run time, make sure you're monitoring it so that if something happens, you know about it early versus like six months later when the data is leaving your data center and then somebody tells you it's leaving it like it's too late at that point with your customers, then you're still seeing a role for the security team in the enterprise as well. The dev ops team better not be a better be coordinated with a platform like Lacework. Can you maybe talk a little bit about the enterprise situation and I'm guessing versus a startup? There's a lot more, there's a few other requirements that are coming up. >> We see that a lot across our customers. Like fundamentally DevOps and security really have to be on the same page because at the end of the day, like you know, the way the cloud happened in the has happened, it's a very API centric world. >>Like everything I do on AWS or GCP or Azure or is to an API. So it's a developer kind of centric world. And then if I have to set up a VPC, I have to work with the dev ops for Saturday and if I have to set up security groups, I have to work for dev ops, etc. So fundamentally, if they're not on the same page, you end up in like, you know, having problems. So the way we help in that environment is that we are able to get security on the DevOps team on the same page where they know security can understand what applications they can look at the behavior, they can understand, you know, what the architecture is and when they go tell dev ops to kind of, you know, there is something going on, can you help me? They can have a shared vocabulary and a language and they can talk about like things like on this part I saw access to, or you know, this website or DNS name, not that somebody in our data center went to the IP and like okay, but what does that mean the container is gone and the part's gone. >>Like what do I do with it? So I think we see that and I see, I feel longterm is really a collaboration where security brings to the table a lot of the knowhow and how to secure something. But at the same time, an actual implementation of it probably belongs in DevOps where like if you want to enforce something, you probably have to work with Kubernetes and Kubernetes API has to actually enforce it. So it kind of goes both ways. >> All right Vikram, talk to us about scale. We've talked to everything from broad scale to small scale in this environment. Give us the security aspect of that. So scale has been one of my favorite topics in the last 20 years. I've worked on this for systems and big data like at Oracle for a long time. And fundamentally what happens is that when you, when you do something on 10 PMs, you know, and you look at some alert, it's actually you know, one problem. >>But when you scale that up to like 10,000 VMs or you know, 10,000 containers and lots of users and developers doing multiple changes a day and like a billion connections now or like some of our customers do, it's no longer possible to look at like, you know, connections. It's no longer possible to look at every process. You've got to have to figure out how to deal with that problem by doing, you know, not operator processing and clustering. And that's what we do well. But at some point, scalability basically comes up when you end up having to, on any of the dimensions, having to deal with the problem where I can't, you know, as a human, I can't look at everything. So you have to kind of at that point, start investing in anomaly detection and figuring needle in the haystack problems so we can focus on them versus like, you know, one VM, something happened. All right, Vikram, really appreciate the updates. We know we're going to see lace Lacework at many of >>the cloud shows. Appreciate all the updates, everything in the Kubernetes environment. They kept doing it for John Troyer OMSU amendment back with more coverage here in just a little bit. Thanks as always for watching the cube.

(upbeat music) >> Woman: From our studios in the heart of Silicon Valley, Palo Alto, California. This is a Cube Conversation. >> Hello and welcome to the Cube studios in Palo Alto, California for another Cube Conversation where we go in depth with thought leaders driving innovation across the tech industry. I'm your host, Peter Burris. One of the biggest challenges that every enterprise face as they try to keep up with competitors today, is how to introduce the speed of adding new digital services, new digital capabilities, new types of customer experience, new types of operational challenges, et cetera, but do so in a way that retains the safety that's associated with traditional ways of doing IT. That leads to a set of tensions that exist between how DevOps, which is really driving that new speed equation, and security, which has been historically the locus of thinking about how to ensure that assets, digital assets don't get misappropriated by the business and by bad actors. So the big challenge is how can we bring people, the technology, and the processes together so we can achieve both the speed as well as the safety that are required to really drive business forward. So to have that conversation, we're joined by a great CEO today, Dan Hubbard who's the CEO of Lacework. Dan, welcome to the Cube. >> Thank you, great to be here. >> So let's start by getting a little bit of about Lacework. Tell us a little bit about Lacework. >> Sure, yeah, so Lacework we're really excited. Recently we raised another round of funding which is going to really allow us to focus totally on this problem which is how do we balance speed and safety in how we secure these modern architectures and infrastructure in cloud security? >> All right, so let's talk about, I mentioned up front that this notion of speed and safety, it's more than just a technology problem. It goes deep into how businesses run their enterprise today. What is the experiences that you see your customers having as they conceive of how to move forward to this new world? >> Yeah, so for cloud migrants what's happening is the development groups and applications are moving to the cloud at a very rapid rate, and every company that they're buying is cloud born, and they're moving at a really quick rate, and they're leaving security behind. So from the people aspect, the security people need to get involved with the developers to figure out how they can work in this, you know coexist in an environment that allows them to deliver obviously both security and speed, or speed and safety. >> So the problem is essentially that we need to move fast as a consequence of competition, and technology change, and achieving, you know being more opportunistic which is a fundamental tenet of agile and business today, but we need to do so in a way that provides the set of assurances that are required by compliance, by law, by new privacy regulations. How are you seeing customers solve this problem generally? How are they even thinking about solving it. >> Yeah, so I think the first thing is how they're not succeeding which is, you know, typically they go to their incumbent vendors, security vendors, and attempt to apply something that is not purpose fit for this new infrastructure, being in cloud and cloud native. So things like taking a firewall and calling it a cloud firewall isn't working. Things like taking traditional technologies like antivirus or next generation antivirus is not working. And what we're seeing working is when you really step back and they really start to understand how people are building and developing their code, pushing it out. What is that build time to runtime environment look like, and what are the services their using, and they need to apply some relatively fundamental security practices to it. How do I get visibility over time in real time? How do I attain compliance that is important to my company, PCI, SOC2, NIST, you know HIPAA, whatever is important to you, and then how can I assure that we haven't had a breach, and if we do, how can we triage that breach? >> So in man respects we are trying to bring tried and true security concepts to this new world, but we need to do so in a way that doesn't drag along the technology limitations or that technologies were necessarily applied to securing an old style of infrastructure. Have I got that right? >> Yeah, absolutely. You know there's a number of things in technologies that are really critical here, but also on the people side. You know we can't bring over some of the old processes, for example change control windows. You can't have a change control window in something that's running, and you're pushing code a thousand times a day. There is no change control window. You're just doing it all the time, but you need to do things in a way that is mapping to the automation and the scale that's happening. In order to do that, you need definitely some technology, and people, and processes. >> So it sounds like what you're suggesting is we have to incorporate security directly into the DevOps process so that we at least feature some notion of a Pareto principle where each new push is at least as secure as the previous one, but ideally we're making things more secure as we go along. >> Yeah, I mean understanding change is really critical because things are changing so quickly. You know what we're seeing in a lot of companies is a shift over to security as a governance and tooling org., and then security engineering which is baked within DevOps teams. Whether it is a guild of people that are connected to the application developers, or right within the stand up, or the group directly. >> But if I think about kind of the outcome of DevOps, the outcome of DevOps really is this kind of more modern approach to thinking about technology resources. Service is a term that's thrown and it means a lot of things to a lot of people, but to a DevOps person, they create something that can then be used as a service by other folks within the organization. One of the fundamental challenges here it seems to me is that historically we've tried to secure the server, or the PC, or the network, or the perimeter, or whatever else it might be, but really this cloud native approach is securing some outcome, some capability, and that's really increasingly what we've got to focus on whether we call it a service or something else. Have I got that right? >> Yeah, absolutely, and you know I think we spent years kind of surrounding the applications in the development, really partly because we may have not been involved, so it was great. We had firewalls, we had defense in depth, multiple layers that we added on top of the next layer, and everything else, and really what needs to happen, it needs to be integrated. And you know, in order to integrate into the services world, it needs to be as a service. So your security needs to be a service that isn't surrounding, it's actually integrating directly, and that's partly from a process perspective, also from a people as we talked about, but also as a technology. It's got to be really baked into the solution. >> So one of the things we've seen in our research of Wikibon is that there are, as we think about how to introduce these new capabilities into this kind of DevOps culture, this DevOps approach to building new IT assets, new business capabilities, that if the solution itself doesn't correspond to a way that DevOps works, it itself gets abandoned. I mean it might integrate at some point in time in the future, but if it doesn't naturally fit into how things operate or how things evolve, then it gets abandoned. How would this new class of security products or services look so that DevOps picks it up, gets the best IP associated with the best security today? >> I think the first one is it can't be intrusive. So you know when you talk about blocking and tackling, it needs to be more about building and engineering than blocking. So you really need to make sure that you're not going to adversely or inadvertently affect the application and the service that's being run. So it's really important to the company. And anytime you introduce that, you're going to get blocked out, or your not going to be involved. The other is that it needs to pair to the tooling that is there. For example, you know our service integrates DarkLink, to Jira, and PagerDuty, and Slack, you know, real modern ways that DevOps work. So it needs to be directly integrated, and lastly the service and the context need to deliver information that serves two audiences, the security people, and the DevOps people, because the DevOps people are often the ones that are triaging, or they know the application and the information, the infrastructure's code, and the security people may not. So they have to work together and provide both of those. >> So as we think about what a modern secure DevOps function's going to look like, give us kind of the picture of what it looks like in three years. How are they going to be working together, and what are they going to be using to do so? >> Yeah, so I don't think there's, like this isn't the end of the SISO. There's still going to be a SISO. It's a incredibly important role. I think they're going to move a little bit more towards governance, compliance, and tooling. They may have a tooling org. You know for us, it's more important that we interoperate with open source and the cloud providers than we do with other vendors. So having tooling to do that is really critical. >> Peter: Especially in the visibility side. >> Absolutely, yeah getting visibility's key, and then there's going to be more security engineers. These are people with DNA in security but also are coders, versus the real deep threat specific environment that we see today. You know I would argue there's probably more people that write code and understand assembler than there is in Python and Go. So you know DevOps people, they don't know what assembler is, or are using assembler, so that is still important. There are still attacks. You need to deconstruct them, you need to understand them, but there's a lot you need to do on the security engineering side, which is really how do I program this service? How do I automate and orchestrate it? >> So today this is kind of where we're going. It makes perfect sense, but that's not where a lot of organizations are today. You mentioned the difference between built in cloud and migrating to the cloud. Give us a little bit of insight, visibility into how some of those migrate to the cloud shops are taking this roadmap as they move forward. >> Yeah, it's super interesting you know? We have customers that span across cloud born, you know more startupy, very tech savvy, and then very traditional, very large Fortune 50 companies. In the latter they're doing a couple things. One is they're trying to figure out how do I migrate a traditional app that's been built in a way, not for the cloud, to the cloud. That's kind of one, and there's all kindsa reasons why you'd want to do that, scale, performance, reliability, et cetera. The second is that they're being told or have initiatives driven from the top called cloud first, which means that everything new has to be that way. It has to be cloud native, and it has to be delivered as a service. And then the last one is that when you actually are building an application, and you're a new company, you're probably going to get acquired by one of these larger companies, which means that a cloud migrant becomes a cloud native company by definition because the company's they're buying. So it kind of spans across those three areas. What we run into though is that especially if they buy a company, they're very modern in how they think. They've got very modern practices, and then the traditional security people are going, oh who are these, what is this new technology? How do we interoperate, how do we take our policies, our practices, our functional organization and map those together? So they're really startin' to figure it out. So I think we're kind of in this middle ground. There is very forward thinking companies that have moved more forward, but still it's very, very early, and we talk to customers, we run workshops with customers, and a lot of it, just bringing the teams together and understanding both worlds, and getting to know what are the DevOps, things that they're working on, what are the security people, how do we meet in the technology, and then in the process side. So It's a little bit all over right now, and I think it's probably going to get worse before it gets better, but I think down the road as people deploy things like Kubernetes and containers, and services that are built a little bit better with resiliency into them, it's going to be a more secure place. >> Dan Hubbard, CEO of Laceworks. Great conversation about speed and safety. Thanks for being on the Cube. >> Thank you very much, nice to be here. >> And once again, I'm Peter Burris. Thank you very much for joining us. Until next time. (upbeat music)

>> live from Boston, Massachusetts. It's the Cube covering A W s reinforce 2019. Brought to you by Amazon Web service is and its ecosystem partners. >> Welcome back. Everyone were accused Live coverage here in Boston, Massachusetts, for AWS reinforce. First inaugural conference runs security. I'm Jeffrey. David Lot there. Next guest is Dan Hubbard, CEO of lacework. I've started at a Mountain View, California. Great to have you on. Thanks for joining us. >> Thanks. Thanks for having me. >> So, you know, reinvent was developers Reinforces. Kind of like, si SOS coding security cloud and intersecting with security. This is a new kind of show. What's your take on? >> Super impressed so far? I mean, there's about 1000 people here, you know, way have literally hundreds of demos lined up in the booth s oh, really impressed so far. First impressions. >> It's a good move for Amazon. Do. Ah, security conference. Don't you think I mean >> really smart, Really smart. It's a lot more about defending than a lot of security conference about offense and vulnerabilities and how to find kind of holes and weak cracks. This is really about how do we defend you know, our security in the cloud >> Talk about your company. Your mission? You guys air started going after a hot space. Si SOS or CEO spending Talk to They want a new breed of supplier service provider. Certainly cloud a p. I is gonna be critical in all of this. So you start to see really smart platform thinking systems, thinking around companies around the security challenge and opportunity. What? What do you guys do? Explain what you guys? >> Yes, we really believed you know, this new wave of cloud I s and pass really needs a new architecture. It's a whole new architecture from a 90 perspective. So we need a new architect from a security perspective. And the great thing about the operating model is you could do a wide set of things and then go deep in the areas that are really important. So at least work does we allow you to secure? I asked. Past service is with compliance configuration host and container security. There's one platform that kind of wraps across all of those >> different targeting developers, right? So they don't have to think about security all the time. Is that the poor thing? >> Yeah, definitely. Eso in almost every case. Security is unlocking the budget. However, Dev Ops is involved, Dev Ops is involved from an influence. But, you know, it used to be that developers would ask security for permission. Now security's going back to developers and asking for permission to security >> infrastructure. He said that with the architecture is gonna be different because the the the I t. Is changing. So cloud security needs a new architecture. One of the fundamentals of that architecture and how is it different from security on prim? >> So I think it has to be SAS. So it's gotta be delivered multi cloud from the cloud. You know, we're gonna secure the cloud. It really should be from the cloud, their business models, that should be different. It's almost always a subscription is not perpetual models. You know you're annually re occurring your revenue. You're always keeping your customers happy and you're always innovating. The pace of innovation has to be really quick because the pace of the cloud is moving at such a dramatic speed. >> So that the those kind of business oriented you know, that's kind of a different definition of architecture. Technically, is it a fundamental do over Or is it fundamentally similar? >> Wolf. You know, there's some of the tenants which are the same, you know, we need to get visibility. That's very similar. You know, we have controls needed have auditing. We need to find threats. However, the way you do it is very different. So you don't own the hardware, you don't own the racks, you don't own the network. You gotta get used to that. You gotta live above the responsibility line. You have to fit within their infrastructure. So what that means is you need to be very happy. I friendly because we're sucking a lot of data on Amazon were pulling in configuration cloudtrail data, and you'll have to be able to deploy inside their infrastructures. We support things like kubernetes things like docker or we also interoperate things like bare metal and you know, in the AM eyes themselves, what >> problem you guys solve. Every startup has that cultural doctor, and they sometimes you weave into a market and also you get visibility into into a key value proper. What's the key problem that you saw? What's the benefit >> so that the key value we solve is if you are in the cloud or migraine in the cloud. We give you compliance configuration and threat protection across all your clowns. So, irrespective of which cloud you live in or operate in, we give you one central threat detection engine and that which gives you visibility but also gives you compliance and controls into that. >> So Amazon has this, you know she had responsibility model. They're they're protecting the compute, the storage, the database and customers are responsible for the end points. The operating system, the data, etcetera, etcetera. And Amazon certainly has tools. Help them. What is fuzzy to me sometimes is you know where eight of us leaves off. Where ecosystem partners like you guys come in. You obvious have to keep moving fast to your point. Absolute. Can you help us sort of squint through that maze? >> Sure. Yeah. I mean, the easiest way that I can explain it is if you could configure it, you have to secure everything. Below is the providers responsibility. That said, there are different areas where things are kind of peeking through the responsibility lines. So what I see is a world where there's not 50 security vendors that you've bought like in premise or traditional data center, but your Inter operating with a provider. So you know, the big three providers open source and then a solution like ours. So it's more about how do we interoperate there together? But what we do is we sit actually right within your container on the host themselves with an agent, and then we suck in there a p I. So technically, it's a little bit different. >> So the threat of containers is an interesting topic, right? You're spinning him up. It makes V M v ems look like child's play. Yeah, So are you using specific techniques, toe? So the fake out the bad guys make it. You're raising the bar on them and their cost using sort of algorithms to do that spin up, spin him down. You know, like the shell game of asking you. >> What we do is we get baked right into your infrastructure every single time you deploy and run through C I c d. A new container or a new app were baked in there and what we're doing, we're looking all your applications, processes the network traffic and then we look for that no one bad and the unknown bad based off of that. >> So it's native security in the container at the point of creation. Not a not an afterthought. Correct. Yep, >> What? Your take on kubernetes landscape? Obviously, pretty much everyone's kind of consolidate around that from a de facto standard. That's good news, wouldn't it? Koen ETS does is all kinds of stateless state full applications that becomes, like service mess conversation. You got all kinds of services that could land out there, automating all these things these sources were being turned on turned off in real time. >> It's >> a log it >> all. It's incredible. I think Cos. Is the fastest growing enterprise open source project ever. You know where every customer we talked to is either in the midst of migrating migrate or just thinking about it. That said, the world is looking to go multi cloud. But most customers today have, ah, a combination of in premise bare metal am eyes kubernetes containers. What we're doing is we give you visibility into your coup Bernays infrastructure. So we talk pods, nodes, clusters, name spaces and we allow you to secure the management plane. Any communication between those So it's really critical when you're deploying those from a security perspective that you know what's happening. The ephemeral nature of it is very different from regular security to you need to answer questions like what happened for 10 minutes during this time from six months ago, and that's really hard with traditional >> tools, really are. And that's really gonna with automation plays in Talk about the journey of where your customers are going out because we're seeing a progression kind of categorically three kind of levels. I really wanted to go to the cloud. I really want to convince you that cloud every aspiration. Yeah, not realistic, but it's on their plans. Then you've got people who go out and do it gets stuck in the mud. The wheels are spinning culturally, whatever's going on and then full on cloud native hard core Dev ops, eaten glass, spit nails, just kicking ass and taking names right? So you get the leaders. People are kind of in the middle, and then people jumping in. Where do you guys see your benefit? What are some of the challenges? How do you guys >> think it's a super dynamic marketplace? Because what's happening is every big company that may not be fully cloud native, is buying companies that are cloud native. So then they become the sexy new way to deploy, and then they start figure out how to deploy their there. So one of the trains were seeing is core centralized. Security is becoming governance and tooling, and then they're distributing the security function within the AP teams themselves. And that model seems to work really well because you've got security practitioners baked within the Dev Ops team. But then you've got a governing roll with tooling, centralized tooling from there. That said, depending on the customer or the prospect, it's all over the place. You know, many sisters, you're scratching their heads saying, No, you know, I don't know what's going over the cloud guys. They've got a different group that's running it. They're trying to figure out how do I just get visibility? I know my name's you know, I'm the one they're gonna come after if there's a problem. So it's really all over the place >> for your service. So you're baking it in creatively into the container. >> Yep, it doesn't matter. >> You're aware, if you will. >> It is a matter of urine premise or not. Containers or not, we worked across all of them. >> Was that the hook for your sort of original idea? Your business plan? Your investors you've raised, I think 32,000,000. You got 70 employees. What was that hook? What attracted the investment Community >> Theory journal? Idea was, if you're deployed in the cloud and you have a breach, how do you know you had a breach? Things that happen to come and go very quickly. All the data's encrypted on the network. I don't have full visibility on the network itself. So that was the original idea. How would I go back in time kind of time machine to find out what happened then? Way originally supported eight of us and it was really about visibility within 80 bus infrastructure. Then kubernetes happened. Now the big hook really is amazing containers. Am I using kubernetes? And then how do I make sure I'm compliant and then following best practices and then that breach that breach scenario still definitely happens. Everybody tries the service before they buy it. They're almost always finding out problems along the way. >> What did kubernetes do for you guys? That made a consensus step, function, change or what you guys were doing? Was it because they had the dynamic nature of the service's was orchestration? What specifically was the benefit? >> I think the orchestration, the single management plane from a security perspective, is one of the big things. You get access to that one brain, if you will. You have access to everything. Obviously, the ephemeral workload is big that it was enforcement kubernetes with service messes. Things like pot security policies allows us to hook a P eyes in a way that you can actually write enforcement versus a firewall or some of these old school ways of killing packets. >> Yes, you got a cloud native approach. Kubernetes comes along. It's aligns with your sort of philosophy and >> architectural, and we run today's ourselves. So our entire infrastructure is based off of kubernetes. We were kubernetes user very early on, so, you know, we just take the things that we learn to our customers. >> So here's a quote from a seesaw. I won't say his or her name, but I want to get your reaction to it when talking about dealing with suppliers, looking for the new generation of like what you guys are doing you got, I would put you in the new classification of emerging suppliers. This is the message to all the suppliers in the room. I happen to be in there having a P I and don't have its suck because you eyes shifting to a p a u ie Focus is shifting to FBI focus. So we are evaluating every supplier on their eight b. I's your reaction to that? >> I absolutely agree. So there's two levels of AP eyes. One is you have to interrupt it with the guys from the providers in order to get the data properly. Right. That's a big, big component. Others, you have to have a P eyes for your consumers. You can't automate without a P I. So that's really critical. That said, I will disagree a little bit on the u X and Y aspect. If you are triaging data, it's really important that you have the right data at the right time and visualizing that data in a ways. It's pretty important. >> How real is multi cloud, in your opinion, I mean, everybody's talking about multi cloud Ah la times we've said multi cloud. It's none of us a symptom of multi vendor. But increasingly it could be a strategy in terms of your thinking about your total available market, your market opportunity. How real is it when you're conversations with Coast? >> It's very really. We were really surprised. We first started supporting eight of us, and then we had a G, C, P and Azure together. Now we have a core principle that everything we build has to be parody across all the clouds. And we had a huge uptick across G, C, P and as your very early. So we were really surprised. What we were surprised about was, it's not portable workloads. So it's not about taking one application distributed across multi cloud. That's kind of fiction. That doesn't happen very often. It's either you bought a company that's in another cloud or use a past service in another cloud, or you have just two totally disparate applications in a large company. They just happen to be in different clouds in the data's in different places. They don't need to interoperate, so it's so it's just a little different, but we're seeing kind >> of horses for courses as well, right? Some clouds may be better for data oriented. >> Here's your point early, and we've heard this in some of the sea. So conversations em and becomes a big factor because they get new teams in new culture and they might have different cloud approaches. But I totally agree with you on that. I would say I would even go more further and saying It's absolute fiction between multi Cloud because it's just got a latent seizes on the connections, whether they're direct connections are not welcome on the factor. So I've always said, and I kind of believe in I'd love to get your thoughts on. It is the workload should dictate to the infrastructure which clouded should you know, and go with one cloud for that. If it makes sense on, then use multi cloud across workloads and low can handle a better cloud. Cloud Cloud selection. Be joined by the workload. >> Yeah, it's certainly from an out >> the other way around. >> Yeah, it's certainly from application perspective. You want a silo? It, you know, probably there. I think what's interesting about a lot of the work each provider is doing in security a lot people ask. Well, you know, why don't I just use all my provider security tools. And the answer is they got some great tools. You should use those for sure, but there is a bunch of technology above that you can use. And then you got a span across multiple clouds. What you don't want is three different AP eyes for security across every single cloud. That's gonna be a major pain or >> have to stitch. And that's where you guys come in. Absolutely. >> What's your take on this show? Reinforce against inaugural show. Love to go. The knuckle shows they don't have a 2nd 1 because they were there. Yeah, reinvent you made a calm before we came on. Reinvents started out. We were there early on as well. There's developers. Yeah, it wasn't a lot of fanfare. In fact, you could wander around Andy Jazz. It wasn't crowded. It all great, great time. That was younger. Now Amazons gotten much stronger. Bigger? What's the vibe here? Is that developers for security? Is it si SOS? Is it? What's your read on the makeup and the focus of the attendees? >> So I think it's it's a little bit of a mix of both, which I think is good you know, I've met a number of developers or what I would call kind of new breed security engineers. These are engineers that arm or interested in? How does the cloud work an inter operate? And how do you secure that versus, like reverse engineering malware with assembler, which you know a lot of the other places there really about the threats? And what of the threats and how specific or those This is really a little bit more about? How do we up our game from from a security perspective in this New World order, which is really >> get plowed. Very agile, very fast, yet horizontally scalable, elastic, all the goodness of cloud Final question developers Bottom line is developers continue to code and do the things, whether it's a devil's culture of having a hack a phone and testing new things, that which is how things roll now, getting into productions hard. What's the developers impact to security? Is the trend coming out of the show that security baked in enough to think about it like how configuration management took that track and Dev Ops took that away? You mentioned that earlier you figure you can secure it yet. So similar track for security going the way of automation. What's your? >> It's a lot of automation is gonna be critical for sure. And then it's gonna be a combination of Security and Dev ops together, you know, Call it DEP SEC Ops, code security engineer. Whatever you want to call it, it's definitely a combination of both. Security people are going away, that's for sure. You know, we're still gonna need security experts. And focus is just a critical aspect about this. >> Dan, Thanks for the insight coming on here. Reinforced. Take a quick second. Give a plug for your company. What you guys looking to do? Your hiring? What's going on? The company? >> Sure lacework. We're gonna help you protect all your workloads, Your configuration. Compliance in the cloud regardless of which cloud way are hiring websites lacework dot com and way love Thio culture Their cultures great, Very fast moving very fast paced, very modern way live and breathe by the success of our customers It's a subscription business. So now we have to continue innovating and renewing. Our customers >> got smart probably to get dealing combination containers. Thanks for coming on. Your coverage here live in Boston. General David, Want to stay tuned for more live coverage after this short break

>> From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> OpenAI The company, and ChatGPT have taken the world by storm. Microsoft reportedly is investing an additional 10 billion dollars into the company. But in our view, while the hype around ChatGPT is justified, we don't believe OpenAI will lock up the market with its first mover advantage. Rather, we believe that success in this market will be directly proportional to the quality and quantity of data that a technology company has at its disposal, and the compute power that it could deploy to run its system. Hello and welcome to this week's Wikibon CUBE insights, powered by ETR. In this Breaking Analysis, we unpack the excitement around ChatGPT, and debate the premise that the company's early entry into the space may not confer winner take all advantage to OpenAI. And to do so, we welcome CUBE collaborator, alum, Sarbjeet Johal, (chuckles) and John Furrier, co-host of the Cube. Great to see you Sarbjeet, John. Really appreciate you guys coming to the program. >> Great to be on. >> Okay, so what is ChatGPT? Well, actually we asked ChatGPT, what is ChatGPT? So here's what it said. ChatGPT is a state-of-the-art language model developed by OpenAI that can generate human-like text. It could be fine tuned for a variety of language tasks, such as conversation, summarization, and language translation. So I asked it, give it to me in 50 words or less. How did it do? Anything to add? >> Yeah, think it did good. It's large language model, like previous models, but it started applying the transformers sort of mechanism to focus on what prompt you have given it to itself. And then also the what answer it gave you in the first, sort of, one sentence or two sentences, and then introspect on itself, like what I have already said to you. And so just work on that. So it it's self sort of focus if you will. It does, the transformers help the large language models to do that. >> So to your point, it's a large language model, and GPT stands for generative pre-trained transformer. >> And if you put the definition back up there again, if you put it back up on the screen, let's see it back up. Okay, it actually missed the large, word large. So one of the problems with ChatGPT, it's not always accurate. It's actually a large language model, and it says state of the art language model. And if you look at Google, Google has dominated AI for many times and they're well known as being the best at this. And apparently Google has their own large language model, LLM, in play and have been holding it back to release because of backlash on the accuracy. Like just in that example you showed is a great point. They got almost right, but they missed the key word. >> You know what's funny about that John, is I had previously asked it in my prompt to give me it in less than a hundred words, and it was too long, I said I was too long for Breaking Analysis, and there it went into the fact that it's a large language model. So it largely, it gave me a really different answer the, for both times. So, but it's still pretty amazing for those of you who haven't played with it yet. And one of the best examples that I saw was Ben Charrington from This Week In ML AI podcast. And I stumbled on this thanks to Brian Gracely, who was listening to one of his Cloudcasts. Basically what Ben did is he took, he prompted ChatGPT to interview ChatGPT, and he simply gave the system the prompts, and then he ran the questions and answers into this avatar builder and sped it up 2X so it didn't sound like a machine. And voila, it was amazing. So John is ChatGPT going to take over as a cube host? >> Well, I was thinking, we get the questions in advance sometimes from PR people. We should actually just plug it in ChatGPT, add it to our notes, and saying, "Is this good enough for you? Let's ask the real question." So I think, you know, I think there's a lot of heavy lifting that gets done. I think the ChatGPT is a phenomenal revolution. I think it highlights the use case. Like that example we showed earlier. It gets most of it right. So it's directionally correct and it feels like it's an answer, but it's not a hundred percent accurate. And I think that's where people are seeing value in it. Writing marketing, copy, brainstorming, guest list, gift list for somebody. Write me some lyrics to a song. Give me a thesis about healthcare policy in the United States. It'll do a bang up job, and then you got to go in and you can massage it. So we're going to do three quarters of the work. That's why plagiarism and schools are kind of freaking out. And that's why Microsoft put 10 billion in, because why wouldn't this be a feature of Word, or the OS to help it do stuff on behalf of the user. So linguistically it's a beautiful thing. You can input a string and get a good answer. It's not a search result. >> And we're going to get your take on on Microsoft and, but it kind of levels the playing- but ChatGPT writes better than I do, Sarbjeet, and I know you have some good examples too. You mentioned the Reed Hastings example. >> Yeah, I was listening to Reed Hastings fireside chat with ChatGPT, and the answers were coming as sort of voice, in the voice format. And it was amazing what, he was having very sort of philosophy kind of talk with the ChatGPT, the longer sentences, like he was going on, like, just like we are talking, he was talking for like almost two minutes and then ChatGPT was answering. It was not one sentence question, and then a lot of answers from ChatGPT and yeah, you're right. I, this is our ability. I've been thinking deep about this since yesterday, we talked about, like, we want to do this segment. The data is fed into the data model. It can be the current data as well, but I think that, like, models like ChatGPT, other companies will have those too. They can, they're democratizing the intelligence, but they're not creating intelligence yet, definitely yet I can say that. They will give you all the finite answers. Like, okay, how do you do this for loop in Java, versus, you know, C sharp, and as a programmer you can do that, in, but they can't tell you that, how to write a new algorithm or write a new search algorithm for you. They cannot create a secretive code for you to- >> Not yet. >> Have competitive advantage. >> Not yet, not yet. >> but you- >> Can Google do that today? >> No one really can. The reasoning side of the data is, we talked about at our Supercloud event, with Zhamak Dehghani who's was CEO of, now of Nextdata. This next wave of data intelligence is going to come from entrepreneurs that are probably cross discipline, computer science and some other discipline. But they're going to be new things, for example, data, metadata, and data. It's hard to do reasoning like a human being, so that needs more data to train itself. So I think the first gen of this training module for the large language model they have is a corpus of text. Lot of that's why blog posts are, but the facts are wrong and sometimes out of context, because that contextual reasoning takes time, it takes intelligence. So machines need to become intelligent, and so therefore they need to be trained. So you're going to start to see, I think, a lot of acceleration on training the data sets. And again, it's only as good as the data you can get. And again, proprietary data sets will be a huge winner. Anyone who's got a large corpus of content, proprietary content like theCUBE or SiliconANGLE as a publisher will benefit from this. Large FinTech companies, anyone with large proprietary data will probably be a big winner on this generative AI wave, because it just, it will eat that up, and turn that back into something better. So I think there's going to be a lot of interesting things to look at here. And certainly productivity's going to be off the charts for vanilla and the internet is going to get swarmed with vanilla content. So if you're in the content business, and you're an original content producer of any kind, you're going to be not vanilla, so you're going to be better. So I think there's so much at play Dave (indistinct). >> I think the playing field has been risen, so we- >> Risen and leveled? >> Yeah, and leveled to certain extent. So it's now like that few people as consumers, as consumers of AI, we will have a advantage and others cannot have that advantage. So it will be democratized. That's, I'm sure about that. But if you take the example of calculator, when the calculator came in, and a lot of people are, "Oh, people can't do math anymore because calculator is there." right? So it's a similar sort of moment, just like a calculator for the next level. But, again- >> I see it more like open source, Sarbjeet, because like if you think about what ChatGPT's doing, you do a query and it comes from somewhere the value of a post from ChatGPT is just a reuse of AI. The original content accent will be come from a human. So if I lay out a paragraph from ChatGPT, did some heavy lifting on some facts, I check the facts, save me about maybe- >> Yeah, it's productive. >> An hour writing, and then I write a killer two, three sentences of, like, sharp original thinking or critical analysis. I then took that body of work, open source content, and then laid something on top of it. >> And Sarbjeet's example is a good one, because like if the calculator kids don't do math as well anymore, the slide rule, remember we had slide rules as kids, remember we first started using Waze, you know, we were this minority and you had an advantage over other drivers. Now Waze is like, you know, social traffic, you know, navigation, everybody had, you know- >> All the back roads are crowded. >> They're car crowded. (group laughs) Exactly. All right, let's, let's move on. What about this notion that futurist Ray Amara put forth and really Amara's Law that we're showing here, it's, the law is we, you know, "We tend to overestimate the effect of technology in the short run and underestimate it in the long run." Is that the case, do you think, with ChatGPT? What do you think Sarbjeet? >> I think that's true actually. There's a lot of, >> We don't debate this. >> There's a lot of awe, like when people see the results from ChatGPT, they say what, what the heck? Like, it can do this? But then if you use it more and more and more, and I ask the set of similar question, not the same question, and it gives you like same answer. It's like reading from the same bucket of text in, the interior read (indistinct) where the ChatGPT, you will see that in some couple of segments. It's very, it sounds so boring that the ChatGPT is coming out the same two sentences every time. So it is kind of good, but it's not as good as people think it is right now. But we will have, go through this, you know, hype sort of cycle and get realistic with it. And then in the long term, I think it's a great thing in the short term, it's not something which will (indistinct) >> What's your counter point? You're saying it's not. >> I, no I think the question was, it's hyped up in the short term and not it's underestimated long term. That's what I think what he said, quote. >> Yes, yeah. That's what he said. >> Okay, I think that's wrong with this, because this is a unique, ChatGPT is a unique kind of impact and it's very generational. People have been comparing it, I have been comparing to the internet, like the web, web browser Mosaic and Netscape, right, Navigator. I mean, I clearly still remember the days seeing Navigator for the first time, wow. And there weren't not many sites you could go to, everyone typed in, you know, cars.com, you know. >> That (indistinct) wasn't that overestimated, the overhyped at the beginning and underestimated. >> No, it was, it was underestimated long run, people thought. >> But that Amara's law. >> That's what is. >> No, they said overestimated? >> Overestimated near term underestimated- overhyped near term, underestimated long term. I got, right I mean? >> Well, I, yeah okay, so I would then agree, okay then- >> We were off the charts about the internet in the early days, and it actually exceeded our expectations. >> Well there were people who were, like, poo-pooing it early on. So when the browser came out, people were like, "Oh, the web's a toy for kids." I mean, in 1995 the web was a joke, right? So '96, you had online populations growing, so you had structural changes going on around the browser, internet population. And then that replaced other things, direct mail, other business activities that were once analog then went to the web, kind of read only as you, as we always talk about. So I think that's a moment where the hype long term, the smart money, and the smart industry experts all get the long term. And in this case, there's more poo-pooing in the short term. "Ah, it's not a big deal, it's just AI." I've heard many people poo-pooing ChatGPT, and a lot of smart people saying, "No this is next gen, this is different and it's only going to get better." So I think people are estimating a big long game on this one. >> So you're saying it's bifurcated. There's those who say- >> Yes. >> Okay, all right, let's get to the heart of the premise, and possibly the debate for today's episode. Will OpenAI's early entry into the market confer sustainable competitive advantage for the company. And if you look at the history of tech, the technology industry, it's kind of littered with first mover failures. Altair, IBM, Tandy, Commodore, they and Apple even, they were really early in the PC game. They took a backseat to Dell who came in the scene years later with a better business model. Netscape, you were just talking about, was all the rage in Silicon Valley, with the first browser, drove up all the housing prices out here. AltaVista was the first search engine to really, you know, index full text. >> Owned by Dell, I mean DEC. >> Owned by Digital. >> Yeah, Digital Equipment >> Compaq bought it. And of course as an aside, Digital, they wanted to showcase their hardware, right? Their super computer stuff. And then so Friendster and MySpace, they came before Facebook. The iPhone certainly wasn't the first mobile device. So lots of failed examples, but there are some recent successes like AWS and cloud. >> You could say smartphone. So I mean. >> Well I know, and you can, we can parse this so we'll debate it. Now Twitter, you could argue, had first mover advantage. You kind of gave me that one John. Bitcoin and crypto clearly had first mover advantage, and sustaining that. Guys, will OpenAI make it to the list on the right with ChatGPT, what do you think? >> I think categorically as a company, it probably won't, but as a category, I think what they're doing will, so OpenAI as a company, they get funding, there's power dynamics involved. Microsoft put a billion dollars in early on, then they just pony it up. Now they're reporting 10 billion more. So, like, if the browsers, Microsoft had competitive advantage over Netscape, and used monopoly power, and convicted by the Department of Justice for killing Netscape with their monopoly, Netscape should have had won that battle, but Microsoft killed it. In this case, Microsoft's not killing it, they're buying into it. So I think the embrace extend Microsoft power here makes OpenAI vulnerable for that one vendor solution. So the AI as a company might not make the list, but the category of what this is, large language model AI, is probably will be on the right hand side. >> Okay, we're going to come back to the government intervention and maybe do some comparisons, but what are your thoughts on this premise here? That, it will basically set- put forth the premise that it, that ChatGPT, its early entry into the market will not confer competitive advantage to >> For OpenAI. >> To Open- Yeah, do you agree with that? >> I agree with that actually. It, because Google has been at it, and they have been holding back, as John said because of the scrutiny from the Fed, right, so- >> And privacy too. >> And the privacy and the accuracy as well. But I think Sam Altman and the company on those guys, right? They have put this in a hasty way out there, you know, because it makes mistakes, and there are a lot of questions around the, sort of, where the content is coming from. You saw that as your example, it just stole the content, and without your permission, you know? >> Yeah. So as quick this aside- >> And it codes on people's behalf and the, those codes are wrong. So there's a lot of, sort of, false information it's putting out there. So it's a very vulnerable thing to do what Sam Altman- >> So even though it'll get better, others will compete. >> So look, just side note, a term which Reid Hoffman used a little bit. Like he said, it's experimental launch, like, you know, it's- >> It's pretty damn good. >> It is clever because according to Sam- >> It's more than clever. It's good. >> It's awesome, if you haven't used it. I mean you write- you read what it writes and you go, "This thing writes so well, it writes so much better than you." >> The human emotion drives that too. I think that's a big thing. But- >> I Want to add one more- >> Make your last point. >> Last one. Okay. So, but he's still holding back. He's conducting quite a few interviews. If you want to get the gist of it, there's an interview with StrictlyVC interview from yesterday with Sam Altman. Listen to that one it's an eye opening what they want- where they want to take it. But my last one I want to make it on this point is that Satya Nadella yesterday did an interview with Wall Street Journal. I think he was doing- >> You were not impressed. >> I was not impressed because he was pushing it too much. So Sam Altman's holding back so there's less backlash. >> Got 10 billion reasons to push. >> I think he's almost- >> Microsoft just laid off 10000 people. Hey ChatGPT, find me a job. You know like. (group laughs) >> He's overselling it to an extent that I think it will backfire on Microsoft. And he's over promising a lot of stuff right now, I think. I don't know why he's very jittery about all these things. And he did the same thing during Ignite as well. So he said, "Oh, this AI will write code for you and this and that." Like you called him out- >> The hyperbole- >> During your- >> from Satya Nadella, he's got a lot of hyperbole. (group talks over each other) >> All right, Let's, go ahead. >> Well, can I weigh in on the whole- >> Yeah, sure. >> Microsoft thing on whether OpenAI, here's the take on this. I think it's more like the browser moment to me, because I could relate to that experience with ChatG, personally, emotionally, when I saw that, and I remember vividly- >> You mean that aha moment (indistinct). >> Like this is obviously the future. Anything else in the old world is dead, website's going to be everywhere. It was just instant dot connection for me. And a lot of other smart people who saw this. Lot of people by the way, didn't see it. Someone said the web's a toy. At the company I was worked for at the time, Hewlett Packard, they like, they could have been in, they had invented HTML, and so like all this stuff was, like, they just passed, the web was just being passed over. But at that time, the browser got better, more websites came on board. So the structural advantage there was online web usage was growing, online user population. So that was growing exponentially with the rise of the Netscape browser. So OpenAI could stay on the right side of your list as durable, if they leverage the category that they're creating, can get the scale. And if they can get the scale, just like Twitter, that failed so many times that they still hung around. So it was a product that was always successful, right? So I mean, it should have- >> You're right, it was terrible, we kept coming back. >> The fail whale, but it still grew. So OpenAI has that moment. They could do it if Microsoft doesn't meddle too much with too much power as a vendor. They could be the Netscape Navigator, without the anti-competitive behavior of somebody else. So to me, they have the pole position. So they have an opportunity. So if not, if they don't execute, then there's opportunity. There's not a lot of barriers to entry, vis-a-vis say the CapEx of say a cloud company like AWS. You can't replicate that, Many have tried, but I think you can replicate OpenAI. >> And we're going to talk about that. Okay, so real quick, I want to bring in some ETR data. This isn't an ETR heavy segment, only because this so new, you know, they haven't coverage yet, but they do cover AI. So basically what we're seeing here is a slide on the vertical axis's net score, which is a measure of spending momentum, and in the horizontal axis's is presence in the dataset. Think of it as, like, market presence. And in the insert right there, you can see how the dots are plotted, the two columns. And so, but the key point here that we want to make, there's a bunch of companies on the left, is he like, you know, DataRobot and C3 AI and some others, but the big whales, Google, AWS, Microsoft, are really dominant in this market. So that's really the key takeaway that, can we- >> I notice IBM is way low. >> Yeah, IBM's low, and actually bring that back up and you, but then you see Oracle who actually is injecting. So I guess that's the other point is, you're not necessarily going to go buy AI, and you know, build your own AI, you're going to, it's going to be there and, it, Salesforce is going to embed it into its platform, the SaaS companies, and you're going to purchase AI. You're not necessarily going to build it. But some companies obviously are. >> I mean to quote IBM's general manager Rob Thomas, "You can't have AI with IA." information architecture and David Flynn- >> You can't Have AI without IA >> without, you can't have AI without IA. You can't have, if you have an Information Architecture, you then can power AI. Yesterday David Flynn, with Hammersmith, was on our Supercloud. He was pointing out that the relationship of storage, where you store things, also impacts the data and stressablity, and Zhamak from Nextdata, she was pointing out that same thing. So the data problem factors into all this too, Dave. >> So you got the big cloud and internet giants, they're all poised to go after this opportunity. Microsoft is investing up to 10 billion. Google's code red, which was, you know, the headline in the New York Times. Of course Apple is there and several alternatives in the market today. Guys like Chinchilla, Bloom, and there's a company Jasper and several others, and then Lena Khan looms large and the government's around the world, EU, US, China, all taking notice before the market really is coalesced around a single player. You know, John, you mentioned Netscape, they kind of really, the US government was way late to that game. It was kind of game over. And Netscape, I remember Barksdale was like, "Eh, we're going to be selling software in the enterprise anyway." and then, pshew, the company just dissipated. So, but it looks like the US government, especially with Lena Khan, they're changing the definition of antitrust and what the cause is to go after people, and they're really much more aggressive. It's only what, two years ago that (indistinct). >> Yeah, the problem I have with the federal oversight is this, they're always like late to the game, and they're slow to catch up. So in other words, they're working on stuff that should have been solved a year and a half, two years ago around some of the social networks hiding behind some of the rules around open web back in the days, and I think- >> But they're like 15 years late to that. >> Yeah, and now they got this new thing on top of it. So like, I just worry about them getting their fingers. >> But there's only two years, you know, OpenAI. >> No, but the thing (indistinct). >> No, they're still fighting other battles. But the problem with government is that they're going to label Big Tech as like a evil thing like Pharma, it's like smoke- >> You know Lena Khan wants to kill Big Tech, there's no question. >> So I think Big Tech is getting a very seriously bad rap. And I think anything that the government does that shades darkness on tech, is politically motivated in most cases. You can almost look at everything, and my 80 20 rule is in play here. 80% of the government activity around tech is bullshit, it's politically motivated, and the 20% is probably relevant, but off the mark and not organized. >> Well market forces have always been the determining factor of success. The governments, you know, have been pretty much failed. I mean you look at IBM's antitrust, that, what did that do? The market ultimately beat them. You look at Microsoft back in the day, right? Windows 95 was peaking, the government came in. But you know, like you said, they missed the web, right, and >> so they were hanging on- >> There's nobody in government >> to Windows. >> that actually knows- >> And so, you, I think you're right. It's market forces that are going to determine this. But Sarbjeet, what do you make of Microsoft's big bet here, you weren't impressed with with Nadella. How do you think, where are they going to apply it? Is this going to be a Hail Mary for Bing, or is it going to be applied elsewhere? What do you think. >> They are saying that they will, sort of, weave this into their products, office products, productivity and also to write code as well, developer productivity as well. That's a big play for them. But coming back to your antitrust sort of comments, right? I believe the, your comment was like, oh, fed was late 10 years or 15 years earlier, but now they're two years. But things are moving very fast now as compared to they used to move. >> So two years is like 10 Years. >> Yeah, two years is like 10 years. Just want to make that point. (Dave laughs) This thing is going like wildfire. Any new tech which comes in that I think they're going against distribution channels. Lina Khan has commented time and again that the marketplace model is that she wants to have some grip on. Cloud marketplaces are a kind of monopolistic kind of way. >> I don't, I don't see this, I don't see a Chat AI. >> You told me it's not Bing, you had an interesting comment. >> No, no. First of all, this is great from Microsoft. If you're Microsoft- >> Why? >> Because Microsoft doesn't have the AI chops that Google has, right? Google is got so much core competency on how they run their search, how they run their backends, their cloud, even though they don't get a lot of cloud market share in the enterprise, they got a kick ass cloud cause they needed one. >> Totally. >> They've invented SRE. I mean Google's development and engineering chops are off the scales, right? Amazon's got some good chops, but Google's got like 10 times more chops than AWS in my opinion. Cloud's a whole different story. Microsoft gets AI, they get a playbook, they get a product they can render into, the not only Bing, productivity software, helping people write papers, PowerPoint, also don't forget the cloud AI can super help. We had this conversation on our Supercloud event, where AI's going to do a lot of the heavy lifting around understanding observability and managing service meshes, to managing microservices, to turning on and off applications, and or maybe writing code in real time. So there's a plethora of use cases for Microsoft to deploy this. combined with their R and D budgets, they can then turbocharge more research, build on it. So I think this gives them a car in the game, Google may have pole position with AI, but this puts Microsoft right in the game, and they already have a lot of stuff going on. But this just, I mean everything gets lifted up. Security, cloud, productivity suite, everything. >> What's under the hood at Google, and why aren't they talking about it? I mean they got to be freaked out about this. No? Or do they have kind of a magic bullet? >> I think they have the, they have the chops definitely. Magic bullet, I don't know where they are, as compared to the ChatGPT 3 or 4 models. Like they, but if you look at the online sort of activity and the videos put out there from Google folks, Google technology folks, that's account you should look at if you are looking there, they have put all these distinctions what ChatGPT 3 has used, they have been talking about for a while as well. So it's not like it's a secret thing that you cannot replicate. As you said earlier, like in the beginning of this segment, that anybody who has more data and the capacity to process that data, which Google has both, I think they will win this. >> Obviously living in Palo Alto where the Google founders are, and Google's headquarters next town over we have- >> We're so close to them. We have inside information on some of the thinking and that hasn't been reported by any outlet yet. And that is, is that, from what I'm hearing from my sources, is Google has it, they don't want to release it for many reasons. One is it might screw up their search monopoly, one, two, they're worried about the accuracy, 'cause Google will get sued. 'Cause a lot of people are jamming on this ChatGPT as, "Oh it does everything for me." when it's clearly not a hundred percent accurate all the time. >> So Lina Kahn is looming, and so Google's like be careful. >> Yeah so Google's just like, this is the third, could be a third rail. >> But the first thing you said is a concern. >> Well no. >> The disruptive (indistinct) >> What they will do is do a Waymo kind of thing, where they spin out a separate company. >> They're doing that. >> The discussions happening, they're going to spin out the separate company and put it over there, and saying, "This is AI, got search over there, don't touch that search, 'cause that's where all the revenue is." (chuckles) >> So, okay, so that's how they deal with the Clay Christensen dilemma. What's the business model here? I mean it's not advertising, right? Is it to charge you for a query? What, how do you make money at this? >> It's a good question, I mean my thinking is, first of all, it's cool to type stuff in and see a paper get written, or write a blog post, or gimme a marketing slogan for this or that or write some code. I think the API side of the business will be critical. And I think Howie Xu, I know you're going to reference some of his comments yesterday on Supercloud, I think this brings a whole 'nother user interface into technology consumption. I think the business model, not yet clear, but it will probably be some sort of either API and developer environment or just a straight up free consumer product, with some sort of freemium backend thing for business. >> And he was saying too, it's natural language is the way in which you're going to interact with these systems. >> I think it's APIs, it's APIs, APIs, APIs, because these people who are cooking up these models, and it takes a lot of compute power to train these and to, for inference as well. Somebody did the analysis on the how many cents a Google search costs to Google, and how many cents the ChatGPT query costs. It's, you know, 100x or something on that. You can take a look at that. >> A 100x on which side? >> You're saying two orders of magnitude more expensive for ChatGPT >> Much more, yeah. >> Than for Google. >> It's very expensive. >> So Google's got the data, they got the infrastructure and they got, you're saying they got the cost (indistinct) >> No actually it's a simple query as well, but they are trying to put together the answers, and they're going through a lot more data versus index data already, you know. >> Let me clarify, you're saying that Google's version of ChatGPT is more efficient? >> No, I'm, I'm saying Google search results. >> Ah, search results. >> What are used to today, but cheaper. >> But that, does that, is that going to confer advantage to Google's large language (indistinct)? >> It will, because there were deep science (indistinct). >> Google, I don't think Google search is doing a large language model on their search, it's keyword search. You know, what's the weather in Santa Cruz? Or how, what's the weather going to be? Or you know, how do I find this? Now they have done a smart job of doing some things with those queries, auto complete, re direct navigation. But it's, it's not entity. It's not like, "Hey, what's Dave Vellante thinking this week in Breaking Analysis?" ChatGPT might get that, because it'll get your Breaking Analysis, it'll synthesize it. There'll be some, maybe some clips. It'll be like, you know, I mean. >> Well I got to tell you, I asked ChatGPT to, like, I said, I'm going to enter a transcript of a discussion I had with Nir Zuk, the CTO of Palo Alto Networks, And I want you to write a 750 word blog. I never input the transcript. It wrote a 750 word blog. It attributed quotes to him, and it just pulled a bunch of stuff that, and said, okay, here it is. It talked about Supercloud, it defined Supercloud. >> It's made, it makes you- >> Wow, But it was a big lie. It was fraudulent, but still, blew me away. >> Again, vanilla content and non accurate content. So we are going to see a surge of misinformation on steroids, but I call it the vanilla content. Wow, that's just so boring, (indistinct). >> There's so many dangers. >> Make your point, cause we got to, almost out of time. >> Okay, so the consumption, like how do you consume this thing. As humans, we are consuming it and we are, like, getting a nicely, like, surprisingly shocked, you know, wow, that's cool. It's going to increase productivity and all that stuff, right? And on the danger side as well, the bad actors can take hold of it and create fake content and we have the fake sort of intelligence, if you go out there. So that's one thing. The second thing is, we are as humans are consuming this as language. Like we read that, we listen to it, whatever format we consume that is, but the ultimate usage of that will be when the machines can take that output from likes of ChatGPT, and do actions based on that. The robots can work, the robot can paint your house, we were talking about, right? Right now we can't do that. >> Data apps. >> So the data has to be ingested by the machines. It has to be digestible by the machines. And the machines cannot digest unorganized data right now, we will get better on the ingestion side as well. So we are getting better. >> Data, reasoning, insights, and action. >> I like that mall, paint my house. >> So, okay- >> By the way, that means drones that'll come in. Spray painting your house. >> Hey, it wasn't too long ago that robots couldn't climb stairs, as I like to point out. Okay, and of course it's no surprise the venture capitalists are lining up to eat at the trough, as I'd like to say. Let's hear, you'd referenced this earlier, John, let's hear what AI expert Howie Xu said at the Supercloud event, about what it takes to clone ChatGPT. Please, play the clip. >> So one of the VCs actually asked me the other day, right? "Hey, how much money do I need to spend, invest to get a, you know, another shot to the openAI sort of the level." You know, I did a (indistinct) >> Line up. >> A hundred million dollar is the order of magnitude that I came up with, right? You know, not a billion, not 10 million, right? So a hundred- >> Guys a hundred million dollars, that's an astoundingly low figure. What do you make of it? >> I was in an interview with, I was interviewing, I think he said hundred million or so, but in the hundreds of millions, not a billion right? >> You were trying to get him up, you were like "Hundreds of millions." >> Well I think, I- >> He's like, eh, not 10, not a billion. >> Well first of all, Howie Xu's an expert machine learning. He's at Zscaler, he's a machine learning AI guy. But he comes from VMware, he's got his technology pedigrees really off the chart. Great friend of theCUBE and kind of like a CUBE analyst for us. And he's smart. He's right. I think the barriers to entry from a dollar standpoint are lower than say the CapEx required to compete with AWS. Clearly, the CapEx spending to build all the tech for the run a cloud. >> And you don't need a huge sales force. >> And in some case apps too, it's the same thing. But I think it's not that hard. >> But am I right about that? You don't need a huge sales force either. It's, what, you know >> If the product's good, it will sell, this is a new era. The better mouse trap will win. This is the new economics in software, right? So- >> Because you look at the amount of money Lacework, and Snyk, Snowflake, Databrooks. Look at the amount of money they've raised. I mean it's like a billion dollars before they get to IPO or more. 'Cause they need promotion, they need go to market. You don't need (indistinct) >> OpenAI's been working on this for multiple five years plus it's, hasn't, wasn't born yesterday. Took a lot of years to get going. And Sam is depositioning all the success, because he's trying to manage expectations, To your point Sarbjeet, earlier. It's like, yeah, he's trying to "Whoa, whoa, settle down everybody, (Dave laughs) it's not that great." because he doesn't want to fall into that, you know, hero and then get taken down, so. >> It may take a 100 million or 150 or 200 million to train the model. But to, for the inference to, yeah to for the inference machine, It will take a lot more, I believe. >> Give it, so imagine, >> Because- >> Go ahead, sorry. >> Go ahead. But because it consumes a lot more compute cycles and it's certain level of storage and everything, right, which they already have. So I think to compute is different. To frame the model is a different cost. But to run the business is different, because I think 100 million can go into just fighting the Fed. >> Well there's a flywheel too. >> Oh that's (indistinct) >> (indistinct) >> We are running the business, right? >> It's an interesting number, but it's also kind of, like, context to it. So here, a hundred million spend it, you get there, but you got to factor in the fact that the ways companies win these days is critical mass scale, hitting a flywheel. If they can keep that flywheel of the value that they got going on and get better, you can almost imagine a marketplace where, hey, we have proprietary data, we're SiliconANGLE in theCUBE. We have proprietary content, CUBE videos, transcripts. Well wouldn't it be great if someone in a marketplace could sell a module for us, right? We buy that, Amazon's thing and things like that. So if they can get a marketplace going where you can apply to data sets that may be proprietary, you can start to see this become bigger. And so I think the key barriers to entry is going to be success. I'll give you an example, Reddit. Reddit is successful and it's hard to copy, not because of the software. >> They built the moat. >> Because you can, buy Reddit open source software and try To compete. >> They built the moat with their community. >> Their community, their scale, their user expectation. Twitter, we referenced earlier, that thing should have gone under the first two years, but there was such a great emotional product. People would tolerate the fail whale. And then, you know, well that was a whole 'nother thing. >> Then a plane landed in (John laughs) the Hudson and it was over. >> I think verticals, a lot of verticals will build applications using these models like for lawyers, for doctors, for scientists, for content creators, for- >> So you'll have many hundreds of millions of dollars investments that are going to be seeping out. If, all right, we got to wrap, if you had to put odds on it that that OpenAI is going to be the leader, maybe not a winner take all leader, but like you look at like Amazon and cloud, they're not winner take all, these aren't necessarily winner take all markets. It's not necessarily a zero sum game, but let's call it winner take most. What odds would you give that open AI 10 years from now will be in that position. >> If I'm 0 to 10 kind of thing? >> Yeah, it's like horse race, 3 to 1, 2 to 1, even money, 10 to 1, 50 to 1. >> Maybe 2 to 1, >> 2 to 1, that's pretty low odds. That's basically saying they're the favorite, they're the front runner. Would you agree with that? >> I'd say 4 to 1. >> Yeah, I was going to say I'm like a 5 to 1, 7 to 1 type of person, 'cause I'm a skeptic with, you know, there's so much competition, but- >> I think they're definitely the leader. I mean you got to say, I mean. >> Oh there's no question. There's no question about it. >> The question is can they execute? >> They're not Friendster, is what you're saying. >> They're not Friendster and they're more like Twitter and Reddit where they have momentum. If they can execute on the product side, and if they don't stumble on that, they will continue to have the lead. >> If they say stay neutral, as Sam is, has been saying, that, hey, Microsoft is one of our partners, if you look at their company model, how they have structured the company, then they're going to pay back to the investors, like Microsoft is the biggest one, up to certain, like by certain number of years, they're going to pay back from all the money they make, and after that, they're going to give the money back to the public, to the, I don't know who they give it to, like non-profit or something. (indistinct) >> Okay, the odds are dropping. (group talks over each other) That's a good point though >> Actually they might have done that to fend off the criticism of this. But it's really interesting to see the model they have adopted. >> The wildcard in all this, My last word on this is that, if there's a developer shift in how developers and data can come together again, we have conferences around the future of data, Supercloud and meshs versus, you know, how the data world, coding with data, how that evolves will also dictate, 'cause a wild card could be a shift in the landscape around how developers are using either machine learning or AI like techniques to code into their apps, so. >> That's fantastic insight. I can't thank you enough for your time, on the heels of Supercloud 2, really appreciate it. All right, thanks to John and Sarbjeet for the outstanding conversation today. Special thanks to the Palo Alto studio team. My goodness, Anderson, this great backdrop. You guys got it all out here, I'm jealous. And Noah, really appreciate it, Chuck, Andrew Frick and Cameron, Andrew Frick switching, Cameron on the video lake, great job. And Alex Myerson, he's on production, manages the podcast for us, Ken Schiffman as well. Kristen Martin and Cheryl Knight help get the word out on social media and our newsletters. Rob Hof is our editor-in-chief over at SiliconANGLE, does some great editing, thanks to all. Remember, all these episodes are available as podcasts. All you got to do is search Breaking Analysis podcast, wherever you listen. Publish each week on wikibon.com and siliconangle.com. Want to get in touch, email me directly, david.vellante@siliconangle.com or DM me at dvellante, or comment on our LinkedIn post. And by all means, check out etr.ai. They got really great survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching, We'll see you next time on Breaking Analysis. (electronic music)

>> Welcome back everyone to the closing remarks here before we kick off our ecosystem portion of the program. We're live in Palo Alto for theCUBE special presentation of Supercloud 2. It's the second edition, the first one was in August. I'm John Furrier with Dave Vellante. Here to wrap up with our special guest analyst George Gilbert, investor and industry legend former colleague of ours, analyst at Wikibon. George great to see you. Dave, you know, wrapping up this day what in a phenomenal program. We had a contribution from industry vendors, industry experts, practitioners and customers building and redefining their company's business model. Rolling out technology for Supercloud and multicloud and ultimately changing how they do data. And data was the theme today. So very, very great program. Before we jump into our favorite parts let's give a shout out to the folks who make this possible. Free contents our mission. We'll always stay true to that mission. We want to thank VMware, alkira, ChaosSearch, prosimo for being sponsors of this great program. We will have Supercloud 3 coming up in a month or so, or two months. We'll see. Or sooner, we don't know. But it'll be more about security, but a lot more momentum. Okay, so that's... >> And don't forget too that this program not going to end now. We've got a whole ecosystem speaks track so stay tuned for that. >> John: Yeah, we got another 20 interviews. Feels like it. >> Well, you're going to hear from Saks, Veronika Durgin. You're going to hear from Western Union, Harveer Singh. You're going to hear from Ionis Pharmaceuticals, Nick Taylor. Brian Gracely chimes in on Supecloud. So he's the man behind the cloud cast. >> Yeah, and you know, the practitioners again, pay attention to also to the cloud networking interviews. Lot of change going on there that's going to be disruptive and actually change the landscape as well. Again, as Supercloud progresses to be the next big thing. If you're not on this next wave, you'll drift what, as Pat Gelsinger says. >> Yep. >> To kick off the closing segments, George, Dave, this is a wave that's been identified. Again, people debate the word all you want Supercloud. It is a gateway to multicloud eventually it is the standard for new applications, new ways to do data. There's new computer science being generated and customer requirements being addressed. So it's the confluence of, you know, tectonic plates shifting in the industry, new computer science seeing things like AI and machine learning and data at the center of it and new infrastructure all kind of coming together. So, to me, that's my takeaway so far. That is the big story and it's going to change society and ultimately the business models of these companies. >> Well, we've had 10, you know, you think about it we came out of the financial crisis. We've had 10, 12 years despite the Covid of tech success, right? And just now CIOs are starting to hit the brakes. And so my point is you've had all this innovation building up for a decade and you've got this massive ecosystem that is running on the cloud and the ecosystem is saying, hey, we can have even more value by tapping best of of breed across clouds. And you've got customers saying, hey, we need help. We want to do more and we want to point our business and our intellectual property, our software tooling at our customers and monetize our data. So you have all these forces coming together and it's sort of entering a new era. >> George, I want to go to you for a second because you are big contributor to this event. Your interview with Bob Moglia with Dave was I thought a watershed moment for me to hear that the data apps, how databases are being rethought because we've been seeing a diversity of databases with Amazon Web services, you know, promoting no one database rules of the world. Now it's not one database kind of architecture that's puling these new apps. What's your takeaway from this event? >> So if you keep your eye on this North Star where instead of building apps that are based on code you're building apps that are defined by data coming off of things that are linked to the real world like people, places, things and activities. Then the idea is, and the example we use is, you know, Uber but it could be, you know, amazon.com is defined by stuff coming off data in the Amazon ecosystem or marketplace. And then the question is, and everyone was talking at different angles on this, which was, where's the data live? How much do you hide from the developer? You know, and when can you offer that? You know, and you started with Walmart which was describing apps, traditional apps that are just code. And frankly that's easier to make that cross cloud and you know, essentially location independent. As soon as you have data you need data management technology that a customer does not have the sophistication to build. And then the argument was like, so how much can you hide from the developer who's building data apps? Tristan's version was you take the modern data stack and you start adding these APIs that define business concepts like bookings, billings and revenue, you know, or in the Uber example like drivers and riders, you know, and ETA's and prices. But those things execute still on the data warehouse or data lakehouse. Then Bob Muglia was saying you're not really hiding enough from the developer because you still got to say how to do all that. And his vision is not only do you hide where the data is but you hide how to sort of get at all that code by just saying what you want. You define how a car and how a driver and how a rider works. And then those things automatically figure out underneath the cover. >> So huge challenges, right? There's governance, there's security, they could be big blockers to, you know, the Supercloud but the industry's going to be attacking that problem. >> Well, what's your take? What's your favorite segment? Zhamak Dehghani came on, she's starting in that company, exclusive news. That was big notable moment for theCUBE. She launched her company. She pioneered the data mesh concept. And I think what George is saying and what data mesh points to is something that we've been saying for a long time. That data is now going to flip the script on how apps behave. And the Uber example I think is illustrated 'cause people can relate to Uber. But imagine that for every business whether it's a manufacturing business or retail or oil and gas or FinTech, they can look at their business like a game almost gamify it with data, riders, cars you know, moving data around the value of data. This is something that Adam Selipsky teased out at AWS, Dave. So what's your takeaway from this Supercloud? Where are we in your mind? Well big thing is data products and decentralizing your data architecture, but putting data in the hands of domain experts who can actually monetize the data. And I think that's, to me that's really exciting. Because look, data products financial industry has always been doing building data products. Mortgage backed securities is a data product. But why should the financial industry have all the fun? I mean virtually every organization can tap its ecosystem build data products, take its internal IP and processes and software and point it to the world and actually begin to make money out of it. >> Okay, so let's go around the horn. I'll start, I'll get you guys some time to think. Next question, what did you learn today? I learned that I think it's an infrastructure game and talking to Kit Colbert at VMware, I think it's all about infrastructure refactoring and I think the data's going to be an ingredient that's going to be operating system like. I think you're going to see the infrastructure influencing operations that will enable Superclouds to be real. And developers won't even know what a Supercloud is because they'll be using it. It's the operations focus is going to be very critical. Just like DevOps movements started Cloud native I think you're going to see a data native movement and I think infrastructure is critical as people go to the next level. That's my big takeaway today. And I'll say the data conversation is at the center. I think security, data are going to be always active horizontally scalable concepts, but every company's going to reset their infrastructure, how it looks and if it's not set up for data and or things that there need to be agile on, it's going to be a non-starter. So I think that's the cloud NextGen, distributed computing. >> I mean, what came into focus for me was I think the hyperscaler is going to continue to do their thing, you know, and be very, very successful and they're each coming at it from different approaches. We talk about this all the time in theCUBE. Amazon the best infrastructure, you know, Google's got its you know, data and AI thing and it's playing catch up and Microsoft's got this massive estate. Okay, cool. Check. The next wave of innovation which is coming from data, I've always said follow the data. That's where the where the money's going to be is going to come from other places. People want to be able to, organizations want to be able to share data across clouds across their organization, outside of their ecosystem and make money with that data sharing. They don't want to FTP it anymore. I got it. You take it. They want to work with live data in real time and I think the edge, we didn't talk much about the edge today is going to even take that to a new level real time inferencing at the edge, AI and and being able to do new things with data that we haven't even seen. But playing around with ChatGPT, it's blowing our mind. And I think you're right, it's like when we first saw the browser, holy crap, this is going to change the world. >> Yeah. And the ChatGPT by the way is going to create a wave of machine learning and data refactoring for sure. But also Howie Liu had an interesting comment, he was asked by a VC how much to replicate that and he said it's in the hundreds of millions, not billions. Now if you asked that same question how much does it cost to replicate AWS? The CapEx alone is unstoppable, they're already done. So, you know, the hyperscalers are going to continue to boom. I think they're going to drive the infrastructure. I think Amazon's going to be really strong at silicon and physics and squeeze every ounce atom out of every physical thing and then get latency as your bottleneck and the rest is all going to be... >> That never blew me away, a hundred million to create kind of an open AI, you know, competitor. Look at companies like Lacework. >> John: Some people have that much cash on the balance sheet. >> These are security companies that have raised a billion dollars, right? To compete. You know, so... >> If you're not shifting left what do you do with data, shift up? >> But, you know. >> What did you learn, George? >> I'm listening to you and I think you're helping me crystallize something which is the software infrastructure to enable the data apps is wide open. The way Zhamak described it is like if you want a data product like a sales and operation plan, that is built on other data products, like a sales plan which has a forecast in it, it has a production plan, it has a procurement plan and then a sales and operation plan is actually a composition of all those and they call each other. Now in her current platform, you need to expose to the developer a certain amount of mechanics on how to move all that data, when to move it. Like what happens if something fails. Now Muglia is saying I can hide that completely. So all you have to say is what you want and the underlying machinery takes care of everything. The problem is Muglia stuff is still a few years off. And Tristan is saying, I can give you much of that today but it's got to run in the data warehouse. So this trade offs all different ways. But again, I agree with you that the Cloud platform vendors or the ecosystem participants who can run across Cloud platforms and private infrastructure will be the next platform. And then the cloud platform is sort of where you run the big honking centralized stuff where someone else manages the operations. >> Sounds like middleware to me, Dave >> And key is, I'll just end with this. The key is being able to get to the data, whether it's in a data warehouse or a data lake or a S3 bucket or an object store, Oracle database, whatever. It's got to be inclusive that is critical to execute on the vision that you just talked about 'cause that data's in different systems and you're not going to put it all into some new system. >> So creating middleware in the cloud that sounds what it sounds like to me. >> It's like, you discovered PaaS >> It's a super PaaS. >> But it's platform services 'cause PaaS connotes like a tightly integrated platform. >> Well this is the real thing that's going on. We're going to see how this evolves. George, great to have you on, Dave. Thanks for the summary. I enjoyed this segment a lot today. This ends our stage performance live here in Palo Alto. As you know, we're live stage performance and syndicate out virtually. Our afternoon program's going to kick in now you're going to hear some great interviews. We got ChaosSearch. Defining the network Supercloud from prosimo. Future of Cloud Network, alkira. We got Saks, a retail company here, Veronika Durgin. We got Dave with Western Union. So a lot of customers, a pharmaceutical company Warner Brothers, Discovery, media company. And then you know, what is really needed for Supercloud, good panels. So stay with us for the afternoon program. That's part two of Supercloud 2. This is a wrap up for our stage live performance. I'm John Furrier with Dave Vellante and George Gilbert here wrapping up. Thanks for watching and enjoy the program. (bright music)

>>From the Cube Studios in Palo Alto in Boston, bringing you data-driven insights from the cube and E T R. This is breaking analysis with Dave Valante. >>Making technology predictions in 2022 was tricky business, especially if you were projecting the performance of markets or identifying I P O prospects and making binary forecast on data AI and the macro spending climate and other related topics in enterprise tech 2022, of course was characterized by a seesaw economy where central banks were restructuring their balance sheets. The war on Ukraine fueled inflation supply chains were a mess. And the unintended consequences of of forced march to digital and the acceleration still being sorted out. Hello and welcome to this week's weekly on Cube Insights powered by E T R. In this breaking analysis, we continue our annual tradition of transparently grading last year's enterprise tech predictions. And you may or may not agree with our self grading system, but look, we're gonna give you the data and you can draw your own conclusions and tell you what, tell us what you think. >>All right, let's get right to it. So our first prediction was tech spending increases by 8% in 2022. And as we exited 2021 CIOs, they were optimistic about their digital transformation plans. You know, they rushed to make changes to their business and were eager to sharpen their focus and continue to iterate on their digital business models and plug the holes that they, the, in the learnings that they had. And so we predicted that 8% rise in enterprise tech spending, which looked pretty good until Ukraine and the Fed decided that, you know, had to rush and make up for lost time. We kind of nailed the momentum in the energy sector, but we can't give ourselves too much credit for that layup. And as of October, Gartner had it spending growing at just over 5%. I think it was 5.1%. So we're gonna take a C plus on this one and, and move on. >>Our next prediction was basically kind of a slow ground ball. The second base, if I have to be honest, but we felt it was important to highlight that security would remain front and center as the number one priority for organizations in 2022. As is our tradition, you know, we try to up the degree of difficulty by specifically identifying companies that are gonna benefit from these trends. So we highlighted some possible I P O candidates, which of course didn't pan out. S NQ was on our radar. The company had just had to do another raise and they recently took a valuation hit and it was a down round. They raised 196 million. So good chunk of cash, but, but not the i p O that we had predicted Aqua Securities focus on containers and cloud native. That was a trendy call and we thought maybe an M SS P or multiple managed security service providers like Arctic Wolf would I p o, but no way that was happening in the crummy market. >>Nonetheless, we think these types of companies, they're still faring well as the talent shortage in security remains really acute, particularly in the sort of mid-size and small businesses that often don't have a sock Lacework laid off 20% of its workforce in 2022. And CO C e o Dave Hatfield left the company. So that I p o didn't, didn't happen. It was probably too early for Lacework. Anyway, meanwhile you got Netscope, which we've cited as strong in the E T R data as particularly in the emerging technology survey. And then, you know, I lumia holding its own, you know, we never liked that 7 billion price tag that Okta paid for auth zero, but we loved the TAM expansion strategy to target developers beyond sort of Okta's enterprise strength. But we gotta take some points off of the failure thus far of, of Okta to really nail the integration and the go to market model with azero and build, you know, bring that into the, the, the core Okta. >>So the focus on endpoint security that was a winner in 2022 is CrowdStrike led that charge with others holding their own, not the least of which was Palo Alto Networks as it continued to expand beyond its core network security and firewall business, you know, through acquisition. So overall we're gonna give ourselves an A minus for this relatively easy call, but again, we had some specifics associated with it to make it a little tougher. And of course we're watching ve very closely this this coming year in 2023. The vendor consolidation trend. You know, according to a recent Palo Alto network survey with 1300 SecOps pros on average organizations have more than 30 tools to manage security tools. So this is a logical way to optimize cost consolidating vendors and consolidating redundant vendors. The E T R data shows that's clearly a trend that's on the upswing. >>Now moving on, a big theme of 2020 and 2021 of course was remote work and hybrid work and new ways to work and return to work. So we predicted in 2022 that hybrid work models would become the dominant protocol, which clearly is the case. We predicted that about 33% of the workforce would come back to the office in 2022 in September. The E T R data showed that figure was at 29%, but organizations expected that 32% would be in the office, you know, pretty much full-time by year end. That hasn't quite happened, but we were pretty close with the projection, so we're gonna take an A minus on this one. Now, supply chain disruption was another big theme that we felt would carry through 2022. And sure that sounds like another easy one, but as is our tradition, again we try to put some binary metrics around our predictions to put some meat in the bone, so to speak, and and allow us than you to say, okay, did it come true or not? >>So we had some data that we presented last year and supply chain issues impacting hardware spend. We said at the time, you can see this on the left hand side of this chart, the PC laptop demand would remain above pre covid levels, which would reverse a decade of year on year declines, which I think started in around 2011, 2012. Now, while demand is down this year pretty substantially relative to 2021, I D C has worldwide unit shipments for PCs at just over 300 million for 22. If you go back to 2019 and you're looking at around let's say 260 million units shipped globally, you know, roughly, so, you know, pretty good call there. Definitely much higher than pre covid levels. But so what you might be asking why the B, well, we projected that 30% of customers would replace security appliances with cloud-based services and that more than a third would replace their internal data center server and storage hardware with cloud services like 30 and 40% respectively. >>And we don't have explicit survey data on exactly these metrics, but anecdotally we see this happening in earnest. And we do have some data that we're showing here on cloud adoption from ET R'S October survey where the midpoint of workloads running in the cloud is around 34% and forecast, as you can see, to grow steadily over the next three years. So this, well look, this is not, we understand it's not a one-to-one correlation with our prediction, but it's a pretty good bet that we were right, but we gotta take some points off, we think for the lack of unequivocal proof. Cause again, we always strive to make our predictions in ways that can be measured as accurate or not. Is it binary? Did it happen, did it not? Kind of like an O K R and you know, we strive to provide data as proof and in this case it's a bit fuzzy. >>We have to admit that although we're pretty comfortable that the prediction was accurate. And look, when you make an hard forecast, sometimes you gotta pay the price. All right, next, we said in 2022 that the big four cloud players would generate 167 billion in IS and PaaS revenue combining for 38% market growth. And our current forecasts are shown here with a comparison to our January, 2022 figures. So coming into this year now where we are today, so currently we expect 162 billion in total revenue and a 33% growth rate. Still very healthy, but not on our mark. So we think a w s is gonna miss our predictions by about a billion dollars, not, you know, not bad for an 80 billion company. So they're not gonna hit that expectation though of getting really close to a hundred billion run rate. We thought they'd exit the year, you know, closer to, you know, 25 billion a quarter and we don't think they're gonna get there. >>Look, we pretty much nailed Azure even though our prediction W was was correct about g Google Cloud platform surpassing Alibaba, Alibaba, we way overestimated the performance of both of those companies. So we're gonna give ourselves a C plus here and we think, yeah, you might think it's a little bit harsh, we could argue for a B minus to the professor, but the misses on GCP and Alibaba we think warrant a a self penalty on this one. All right, let's move on to our prediction about Supercloud. We said it becomes a thing in 2022 and we think by many accounts it has, despite the naysayers, we're seeing clear evidence that the concept of a layer of value add that sits above and across clouds is taking shape. And on this slide we showed just some of the pickup in the industry. I mean one of the most interesting is CloudFlare, the biggest supercloud antagonist. >>Charles Fitzgerald even predicted that no vendor would ever use the term in their marketing. And that would be proof if that happened that Supercloud was a thing and he said it would never happen. Well CloudFlare has, and they launched their version of Supercloud at their developer week. Chris Miller of the register put out a Supercloud block diagram, something else that Charles Fitzgerald was, it was was pushing us for, which is rightly so, it was a good call on his part. And Chris Miller actually came up with one that's pretty good at David Linthicum also has produced a a a A block diagram, kind of similar, David uses the term metacloud and he uses the term supercloud kind of interchangeably to describe that trend. And so we we're aligned on that front. Brian Gracely has covered the concept on the popular cloud podcast. Berkeley launched the Sky computing initiative. >>You read through that white paper and many of the concepts highlighted in the Supercloud 3.0 community developed definition align with that. Walmart launched a platform with many of the supercloud salient attributes. So did Goldman Sachs, so did Capital One, so did nasdaq. So you know, sorry you can hate the term, but very clearly the evidence is gathering for the super cloud storm. We're gonna take an a plus on this one. Sorry, haters. Alright, let's talk about data mesh in our 21 predictions posts. We said that in the 2020s, 75% of large organizations are gonna re-architect their big data platforms. So kind of a decade long prediction. We don't like to do that always, but sometimes it's warranted. And because it was a longer term prediction, we, at the time in, in coming into 22 when we were evaluating our 21 predictions, we took a grade of incomplete because the sort of decade long or majority of the decade better part of the decade prediction. >>So last year, earlier this year, we said our number seven prediction was data mesh gains momentum in 22. But it's largely confined and narrow data problems with limited scope as you can see here with some of the key bullets. So there's a lot of discussion in the data community about data mesh and while there are an increasing number of examples, JP Morgan Chase, Intuit, H S P C, HelloFresh, and others that are completely rearchitecting parts of their data platform completely rearchitecting entire data platforms is non-trivial. There are organizational challenges, there're data, data ownership, debates, technical considerations, and in particular two of the four fundamental data mesh principles that the, the need for a self-service infrastructure and federated computational governance are challenging. Look, democratizing data and facilitating data sharing creates conflicts with regulatory requirements around data privacy. As such many organizations are being really selective with their data mesh implementations and hence our prediction of narrowing the scope of data mesh initiatives. >>I think that was right on J P M C is a good example of this, where you got a single group within a, within a division narrowly implementing the data mesh architecture. They're using a w s, they're using data lakes, they're using Amazon Glue, creating a catalog and a variety of other techniques to meet their objectives. They kind of automating data quality and it was pretty well thought out and interesting approach and I think it's gonna be made easier by some of the announcements that Amazon made at the recent, you know, reinvent, particularly trying to eliminate ET t l, better connections between Aurora and Redshift and, and, and better data sharing the data clean room. So a lot of that is gonna help. Of course, snowflake has been on this for a while now. Many other companies are facing, you know, limitations as we said here and this slide with their Hadoop data platforms. They need to do new, some new thinking around that to scale. HelloFresh is a really good example of this. Look, the bottom line is that organizations want to get more value from data and having a centralized, highly specialized teams that own the data problem, it's been a barrier and a blocker to success. The data mesh starts with organizational considerations as described in great detail by Ash Nair of Warner Brothers. So take a listen to this clip. >>Yeah, so when people think of Warner Brothers, you always think of like the movie studio, but we're more than that, right? I mean, you think of H B O, you think of t n t, you think of C N N. We have 30 plus brands in our portfolio and each have their own needs. So the, the idea of a data mesh really helps us because what we can do is we can federate access across the company so that, you know, CNN can work at their own pace. You know, when there's election season, they can ingest their own data and they don't have to, you know, bump up against, as an example, HBO if Game of Thrones is going on. >>So it's often the case that data mesh is in the eyes of the implementer. And while a company's implementation may not strictly adhere to Jamma Dani's vision of data mesh, and that's okay, the goal is to use data more effectively. And despite Gartner's attempts to deposition data mesh in favor of the somewhat confusing or frankly far more confusing data fabric concept that they stole from NetApp data mesh is taking hold in organizations globally today. So we're gonna take a B on this one. The prediction is shaping up the way we envision, but as we previously reported, it's gonna take some time. The better part of a decade in our view, new standards have to emerge to make this vision become reality and they'll come in the form of both open and de facto approaches. Okay, our eighth prediction last year focused on the face off between Snowflake and Databricks. >>And we realized this popular topic, and maybe one that's getting a little overplayed, but these are two companies that initially, you know, looked like they were shaping up as partners and they, by the way, they are still partnering in the field. But you go back a couple years ago, the idea of using an AW w s infrastructure, Databricks machine intelligence and applying that on top of Snowflake as a facile data warehouse, still very viable. But both of these companies, they have much larger ambitions. They got big total available markets to chase and large valuations that they have to justify. So what's happening is, as we've previously reported, each of these companies is moving toward the other firm's core domain and they're building out an ecosystem that'll be critical for their future. So as part of that effort, we said each is gonna become aggressive investors and maybe start doing some m and a and they have in various companies. >>And on this chart that we produced last year, we studied some of the companies that were targets and we've added some recent investments of both Snowflake and Databricks. As you can see, they've both, for example, invested in elation snowflake's, put money into Lacework, the Secur security firm, ThoughtSpot, which is trying to democratize data with ai. Collibra is a governance platform and you can see Databricks investments in data transformation with D B T labs, Matillion doing simplified business intelligence hunters. So that's, you know, they're security investment and so forth. So other than our thought that we'd see Databricks I p o last year, this prediction been pretty spot on. So we'll give ourselves an A on that one. Now observability has been a hot topic and we've been covering it for a while with our friends at E T R, particularly Eric Bradley. Our number nine prediction last year was basically that if you're not cloud native and observability, you are gonna be in big trouble. >>So everything guys gotta go cloud native. And that's clearly been the case. Splunk, the big player in the space has been transitioning to the cloud, hasn't always been pretty, as we reported, Datadog real momentum, the elk stack, that's open source model. You got new entrants that we've cited before, like observe, honeycomb, chaos search and others that we've, we've reported on, they're all born in the cloud. So we're gonna take another a on this one, admittedly, yeah, it's a re reasonably easy call, but you gotta have a few of those in the mix. Okay, our last prediction, our number 10 was around events. Something the cube knows a little bit about. We said that a new category of events would emerge as hybrid and that for the most part is happened. So that's gonna be the mainstay is what we said. That pure play virtual events are gonna give way to hi hybrid. >>And the narrative is that virtual only events are, you know, they're good for quick hits, but lousy replacements for in-person events. And you know that said, organizations of all shapes and sizes, they learn how to create better virtual content and support remote audiences during the pandemic. So when we set at pure play is gonna give way to hybrid, we said we, we i we implied or specific or specified that the physical event that v i p experience is going defined. That overall experience and those v i p events would create a little fomo, fear of, of missing out in a virtual component would overlay that serves an audience 10 x the size of the physical. We saw that really two really good examples. Red Hat Summit in Boston, small event, couple thousand people served tens of thousands, you know, online. Second was Google Cloud next v i p event in, in New York City. >>Everything else was, was, was, was virtual. You know, even examples of our prediction of metaverse like immersion have popped up and, and and, and you know, other companies are doing roadshow as we predicted like a lot of companies are doing it. You're seeing that as a major trend where organizations are going with their sales teams out into the regions and doing a little belly to belly action as opposed to the big giant event. That's a definitely a, a trend that we're seeing. So in reviewing this prediction, the grade we gave ourselves is, you know, maybe a bit unfair, it should be, you could argue for a higher grade, but the, but the organization still haven't figured it out. They have hybrid experiences but they generally do a really poor job of leveraging the afterglow and of event of an event. It still tends to be one and done, let's move on to the next event or the next city. >>Let the sales team pick up the pieces if they were paying attention. So because of that, we're only taking a B plus on this one. Okay, so that's the review of last year's predictions. You know, overall if you average out our grade on the 10 predictions that come out to a b plus, I dunno why we can't seem to get that elusive a, but we're gonna keep trying our friends at E T R and we are starting to look at the data for 2023 from the surveys and all the work that we've done on the cube and our, our analysis and we're gonna put together our predictions. We've had literally hundreds of inbounds from PR pros pitching us. We've got this huge thick folder that we've started to review with our yellow highlighter. And our plan is to review it this month, take a look at all the data, get some ideas from the inbounds and then the e t R of January surveys in the field. >>It's probably got a little over a thousand responses right now. You know, they'll get up to, you know, 1400 or so. And once we've digested all that, we're gonna go back and publish our predictions for 2023 sometime in January. So stay tuned for that. All right, we're gonna leave it there for today. You wanna thank Alex Myerson who's on production and he manages the podcast, Ken Schiffman as well out of our, our Boston studio. I gotta really heartfelt thank you to Kristen Martin and Cheryl Knight and their team. They helped get the word out on social and in our newsletters. Rob Ho is our editor in chief over at Silicon Angle who does some great editing for us. Thank you all. Remember all these podcasts are available or all these episodes are available is podcasts. Wherever you listen, just all you do Search Breaking analysis podcast, really getting some great traction there. Appreciate you guys subscribing. I published each week on wikibon.com, silicon angle.com or you can email me directly at david dot valante silicon angle.com or dm me Dante, or you can comment on my LinkedIn post. And please check out ETR AI for the very best survey data in the enterprise tech business. Some awesome stuff in there. This is Dante for the Cube Insights powered by etr. Thanks for watching and we'll see you next time on breaking analysis.

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back everyone. We're so glad that you're still with us. It's the Cube Live at the MGM Grand. This is our second day of coverage of Palo Alto Networks Ignite. This is takeaways from Ignite 22. Lisa Martin here with two really smart guys, Dave Valante. Dave, we're joined by one of our cube alumni, a friend, a friend of the, we say friend of the Cube. >>Yeah, otc. A friend of the Cube >>Karala joined us. Guys, it's great to have you here. It's been an exciting show. A lot of cybersecurity is one of my favorite topics to talk about. But I'd love to get some of the big takeaways from both of you. Dave, we'll start with you. >>A breathing room from two weeks ago. Yeah, that was, that was really pleasant. You know, I mean, I know was, yes, you sat in the analyst program, interested in what your takeaways were from there. But, you know, coming into this, we wrote a piece, Palo Alto's Gold Standard, what they need to do to, to keep that, that status. And we hear it a lot about consolidation. That's their big theme now, which is timely, right? Cause people wanna save money, they wanna do more with less. But I'm really interested in hearing zeus's thoughts on how that's playing in the market. How customers, how easy is it to just say, oh, hey, I'm gonna consolidate. I wanna get into that a little bit with you, how well the strategy's working. We're gonna get into some of the m and a activity and really bring your perspectives to the table. Well, >>It's, it's not easy. I mean, people have been calling for the consolidation of security for decades, and it's, it's, they're the first company that's actually made it happen. Right? And, and I think this is what we're seeing here is the culmination of this long term strategy, this company trying to build more of a platform. And they, you know, they, they came out as a firewall vendor. And I think it's safe to say they're more than firewall today. That's only about two thirds of their revenue now. So down from 80% a few years ago. And when I think of what Palo Alto has become, they're really a data company. Now, if you look at, you know, unit 42 in Cortex, the, the, the Cortex Data Lake, they've done an excellent job of taking telemetry from their products and from the acquisitions they have, right? And bringing that together into one big data lake. >>And then they're able to use that to, to do faster threat notification, forensics, things like that. And so I think the old model of security of create signatures for known threats, it's safe to say it never really worked and it wasn't ever gonna work. You had too many day zero exploits and things. The only way to fight security today is with a AI and ML based analytics. And they have, they're the gold standard. I think the one thing about your post that I would add the gold standard from a data standpoint, and that's given them this competitive advantage to go out and become a platform for a security. Which, like I said, the people have tried to do that for years. And the first one that's actually done it, well, >>We've heard this from some of the startups, like Lacework will say, oh, we treat security as a data problem. Of course there's a startup, Palo Alto's got, you know, whatever, 10, 15 years of, of, of history. But one of the things I wanted to explore with you coming into this was the notion of can you be best of breed and develop a suite? And we, we've been hearing a consistent answer to that question, which is, and, and do you need to, and the answer is, well, best of breed in security requires that full spectrum, that full view. So here's my question to you. So, okay, let's take Esty win relatively new for these guys, right? Yeah. Okay. And >>And one of the few products are not top two, top three in, right? Exactly. >>Yeah. So that's why I want to take that. Yeah. Because in bakeoffs, they're gonna lose on a head-to-head best of breed. And so the customer's gonna say, Hey, you know, I love your, your consolidation play, your esty win's. Just, okay, how about a little discount on that? And you know, these guys are premium priced. Yes. So, you know, are they in essentially through their pricing strategies, sort of creating that stuff, fighting that, is that friction for them where they've got, you know, the customer says, all right, well forget it, we're gonna go stove pipe with the SD WAN will consolidate some of the stuff. Are you seeing that? >>Yeah, I, I, I still think the sales model is that way. And I think that's something they need to work on changing. If they get into a situation where they have to get down into a feature battle of my SD WAN versus your SD wan, my firewall versus your firewall, frankly they've already lost, you know, because their value prop is the suite and, and is the platform. And I was talking to the CISO here that told me, he realizes now that you don't need best of breed everywhere to have best in class threat protection. In fact, best of breed everywhere leads to suboptimal threat protection. Cuz you have all these data data sets that are in silos, right? And so from a data scientist standpoint, right, there's the good data leads to good insights. Well, partial data leads to fragmented insights and that's, that's what the best, best of breed approach gives you. And so I was talking with Palo about this, can they have this vision of being best of breed and platform? I don't really think you can maintain best of breed everywhere across this portfolio this big, but you don't need to. >>That was my second point of my >>Question. That's the point. >>Yeah. And so, cuz cuz because you know, we've talked about this, that that sweets always win in the long run, >>Sweets >>Win. Yeah. But here's the thing, I, I wonder to your your point about, you know, the customer, you know, understanding that that that, that this resonates with them. I, my guess is a lot of customers, you know, at that mid-level and the fat middle are like still sort of wed, you know, hugging that, that tool. So there's, there's work to be done here, but I think they, they, they got it right Because if they devolve, to your point, if they devolve down to that speeds and feeds, eh, what's the point of that? Where's their valuable? >>You do not wanna get into a knife fight. And I, and I, and I think for them the, a big challenge now is convincing customers that the suite, the suite approach does work. And they have to be able to do that in actual customer examples. And so, you know, I I interviewed a bunch of customers here and the ones that have bought into XDR and xor and even are looking at their sim have told me that the, the, so think of soc operations, the old way heavily manually oriented, right? You have multiple panes of glass and you know, and then you've got, so there's a lot of people work before you bring the tools in, right? If done correctly with AI and ml, the machines would do all the heavy lifting and then you'd bring people in at the end to clean up the little bits that were missed, right? >>And so you, you moved to, from something that was very people heavy to something that's machine heavy and machines can work a lot faster than people. And the, and so the ones that I've talked that have, that have done that have said, look, our engineers have moved on to a lot different things. They're doing penetration testing, they're, you know, helping us with, with strategy and they're not fighting that, that daily fight of looking through log files. And the only proof point you need, Dave, is look at every big breach that we've had over the last five years. There's some SIM vendor up there that says, we caught it. Yeah. >>Yeah. We we had the data. >>Yeah. But, but, but the security team missed it. Well they missed it because you're, nobody can look at that much data manually. And so the, I I think their approach of relying heavily on machines to fight the fight is actually the right way. >>Is that a differentiator for them versus, we were talking before we went live that you and I first hit our very first segment back in 2017 at Fort Net. Is that, where do the two stand in your >>Yeah, it's funny cuz if you talk to the two vendors, they don't really see each other in a lot of accounts because Fort Net's more small market mid-market. It's the same strategy to some degree where Fort Net relies heavily on in-house development and Palo Alto relies heavily on acquisition. Yeah. And so I think from a consistently feature set, you know, Fort Net has an advantage there because it, it's all run off their, their their silicon. Where, where Palo's able to innovate very quickly. The, it it requires a lot of work right? To, to bring the front end and back ends together. But they're serving different markets. So >>Do you see that as a differentiator? The integration strategy that Palo Alto has as a differentiator? We talk to so many companies who have an a strong m and a strategy and, and execution arm. But the challenge is always integrating the technology so that the customer to, you know, ultimately it's the customer. >>I actually think they're, they're underrated as a, an acquirer. In fact, Dave wrote a post to a prior on Silicon Angle prior to Accelerate and he, he on, you put it on Twitter and you asked people to rank 'em as an acquirer and they were in the middle of the pack, >>Right? It was, it was. So it was Oracle, VMware, emc, ibm, Cisco, ServiceNow, and Palo Alto. Yeah. Or Oracle got very high marks. It was like 8.5 out of, you know, 10. Yeah. VMware I think was 6.5. Nice. Era was high emc, big range. IBM five to seven. Cisco was three to eight. Yeah. Yeah, right. ServiceNow was a seven. And then, yeah, Palo Alto was like a five. And I, which I think it was unfair. >>Well, and I think it depends on how you look at it. And I, so I think a lot of the acquisitions Palo Altos made, they've done a good job of integrating their backend data and they've almost ignored the front end. And so when you buy some of the products, it's a little clunky today. You know, if you work with Prisma Cloud, it could be a little bit cleaner. And even with, you know, the SD wan that took 'em a long time to bring CloudGenix in and stuff. But I think the approach is right. I don't, I don't necessarily believe you should integrate the front end until you've integrated the back end. >>That's >>The hard part, right? Because UL ultimately what you're gonna get, you're gonna get two panes of glass and one pane of glass and it might look pretty all mush together, but ultimately you're not solving the bigger problem, right. Of, of being able to create that big data like the, the fight security. And so I think, you know, the approach they've taken is the right one. I think from a user standpoint, maybe it doesn't show up as neatly because you don't see the frontend integration, but the way they're doing it is the right way to do it. And I'm glad they're doing it that way versus caving to the pressures of what, you know, the industry might want >>Showed up in the performance of the company. I mean, this company was basically gonna double revenues to 7 billion from 2020 to >>2023. Three. Think about that at that, that >>Make a, that's unbelievable, right? I mean, and then and they wanna double again. Yeah. You know, so, well >>What did, what did Nikesh was quoted as saying they wanna be the first cyber company that's a hundred billion dollars. He didn't give a timeline market cap. >>Right. >>Market cap, right. Do what I wanna get both of your opinions on what you saw and heard and felt this week. What do you think the likelihood is? And and do you have any projections on how, you know, how many years it's gonna take for them to get there? >>Well, >>Well I think so if they're gonna get that big, right? And, and we were talking about this pre-show, any company that's becoming a big company does it through ecosystem >>Bingo. >>Right? And that when you look around the show floor, it's not that impressive. And if that, if there's an area they need to focus on, it's building that ecosystem. And it's not with other security vendors, it's with application vendors and it's with the cloud companies and stuff. And they've got some relationships there, but they need to do more. I actually challenge 'em on that. One of the analyst sessions. They said, look, we've got 800 cortex partners. Well where are they? Right? Why isn't there a cortex stand here with a bunch of the small companies here? So I do think that that is an area they need to focus on. If they are gonna get to that, that market caps number, they will do so do so through ecosystem. Because every company that's achieved that has done it through ecosystem. >>A hundred percent agree. And you know, if you look at CrowdStrike's ecosystem, it's pretty similar. Yeah. You know, it doesn't really, you know, make much, much, not much different from this, but I went back and just looked at some, you know, peak valuations during the pandemic and shortly thereafter CrowdStrike was 70 billion. You know, that's what their roughly their peak Palo Alto was 56, fortune was 59 for the actually diverged. Right. And now Palo Alto has taken the, the top mantle, you know, today it's market cap's 52. So it's held 93% of its peak value. Everybody else is tanking. Even Okta was 45 billion. It's been crushed as you well know. But, so Palo Alto wasn't always, you know, the number one in terms of market cap. But I guess my point is, look, if CrowdStrike could got to 70 billion during Yeah. During the frenzy, I think it's gonna take, to answer your question, I think it's gonna be five years. Okay. Before they get back there. I think this market's gonna be tough for a while from a valuation standpoint. I think generally tech is gonna kind of go up and down and sideways for a good year and a half, maybe even two years could be even longer. And then I think there's gonna be some next wave of productivity innovation that that hits. And then you're gonna, you're almost always gonna exceed the previous highs. It's gonna take a while. Yeah, >>Yeah, yeah. But I think their ability to disrupt the SIM market actually is something I, I believe they're gonna do. I've been calling for the death of the sim for a long time and I know some people at Palo Alto are very cautious about saying that cuz the Splunks and the, you know, they're, they're their partners. But I, I think the, you know, it's what I said before, the, the tools are catching them, but they're, it's not in a way that's useful for the IT pro and, but I, I don't think the SIM vendors have that ecosystem of insight across network cloud endpoint. Right. Which is what you need in order to make a sim useful. >>CISO at an ETR roundtable said, if, if it weren't for my regulators, I would chuck my sim. >>Yes. >>But that's the only reason that, that this person was keeping it. So, >>Yeah. And I think the, the fact that most of those companies have moved to a perpetual MO or a a recurring revenue model actually helps unseat them. Typically when you pour a bunch of money into something, you remember the old computer associate days, nobody ever took it out cuz the sunk dollars you spent to do it. But now that you're paying an annual recurring fee, it's actually makes it easier to take out. So >>Yeah, it's it's an ebb and flow, right? Yeah. Because the maintenance costs were, you know, relatively low. Maybe it was 20% of the total. And then, you know, once every five years you had to do a refresh and you were still locked into the sort of maintenance and, and so yeah, I think you're right. The switching costs with sas, you know, in theory anyway, should be less >>Yeah. As long as you can migrate the data over. And I think they've got a pretty good handle on that. So, >>Yeah. So guys, I wanna get your perspective as a whole bunch of announcements here. We've only been here for a couple days, not a big conference as, as you can see from behind us. What Zs in your opinion was Palo Alto's main message and and what do you think about it main message at this event? And then same question for you. >>Yeah, I, I think their message largely wrapped around disruption, right? And, and they, in The's keynote already talked about that, right? And where they disrupted the firewall market by creating a NextGen firewall. In fact, if you look at all the new services they added to their firewall, you, you could almost say it's a NextGen NextGen firewall. But, but I do think the, the work they've done in the area of cloud and cortex actually I think is, is pretty impressive. And I think that's the, the SOC is ripe for disruption because it's for, for the most part, most socks still, you know, run off legacy playbooks. They run off legacy, you know, forensic models and things and they don't work. It's why we have so many breaches today. The, the dirty little secret that nobody ever wants to talk about is the bad guys are using machine learning, right? And so if you're using a signature based model, all they're do is tweak their model a little bit and it becomes, it bypasses them. So I, I think the only way to fight the the bad guys today is with you gotta fight fire with fire. And I think that's, that's the path they've, they've headed >>Down and the bad guys are hiding in plain sight, you know? >>Yeah, yeah. Well it's, it's not hard to do now with a lot of those legacy tools. So >>I think, I think for me, you know, the stat that we threw out earlier, I think yesterday at our keynote analysis was, you know, the ETR data shows that are, that are that last survey around 35% of the respondents said we are actively consolidating, sorry, 44%, sorry, 35 says we're actively consolidating vendors, redundant vendors today. That number's up to 44%. Yeah. It's by far the number one cost optimization technique. That's what these guys are pitching. And I think it's gonna resonate with people and, and I think to your point, they're integrating at the backend, their beeps are technical, right? I mean, they can deal with that complexity. Yeah. And so they don't need eye candy. Eventually they, they, they want to have that cuz it'll allow 'em to have deeper market penetration and make people more productive. But you know, that consolidation message came through loud and clear. >>Yeah. The big change in this industry too is all the new startups are all cloud native, right? They're all built on Amazon or Google or whatever. Yeah. And when your cloud native and you buy a cloud native integration is fast. It's not like having to integrate this big monolithic software stack anymore. Right. So I I think their pace of integration will only accelerate from here because everything's now cloud native. >>If a customer comes to you or when a customer comes to you and says, Zs help us with this cyber transformation we have, our board isn't necessarily with our executives in terms of execution of a security strategy. How do you advise them where Palo Alto is concerned? >>Yeah. You know, a lot, a lot of this is just fighting legacy mindset. And I've, I was talking with some CISOs here from state and local governments and things and they're, you know, they can't get more budget. They're fighting the tide. But what they did find is through the use of automation technology, they're able to bring their people costs way down. Right. And then be able to use that budget to invest in a lot of new projects. And so with that, you, you have to start with your biggest pain points, apply automation where you can, and then be able to use that budget to reinvest back in your security strategy. And it's good for the IT pros too, the security pros, my advice to, to it pros is if you're doing things today that aren't resume building, stop doing them. Right? Find a way to automate the money your job. And so if you're patching systems and you're looking through log files, there's no reason machines can't do that. And you go do something a lot more interesting. >>So true. It's like storage guys 10 years ago, provisioning loans. Yes. It's like, stop doing that. Yeah. You're gonna be outta a job. And so who, last question I have is, is who do you see as the big competitors, the horses on the track question, right? So obviously Cisco kind of service has led for a while and you know, big portfolio company, CrowdStrike coming at it from end point. You know who, who, who do you see as the real players going for that? You know, right now the market's three to 4%. The leader has three, three 4% of the market. You know who they're all going for? 10, 15, maybe 20% of the market. Who, who are the likely candidates? Yeah, >>I don't know if CrowdStrike really has the breadth of portfolio to compete long term though. I I think they've had a nice run, but I, we might start to see the follow 'em. I think Microsoft is gonna be for middle. They've laid down the gauntlet, right? They are a security vendor, right? We, we were at Reinvent and a AWS is the platform for security vendors. Yes. Middle, somewhere in the middle. But Microsoft make no mistake, they're in security. They've got some good products. I think a lot of 'em are kind of good enough and they, they tie it to the licensing and I'm not sure that works in security, but they've certainly got the ear of a lot of it pros. >>It might work in smb. >>Yeah. Yeah. It, it might. And, and I do like Zscaler. I, I know these guys poo poo the proxy model, but they've, they've done about as much with proxies as you can. And I, I think it's, it's a battle of, I love the, the, the near, you know, proxies are dead and Jay's model, you know, Jay over at c skater throw 'em back at 'em. So I, it's good to see that kind of fight going on between the two. >>Oh, it's great. Well, and, and again, ZScaler's coming at it from their cloud security angle. CrowdStrike's coming at it from endpoint. I, I do think CrowdStrike has an opportunity to build out the portfolio through m and a and maybe ecosystem. And then obviously, you know, Palo Alto's getting it done. How about Cisco? >>Yeah. Cisco's interesting. And I, I think if Cisco can make the network matter in security and it should, right? We're talking about how a lot of you need a lot of forensics to fight security today. Well, they're gonna see things long before anybody else because they have all that network data. If they can tie network security, I, I mean they could really have that business take off. But we've been saying that about Cisco for 20 years. >>But big install based though. Yeah. It's hard for a company, any company to just say, okay, hey Cisco customer sweep the floor and come with us. That's, that's >>A tough thing. They have a lot of good peace parts, right? And like duo's a good product and umbrella's a good product. They've, they've not done a good job. >>They're the opposite of these guys. >>They've not done a good job of the backend integration that, that's where Cisco needs to, to focus. And I do think g G two Patel there fixed the WebEx group and I think he's now, in fact when you talk to him, he's doing very little on WebEx that that group's running itself and he's more focused in security. So I, I think we could see a resurgence there. But you know, they have a, from a revenue perspective, it's a little misleading cuz they have this big legacy base that's in decline while they're moving to cloud and stuff. So, but they, but they, there's a lot of work there're trying to, to tie to network. >>Right. Lots of fuel for conversation. We're gonna have to carry this on, on Silicon angle.com guys. Yes. And Wikibon, lets do see us. Thank you so much for joining Dave and me giving us your insights as to this event. Where are you gonna be next? Are you gonna be on vacation? >>There's nothing more fun than mean on the cube, so, right. What's outside of that though? Yeah, you know, Christmas coming up, I gotta go see family and do the obligatory, although for me that's a lot of travel, so I guess >>More planes. Yeah. >>Hopefully not in Vegas. >>Not in Vegas. >>Awesome. Nothing against Vegas. Yeah, no, >>We love it. We >>Love it. Although I will say my year started off with ces. Yeah. And it's finishing up with Palo Alto here. The bookends. Yeah, exactly. In Vegas bookends. >>Well thanks so much for joining us. Thank you Dave. Always a pleasure to host a show with you and hear your insights. Reading your breaking analysis always kicks off my prep for show and it's always great to see, but predictions come true. So thank you for being my co-host bet. All right. For Dave Valante Enz as Carla, I'm Lisa Martin. You've been watching The Cube, the leader in live, emerging and enterprise tech coverage. Thanks for watching.

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back everyone. We're so glad that you're still with us. It's the Cube Live at the MGM Grand. This is our second day of coverage of Palo Alto Networks Ignite. This is takeaways from Ignite 22. Lisa Martin here with two really smart guys, Dave Valante. Dave, we're joined by one of our cube alumni, a friend, a friend of the, we say friend of the Cube. >>Yeah, F otc. A friend of the Cube >>Karala joins us. Guys, it's great to have you here. It's been an exciting show. A lot of cybersecurity is one of my favorite topics to talk about. But I'd love to get some of the big takeaways from both of you. Dave, we'll start with >>You. A breathing room from two weeks ago. Yeah, that was, that was really pleasant. You know, I mean, I know was, yes, you sat in the analyst program, interested in what your takeaways were from there. But, you know, coming into this, we wrote a piece, Palo Alto's Gold Standard, what they need to do to, to keep that, that status. And we hear it a lot about consolidation. That's their big theme now, which is timely, right? Cause people wanna save money, they wanna do more with less. But I'm really interested in hearing zeus's thoughts on how that's playing in the market. How customers, how easy is it to just say, oh, hey, I'm gonna consolidate. I wanna get into that a little bit with you, how well the strategy's working. We're gonna get into some of the m and a activity and really bring your perspectives to the table. Well, >>It's, it's not easy. I mean, people have been calling for the consolidation of security for decades, and it's, it's, they're the first company that's actually made it happen. Right? And, and I think this is what we're seeing here is the culmination of this long-term strategy, this company trying to build more of a platform. And they, you know, they, they came out as a firewall vendor. And I think it's safe to say they're more than firewall today. That's only about two thirds of their revenue now. So down from 80% a few years ago. And when I think of what Palo Alto has become, they're really a data company. Now, if you look at, you know, unit 42 in Cortex, the, the, the Cortex Data Lake, they've done an excellent job of taking telemetry from their products and from the acquisitions they have, right? And bringing that together into one big data lake. >>And then they're able to use that to, to do faster threat notification, forensics, things like that. And so I think the old model of security of create signatures for known threats, it's safe to say it never really worked and it wasn't ever gonna work. You had too many days, zero exploits and things. The only way to fight security today is with a AI and ML based analytics. And they have, they're the gold standard. I think the one thing about your post that I would add, they're the gold standard from a data standpoint. And that's given them this competitive advantage to go out and become a platform for security. Which, like I said, the people have tried to do that for years. And the first one that's actually done it, well, >>We've heard this from some of the startups, like Lacework will say, oh, we treat security as a data problem. Of course there's a startup, Palo Alto's got, you know, whatever, 10, 15 years of, of, of history. But one of the things I wanted to explore with you coming into this was the notion of can you be best of breed and develop a suite? And we, we've been hearing a consistent answer to that question, which is, and, and do you need to, and the answer is, well, best of breed in security requires that full spectrum, that full view. So here's my question to you. So, okay, let's take Estee win relatively new for these guys, right? Yeah. Okay. And >>And one of the few products are not top two, top three in, right? >>Exactly. Yeah. So that's why I want to take that. Yeah. Because in bakeoffs, they're gonna lose on a head-to-head best of breed. And so the customer's gonna say, Hey, you know, I love your, your consolidation play, your esty win's. Just, okay, how about a little discount on that? And you know, these guys are premium priced. Yes. So, you know, are they in essentially through their pricing strategies, sort of creating that stuff, fighting that, is that friction for them where they've got, you know, the customer says, all right, well forget it, we're gonna go stove pipe with the SD WAN will consolidate some of the stuff. Are you seeing that? >>Yeah, I, I, I still think the sales model is that way. And I think that's something they need to work on changing. If they get into a situation where they have to get down into a feature battle of my SD WAN versus your SD wan, my firewall versus your firewall, frankly they've already lost, you know, because their value prop is the suite and, and is the platform. And I was talking with the CISO here that told me, he realizes now that you don't need best of breed everywhere to have best in class threat protection. In fact, best of breed everywhere leads to suboptimal threat protection. Cuz you have all these data data sets that are in silos, right? And so from a data scientist standpoint, right, there's the good data leads to good insights. Well, partial data leads to fragmented insights and that's, that's what the best, best of breed approach gives you. And so I was talking with Palo about this, can they have this vision of being best of breed and platform? I don't really think you can maintain best of breed everywhere across this portfolio this big, but you don't need to. >>That was my second point of my question. That's the point I'm saying. Yeah. And so, cuz cuz because you know, we've talked about this, that that sweets always win in the long run, >>Sweets win. >>Yeah. But here's the thing, I, I wonder to your your point about, you know, the customer, you know, understanding that that that, that this resonates with them. I, my guess is a lot of customers, you know, at that mid-level and the fat middle are like still sort of wed, you know, hugging that, that tool. So there's, there's work to be done here, but I think they, they, they got it right Because if they devolve, to your point, if they devolve down to that speeds and feeds, eh, what's the point of that? Where's their >>Valuable? You do not wanna get into a knife fight. And I, and I, and I think for them the, a big challenge now is convincing customers that the suite, the suite approach does work. And they have to be able to do that in actual customer examples. And so, you know, I I interviewed a bunch of customers here and the ones that have bought into XDR and xor and even are looking at their sim have told me that the, the, so think of soc operations, the old way heavily manually oriented, right? You have multiple panes of glass and you know, and then you've got, so there's a lot of people work before you bring the tools in, right? If done correctly with AI and ml, the machines would do all the heavy lifting and then you'd bring people in at the end to clean up the little bits that were missed, right? >>And so you, you moved to, from something that was very people heavy to something that's machine heavy and machines can work a lot faster than people. And the, and so the ones that I've talked that have, that have done that have said, look, our engineers have moved on to a lot different things. They're doing penetration testing, they're, you know, helping us with, with strategy and they're not fighting that, that daily fight of looking through log files. And the only proof point you need, Dave, is look at every big breach that we've had over the last five years. There's some SIM vendor up there that says, we caught it. Yeah. >>Yeah. We we had the data. >>Yeah. But, but, but the security team missed it. Well they missed it because you're, nobody can look at that much data manually. And so the, I I think their approach of relying heavily on machines to fight the fight is actually the right way. >>Is that a differentiator for them versus, we were talking before we went live that you and I first hit our very first segment back in 2017 at Fort Net. Is that, where do the two stand in your >>Yeah, it's funny cuz if you talk to the two vendors, they don't really see each other in a lot of accounts because Fort Net's more small market mid-market. It's the same strategy to some degree where Fort Net relies heavily on in-house development in Palo Alto relies heavily on acquisition. Yeah. And so I think from a consistently feature set, you know, Fort Net has an advantage there because it, it's all run off their, their their silicon. Where, where Palo's able to innovate very quickly. The, it it requires a lot of work right? To, to bring the front end and back ends together. But they're serving different markets. So >>Do you see that as a differentiator? The integration strategy that Palo Alto has as a differentiator? We talk to so many companies who have an a strong m and a strategy and, and execution arm. But the challenge is always integrating the technology so that the customer to, you know, ultimately it's the customer. >>I actually think they're, they're underrated as a, an acquirer. In fact, Dave wrote a post to a prior on Silicon Angle prior to Accelerate and he, he on, you put it on Twitter and you asked people to rank 'em as an acquirer and they were in the middle of the pack, >>Right? It was, it was. So it was Oracle, VMware, emc, ibm, Cisco, ServiceNow, and Palo Alto. Yeah. Or Oracle got very high marks. It was like 8.5 out of, you know, 10. Yeah. VMware I think was 6.5. Naira was high emc, big range. IBM five to seven. Cisco was three to eight. Yeah. Yeah, right. ServiceNow was a seven. And then, yeah, Palo Alto was like a five. And I, which I think it was unfair. Well, >>And I think it depends on how you look at it. And I, so I think a lot of the acquisitions Palo Alto's made, they've done a good job of integrating the backend data and they've almost ignored the front end. And so when you buy some of the products, it's a little clunky today. You know, if you work with Prisma Cloud, it could be a little bit cleaner. And even with, you know, the SD wan that took 'em a long time to bring CloudGenix in and stuff. But I think the approach is right. I don't, I don't necessarily believe you should integrate the front end until you've integrated the back end. >>That's >>The hard part, right? Because UL ultimately what you're gonna get, you're gonna get two panes of glass and one pane of glass and it might look pretty and all mush together, but ultimately you're not solving the bigger problem, right. Of, of being able to create that big data lake to, to fight security. And so I think, you know, the approach they've taken is the right one. I think from a user standpoint, maybe it doesn't show up as neatly because you don't see the frontend integration, but the way they're doing it is the right way to do it. And I'm glad they're doing it that way versus caving to the pressures of what, you know, the industry might want or >>Showed up in the performance of the company. I mean, this company was basically gonna double revenues to 7 billion from 2020 to >>2023. Think about that at that. That makes, >>I mean that's unbelievable, right? I mean, and then and they wanna double again. Yeah. You know, so, well >>What did, what did Nikesh was quoted as saying they wanna be the first cyber company that's a hundred billion dollars. He didn't give a timeline market >>Cap. Right. >>Market cap, right. Do what I wanna get both of your opinions on what you saw and heard and felt this week. What do you think the likelihood is? And and do you have any projections on how, you know, how many years it's gonna take for them to get there? >>Well, >>Well I think so if they're gonna get that big, right? And, and we were talking about this pre-show, any company that's becoming a big company does it through ecosystem >>Bingo >>Go, right? And that when you look around the show floor, it's not that impressive. No. And if that, if there's an area they need to focus on, it's building that ecosystem. And it's not with other security vendors, it's with application vendors and it's with the cloud companies and stuff. And they've got some relationships there, but they need to do more. I actually challenge 'em on that. One of the analyst sessions. They said, look, we've got 800 cortex partners. Well where are they? Right? Why isn't there a cortex stand here with a bunch of the small companies here? So I do think that that is an area they need to focus on. If they are gonna get to that, that market caps number, they will do so do so through ecosystem. Because every company that's achieved that has done it through ecosystem. >>A hundred percent agree. And you know, if you look at CrowdStrike's ecosystem, it's, I mean, pretty similar. Yeah. You know, it doesn't really, you know, make much, much, not much different from this, but I went back and just looked at some, you know, peak valuations during the pandemic and shortly thereafter CrowdStrike was 70 billion. You know, that's what their roughly their peak Palo Alto was 56, fortune was 59 for the actually diverged. Right. And now Palo Alto has taken the, the top mantle, you know, today it's market cap's 52. So it's held 93% of its peak value. Everybody else is tanking. Even Okta was 45 billion. It's been crushed as you well know. But, so Palo Alto wasn't always, you know, the number one in terms of market cap. But I guess my point is, look, if CrowdStrike could got to 70 billion during Yeah. During the frenzy, I think it's gonna take, to answer your question, I think it's gonna be five years. Okay. Before they get back there. I think this market's gonna be tough for a while from a valuation standpoint. I think generally tech is gonna kind of go up and down and sideways for a good year and a half, maybe even two years could be even longer. And then I think there's gonna be some next wave of productivity innovation that that hits. And then you're gonna, you're almost always gonna exceed the previous highs. It's gonna take a while. Yeah. >>Yeah, yeah. But I think their ability to disrupt the SIM market actually is something that I, I believe they're gonna do. I've been calling for the death of the sim for a long time and I know some people of Palo Alto are very cautious about saying that cuz the Splunks and the, you know, they're, they're their partners. But I, I think the, you know, it's what I said before, the, the tools are catching them, but they're, it's not in a way that's useful for the IT pro and, but I, I don't think the SIM vendors have that ecosystem of insight across network cloud endpoint. Right. Which is what you need in order to make a sim useful. >>CISO at an ETR round table said, if, if it weren't for my regulators, I would chuck my sim. >>Yes. >>But that's the only reason that, that this person was keeping it. No. >>Yeah. And I think the, the fact that most of those companies have moved to a perpetual MO or a a recurring revenue model actually helps unseat them. Typically when you pour a bunch of money into something, you remember the old computer associate says nobody ever took it out cuz the sunk dollars you spent to do it. But now that you're paying an annual recurring fee, it's actually makes it easier to take out. So >>Yeah, it's just an ebb and flow, right? Yeah. Because the maintenance costs were, you know, relatively low. Maybe it was 20% of the total. And then, you know, once every five years you had to do a refresh and you were still locked into the sort of maintenance and, and so yeah, I think you're right. The switching costs with sas, you know, in theory anyway, should be less >>Yeah. As long as you can migrate the data over. And I think they've got a pretty good handle on that. So, >>Yeah. So guys, I wanna get your perspective as a whole bunch of announcements here. We've only been here for a couple days, not a big conference as, as you can see from behind us. What Zs in your opinion was Palo Alto's main message and and what do you think about it main message at this event? And then same question for you. >>Yeah, I, I think their message largely wrapped around disruption, right? And, and they, and The's keynote already talked about that, right? And where they disrupted the firewall market by creating a NextGen firewall. In fact, if you look at all the new services they added to their firewall, you, you could almost say it's a NextGen NextGen firewall. But, but I do think the, the work they've done in the area of cloud and cortex actually I think is, is pretty impressive. And I think that's the, the SOC is ripe for disruption because it's for, for the most part, most socks still, you know, run off legacy playbooks. They run off legacy, you know, forensic models and things and they don't work. It's why we have so many breaches today. The, the dirty little secret that nobody ever wants to talk about is the bad guys are using machine learning, right? And so if you're using a signature based model, all they gotta do is tweak their model a little bit and it becomes, it bypasses them. So I, I think the only way to fight the the bad guys today is with you're gonna fight fire with fire. And I think that's, that's the path they've, they've headed >>Down. Yeah. The bad guys are hiding in plain sight, you know? Yeah, >>Yeah. Well it's, it's not hard to do now with a lot of those legacy tools. So >>I think, I think for me, you know, the stat that we threw out earlier, I think yesterday at our keynote analysis was, you know, the ETR data shows that are, that are that last survey around 35% of the respondents said we are actively consolidating, sorry, 44%, sorry, 35 says who are actively consolidating vendors, redundant vendors today that number's up to 44%. Yeah. It's by far the number one cost optimization technique. That's what these guys are pitching. And I think it's gonna resonate with people and, and I think to your point, they're integrating at the backend, their beeps are technical, right? I mean, they can deal with that complexity. Yeah. And so they don't need eye candy. Eventually they, they, they want to have that cuz it'll allow 'em to have deeper market penetration and make people more productive. But you know, that consolidation message came through loud and clear. >>Yeah. The big change in this industry too is all the new startups are all cloud native, right? They're all built on Amazon or Google or whatever. Yeah. And when your cloud native and you buy a cloud native integration is fast. It's not like having to integrate this big monolithic software stack anymore. Right. So I, I think their pace of integration will only accelerate from here because everything's now cloud native. >>If a customer comes to you or when a customer comes to you and says, Zs help us with this cyber transformation we have, our board isn't necessarily aligned with our executives in terms of execution of a security strategy. How do you advise them where Palo Alto is concerned? >>Yeah. You know, a lot, a lot of this is just fighting legacy mindset. And I've, I was talking with some CISOs here from state and local governments and things and they're, you know, they can't get more budget. They're fighting the tide. But what they did find is through the use of automation technology, they're able to bring their people costs way down. Right. And then be able to use that budget to invest in a lot of new projects. And so with that, you, you have to start with your biggest pain points, apply automation where you can, and then be able to use that budget to reinvest back in your security strategy. And it's good for the IT pros too, the security pros, my advice to the IT pros is, is if you're doing things today that aren't resume building, stop doing them. Right. Find a way to automate the money your job. And so if you're patching systems and you're looking through log files, there's no reason machines can't do that. And you go do something a lot more interesting. >>So true. It's like storage guys 10 years ago, provisioning loans. Yes. It's like, stop doing that. Yeah. You're gonna be outta a job. So who, last question I have is, is who do you see as the big competitors, the horses on the track question, right? So obviously Cisco kind of service has led for a while and you know, big portfolio company, CrowdStrike coming at it from end point. You know who, who, who do you see as the real players going for that? You know, right now the market's three to 4%. The leader has three, three 4% of the market. You know who they're all going for? 10, 15, maybe 20% of the market. Who, who are the likely candidates? Yeah, >>I don't know if CrowdStrike really has the breadth of portfolio to compete long term though. I I think they've had a nice run, but I, we might start to see the follow 'em. I think Microsoft is gonna be for middle. They've laid down the gauntlet, right? They are a security vendor, right? We, we were at Reinvent and a AWS is the platform for security vendors. Yes. Middle, somewhere in the middle. But Microsoft make no mistake, they're in security. They've got some good products. I think a lot of 'em are kind of good enough and they, they tie it to the licensing and I'm not sure that works in security, but they've certainly got the ear of a lot of it pros. >>It might work in smb. >>Yeah, yeah. It, it might. And, and I do like Zscaler. I, I know these guys poo poo the proxy model, but they've, they've done about as much with prox as you can. And I, I think it's, it's a battle of, I love the, the, the near, you know, proxies are dead and Jay's model, you know, Jay over at csca, throw 'em back at 'em. So I, it's good to see that kind of fight going on between the >>Two. Oh, it's great. Well, and, and again, ZScaler's coming at it from their cloud security angle. CrowdStrike's coming at it from endpoint. I, I do think CrowdStrike has an opportunity to build out the portfolio through m and a and maybe ecosystem. And then obviously, you know, Palo Alto's getting it done. How about Cisco? >>Yeah, Cisco's interesting. And I I think if Cisco can make the network matter in security and it should, right? We're talking about how a lot of you need a lot of forensics to fight security today. Well, they're gonna see things long before anybody else because they have all that network data. If they can tie network security, I, I mean they could really have that business take off. But we've been saying that about Cisco for 20 years. >>But big install based though. Yeah. It's hard for a company, any company to say, okay, hey Cisco customer sweep the floor and come with us. That's, that's >>A tough thing. They have a lot of good peace parts, right? And like duo's a good product and umbrella's a good product. They've, they've not done a good job. >>They're the opposite of these guys. >>They've not done a good job of the backend integration and that, that's where Cisco needs to, to focus. And I do think g G two Patel there fixed the WebEx group and I think he's now, in fact when you talk to him, he's doing very little on WebEx that that group's running itself and he's more focused in security. So I, I think we could see a resurgence there. But you know, they have a, from a revenue perspective, it's a little misleading cuz they have this big legacy base that's in decline while they're moving to cloud and stuff. So, but they, but they, there's a lot of Rick there trying to, to tie to network. >>Lots of fuel for conversation. We're gonna have to carry this on, on Silicon angle.com guys. Yes. And Wi KeePon. Lets do see us. Thank you so much for joining Dave and me giving us your insights as to this event. Where are gonna be next? Are you gonna be on >>Vacation? There's nothing more fun than mean on the cube. So what's outside of that though? Yeah, you know, Christmas coming up, I gotta go see family and be the obligatory, although for me that's a lot of travel, so I guess >>More planes. Yeah. >>Hopefully not in Vegas. >>Not in Vegas. >>Awesome. Nothing against Vegas. Yeah, no, >>We love it. We love >>It. Although I will say my year started off with ces. Yeah. And it's finishing up with Palo Alto here. The bookends. Yeah, exactly. In Vegas bookends. >>Well thanks so much for joining us. Thank you Dave. Always a pleasure to host a show with you and hear your insights. Reading your breaking analysis always kicks off my prep for show. And it, it's always great to see, but predictions come true. So thank you for being my co-host bet. All right. For Dave Valante Enz as Carla, I'm Lisa Martin. You've been watching The Cube, the leader in live, emerging and enterprise tech coverage. Thanks for watching.