>>Welcome back to the aria in Las Vegas, Dave Valante with Dave Nicholson, Falcon 22, the Cube's continuous coverage. Sean Henry is here. He's the president of the services division and he's the chief security officer at CrowdStrike. And he's joined by Kevin mania, CEO of Mandy. Now part of Google Jens. Welcome to the cube. Thank you. Congrats on closing the Google deal. Thank you. That's great. New chapter, >>New >>Chapter coming fresh off the keynote, you and George. I really en enjoyed that. Let's start there. One of the things you talked about was the changes you've been, you've been in this business for a while. I think you were talking about, you know, doing some of these early stuff in the nineties. Wow. Things have changed a lot the queen, right? Right. You used to put the perimeter around the queen. Yeah. Build the Mo the Queen's left or castle new ballgame. But you were talking about the board level knowledge of security in the organization. Talk about that change. That's occurred in the last >>Decade. You know, boards are all about governance, right? Making sure everybody's doing the right things. And they've kind of had a haul pass on cybersecurity for a long time. Like we expect them to be great at financial diligence, they understand the financials of an organization. You're gonna see a maturity, I think in cybersecurity where I think board members all know, Hey, there's risk out there. And we're on our own to kind of defend ourselves from it, but they don't know how to quantify it. And they don't know how to express it. So bottom line boards are interested in cyber and we just have to mature as an industry to give them the tools they need to measure it appropriately. >>Sean, one of the things I wanted to ask you. So Steven Schmidt, I noticed changed his title from CISOs chief inf information security officer, the chief security officer. Your title is chief security officer. Is that a nuance that has meaning to you or is it just less acronym? >>It depends on the organization that you're in, in our organization, the chief security officer owns all risks. So I have a CISO that comes underneath me. Yep. And I've got a security folks that are handling our facilities, our personnel, those sorts of things, all, all of our offices around the globe. So it's all things security. One of the things that we've found and Kevin and I were actually talking about this earlier is this intersection between the physical world and the virtual world. And if you've got adversaries that want gain access to your organization, they might do it remotely by trying to hack into your network. But they also might try to get one of your employees to take an action on their behalf, or they might try to get somebody hired into your company to take some nefarious acts. So from a security perspective, it's about building an envelope around all things valuable and then working it in a collaborative way. So there's a lot of interface, a lot of interaction and a lot of value in putting those things together. And, >>And you're also president of the services division. Is that a P and L role or >>It is, we have a it's P P O P and L. And we have an entire organization that's doing incident response and it's a lot of the work that we're doing with, with Kevin's folks now. So I've got both of those hats today. >>Okay. So self-funded so in a way, okay. Where are companies most at risk today? >>Huh? You wanna go on that one first? Sean, you talk fast than me. So it's bigger bang for the buck. If >>You >>Talk, you know, when I, when I think about, about companies in terms of, of their risk, it's a lot of it has to do with the expansion of the network. Companies are adding new applications, new devices, they're expanding into new areas. There are new technologies that are being developed every day and that are being embraced every day. And all of those technologies, all of those applications, all of that hardware is susceptible to attack. Adversaries are looking for the vulnerabilities they can exploit. And I think just kind of that sprawl is something that is, is disconcerting to me from a security perspective, we need to know where our assets are, where the vulnerabilities lie, how do we plug the holes? And having that visibility is really critical to ensure that you're you're in, involved in mitigating that, that new architecture, >>Anything you >>Did. Yeah. I would like when I, so I can just tell you what I'm hearing from CISOs out there. They're worried about identity, the lateral movement. That's been kind of part of every impactful breach. So in identity's kind of top three of mind, I would say zero trust, whatever that means. And we all have our own definitions of migration to zero trust and supply chain risk. You know, whether they're the supplier, they wanna make sure they can prove to their customers, they have great security practices. Or if they're a consumer of a supply chain, you need to understand who's in their supply chain. What are their dependencies? How secure are they? Those are just three topics that come up all the time. >>As we extend, you know, talking about XDR the X being extend. Do you see physical security as something that's being extended into? Or is it, or is it already kind of readily accepted that physical security goes hand in hand with information security? >>I, I don't think a lot of people think that way there certainly are some and Dave mentions Amazon and Steve Schmidt as a CSO, right? There's a CSO that works for him as well. CJ's clear integration. There's an intelligence component to that. And I think that there are certain organizations that are starting to recognize and understand that when we say there's no real perimeter, it, it expands the network expands into the physical space. And if you're not protecting that, you know, if you don't protect the, the server room and somebody can actually walk in the doors unlocked, you've got a vulnerability that might be exploited. So I think to, to recognize the value of that integration from a security perspective, to be holistic and for organizations to adopt a security first philosophy that all the employees recognize they're, they're the, the first line of defense. Oftentimes not just from a fish, but by somebody catching up with them and handing 'em a thumb drive, Hey, can you take a look at this document? For me, that's a potential vulnerability as well. So those things need to be integrated. >>I thought the most interesting part of the keynote this morning is when George asked you about election security and you immediately went to the election infrastructure. I was like, yeah. Okay. Yeah. But then I was so happy to hear you. You went to the disinformation, I learned something there about your monitoring, the network effects. Sure. And, and actually there's a career stream around that. Right. The reason I had so years ago I interviewed was like, this was 2016, Robert Gates. Okay. Former defense. And I, I said, yeah, but don't we have the best cyber can't we go on the offense. He said, wait a minute, we have the most to lose. Right. But, but you gave an example where you can identify the bots. Like let's say there's disinformation out there. You could actually use bots in a positive way to disseminate the, the truth in theory. Good. Is, is that something that's actually happening >>Out there? Well, I think we're all still learning. You know, you can have deep fakes, both audible files or visual files, right. And images. And there's no question. The next generation, you do have to professionalize the news that you consume. And we're probably gonna have to professionalize the other side critical thinking because we are a marketplace of ideas in an open society. And it's hard to tell where's the line between someone's opinion and intentional deception, you know, and sometimes it could be the source, a foreign threat, trying to influence the hearts and minds of citizens, but there's gonna be an internal threat or domestic threat as well to people that have certain ideas and concepts that they're zealots about. >>Is it enough to, is it enough to simply expose where the information is coming from? Because, you know, look, I, I could make the case that the red Sox, right. Or a horrible baseball team, and you should never go to Fenway >>And your Yankees Jersey. >>Right. Right. So is that disinformation, is that misinformation? He'd say yes. Someone else would say no, but it would be good to know that a thousand bots from some troll farm, right. Are behind us. >>There's, it's helpful to know if something can be tied to identity or is totally anonymous. Start just there. Yeah. Yeah. You can still protect the identity over time. I think all of us, if you're gonna trust the source, you actually know the source. Right. So I do believe, and, and by the way, much longer conversation about anonymity versus privacy and then trust, right. And all three, you could spend this whole interview on, but we have to have a trustworthy internet as well. And that's not just in the tech and the security of it, but over time it could very well be how we're being manipulated as citizens and people. >>When you guys talk to customers and, and peers, when somebody gets breached, what's the number one thing that you hear that they wished they'd done that they didn't. >>I think we talked about this earlier, and I think identity is something that we're talking about here. How are you, how are you protecting your assets? How do you know who's authorized to have access? How do you contain the, the access that they have? And the, the area we see with, with these malware free attacks, where adversaries are using the existing capabilities, the operating system to move laterally through the network. I mean, Kevin's folks, my folks, when we respond to an incident, it's about looking at that lateral movement to try and get a full understanding of where the adversary's been, where they're going, what they're doing, and to try to, to find a root cause analysis. And it really is a, a critical part. >>So part of the reason I was asking you about, was it a P and L cuz you, you wear two hats, right? You've got revenue generation on one side and then you've got you protect, you know, the company and you've got peer relationships. So the reason I bring this up is I felt like when stucks net occurred, there was a lot of lip service around, Hey, we, as an industry are gonna work together. And then what you saw was a lot of attempts to monetize, you know, private data, sell private reports and things of that nature you were referencing today, Kevin, that you think the industry's doing a much better job of, of collaboration. Is it, can you talk about that and maybe give some examples? >>Absolutely. I mean, you know, I lived through it as a victim of a breach couple years ago. If you see something new and novel, I, I just can't imagine you getting away with keeping it a secret. I mean, I would even go, what are you doing? Harboring that if you have it, that doesn't mean you tell the whole world, you don't come on your show and say, Hey, we got something new novel, everybody panic, you start contacting the people that are most germane to fixing the problem before you tell the world. So if I see something that's new in novel, certainly con Sean and the team at CrowdStrike saying, Hey, there's because they protect so many endpoints and they defend nations and you gotta get to Microsoft. You have to talk to pan. You have to get to the companies that have a large capability to do shields up. And I think you do that immediately. You can't sit on new and novel. You get to the vendor where the vulnerability is, all these things have to happen at a great rate to speak. >>So you guys probably won't comment, but I'm betting dollars to donuts. This Uber lapses hack you guys knew about. >>I turned to you. >>No comment. I'm guessing. I'm guessing that the, that wasn't novel. My point being, let me, let me ask it in a more generic fashion that you can maybe comment you you're. I think you're my, my inference is we're com the industry is compressing the time between a zero day and a fix. Absolutely. Absolutely. Like dramatically. >>Yes. Oh, awareness of it and AIX. Yes. Yeah. >>Okay. Yeah. And a lot of the hacks that we see as lay people in the media you've known about for quite some time, is that fair or no, not necessarily. >>It's, you know, it's harder to handle an intrusion quietly and discreetly these days, especially with what you're up against and, and most CEOs, by the way, their intent isn't, let's handle it quietly and discreetly it's what do we do about it? And what's the right way to handle it. And they wanna inform their customers and they wanna inform people that might be impacted. I wouldn't say we know it all that far ahead of time >>And, and depends. And, and I, I think companies don't know it. Yeah. Companies don't know they've been breached for weeks or months or years in some cases. Right. Which talks about a couple things, first of all, some of the sophistication of the adversaries, but it also talks about the inability of companies to often detect this type of activity when we're brought in. It's typically very quickly after the company finds out because they recognize they've gotta take action. They've got liability, they've got brand protection. There, whole sorts of, of things they need to take care of. And we're brought in it may or may not be, become public, but >>CrowdStrike was founded on the premise that the unstoppable breach is a myth. Now that's a, that's a bold sort of vision. We're not there yet, obviously. And a and a, and a, a CSO can't, you know, accept that. Right. You've gotta always be vigilant, but is that something that is, that we're gonna actually see manifest, you know, in any, any time in the near term? I mean, thinking about the Falcon platform, you guys are users of that. I don't know if that is part of the answer, but part of it's technology, but without the cultural aspects, the people side of things, you're never gonna get there. >>I can tell you, I started Maning in 2004 at the premise security breaches are inevitable, far less marketable. Yeah. You know, stop breaches. >>So >>Yeah. I, I think you have to learn how to manage this, right? It's like healthcare, you're not gonna stop every disease, but there's a lot of things that you can do to mitigate the consequences of those things. The same thing with network security, there's a lot of actions that organizations can take to help protect them in a way that allows them to live and, and operate in a, in a, a strong position. If companies are lackadaisical that irresponsible, they don't care. Those are companies that are gonna suffer. But I think you can manage this if you're using the right technology, the right people, you've got the right philosophy security first >>In, in the culture. >>Well, I can tell you very quickly, three reasons why people think, why is there an intrusion? It should just go away. Well, wherever money goes, crime follows. We still have crime. So you're still gonna have intrusions, whether it has to be someone on the inside or faulty software and people being paid the right faulty software, you're gonna have war. That's gonna create war in the cyber domain. So information warriors are gonna try to have intrusions to get to command and control. So wherever you have command and control, you'll have a war fighter. And then wherever you have information, you have ESP Espino. So you're gonna have people trying to break in at all times. >>And, and to tie that up because everything Kevin said is absolutely right. And what he just said at the very end was people, there are human beings that are on the other side of every single attack. And think about this until you physically get physically get to the people that are doing it and stop them. Yes, this will go on forever because you can block them, but they're gonna move and you can block them again. They're gonna move their objectives. Don't change because the information you have, whether it's financial information, intellectual property, strategic military information, that's still there. They will always come at it, which is where that physical component comes in. If you're able to block well enough and they can't get you remotely, they might send somebody in. Well, >>I, in the keynote, I, I'm not kidding. I'm looking around the room and I'm thinking there's at least one person here that is here primarily to gather intelligence, to help them defeat. What's being talked about here. >>Well, you said it's, >>It's kind >>Of creepy. You said the adversary is, is very well equipped and motivated. Why do you Rob banks? Well, that's where the money is, but it's more than that. Now with state sponsored terrorism and, you know, exfiltration of state secrets, I mean, there's, it's high stake's games. You got, this >>Has become a tool of nation states in terms from a political perspective, from a military perspective, if you look at what happened with Ukraine and Russia, all the work that was done in advanced by the Russians to soften up the Ukrainians, not just collection of intelligence, not just denial of services, but then disruptive attacks to change the entire complexity of the battlefield. This, this is a, an area that's never going away. It's becoming ingrained in our lives. And it's gonna be utilized for nefarious acts for many, many decades to come. >>I mean, you're right, Sean, we're seeing the future of war right before us is, is there's. There is going to be, there is a cyber component now in war, >>I think it signals the cyber component signals the silent intention of nations period, the silent projection of power probably before you see kinetics. >>And this is where gates says we have a lot more to lose as a country. So it's hard for us to go on the offense. We have to be very careful about our offensive capabilities because >>Of one of the things that, that we do need to, to do though, is we need to define what the red lines are to adversaries. Because when you talk about human beings, you've gotta put a deterrent in place so that if the adversaries know that if you cross this line, this is what the response is going to be. It's the way things were done during nuclear proliferation, right? Right. During the cold war, here's what the actions are gonna be. It's gonna be, it's gonna be mutual destruction and you can't do it. And we didn't have a nuclear war. We're at a point now where adversaries are pushing the envelope constantly, where they're turning off the lights in certain countries where they're taking actions that are, are quite detrimental to the host governments and those red lines have to be very clear, very clearly defined and acted upon if they're >>Crossed as security experts. Can you always tie that signature back to say a particular country or a particular group? >>Absolutely. 100% every >>Time I know. Yeah. No, it it's. It's a great question. You, you need to get attribution right. To get to deterrence, right. And without attribution, where do you proportionate respond to whatever act you're responding to? So attribution's critical. Both our companies work hard at doing it and it, and that's why I think you're not gonna see too many false flag operations in cyberspace, but when you do and they're well crafted or one nation masquerades is another, it, it, it's one of the last rules of the playground I haven't seen broken yet. And that that'll be an unfortunate day. >>Yeah. Because that mutually assure destruction, a death spot like Putin can say, well, it wasn't wasn't me. Right. So, and ironically, >>It's human intelligence, right. That ultimately is gonna be the only way to uncover >>That human intelligence is a big component. >>For sure. Right. And, and David, like when you go back to, you were referring to Robert Gates, it's the asymmetry of cyberspace, right? One person in one nation. That's not a control by asset could still do an act. And it, it just adds to the complexity of, we have attribution it's from that nation, but was it in order? Was it done on behalf of that nation? Very complicated. >>So this is an industry of superheroes. Thank you guys for all you do and appreciate you coming on the cube. Wow. >>I love your Cape. >>Thank all right. Keep it right there. Dave Nicholson and Dave ante be right back from Falcon 22 from the area you watching the cue.

(upbeat music) (upbeat music) >> Hi everybody, welcome back to our coverage of the Cloud Native Security Con. I'm Dave Vellante, here in our Boston studio. We're connecting today with Palo Alto, with John Furrier and Lisa Martin. We're also live from the show floor in Seattle. But right now, I'm here with Andy Thurai who's from Constellation Research, friend of theCUBE, and we're going to discuss the intersection of AI and security, the potential of AI, the risks and the future. Andy, welcome, good to see you again. >> Good to be here again. >> Hey, so let's get into it, can you talk a little bit about, I know this is a passion of yours, the ethical considerations surrounding AI. I mean, it's front and center in the news, and you've got accountability, privacy, security, biases. Should we be worried about AI from a security perspective? >> Absolutely, man, you should be worried. See the problem is, people don't realize this, right? I mean, the ChatGPT being a new shiny object, it's all the craze that's about. But the problem is, most of the content that's produced either by ChatGPT or even by others, it's an access, no warranties, no accountability, no whatsoever. Particularly, if it is content, it's okay. But if it is something like a code that you use for example, one of their site projects that GitHub's co-pilot, which is actually, open AI + Microsoft + GitHub's combo, they allow you to produce code, AI writes code basically, right? But when you write code, problem with that is, it's not exactly stolen, but the models are created by using the GitHub code. Actually, they're getting sued for that, saying that, "You can't use our code". Actually there's a guy, Tim Davidson, I think he's named the professor, he actually demonstrated how AI produces exact copy of the code that he has written. So right now, it's a lot of security, accountability, privacy issues. Use it either to train or to learn. But in my view, it's not ready for enterprise grade yet. >> So, Brian Behlendorf today in his keynotes said he's really worried about ChatGPT being used to automate spearfishing. So I'm like, okay, so let's unpack that a little bit. Is the concern there that it just, the ChatGPT writes such compelling phishing content, it's going to increase the probability of somebody clicking on it, or are there other dimensions? >> It could, it's not necessarily just ChatGPT for that matter, right? AI can, actually, the hackers are using it to an extent already, can use to individualize content. For example, one of the things that you are able to easily identify when you're looking at the emails that are coming in, the phishing attack is, you look at some of the key elements in it, whether it's a human or even if it's an automated AI based system. They look at certain things and they say, "Okay, this is phishing". But if you were to read an email that looks exact copy of what I would've sent to you saying that, "Hey Dave, are you on for tomorrow? Or click on this link to do whatever. It could individualize the message. That's where the volume at scale to individual to masses, that can be done using AI, which is what scares me. >> Is there a flip side to AI? How is it being utilized to help cybersecurity? And maybe you could talk about some of the more successful examples of AI in security. Like, are there use cases or are there companies out there, Andy, that you find, I know you're close to a lot of firms that are leading in this area. You and I have talked about CrowdStrike, I know Palo Alto Network, so is there a positive side to this story? >> Yeah, I mean, absolutely right. Those are some of the good companies you mentioned, CrowdStrike, Palo Alto, Darktrace is another one that I closely follow, which is a good company as well, that they're using AI for security purposes. So, here's the thing, right, when people say, when they're using malware detection systems, most of the malware detection systems that are in today's security and malware systems, use some sort of a signature and pattern scanning in the malware. You know how many identified malwares are there today in the repository, in the library? More than a billion, a billion. So, if you are to check for every malware in your repository, that's not going to work. The pattern based recognition is not going to work. So, you got to figure out a different way of identification of pattern of usage, not just a signature in a malware, right? Or there are other areas you could use, things like the usage patterns. For example, if Andy is coming in to work at a certain time, you could combine a facial recognition saying, that should he be in here at that time, and should he be doing things, what he is supposed to be doing. There are a lot of things you could do using that, right? And the AIOps use cases, which is one of my favorite areas that I work, do a lot of work, right? That it has use cases for detecting things that are anomaly, that are not supposed to be done in a way that's supposed to be, reducing the noise so it can escalate only the things what you're supposed to. So, AIOps is a great use case to use in security areas which they're not using it to an extent yet. Incident management is another area. >> So, in your malware example, you're saying, okay, known malware, pretty much anybody can deal with that now. That's sort of yesterday's problem. >> The unknown is the problem. >> It's the unknown malware really trying to understand the patterns, and the patterns are going to change. It's not like you're saying a common signature 'cause they're going to use AI to change things up at scale. >> So, here's the problem, right? The malware writers are also using AI now, right? So, they're not going to write the old malware, send it to you. They are actually creating malware on the fly. It is possible entirely in today's world that they can create a malware, drop in your systems and it'll it look for the, let me get that name right. It's called, what are we using here? It's called the TTPs, Tactics, Techniques and procedures. It'll look for that to figure out, okay, am I doing the right pattern? And then malware can sense it saying that, okay, that's the one they're detecting. I'm going to change it on the fly. So, AI can code itself on the fly, rather malware can code itself on the fly, which is going to be hard to detect. >> Well, and when you talk about TTP, when you talk to folks like Kevin Mandia of Mandiant, recently purchased by Google or other of those, the ones that have the big observation space, they'll talk about the most malicious hacks that they see, involve lateral movement. So, that's obviously something that people are looking for, AI's looking for that. And of course, the hackers are going to try to mask that lateral movement, living off the land and other things. How do you see AI impacting the future of cyber? We talked about the risks and the good. One of the things that Brian Behlendorf also mentioned is that, he pointed out that in the early days of the internet, the protocols had an inherent element of trust involved. So, things like SMTP, they didn't have security built in. So, they built up a lot of technical debt. Do you see AI being able to help with that? What steps do you see being taken to ensure that AI based systems are secure? >> So, the major difference between the older systems and the newer systems is the older systems, sadly even today, a lot of them are rules-based. If it's a rules-based systems, you are dead in the water and not able, right? So, the AI-based systems can somewhat learn from the patterns as I was talking about, for example... >> When you say rules-based systems, you mean here's the policy, here's the rule, if it's not followed but then you're saying, AI will blow that away, >> AI will blow that away, you don't have to necessarily codify things saying that, okay, if this, then do this. You don't have to necessarily do that. AI can somewhat to an extent self-learn saying that, okay, if that doesn't happen, if this is not a pattern that I know which is supposed to happen, who should I escalate this to? Who does this system belong to? And the other thing, the AIOps use case we talked about, right, the anomalies. When an anomaly happens, then the system can closely look at, saying that, okay, this is not normal behavior or usage. Is that because system's being overused or is it because somebody's trying to access something, could look at the anomaly detection, anomaly prevention or even prediction to an extent. And that's where AI could be very useful. >> So, how about the developer angle? 'Cause CNCF, the event in Seattle is all around developers, how can AI be integrated? We did a lot of talk at the conference about shift-left, we talked about shift-left and protect right. Meaning, protect the run time. So, both are important, so what steps should be taken to ensure that the AI systems are being developed in a secure and ethically sound way? What's the role of developers in that regard? >> How long do you got? (Both laughing) I think it could go for base on that. So, here's the problem, right? Lot of these companies are trying to see, I mean, you might have seen that in the news that Buzzfeed is trying to hire all of the writers to create the thing that ChatGPT is creating, a lot of enterprises... >> How, they're going to fire their writers? >> Yeah, they replace the writers. >> It's like automated automated vehicles and automated Uber drivers. >> So, the problem is a lot of enterprises still haven't done that, at least the ones I'm speaking to, are thinking about saying, "Hey, you know what, can I replace my developers because they are so expensive? Can I replace them with AI generated code?" There are a few issues with that. One, AI generated code is based on some sort of a snippet of a code that has been already available. So, you get into copyright issues, that's issue number one, right? Issue number two, if AI creates code and if something were to go wrong, who's responsible for that? There's no accountability right now. Or you as a company that's creating a system that's responsible, or is it ChatGPT, Microsoft is responsible. >> Or is the developer? >> Or the developer. >> The individual developer might be. So, they're going to be cautious about that liability. >> Well, so one of the areas where I'm seeing a lot of enterprises using this is they are using it to teach developers to learn things. You know what, if you're to code, this is a good way to code. That area, it's okay because you are just teaching them. But if you are to put an actual production code, this is what I advise companies, look, if somebody's using even to create a code, whether with or without your permission, make sure that once the code is committed, you validate that the 100%, whether it's a code or a model, or even make sure that the data what you're feeding in it is completely out of bias or no bias, right? Because at the end of the day, it doesn't matter who, what, when did that, if you put out a service or a system out there, it is involving your company liability and system, and code in place. You're going to be screwed regardless of what, if something were to go wrong, you are the first person who's liable for it. >> Andy, when you think about the dangers of AI, and what keeps you up at night if you're a security professional AI and security professional. We talked about ChatGPT doing things, we don't even, the hackers are going to get creative. But what worries you the most when you think about this topic? >> A lot, a lot, right? Let's start off with an example, actually, I don't know if you had a chance to see that or not. The hackers used a bank of Hong Kong, used a defect mechanism to fool Bank of Hong Kong to transfer $35 million to a fake account, the money is gone, right? And the problem that is, what they did was, they interacted with a manager and they learned this executive who can control a big account and cloned his voice, and clone his patterns on how he calls and what he talks and the whole name he has, after learning that, they call the branch manager or bank manager and say, "Hey, you know what, hey, move this much money to whatever." So, that's one way of kind of phishing, kind of deep fake that can come. So, that's just one example. Imagine whether business is conducted by just using voice or phone calls itself. That's an area of concern if you were to do that. And imagine this became an uproar a few years back when deepfakes put out the video of Tom Cruise and others we talked about in the past, right? And Tom Cruise looked at the video, he said that he couldn't distinguish that he didn't do it. It is so close, that close, right? And they are doing things like they're using gems... >> Awesome Instagram account by the way, the guy's hilarious, right? >> So, they they're using a lot of this fake videos and fake stuff. As long as it's only for entertainment purposes, good. But imagine doing... >> That's right there but... >> But during the election season when people were to put out saying that, okay, this current president or ex-president, he said what? And the masses believe right now whatever they're seeing in TV, that's unfortunate thing. I mean, there's no fact checking involved, and you could change governments and elections using that, which is scary shit, right? >> When you think about 2016, that was when we really first saw, the weaponization of social, the heavy use of social and then 2020 was like, wow. >> To the next level. >> It was crazy. The polarization, 2024, would deepfakes... >> Could be the next level, yeah. >> I mean, it's just going to escalate. What about public policy? I want to pick your brain on this because I I've seen situations where the EU, for example, is going to restrict the ability to ship certain code if it's involved with critical infrastructure. So, let's say, example, you're running a nuclear facility and you've got the code that protects that facility, and it can be useful against some other malware that's outside of that country, but you're restricted from sending that for whatever reason, data sovereignty. Is public policy, is it aligned with the objectives in this new world? Or, I mean, normally they have to catch up. Is that going to be a problem in your view? >> It is because, when it comes to laws it's always miles behind when a new innovation happens. It's not just for AI, right? I mean, the same thing happened with IOT. Same thing happened with whatever else new emerging tech you have. The laws have to understand if there's an issue and they have to see a continued pattern of misuse of the technology, then they'll come up with that. Use in ways they are ahead of things. So, they put a lot of restrictions in place and about what AI can or cannot do, US is way behind on that, right? But California has done some things, for example, if you are talking to a chat bot, then you have to basically disclose that to the customer, saying that you're talking to a chat bot, not to a human. And that's just a very basic rule that they have in place. I mean, there are times that when a decision is made by the, problem is, AI is a black box now. The decision making is also a black box now, and we don't tell people. And the problem is if you tell people, you'll get sued immediately because every single time, we talked about that last time, there are cases involving AI making decisions, it gets thrown out the window all the time. If you can't substantiate that. So, the bottom line is that, yes, AI can assist and help you in making decisions but just use that as a assistant mechanism. A human has to be always in all the loop, right? >> Will AI help with, in your view, with supply chain, the software supply chain security or is it, it's always a balance, right? I mean, I feel like the attackers are more advanced in some ways, it's like they're on offense, let's say, right? So, when you're calling the plays, you know where you're going, the defense has to respond to it. So in that sense, the hackers have an advantage. So, what's the balance with software supply chain? Are the hackers have the advantage because they can use AI to accelerate their penetration of the software supply chain? Or will AI in your view be a good defensive mechanism? >> It could be but the problem is, the velocity and veracity of things can be done using AI, whether it's fishing, or malware, or other security and the vulnerability scanning the whole nine yards. It's scary because the hackers have a full advantage right now. And actually, I think ChatGPT recently put out two things. One is, it's able to direct the code if it is generated by ChatGPT. So basically, if you're trying to fake because a lot of schools were complaining about it, that's why they came up with the mechanism. So, if you're trying to create a fake, there's a mechanism for them to identify. But that's a step behind still, right? And the hackers are using things to their advantage. Actually ChatGPT made a rule, if you go there and read the terms and conditions, it's basically honor rule suggesting, you can't use this for certain purposes, to create a model where it creates a security threat, as that people are going to listen. So, if there's a way or mechanism to restrict hackers from using these technologies, that would be great. But I don't see that happening. So, know that these guys have an advantage, know that they're using AI, and you have to do things to be prepared. One thing I was mentioning about is, if somebody writes a code, if somebody commits a code right now, the problem is with the agile methodologies. If somebody writes a code, if they commit a code, you assume that's right and legit, you immediately push it out into production because need for speed is there, right? But if you continue to do that with the AI produced code, you're screwed. >> So, bottom line is, AI's going to speed us up in a security context or is it going to slow us down? >> Well, in the current version, the AI systems are flawed because even the ChatGPT, if you look at the the large language models, you look at the core piece of data that's available in the world as of today and then train them using that model, using the data, right? But people are forgetting that's based on today's data. The data changes on a second basis or on a minute basis. So, if I want to do something based on tomorrow or a day after, you have to retrain the models. So, the data already have a stale. So, that in itself is stale and the cost for retraining is going to be a problem too. So overall, AI is a good first step. Use that with a caution, is what I want to say. The system is flawed now, if you use it as is, you'll be screwed, it's dangerous. >> Andy, you got to go, thanks so much for coming in, appreciate it. >> Thanks for having me. >> You're very welcome, so we're going wall to wall with our coverage of the Cloud Native Security Con. I'm Dave Vellante in the Boston Studio, John Furrier, Lisa Martin and Palo Alto. We're going to be live on the show floor as well, bringing in keynote speakers and others on the ground. Keep it right there for more coverage on theCUBE. (upbeat music) (upbeat music) (upbeat music) (upbeat music)

Upbeat music plays >> Voice Over: TheCUBE presents Ignite 22, brought to you by Palo Alto Networks. >> Good morning everyone. Welcome to theCUBE. Lisa Martin here with Dave Vellante. We are live at Palo Alto Networks Ignite. This is the 10th annual Ignite. There's about 3,000 people here, excited to really see where this powerhouse organization is taking security. Dave, it's great to be here. Our first time covering Ignite. People are ready to be back. They.. and security is top. It's a board level conversation. >> It is the other Ignite, I like to call it cuz of course there's another big company has a conference name Ignite, so I'm really excited to be here. Palo Alto Networks, a company we've covered for a number of years, as we just wrote in our recent breaking analysis, we've called them the gold standard but it's not just our opinion, we've backed it up with data. The company's on track. We think to do close to 7 billion in revenue by 2023. That's double it's 2020 revenue. You can measure it with execution, market cap M and A prowess. I'm super excited to have the CEO here. >> We have the CEO here, Nikesh Arora joins us from Palo Alto Networks. Nikesh, great to have you on theCube. Thank you for joining us. >> Well thank you very much for having me Lisa and Dave >> Lisa: It was great to see your keynote this morning. You said that, you know fundamentally security is a data problem. Well these days every company has to be a data company. Grocery stores, gas stations, car dealers. How is Palo Alto networks making customers, these data companies, more secure? >> Well Lisa, you know, (coughs) I've only done cybersecurity for about four, four and a half years so when I came to the industry I was amazed to see how security is so reactive as opposed to proactive. We should be able to stop bad threats, right? as they're happening. But I think a lot of threats get through because we don't have the right infrastructure and the right tooling and right products in there. So I think we've been working hard for the last four and a half years to turn it around so we can have consistent data flow across an enterprise and then mine that data for threats and anomalous behavior and try and protect our customers. >> You know the problem, I wrote this, this weekend, the problem in cybersecurity is well understood, you put up that Optiv graph and it's like 8,000 companies >> Yes >> and I think you mentioned your keynote on average, you know 30 to 40 tools, maybe 50, at least 20, >> Yes. >> from the folks that I talked to. So, okay, great, but actually solving that problem is not trivial. To be a consolidator, I mean, everybody wants to consolidate tools. So in your three to four years and security as you well know, it's, you can't fake security. It's a really, really challenging topic. So when you joined Palo Alto Networks and you heard that strategy, I know you guys have been thinking about this for some time, what did you see as the challenges to actually executing on that and how is it that you've been able to sort of get through that knot hole. >> So Dave, you know, it's interesting if you look at the history of cybersecurity, I call them the flavor of the decade, a flare, you know a new threat vector gets created, very large market gets created, a solution comes through, people flock, you get four or five companies will chase that opportunity, and then they become leaders in that space whether it's firewalls or endpoints or identity. And then people stick to their swim lane. The problem is that's a very product centric approach to security. It's not a customer-centric approach. The customer wants a more secure enterprise. They don't want to solve 20 different solutions.. problems with 20 different point solutions. But that's kind of how the industry's grown up, and it's been impossible for a large security company in one category, to actually have a substantive presence in the next category. Now what we've been able to do in the last four and a half years is, you know, from our firewall base we had resources, we had intellectual capability from a security perspective and we had cash. So we used that to pay off our technical debt. We acquired a bunch of companies, we created capability. In the last three years, four years we've created three incremental businesses which are all on track to hit a billion dollars the next 12 to 18 months. >> Yeah, so it's interesting on Twitter last night we had a little conversation about acquirers and who was a good, who was not so good. It was, there was Oracle, they came up actually very high, they'd done pretty, pretty good Job, VMware was on the list, IBM, Cisco, ServiceNow. And if you look at IBM and Cisco's strategy, they tend to be very services heavy, >> Mm >> right? How is it that you have been able to, you mentioned get rid of your technical debt, you invested in that. I wonder if you could, was it the, the Cloud, even though a lot of the Cloud was your own Cloud, was that a difference in terms of your ability to integrate? Because so many companies have tried it in the past. Oracle I think has done a good job, but it took 'em 10 to 12 years, you know, to, to get there. What was the sort of secret sauce? Is it culture, is it just great engineering? >> Dave it's a.. thank you for that. I think, look, it's, it's a mix of everything. First and foremost, you know, there are certain categories we didn't play in so there was nothing to integrate. We built a capability in a category in automation. We didn't have a product, we acquired a company. It's a net new capability in instant response. We didn't have a capability. It was net new capability. So there was, there was, other than integrating culturally and into the organization into our core to market processes there was no technical integration needed. Most of our technical integration was needed in our Cloud platform, which we bought five or six companies, we integrated then we just bought one recently called cyber security as well, which is going to get integrated in the Cloud platform. >> Dave: Yeah. >> And the thing is like, the Cloud platform is net new in the industry. We.. nobody's created a Cloud security platform yet, so we're working hard to create it because we don't want to replicate the mistakes of the past, that were made in enterprise security, in Cloud security. So it's a combination of cultural integration it's a combination of technical integration. The two things we do differently I think, than most people in the industry is look, we have no pride of, you know of innovations. Like, if somebody else has done it, we respect it and we'll acquire it, but we always want to acquire number one or number two in their category. I don't want number three or four. There's three or four for a reason and there still leaves one or two out there to compete with. So we've always acquired one or two, one. And the second thing, which is as important is most of these companies are in the early stage of development. So it's very important for the founding team to be around. So we spend a lot of time making sure they stick around. We actually make our people work for them. My principle is, listen, if they beat us in the open market with all our resources and our people, then they deserve to run this as opposed to us. So most of our new product categories are run by founders of companies required. >> So a little bit of Jack Welch, a little bit of Franks Lubens is a, you know always deference to the founders. But go ahead Lisa. >> Speaking of cultural transformation, you were mentioning your keynote this morning, there's been a significant workforce transformation at Palo Alto Networks. >> Yeah >> Talk a little bit about that, cause that's a big challenge, for many organizations to achieve. Sounds like you've done it pretty well. >> Well you know, my old boss, Eric Schmidt, used to say, 'revenue solves all known problems'. Which kind of, you know, it is a part joking, part true, but you know as Dave mentioned, we've doubled or two and a half time the revenues in the last four and a half years. That allows you to grow, that allows you to increase headcount. So we've gone from four and a half thousand people to 14,000 people. Good news is that's 9,500 people are net new to the company. So you can hire a whole new set of people who have new skills, new capabilities and there's some attrition four and a half thousand, some part of that turns over in four and a half years, so we effectively have 80% net new people, and the people we have, who are there from before, are amazing because they've built a phenomenal firewall business. So it's kind of been right sized across the board. It's very hard to do this if you're not growing. So you got to focus on growing. >> Dave: It's like winning in sports. So speaking of firewalls, I got to ask you does self-driving cars need brakes? So if I got a shout out to my friend Zeus Cararvela so like that's his line about why you need firewalls, right? >> Nikesh: Yes. >> I mean you mentioned it in your keynote today. You said it's the number one question that you get. >> and I don't get it why P industry observers don't go back and say that's, this is ridiculous. The network traffic is doubling or tripling. (clears throat) In fact, I gave an interesting example. We shut down our data centers, as I said, we are all on Google Cloud and Amazon Cloud and then, you know our internal team comes in, we'd want a bigger firewall. I'm like, why do you want a bigger firewall? We shut down our data centers as well. The traffic coming in and out of our campus is doubled. We need a bigger firewall. So you still need a firewall even if you're in the Cloud. >> So I'm going to come back to >> Nikesh: (coughs) >> the M and A strategy. My question is, can you be both best of breed and develop a comprehensive suite number.. part one and part one A of that is do you even have to, because generally sweets win out over best of breed. But what, how do you, how do you respond? >> Well, you know, this is this age old debate and people get trapped in that, I think in my mind, and let me try and expand the analogy which I tried to do up in my keynote. You know, let's assume that Oracle, Microsoft, Dynamics and Salesforce did not exist, okay? And you were running a large company of 50,000 people and your job was to manage the customer process which easier to understand than security. And I said, okay, guess what? I have a quoting system and a lead system but the lead system doesn't talk to my coding system. So I get leads, but I don't know who those customers. And I write codes for a whole new set of customers and I have a customer database. Then when they come as purchase orders, I have a new database with all the customers who've bought something from me, and then when I go get them licensing I have a new database and when I go have customer support, I have a fifth database and there are customers in all five databases. You'll say Nikesh you're crazy, you should have one customer database, otherwise you're never going to be able to make this work. But security is the same problem. >> Dave: Mm I should.. I need consistency in data from suit to nuts. If it's in Cloud, if you're writing code, I need to understand the security flaws before they go into deployment, before they go into production. We for somehow ridiculously have bought security like IT. Now the difference between IT and security is, IT is required to talk to each other, so a Dell server and HP server work very similarly but a Palo Alto firewall and a Checkpoint firewall Fortnight firewall work formally differently. And then how that transitions into endpoints is a whole different ball game. So you need consistency in data, as Lisa was saying earlier, it's a data problem. You need consistency as you traverse to the enterprise. And that's why that's the number one need. Now, when you say best of breed, (coughs) best of breed, if it's fine, if it's a specific problem that you're trying to solve. But if you're trying to make sure that's the data flow that happens, you need both best of breed, you know, technology that stops things and need integration on data. So what we are trying to do is we're trying to give people best to breed solutions in the categories they want because otherwise they won't buy us. But we're also trying to make sure we stitch the data. >> But that definition of best of breed is a little bit of nuance than different in security is what I'm hearing because that consistency >> Nikesh: (coughs) Yes, >> across products. What about across Cloud? You mentioned Google and Amazon. >> Yeah so that's great question. >> Dave: Are you building the security super Cloud, I call it, above the Cloud? >> It's, it's not, it's, less so a super Cloud, It's more like Switzerland and I used to work at Google for 10 years, not a secret. And we used to sell advertising and we decided to go into pub into display ads or publishing, right. Now we had no publishing platform so we had to be good at everybody else's publishing platform >> Dave: Mm >> but we never were able to search ads for everybody else because we only focus on our own platform. So part of it is when the Cloud guys they're busy solving security for their Cloud. Google is not doing anything about Amazon Cloud or Microsoft Cloud, Microsoft's Azure, right? AWS is not doing anything about Google Cloud or Azure. So what we do is we don't have a Cloud. Our job in providing Cloud securities, be Switzerland make sure it works consistently across every Cloud. Now if you try to replicate what we offer Prisma Cloud, by using AWS, Azure and GCP, you'd have to first of all, have three panes of glass for all three of them. But even within them they have four panes of glass for the capabilities we offer. So you could end up with 12 different interfaces to manage a development process, we give you one. Now you tell me which is better. >> Dave: Sounds like a super Cloud to me Lisa (laughing) >> He's big on super Cloud >> Uber Cloud, there you >> Hey I like that, Uber Cloud. Well, so I want to understand Nikesh, what's realistic. You mentioned in your keynote Dave, brought it up that the average organization has 30 to 50 tools, security tools. >> Nikesh: Yes, yes >> On their network. What is realistic for from a consolidation perspective where Palo Alto can come in and say, let me make this consistent and simple for you. >> Well, I'll give you your own example, right? (clears throat) We're probably sub 10 substantively, right? There may be small things here and there we do. But on a substantive protecting the enterprise perspective you be should be down to eight or 10 vendors, and that is not perfect but it's a lot better than 50, >> Lisa: Right? >> because don't forget 50 tools means you have to have capability to understand what those 50 tools are doing. You have to have the capability to upgrade them on a constant basis, learn about their new capabilities. And I just can't imagine why customers have two sets of firewalls right. Now you got to learn both the files on how to deploy both them. That's silly because that's why we need 7 million more people. You need people to understand, so all these tools, who work for companies. If you had less tools, we need less people. >> Do you think, you know I wrote about this as well, that the security industry is anomalous and that the leader has, you know, single digit, low single digit >> Yes >> market shares. Do you think that you can change that? >> Well, you know, when I started that was exactly the observation I had Dave, which you highlighted in your article. We were the largest by revenue, by small margin. And we were one and half percent of the industry. Now we're closer to three, three to four percent and we're still at, you know, like you said, going to be around $7 billion. So I see a path for us to double from here and then double from there, and hopefully as we keep doubling and some point in time, you know, I'd like to get to double digits to start with. >> One of the things that I think has to happen is this has to grow dramatically, the ecosystem. I wonder if you could talk about the ecosystem and your strategy there. >> Well, you know, it's a matter of perspective. I think we have to get more penetrated in our largest customers. So we have, you know, 1800 of the top 2000 customers in the world are Palo Alto customers. But we're not fully penetrated with all our capabilities and the same customers set, so yes the ecosystem needs to grow, but the pandemic has taught us the ecosystem can grow wherever they are without having to come to Vegas. Which I don't think is a bad thing to be honest. So the ecosystem is growing. You are seeing new players come to the ecosystem. Five years ago you didn't see a lot of systems integrators and security. You didn't see security offshoots of telecom companies. You didn't see the Optivs, the WWTs, the (indistinct) of the world (coughs) make a concerted shift towards consolidation or services and all that is happening >> Dave: Mm >> as we speak today in the audience you will find people from Google, Amazon Microsoft are sitting in the audience. People from telecom companies are sitting in the audience. These people weren't there five years ago. So you are seeing >> Dave: Mm >> the ecosystem's adapting. They're, they want to be front and center of solving the customer's problem around security and they want to consolidate capability, they need. They don't want to go work with a hundred vendors because you know, it's like, it's hard. >> And the global system integrators are key. I always say they like to eat at the trough and there's a lot of money in security. >> Yes. >> Dave: (laughs) >> Well speaking of the ecosystem, you had Thomas Curry and Google Cloud CEO in your fireside chat in the keynote. Talk a little bit about how Google Cloud plus Palo Alto Networks, the Zero Trust Partnership and what it's enable customers to achieve. >> Lisa, that's a great question. (clears his throat) Thank you for bringing it up. Look, you know the, one of the most fundamental shifts that is happening is obviously the shift to the Cloud. Now when that shift fully, sort of, takes shape you will realize if your network has changed and you're delivering everything to the Cloud you need to go figure out how to bring the traffic to the Cloud. You don't have to bring it back to your data center you can bring it straight to the Cloud. So in that context, you know we use Google Cloud and Amazon Cloud, to be able to carry our traffic. We're going from a product company to a services company in addition, right? Cuz when we go from firewalls to SASE we're not carrying your traffic. When we carry our traffic, we need to make sure we have underlying capability which is world class. We think GCP and AWS and Azure run some of the biggest and best networks in the world. So our partnership with Google is such that we use their public Cloud, we sit on top of their Cloud, they give us increased enhanced functionality so that our customers SASE traffic gets delivered in priority anywhere in the world. They give us tooling to make sure that there's high reliability. So you know, we partner, they have Beyond Corp which is their version of Zero Trust which allows you to take unmanaged devices with browsers. We have SASE, which allows you to have managed devices. So the combination gives our collective customers the ability for Zero Trust. >> Do you feel like there has to be more collaboration within the ecosystem, the security, you know, landscape even amongst competitors? I mean I think about Google acquires Mandiant. You guys have Unit 42. Should and will, like, Wendy Whitmore and maybe they already are, Kevin Mandia talk more and share more data. If security's a data problem is all this data >> Nikesh: Yeah look I think the industry shares threat data, both in private organizations as well as public and private context, so that's not a problem. You know the challenge with too much collaboration in security is you never know. Like you know, the moment you start sharing your stuff at third parties, you go out of Secure Zone. >> Lisa: Mm >> Our biggest challenge is, you know, I can't trust a third party competitor partner product. I have to treat it with as much suspicion as anything else out there because the only way I can deliver Zero Trust is to not trust anything. So collaboration in Zero Trust are a bit of odds with each other. >> Sounds like another problem you can solve >> (laughs) >> Nikesh last question for you. >> Yes >> Favorite customer or example that you think really articulates the value of what Palo Alto was delivering? >> Look you know, it's a great question, Lisa. I had this seminal conversation with a customer and I explained all those things we were talking about and the customer said to me, great, okay so what do I need to do? I said, fun, you got to trust me because you know, we are on a journey, because in the past, customers have had to take the onus on themselves of integrating everything because they weren't sure a small startup will be independent, be bought by another cybersecurity company or a large cybersecurity company won't get gobbled up and split into pieces by private equity because every one of the cybersecurity companies have had a shelf life. So you know, our aspiration is to be the evergreen cybersecurity company. We will always be around and we will always tackle innovation and be on the front line. So the customer understood what we're doing. Over the last three years we've been working on a transformation journey with them. We're trying to bring them, or we have brought them along the path of Zero Trust and we're trying to work with them to deliver this notion of reducing their meantime to remediate from days to minutes. Now that's an outcome based approach that's a partnership based approach and we'd like, love to have more and more customers of that kind. I think we weren't ready to be honest as a company four and a half years ago, but I think today we're ready. Hence my keynote was called The Perfect Storm. I think we're at the right time in the industry with the right capabilities and the right ecosystem to be able to deliver what the industry needs. >> The perfect storm, partners, customers, investors, employees. Nikesh, it's been such a pleasure having you on theCUBE. Thank you for coming to talk to Dave and me right after your keynote. We appreciate that and we look forward to two days of great coverage from your executives, your customers, and your partners. Thank you. >> Well, thank you for having me, Lisa and Dave and thank you >> Dave: Pleasure >> for what you guys do for our industry. >> Our pleasure. For Nikesh Arora and Dave Vellante, I'm Lisa Martin, you're watching theCUBE live at MGM Grand Hotel in Las Vegas, Palo Alto Ignite 22. Stick around Dave and I will be joined by our next guest in just a minute. (cheerful music plays out)

>> Narrator: "TheCUBE" presents Ignite 22. Brought to you by Palo Alto Networks. >> Hey everyone. Welcome back to "TheCUBE's" live coverage of Palo Alto Network's Ignite 22 from the MGM Grand in beautiful Las Vegas. I am Lisa Martin here with Dave Vellante. Dave, we just had a great conversa- First of all, we got to hear the keynote, most of it. We also just had a great conversation with the CEO and chairman of Palo Alto Networks, Nikesh Arora. You know, this is a company that was founded back in 2005, he's been there four years, a lot has happened. A lot of growth, a lot of momentum in his tenure. You were saying in your breaking analysis, that they are on track to nearly double revenues from FY 20 to 23. Lots of momentum in this cloud security company. >> Yeah, I'd never met him before. I mean, I've been following a little bit. It's interesting, he came in as, sort of, a security outsider. You know, he joked today that he, the host, I forget the guy's name on the stage, what was his name? Hassan. Hassan, he said "He's the only guy in the room that knows less about security than I do." Because, normally, this is an industry that's steeped in deep expertise. He came in and I think is given a good compliment to the hardcore techies at Palo Alto Network. The company, it's really interesting. The company started out building their own data centers, they called it. Now they look back and call it cloud, but it was their own data centers, kind of like Salesforce did, it's kind of like ServiceNow. Because at the time, you really couldn't do it in the public cloud. The public cloud was a little too unknown. And so they needed that type of control. But Palo Alto's been amazing story since 2020, we wrote about this during the pandemic. So what they did, is they began to pivot to the the true cloud native public cloud, which is kind of immature still. They don't tell you that, but it's kind of still a little bit immature, but it's working. And when they were pivoting, it was around the same time, at Fortinet, who's a competitor there's like, I call 'em a poor man's Palo Alto, and Fortinet probably hates that, but it's kind of true. It's like a value play on a comprehensive platform, and you know Fortinet a little bit. And so, but what was happening is Fortinet was executing on its cloud strategy better than Palo Alto. And there was a real divergence in the valuations of these stocks. And we said at the time, we felt like Palo Alto, being the gold standard, would get through it. And they did. And what's happened is interesting, I wrote about this two weeks ago. If you go back to the pandemic, peak of the pandemic, or just before the peak, kind of in that tech bubble, if you will. Splunk's down 44% from that peak, Okta's down, sorry, not down 44%. 44% of the peak. Okta's 22% of their peak. CrowdStrike, 41%, Zscaler, 36%, Fortinet, 71%. Not so bad. Palo Altos maintained 93% of its peak value, right? So it's a combination of two things. One is, they didn't run up as much during the pandemic, and they're executing through their cloud strategy. And that's provided a sort of softer landing. And I think it's going to be interesting to see where they go from here. And you heard Nikesh, we're going to double, and then double again. So that's 7 billion, 14 billion, heading to 30 billion. >> Lisa: Yeah, yeah. He also talked about one of the things that he's done in his tenure here, as really a workforce transformation. And we talk all the time, it's not just technology and processes, it's people. They've also seemed to have done a pretty good job from a cultural transformation perspective, which is benefiting their customers. And they're also growing- The ecosystem, we talked a little bit about the ecosystem with Nikesh. We've got Google Cloud on, we've got AWS on the program today alone, talking about the partnerships. The ecosystem is expanding, as well. >> Have you ever met Nir Zuk? >> I have not, not yet. >> He's the founder and CTO. I haven't, we've never been on "theCUBE." He was supposed to come on one day down in New York City. Stu and I were going to interview him, and he cut out of the conference early, so we didn't interview him. But he's a very opinionated dude. And you're going to see, he's basically going to come on, and I mean, I hope he is as opinionated on "TheCUBE," but he'll talk about how the industry has screwed it up. And Nikesh sort of talked about that, it's a shiny new toy strategy. Oh, there's another one, here's another one. It's the best in that category. Okay, let's get, and that's how we've gotten to this point. I always use that Optive graphic, which shows the taxonomy, and shows hundreds and hundreds of suppliers in the industry. And again, it's true. Customers have 20, 30, sometimes 40 different tool sets. And so now it's going to be interesting to see. So I guess my point is, it starts at the top. The founder, he's an outspoken, smart, tough Israeli, who's like, "We're going to take this on." We're not afraid to be ambitious. And so, so to your point about people and the culture, it starts there. >> Absolutely. You know, one of the things that you've written about in your breaking analysis over the weekend, Nikesh talked about it, they want to be the consolidator. You see this as they're building out the security supercloud. Talk to me about that. What do you think? What is a security supercloud in your opinion? >> Yeah, so let me start with the consolidator. So Palo Alto obviously is executing on that strategy. CrowdStrike as well, wants to be a consolidator. I would say Zscaler wants to be a consolidator. I would say that Microsoft wants to be a consolidator, so does Cisco. So they're all coming at it from different angles. Cisco coming at it from network security, which is Palo Alto's wheelhouse, with their next gen firewalls, network security. What Palo Alto did was interesting, was they started out with kind of a hardware based firewall, but they didn't try to shove everything into it. They put the other function in there, their cloud. Zscaler. Zscaler is the one running around saying you don't need firewalls anymore. Just run everything through our cloud, our security cloud. I would think that as Zscaler expands its TAM, it's going to start to acquire, and do similar types of things. We'll see how that integrates. CrowdStrike is clearly executing on a similar portfolio strategy, but they're coming at it from endpoint, okay? They have to partner for network security. Cisco is this big and legacy, but they've done a really good job of acquiring and using services to hide some of that complexity. Microsoft is, you know, they probably hate me saying this, but it's the just good enough strategy. And that may have hurt CrowdStrike last quarter, because the SMB was a soft, we'll see. But to specifically answer your question, the opportunity, we think, is to build the security supercloud. What does that mean? That means to have a common security platform across all clouds. So irrespective of whether you're running an Amazon, whether you're running an on-prem, Google, or Azure, the security policies, and the edicts, and the way you secure your enterprise, look the same. There's a PaaS layer, super PaaS layer for developers, so that that the developers can secure their code in a common framework across cloud. So that essentially, Nikesh sort of balked at it, said, "No, no, no, we're not, we're not really building a super cloud." But essentially they kind of are headed in that direction, I think. Although, what I don't know, like CrowdStrike and Microsoft are big competitors. He mentioned AWS and Google. We run on AWS, Google, and in their own data centers. That sounds like they don't currently run a Microsoft. 'Cause Microsoft is much more competitive with the security ecosystem. They got Identity, so they compete with Okta. They got Endpoint, so they compete with CrowdStrike, and Palo Alto. So Microsoft's at war with everybody. So can you build a super cloud on top of the clouds, the hyperscalers, and not do Microsoft? I would say no. >> Right. >> But there's nothing stopping Palo Alto from running in the Microsoft cloud. I don't know if that's a strategy, we should ask them. >> Yeah. They've done a great job in our last few minutes, of really expanding their TAM in the last few years, particularly under Nikesh's leadership. What are some of the things that you heard this morning that you think, really they've done a great job of expanding that TAM. He talked a little bit about, I didn't write the number down, but he talked a little bit about the market opportunity there. What do you see them doing as being best of breed for organizations that have 30 to 50 tools and need to consolidate that? >> Well the market opportunity's enormous. >> Lisa: It is. >> I mean, we're talking about, well north of a hundred billion dollars, I mean 150, 180, depending on whose numerator you use. Gartner, IDC. Dave's, whatever, it's big. Okay, and they've got... Okay, they're headed towards 7 billion out of 180 billion, whatever, again, number you use. So they started with network security, they put most of the network function in the cloud. They moved to Endpoint, Sassy for the edge. They've done acquisitions, the Cortex acquisition, to really bring automated threat intelligence. They just bought Cider Security, which is sort of the shift left, code security, developer, assistance, if you will. That whole shift left, protect right. And so I think a lot of opportunities to continue to acquire best of breed. I liked what Nikesh said. Keep the founders on board, sell them on the mission. Let them help with that integration and putting forth the cultural aspects. And then, sort of, integrate in. So big opportunities, do they get into Endpoint and compete with Okta? I think Okta's probably the one sort of outlier. They want to be the consolidator of identity, right? And they'll probably partner with Okta, just like Okta partners with CrowdStrike. So I think that's part of the challenge of being the consolidator. You're probably not going to be the consolidator for everything, but maybe someday you'll see some kind of mega merger of these companies. CrowdStrike and Okta, or Palo Alto and Okta, or to take on Microsoft, which would be kind of cool to watch. >> That would be. We have a great lineup, Dave. Today and tomorrow, full days, two full days of cube coverage. You mentioned Nir Zuk, we already had the CEO on, founder and CTO. We've got the chief product officer coming on next. We've got chief transformation officer of customers, partners. We're going to have great conversations, and really understand how this organization is helping customers ultimately achieve their SecOps transformation, their digital transformation. And really moved the needle forward to becoming secure data companies. So I'm looking forward to the next two days. >> Yeah, and Wendy Whitmore is coming on. She heads Unit 42, which is, from what I could tell, it's pretty much the competitor to Mandiant, which Google just bought. We had Kevin Mandia on at September at the CrowdStrike event. So that's interesting. That's who I was poking Nikesh a little bit on industry collaboration. You're tight with Google, and then he had an interesting answer. He said "Hey, you start sharing data, you don't know where it's going to go." I think Snowflake could help with that problem, actually. >> Interesting. >> Yeah, little Snowflake and some of the announcements ar Reinvent with the data clean rooms. Data sharing, you know, trusted data. That's one of the other things we didn't talk about, is the real tension in between security and regulation. So the regulators in public policy saying you can't move the data out of the country. And you have to prove to me that you have a chain of custody. That when you say you deleted something, you have to show me that you not only deleted the file, then the data, but also the metadata. That's a really hard problem. So to my point, something that Palo Alto might be able to solve. >> It might be. It'll be an interesting conversation with Unit 42. And like we said, we have a great lineup of guests today and tomorrow with you, so stick around. Lisa Martin and Dave Vellante are covering Palo Alto Networks Ignite 22 for you. We look forward to seeing you in our next segment. Stick around. (light music)

(upbeat music) >> From theCube Studios in Palo Alto in Boston, bringing you data driven insights from theCube and ETR. This is Breaking Analysis with Dave Vellante. >> While by no means a safe haven, the cybersecurity sector has outpaced the broader tech market by a meaningful margin, that is up until very recently. Cybersecurity remains the number one technology priority for the C-suite, but as we've previously reported the CISO's budget has constraints just like other technology investments. Recent trends show that economic headwinds have elongated sales cycles, pushed deals into future quarters, and just like other tech initiatives, are pacing cybersecurity investments and breaking them into smaller chunks. Hello and welcome to this week's Wikibon Cube Insights powered by ETR. In this Breaking Analysis we explain how cybersecurity trends are reverting to the mean and tracking more closely with other technology investments. We'll make a couple of valuation comparisons to show the magnitude of the challenge and which cyber firms are feeling the heat, which aren't. There are some exceptions. We'll then show the latest survey data from ETR to quantify the contraction in spending momentum and close with a glimpse of the landscape of emerging cybersecurity companies, the private companies that could be ripe for acquisition, consolidation, or disruptive to the broader market. First, let's take a look at the recent patterns for cyber stocks relative to the broader tech market as a benchmark, as an indicator. Here's a year to date comparison of the bug ETF, which comprises a basket of cyber security names, and we compare that with the tech heavy NASDAQ composite. Notice that on April 13th of this year the cyber ETF was actually in positive territory while the NAS was down nearly 14%. Now by August 16th, the green turned red for cyber stocks but they still meaningfully outpaced the broader tech market by more than 950 basis points as of December 2nd that Delta had contracted. As you can see, the cyber ETF is now down nearly 25%, year to date, while the NASDAQ is down 27% and change. Now take a look at just how far a few of the high profile cybersecurity names have fallen. Here are six security firms that we've been tracking closely since before the pandemic. We've been, you know, tracking dozens but let's just take a look at this data and the subset. We show for comparison the S&P 500 and the NASDAQ, again, just for reference, they're both up since right before the pandemic. They're up relative to right before the pandemic, and then during the pandemic the S&P shot up more than 40%, relative to its pre pandemic level, around February is what we're using for the pre pandemic level, and the NASDAQ peaked at around 65% higher than that February level. They're now down 85% and 71% of their previous. So they're at 85% and 71% respectively from their pandemic highs. You compare that to these six companies, Splunk, which was and still is working through a transition is well below its pre pandemic market value and 44, it's 44% of its pre pandemic high as of last Friday. Palo Alto Networks is the most interesting here, in that it had been facing challenges prior to the pandemic related to a pivot to the Cloud which we reported on at the time. But as we said at that time we believe the company would sort out its Cloud transition, and its go to market challenges, and sales compensation issues, which it did as you can see. And its valuation jumped from 24 billion prior to Covid to 56 billion, and it's holding 93% of its peak value. Its revenue run rate is now over 6 billion with a healthy growth rate of 24% expected for the next quarter. Similarly, Fortinet has done relatively well holding 71% of its peak Covid value, with a healthy 34% revenue guide for the coming quarter. Now, Okta has been the biggest disappointment, a darling of the pandemic Okta's communication snafu, with what was actually a pretty benign hack combined with difficulty absorbing its 7 billion off zero acquisition, knocked the company off track. Its valuation has dropped by 35 billion since its peak during the pandemic, and that's after a nice beat and bounce back quarter just announced by Okta. Now, in our view Okta remains a viable long-term leader in identity. However, its recent fiscal 24 revenue guide was exceedingly conservative at around 16% growth. So either the company is sandbagging, or has such poor visibility that it wants to be like super cautious or maybe it's actually seeing a dramatic slowdown in its business momentum. After all, this is a company that not long ago was putting up 50% plus revenue growth rates. So it's one that bears close watching. CrowdStrike is another big name that we've been talking about on Breaking Analysis for quite some time. It like Okta has led the industry in a key ETR performance indicator that measures customer spending momentum. Just last week, CrowdStrike announced revenue increased more than 50% but new ARR was soft and the company guided conservatively. Not surprisingly, the stock got absolutely crushed as CrowdStrike blamed tepid demand from smaller and midsize firms. Many analysts believe that competition from Microsoft was one factor along with cautious spending amongst those midsize and smaller customers. Notably, large customers remain active. So we'll see if this is a longer term trend or an anomaly. Zscaler is another company in the space that we've reported having great customer spending momentum from the ETR data. But even though the company beat expectations for its recent quarter, like other companies its Outlook was conservative. So other than Palo Alto, and to a lesser extent Fortinet, these companies and others that we're not showing here are feeling the economic pinch and it shows in the compression of value. CrowdStrike, for example, had a 70 billion valuation at one point during the pandemic Zscaler top 50 billion, Okta 45 billion. Now, having said that Palo Alto Networks, Fortinet, CrowdStrike, and Zscaler are all still trading well above their pre pandemic levels that we tracked back in February of 2020. All right, let's go now back to ETR'S January survey and take a look at how much things have changed since the beginning of the year. Remember, this is obviously pre Ukraine, and pre all the concerns about the economic headwinds but here's an X Y graph that shows a net score, or spending momentum on the y-axis, and market presence on the x-axis. The red dotted line at 40% on the vertical indicates a highly elevated net score. Anything above that we think is, you know, super elevated. Now, we filtered the data here to show only those companies with more than 50 responses in the ETR survey. Still really crowded. Note that there were around 20 companies above that red 40% mark, which is a very, you know, high number. It's a, it's a crowded market, but lots of companies with, you know, positive momentum. Now let's jump ahead to the most recent October survey and take a look at what, what's happening. Same graphic plotting, spending momentum, and market presence, and look at the number of companies above that red line and how it's been squashed. It's really compressing, it's still a crowded market, it's still, you know, plenty of green, but the number of companies above 40% that, that key mark has gone from around 20 firms down to about five or six. And it speaks to that compression and IT spending, and of course the elongated sales cycles pushing deals out, taking them in smaller chunks. I can't tell you how many conversations with customers I had, at last week at Reinvent underscoring this exact same trend. The buyers are getting pressure from their CFOs to slow things down, do more with less and, and, and prioritize projects to those that absolutely are critical to driving revenue or cutting costs. And that's rippling through all sectors, including cyber. Now, let's do a bit more playing around with the ETR data and take a look at those companies with more than a hundred citations in the survey this quarter. So N, greater than or equal to a hundred. Now remember the followers of Breaking Analysis know that each quarter we take a look at those, what we call four star security firms. That is, those are the, that are in, that hit the top 10 for both spending momentum, net score, and the N, the mentions in the survey, the presence, the pervasiveness in the survey, and that's what we show here. The left most chart is sorted by spending momentum or net score, and the right hand chart by shared N, or the number of mentions in the survey, that pervasiveness metric. that solid red line denotes the cutoff point at the top 10. And you'll note we've actually cut it off at 11 to account for Auth 0, which is now part of Okta, and is going through a go to market transition, you know, with the company, they're kind of restructuring sales so they can take advantage of that. So starting on the left with spending momentum, again, net score, Microsoft leads all vendors, typical Microsoft, very prominent, although it hadn't always done so, it, for a while, CrowdStrike and Okta were, were taking the top spot, now it's Microsoft. CrowdStrike, still always near the top, but note that CyberArk and Cloudflare have cracked the top five in Okta, which as I just said was consistently at the top, has dropped well off its previous highs. You'll notice that Palo Alto Network Palo Alto Networks with a 38% net score, just below that magic 40% number, is healthy, especially as you look over to the right hand chart. Take a look at Palo Alto with an N of 395. It is the largest of the independent pure play security firms, and has a very healthy net score, although one caution is that net score has dropped considerably since the beginning of the year, which is the case for most of the top 10 names. The only exception is Fortinet, they're the only ones that saw an increase since January in spending momentum as ETR measures it. Now this brings us to the four star security firms, that is those that hit the top 10 in both net score on the left hand side and market presence on the right hand side. So it's Microsoft, Palo Alto, CrowdStrike, Okta, still there even not accounting for a Auth 0, just Okta on its own. If you put in Auth 0, it's, it's even stronger. Adding then in Fortinet and Zscaler. So Microsoft, Palo Alto, CrowdStrike, Okta, Fortinet, and Zscaler. And as we've mentioned since January, only Fortinet has shown an increase in net score since, since that time, again, since the January survey. Now again, this talks to the compression in spending. Now one of the big themes we hear constantly in cybersecurity is the market is overcrowded. Everybody talks about that, me included. The implication there, is there's a lot of room for consolidation and that consolidation can come in the form of M&A, or it can come in the form of people consolidating onto a single platform, and retiring some other vendors, and getting rid of duplicate vendors. We're hearing that as a big theme as well. Now, as we saw in the previous, previous chart, this is a very crowded market and we've seen lots of consolidation in 2022, in the form of M&A. Literally hundreds of M&A deals, with some of the largest companies going private. SailPoint, KnowBe4, Barracuda, Mandiant, Fedora, these are multi billion dollar acquisitions, or at least billion dollars and up, and many of them multi-billion, for these companies, and hundreds more acquisitions in the cyberspace, now less you think the pond is overfished, here's a chart from ETR of emerging tech companies in the cyber security industry. This data comes from ETR's Emerging Technologies Survey, ETS, which is this diamond in a rough that I found a couple quarters ago, and it's ripe with companies that are candidates for M&A. Many would've liked, many of these companies would've liked to, gotten to the public markets during the pandemic, but they, you know, couldn't get there. They weren't ready. So the graph, you know, similar to the previous one, but different, it shows net sentiment on the vertical axis and that's a measurement of, of, of intent to adopt against a mind share on the X axis, which measures, measures the awareness of the vendor in the community. So this is specifically a survey that ETR goes out and, and, and fields only to track those emerging tech companies that are private companies. Now, some of the standouts in Mindshare, are OneTrust, BeyondTrust, Tanium and Endpoint, Net Scope, which we've talked about in previous Breaking Analysis. 1Password, which has been acquisitive on its own. In identity, the managed security service provider, Arctic Wolf Network, a company we've also covered, we've had their CEO on. We've talked about MSSPs as a real trend, particularly in small and medium sized business, we'll come back to that, Sneek, you know, kind of high flyer in both app security and containers, and you can just see the number of companies in the space this huge and it just keeps growing. Now, just to make it a bit easier on the eyes we filtered the data on these companies with with those, and isolated on those with more than a hundred responses only within the survey. And that's what we show here. Some of the names that we just mentioned are a bit easier to see, but these are the ones that really stand out in ERT, ETS, survey of private companies, OneTrust, BeyondTrust, Taniam, Netscope, which is in Cloud, 1Password, Arctic Wolf, Sneek, BitSight, SecurityScorecard, HackerOne, Code42, and Exabeam, and Sim. All of these hit the ETS survey with more than a hundred responses by, by the IT practitioners. Okay, so these firms, you know, maybe they do some M&A on their own. We've seen that with Sneek, as I said, with 1Password has been inquisitive, as have others. Now these companies with the larger footprint, these private companies, will likely be candidate for both buying companies and eventually going public when the markets settle down a bit. So again, no shortage of players to affect consolidation, both buyers and sellers. Okay, so let's finish with some key questions that we're watching. CrowdStrike in particular on its earnings calls cited softness from smaller buyers. Is that because these smaller buyers have stopped adopting? If so, are they more at risk, or are they tactically moving toward the easy button, aka, Microsoft's good enough approach. What does that mean for the market if smaller company cohorts continue to soften? How about MSSPs? Will companies continue to outsource, or pause on on that, as well as try to free up, to try to free up some budget? Adam Celiski at Reinvent last week said, "If you want to save money the Cloud's the best place to do it." Is the cloud the best place to save money in cyber? Well, it would seem that way from the standpoint of controlling budgets with lots of, lots of optionality. You could dial up and dial down services, you know, or does the Cloud add another layer of complexity that has to be understood and managed by Devs, for example? Now, consolidation should favor the likes of Palo Alto and CrowdStrike, cause they're platform players, and some of the larger players as well, like Cisco, how about IBM and of course Microsoft. Will that happen? And how will economic uncertainty impact the risk equation, a particular concern is increase of tax on vulnerable sectors of the population, like the elderly. How will companies and governments protect them from scams? And finally, how many cybersecurity companies can actually remain independent in the slingshot economy? In so many ways the market is still strong, it's just that expectations got ahead of themselves, and now as earnings forecast come, come, come down and come down to earth, it's going to basically come down to who can execute, generate cash, and keep enough runway to get through the knothole. And the one certainty is nobody really knows how tight that knothole really is. All right, let's call it a wrap. Next week we dive deeper into Palo Alto Networks, and take a look at how and why that company has held up so well and what to expect at Ignite, Palo Alto's big user conference coming up later this month in Las Vegas. We'll be there with theCube. Okay, many thanks to Alex Myerson on production and manages the podcast, Ken Schiffman as well, as our newest edition to our Boston studio. Great to have you Ken. Kristin Martin and Cheryl Knight help get the word out on social media and in our newsletters. And Rob Hof is our EIC over at Silicon Angle. He does some great editing for us. Thank you to all. Remember these episodes are all available as podcasts. Wherever you listen, just search Breaking Analysis podcast. I publish each week on wikibond.com and siliconangle.com, or you can email me directly David.vellante@siliconangle.com or DM me @DVellante, or comment on our LinkedIn posts. Please do checkout etr.ai, they got the best survey data in the enterprise tech business. This is Dave Vellante for theCube Insights powered by ETR. Thanks for watching, and we'll see you next time on Breaking Analysis. (upbeat music)

>> From theCUBE Studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR, this is Breaking Analysis with Dave Vellante. >> This past week we saw two of the Big 3 cloud providers present the latest update on their respective cloud visions, their business progress, their announcements and innovations. The content at these events had many overlapping themes, including modern cloud infrastructure at global scale, applying advanced machine intelligence, AKA AI, end-to-end data platforms, collaboration software. They talked a lot about the future of work automation. And they gave us a little taste, each company of the Metaverse Web 3.0 and much more. Despite these striking similarities, the differences between these two cloud platforms and that of AWS remains significant. With Microsoft leveraging its massive application software footprint to dominate virtually all markets and Google doing everything in its power to keep up with the frenetic pace of today's cloud innovation, which was set into motion a decade and a half ago by AWS. Hello and welcome to this week's Wikibon CUBE Insights, powered by ETR. In this Breaking Analysis, we unpack the immense amount of content presented by the CEOs of Microsoft and Google Cloud at Microsoft Ignite and Google Cloud Next. We'll also quantify with ETR survey data the relative position of these two cloud giants in four key sectors: cloud IaaS, BI analytics, data platforms and collaboration software. Now one thing was clear this past week, hybrid events are the thing. Google Cloud Next took place live over a 24-hour period in six cities around the world, with the main gathering in New York City. Microsoft Ignite, which normally is attended by 30,000 people, had a smaller event in Seattle, in person with a virtual audience around the world. AWS re:Invent, of course, is much different. Yes, there's a virtual component at re:Invent, but it's all about a big live audience gathering the week after Thanksgiving, in the first week of December in Las Vegas. Regardless, Satya Nadella keynote address was prerecorded. It was highly produced and substantive. It was visionary, energetic with a strong message that Azure was a platform to allow customers to build their digital businesses. Doing more with less, which was a key theme of his. Nadella covered a lot of ground, starting with infrastructure from the compute, highlighting a collaboration with Arm-based, Ampere processors. New block storage, 60 regions, 175,000 miles of fiber cables around the world. He presented a meaningful multi-cloud message with Azure Arc to support on-prem and edge workloads, as well as of course the public cloud. And talked about confidential computing at the infrastructure level, a theme we hear from all cloud vendors. He then went deeper into the end-to-end data platform that Microsoft is building from the core data stores to analytics, to governance and the myriad tooling Microsoft offers. AI was next with a big focus on automation, AI, training models. He showed demos of machines coding and fixing code and machines automatically creating designs for creative workers and how Power Automate, Microsoft's RPA tooling, would combine with Microsoft Syntex to understand documents and provide standard ways for organizations to communicate with those documents. There was of course a big focus on Azure as developer cloud platform with GitHub Copilot as a linchpin using AI to assist coders in low-code and no-code innovations that are coming down the pipe. And another giant theme was a workforce transformation and how Microsoft is using its heritage and collaboration and productivity software to move beyond what Nadella called productivity paranoia, i.e., are remote workers doing their jobs? In a world where collaboration is built into intelligent workflows, and he even showed a glimpse of the future with AI-powered avatars and partnerships with Meta and Cisco with Teams of all firms. And finally, security with a bevy of tools from identity, endpoint, governance, et cetera, stressing a suite of tools from a single provider, i.e., Microsoft. So a couple points here. One, Microsoft is following in the footsteps of AWS with silicon advancements and didn't really emphasize that trend much except for the Ampere announcement. But it's building out cloud infrastructure at a massive scale, there is no debate about that. Its plan on data is to try and provide a somewhat more abstracted and simplified solutions, which differs a little bit from AWS's approach of the right database tool, for example, for the right job. Microsoft's automation play appears to provide simple individual productivity tools, kind of a ground up approach and make it really easy for users to drive these bottoms up initiatives. We heard from UiPath that forward five last month, a little bit of a different approach of horizontal automation, end-to-end across platforms. So quite a different play there. Microsoft's angle on workforce transformation is visionary and will continue to solidify in our view its dominant position with Teams and Microsoft 365, and it will drive cloud infrastructure consumption by default. On security as well as a cloud player, it has to have world-class security, and Azure does. There's not a lot of debate about that, but the knock on Microsoft is Patch Tuesday becomes Hack Wednesday because Microsoft releases so many patches, it's got so much Swiss cheese in its legacy estate and patching frequently, it becomes a roadmap and a trigger for hackers. Hey, patch Tuesday, these are all the exploits that you can go after so you can act before the patches are implemented. And so it's really become a problem for users. As well Microsoft is competing with many of the best-of-breed platforms like CrowdStrike and Okta, which have market momentum and appear to be more attractive horizontal plays for customers outside of just the Microsoft cloud. But again, it's Microsoft. They make it easy and very inexpensive to adopt. Now, despite the outstanding presentation by Satya Nadella, there are a couple of statements that should raise eyebrows. Here are two of them. First, as he said, Azure is the only cloud that supports all organizations and all workloads from enterprises to startups, to highly regulated industries. I had a conversation with Sarbjeet Johal about this, to make sure I wasn't just missing something and we were both surprised, somewhat, by this claim. I mean most certainly AWS supports more certifications for example, and we would think it has a reasonable case to dispute that claim. And the other statement, Nadella made, Azure is the only cloud provider enabling highly regulated industries to bring their most sensitive applications to the cloud. Now, reasonable people can debate whether AWS is there yet, but very clearly Oracle and IBM would have something to say about that statement. Now maybe it's not just, would say, "Oh, they're not real clouds, you know, they're just going to hosting in the cloud if you will." But still, when it comes to mission-critical applications, you would think Oracle is really the the leader there. Oh, and Satya also mentioned the claim that the Edge browser, the Microsoft Edge browser, no questions asked, he said, is the best browser for business. And we could see some people having some questions about that. Like isn't Edge based on Chrome? Anyway, so we just had to question these statements and challenge Microsoft to defend them because to us it's a little bit of BS and makes one wonder what else in such as awesome keynote and it was awesome, it was hyperbole. Okay, moving on to Google Cloud Next. The keynote started with Sundar Pichai doing a virtual session, he was remote, stressing the importance of Google Cloud. He mentioned that Google Cloud from its Q2 earnings was on a $25-billion annual run rate. What he didn't mention is that it's also on a 3.6 billion annual operating loss run rate based on its first half performance. Just saying. And we'll dig into that issue a little bit more later in this episode. He also stressed that the investments that Google has made to support its core business and search, like its global network of 22 subsea cables to support things like, YouTube video, great performance obviously that we all rely on, those innovations there. Innovations in BigQuery to support its search business and its threat analysis that it's always had and its AI, it's always been an AI-first company, he's stressed, that they're all leveraged by the Google Cloud Platform, GCP. This is all true by the way. Google has absolutely awesome tech and the talk, as well as his talk, Pichai, but also Kurian's was forward thinking and laid out a vision of the future. But it didn't address in our view, and I talked to Sarbjeet Johal about this as well, today's challenges to the degree that Microsoft did and we expect AWS will at re:Invent this year, it was more out there, more forward thinking, what's possible in the future, somewhat less about today's problem, so I think it's resonates less with today's enterprise players. Thomas Kurian then took over from Sundar Pichai and did a really good job of highlighting customers, and I think he has to, right? He has to say, "Look, we are in this game. We have customers, 9 out of the top 10 media firms use Google Cloud. 8 out of the top 10 manufacturers. 9 out of the top 10 retailers. Same for telecom, same for healthcare. 8 out of the top 10 retail banks." He and Sundar specifically referenced a number of companies, customers, including Avery Dennison, Groupe Renault, H&M, John Hopkins, Prudential, Minna Bank out of Japan, ANZ bank and many, many others during the session. So you know, they had some proof points and you got to give 'em props for that. Now like Microsoft, Google talked about infrastructure, they referenced training processors and regions and compute optionality and storage and how new workloads were emerging, particularly data-driven workloads in AI that required new infrastructure. He explicitly highlighted partnerships within Nvidia and Intel. I didn't see anything on Arm, which somewhat surprised me 'cause I believe Google's working on that or at least has come following in AWS's suit if you will, but maybe that's why they're not mentioning it or maybe I got to do more research there, but let's park that for a minute. But again, as we've extensively discussed in Breaking Analysis in our view when it comes to compute, AWS via its Annapurna acquisition is well ahead of the pack in this area. Arm is making its way into the enterprise, but all three companies are heavily investing in infrastructure, which is great news for customers and the ecosystem. We'll come back to that. Data and AI go hand in hand, and there was no shortage of data talk. Google didn't mention Snowflake or Databricks specifically, but it did mention, by the way, it mentioned Mongo a couple of times, but it did mention Google's, quote, Open Data cloud. Now maybe Google has used that term before, but Snowflake has been marketing the data cloud concept for a couple of years now. So that struck as a shot across the bow to one of its partners and obviously competitor, Snowflake. At BigQuery is a main centerpiece of Google's data strategy. Kurian talked about how they can take any data from any source in any format from any cloud provider with BigQuery Omni and aggregate and understand it. And with the support of Apache Iceberg and Delta and Hudi coming in the future and its open Data Cloud Alliance, they talked a lot about that. So without specifically mentioning Snowflake or Databricks, Kurian co-opted a lot of messaging from these two players, such as life and tech. Kurian also talked about Google Workspace and how it's now at 8 million users up from 6 million just two years ago. There's a lot of discussion on developer optionality and several details on tools supported and the open mantra of Google. And finally on security, Google brought out Kevin Mandian, he's a CUBE alum, extremely impressive individual who's CEO of Mandiant, a leading security service provider and consultancy that Google recently acquired for around 5.3 billion. They talked about moving from a shared responsibility model to a shared fate model, which is again, it's kind of a shot across AWS's bow, kind of shared responsibility model. It's unclear that Google will pay the same penalty if a customer doesn't live up to its portion of the shared responsibility, but we can probably assume that the customer is still going to bear the brunt of the pain, nonetheless. Mandiant is really interesting because it's a services play and Google has stated that it is not a services company, it's going to give partners in the channel plenty of room to play. So we'll see what it does with Mandiant. But Mandiant is a very strong enterprise capability and in the single most important area security. So interesting acquisition by Google. Now as well, unlike Microsoft, Google is not competing with security leaders like Okta and CrowdStrike. Rather, it's partnering aggressively with those firms and prominently putting them forth. All right. Let's get into the ETR survey data and see how Microsoft and Google are positioned in four key markets that we've mentioned before, IaaS, BI analytics, database data platforms and collaboration software. First, let's look at the IaaS cloud. ETR is just about to release its October survey, so I cannot share the that data yet. I can only show July data, but we're going to give you some directional hints throughout this conversation. This chart shows net score or spending momentum on the vertical axis and overlap or presence in the data, i.e., how pervasive the platform is. That's on the horizontal axis. And we've inserted the Wikibon estimates of IaaS revenue for the companies, the Big 3. Actually the Big 4, we included Alibaba. So a couple of points in this somewhat busy data chart. First, Microsoft and AWS as always are dominant on both axes. The red dotted line there at 40% on the vertical axis. That represents a highly elevated spending velocity and all of the Big 3 are above the line. Now at the same time, GCP is well behind the two leaders on the horizontal axis and you can see that in the table insert as well in our revenue estimates. Now why is Azure bigger in the ETR survey when AWS is larger according to the Wikibon revenue estimates? And the answer is because Microsoft with products like 365 and Teams will often be considered by respondents in the survey as cloud by customers, so they fit into that ETR category. But in the insert data we're stripping out applications and SaaS from Microsoft and Google and we're only isolating on IaaS. The other point is when you take a look at the early October returns, you see downward pressure as signified by those dotted arrows on every name. The only exception was Dell, or Dell and IBM, which showing slightly improved momentum. So the survey data generally confirms what we know that AWS and Azure have a massive lead and strong momentum in the marketplace. But the real story is below the line. Unlike Google Cloud, which is on pace to lose well over 3 billion on an operating basis this year, AWS's operating profit is around $20 billion annually. Microsoft's Intelligent Cloud generated more than $30 billion in operating income last fiscal year. Let that sink in for a moment. Now again, that's not to say Google doesn't have traction, it does and Kurian gave some nice proof points and customer examples in his keynote presentation, but the data underscores the lead that Microsoft and AWS have on Google in cloud. And here's a breakdown of ETR's proprietary net score methodology, that vertical axis that we showed you in the previous chart. It asks customers, are you adopting the platform new? That's that lime green. Are you spending 6% or more? That's the forest green. Is you're spending flat? That's the gray. Is you're spending down 6% or worse? That's the pinkest color. Or are you replacing the platform, defecting? That's the bright red. You subtract the reds from the greens and you get a net score. Now one caveat here, which actually is really favorable from Microsoft, the Microsoft data that we're showing here is across the entire Microsoft portfolio. The other point is, this is July data, we'll have an update for you once ETR releases its October results. But we're talking about meaningful samples here, the ends. 620 for AWS over a thousand from Microsoft in more than 450 respondents in the survey for Google. So the real tell is replacements, that bright red. There is virtually no churn for AWS and Microsoft, but Google's churn is 5x, those two in the survey. Now 5% churn is not high, but you'd like to see three things for Google given it's smaller size. One is less churn, two is much, much higher adoption rates in the lime green. Three is a higher percentage of those spending more, the forest green. And four is a lower percentage of those spending less. And none of these conditions really applies here for Google. GCP is still not growing fast enough in our opinion, and doesn't have nearly the traction of the two leaders and that shows up in the survey data. All right, let's look at the next sector, BI analytics. Here we have that same XY dimension. Again, Microsoft dominating the picture. AWS very strong also in both axes. Tableau, very popular and respectable of course acquired by Salesforce on the vertical axis, still looking pretty good there. And again on the horizontal axis, big presence there for Tableau. And Google with Looker and its other platforms is also respectable, but it again, has some work to do. Now notice Streamlit, that's a recent Snowflake acquisition. It's strong in the vertical axis and because of Snowflake's go-to-market (indistinct), it's likely going to move to the right overtime. Grafana is also prominent in the Y axis, but a glimpse at the most recent survey data shows them slightly declining while Looker actually improves a bit. As does Cloudera, which we'll move up slightly. Again, Microsoft just blows you away, doesn't it? All right, now let's get into database and data platform. Same X Y dimensions, but now database and data warehouse. Snowflake as usual takes the top spot on the vertical axis and it is actually keeps moving to the right as well with again, Microsoft and AWS is dominant in the market, as is Oracle on the X axis, albeit it's got less spending velocity, but of course it's the database king. Google is well behind on the X axis but solidly above the 40% line on the vertical axis. Note that virtually all platforms will see pressure in the next survey due to the macro environment. Microsoft might even dip below the 40% line for the first time in a while. Lastly, let's look at the collaboration and productivity software market. This is such an important area for both Microsoft and Google. And just look at Microsoft with 365 and Teams up into the right. I mean just so impressive in ubiquitous. And we've highlighted Google. It's in the pack. It certainly is a nice base with 174 N, which I can tell you that N will rise in the next survey, which is an indication that more people are adopting. But given the investment and the tech behind it and all the AI and Google's resources, you'd really like to see Google in this space above the 40% line, given the importance of this market, of this collaboration area to Google's success and the degree to which they emphasize it in their pitch. And look, this brings up something that we've talked about before on Breaking Analysis. Google doesn't have a tech problem. This is a go-to-market and marketing challenge that Google faces and it's up against two go-to-market champs and Microsoft and AWS. And Google doesn't have the enterprise sales culture. It's trying, it's making progress, but it's like that racehorse that has all the potential in the world, but it's just missing some kind of key ingredient to put it over at the top. It's always coming in third, (chuckles) but we're watching and Google's obviously, making some investments as we shared with earlier. All right. Some final thoughts on what we learned this week and in this research: customers and partners should be thrilled that both Microsoft and Google along with AWS are spending so much money on innovation and building out global platforms. This is a gift to the industry and we should be thankful frankly because it's good for business, it's good for competitiveness and future innovation as a platform that can be built upon. Now we didn't talk much about multi-cloud, we haven't even mentioned supercloud, but both Microsoft and Google have a story that resonates with customers in cross cloud capabilities, unlike AWS at this time. But we never say never when it comes to AWS. They sometimes and oftentimes surprise you. One of the other things that Sarbjeet Johal and John Furrier and I have discussed is that each of the Big 3 is positioning to their respective strengths. AWS is the best IaaS. Microsoft is building out the kind of, quote, we-make-it-easy-for-you cloud, and Google is trying to be the open data cloud with its open-source chops and excellent tech. And that puts added pressure on Snowflake, doesn't it? You know, Thomas Kurian made some comments according to CRN, something to the effect that, we are the only company that can do the data cloud thing across clouds, which again, if I'm being honest is not really accurate. Now I haven't clarified these statements with Google and often things get misquoted, but there's little question that, as AWS has done in the past with Redshift, Google is taking a page out of Snowflake, Databricks as well. A big difference in the Big 3 is that AWS doesn't have this big emphasis on the up-the-stack collaboration software that both Microsoft and Google have, and that for Microsoft and Google will drive captive IaaS consumption. AWS obviously does some of that in database, a lot of that in database, but ISVs that compete with Microsoft and Google should have a greater affinity, one would think, to AWS for competitive reasons. and the same thing could be said in security, we would think because, as I mentioned before, Microsoft competes very directly with CrowdStrike and Okta and others. One of the big thing that Sarbjeet mentioned that I want to call out here, I'd love to have your opinion. AWS specifically, but also Microsoft with Azure have successfully created what Sarbjeet calls brand distance. AWS from the Amazon Retail, and even though AWS all the time talks about Amazon X and Amazon Y is in their product portfolio, but you don't really consider it part of the retail organization 'cause it's not. Azure, same thing, has created its own identity. And it seems that Google still struggles to do that. It's still very highly linked to the sort of core of Google. Now, maybe that's by design, but for enterprise customers, there's still some potential confusion with Google, what's its intentions? How long will they continue to lose money and invest? Are they going to pull the plug like they do on so many other tools? So you know, maybe some rethinking of the marketing there and the positioning. Now we didn't talk much about ecosystem, but it's vital for any cloud player, and Google again has some work to do relative to the leaders. Which brings us to supercloud. The ecosystem and end customers are now in a position this decade to digitally transform. And we're talking here about building out their own clouds, not by putting in and building data centers and installing racks of servers and storage devices, no. Rather to build value on top of the hyperscaler gift that has been presented. And that is a mega trend that we're watching closely in theCUBE community. While there's debate about the supercloud name and so forth, there little question in our minds that the next decade of cloud will not be like the last. All right, we're going to leave it there today. Many thanks to Sarbjeet Johal, and my business partner, John Furrier, for their input to today's episode. Thanks to Alex Myerson who's on production and manages the podcast and Ken Schiffman as well. Kristen Martin and Cheryl Knight helped get the word out on social media and in our newsletters. And Rob Hof is our editor in chief over at SiliconANGLE, who does some wonderful editing. And check out SiliconANGLE, a lot of coverage on Google Cloud Next and Microsoft Ignite. Remember, all these episodes are available as podcast wherever you listen. Just search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com. And you can always get in touch with me via email, david.vellante@siliconangle.com or you can DM me at dvellante or comment on my LinkedIn posts. And please do check out etr.ai, the best survey data in the enterprise tech business. This is Dave Vellante for the CUBE Insights, powered by ETR. Thanks for watching and we'll see you next time on Breaking Analysis. (gentle music)

(upbeat music) >> Hello everyone, and welcome to Fal.Con 2022, CrowdStrike's big user conference. You're watching the Cube. My name is Dave Vallante. I'm here with my co-host David Nicholson. CrowdStrike is a company that was founded over 10 years ago. This is about 11 years, almost to the day. They're 2 billion company in revenue terms. They're growing at about 60% a year. They've got a path they've committed to wall street. They've got a path to $5 billion by mid decade. They got a $40 billion market cap. They're free, free cash flow positive and trying to build essentially a generational company with a very growing Tam and a modern platform. CrowdStrike has the fundamental belief that the unstoppable breach is a myth. David Nicholson, even though CSOs don't believe that, CrowdStrike is on a mission. Right? >> I didn't hear the phrase. Zero trust mentioned in the keynote >> Right. >> What was mentioned was this idea that CrowdStrike isn't simply a tool, it's a platform. And obviously it takes a platform to get to 5 billion. >> Yeah. So let's talk about the keynote. George Kurtz, the CEO came on. I thought the keynote was, was measured, but very substantive. It was not a lot of hype in there. Most security conferences, the two exceptions are this one and Reinforce, Amazon's big security conference. Steven Schmidt. The first time I was at a Reinforce said "All this narrative about security is such a bad industry" and "We're not doing a great job." And "It's so scary." That doesn't help the industry. George Kurtz sort of took a similar message. And you know what, Dave? When I think of security outside the context of IT I think of like security guards >> Right. >> Like protecting the billionaires. Right? That's a powerful, you know, positive thing. It's not really a defensive movement even though it is defensive but so that was kind of his posture there. But he talked about essentially what I call, not his words permanent changes in the, in the in the cyber defense industry, subsequent to the pandemic. Again, he didn't specifically mention the pandemic but he alluded to, you know, this new world that we live in. Fal.Con is a hundred sessions, eight tracks. And really his contention is we're in the early innings. These guys got 20,000 customers. And I think they got the potential to have hundreds of thousands. >> Yeah. Yeah. So, if I'm working with a security company I want them to be measured. I'm not looking for hype. I don't want those. I don't want those guards to be in disco shirts. I want them in black suits. So, you know, so the, the, the point about measured is is I think a positive one. I was struck by the competence of the people who were on stage today. I have seen very very large companies become kind of bureaucratic. And sometimes you don't get the best of the best up on stage. And we saw a lot of impressive folks. >> Yeah. Michael Santonis get up, but before we get to him. So, a couple points that Kurtz made he said, "digital transformation is needed to bring modern architectures to IT. And that brings modern security." And he laid out that whole sort of old way, new way very Andy Jassy-like old guard, new guard. He didn't hit on it that hard but he basically said "security is all about mitigating risk." And he mentioned that the the CSO I say CSO, he says CSO or CSO has a seat at the board. Now, many CSOs are board level participants. And then he went into the sort of four pillars of, of workload, and the areas that they focus on. So workload to them is end point, identity, and then data. They don't touch network security. That's where they partner with the likes of Cisco, >> Right. >> And Palo Alto networks. But then they went deep into identity threat protection, data, which is their observability platform from an acquisition called Humio. And then they went big time into XDR. We're going to talk about all this stuff. He said, "data is the new digital currency." Talked a lot about how they're now renaming, Humio, Log Scale. That's their Splunk killer. We're going to talk about that all week. And he talked a little bit about the single agent architecture. That is kind of the linchpin of CrowdStrike's architecture. And then Michael Santonis, the CTO came on and did a deep dive into each of those, and really went deep into XDR extended, right? Detection and response. XDR building on EDR. >> Yeah. I think the subject of XDR is something we'll be, we'll be touching on a lot. I think in the next two days. I thought the extension into observability was very, very interesting. When you look at performance metrics, where things are gathering those things in and being able to use a single agent to do so. That speaks to this idea that they are a platform and not just a tool. It's easy to say that you aspire to be a platform. I think that's a proof point. On the subject, by the way of their fundamental architecture. Over the years, there have been times when saying that your infrastructure requires an agent that would've been a deal killer. People say "No agents!" They've stuck to their guns because they know that the best way to deliver what they deliver is to have an agent in the environment. And it has proven to be the right strategy. >> Well, this is one of the things I want to explore with the technical architects that come on here today is, how do you build a lightweight agent that can do everything that you say it's going to do? Because they started out at endpoint, and then they've extended it to all these other modules, you know, identity. They're now into observability. They've got this data platform. They just announced that acquisition of another company they bought Preempt, which is their identity. They announced Responsify, responsify? Reposify, which is sort of extends the observability and gives them visualization or visibility. And I'm like, how do you take? How do you keep an agent lightweight? That's one of the things I want to better understand. And then the other is, as you get into XDR I thought Michael Santonis was pretty interesting. He had black hat last month. He did a little video, you know. >> That was great >> Man in the street, what's XDR what's XDR what's XDR. I thought the best response was, somebody said "a holistic approach to end point security." And so it's really an evolution of, of EDR. So we're going to talk about that. But, how do you keep an agent lightweight and still support all these other capabilities? That's something I really want to dig into, you know, without getting bloated. >> Yeah, Yeah. I think it's all about the TLAs, Dave. It's about the S, it's about SDKs and APIs and having an ecosystem of partners that will look at the lightweight agent and then develop around it. Again, going back to the idea of platform, it's critical. If you're trying to do it all on your own, you get bloat. If you try to be all things to all people with your agent, if you try to reverse engineer every capability that's out there, it doesn't work. >> Well that's one of the things that, again I want to explore because CrowdStrike is trying to be a generational company. In the Breaking Analysis that we published this week. One of the things I said, "In order to be a generational company you have to have a strong ecosystem." Now the ecosystem here is respectable, you know, but it's obviously not AWS class. You know, I think Snowflake is a really good example, ServiceNow. This feels to me like ServiceNow circa 2013. >> Yeah. >> And we've seen how ServiceNow has evolved. You know, Okta, bought Off Zero to give them the developer angle. We heard a little bit about a developer platform today. I want to dig into that some more. And we heard a lot about everybody hates their DLP. I want to get rid of my DLP, data loss prevention. And so, and the same thing with the SIM. One of the ETR round table, Eric Bradley, our colleague at a round table said "If it weren't for the compliance requirements, I would replace my SIM with XDR." And so that's again, another interesting topic. CrowdStrike, cloud native, lightweight agent, you know, some really interesting tuck in acquisitions. Great go-to-market, you know, not super hype just product that works and gets stuff done, you know, seems to have a really good, bright future. >> Yeah, no, I would agree. Definitely. No hype necessary. Just constant execution moving forward. It's clearly something that will be increasingly in demand. Another subject that came up that I thought was interesting, in the keynote, was this idea of security for elections, extending into the realm of misinformation and disinformation which are both very very loaded terms. It'll be very interesting to see how security works its way into that realm in the future. >> Yeah, yeah, >> Yeah. >> Yeah, his guy, Kevin Mandia, who is the CEO of Mandiant, which just got acquired. Google just closed the deal for $5.4 billion. I thought that was kind of light, by the way, I thought Mandiant was worth more than that. Still a good number, but, and Kevin, you know was the founder and, >> Great guy. >> they were self-funded. >> Yeah, yeah impressive. >> So. But I thought he was really impressive. He talked about election security in terms of hardening you know, the election infrastructure, but then, boom he went right to what I see as the biggest issue, disinformation. And so I'm sitting there asking myself, okay how do you deal with that? And what he talked about was mapping network effects and monitoring network effects, >> Right. >> to see who's pumping the disinformation and building career streams to really monitor those network effects, positive, you know, factual or non-factual network or information. Because a lot of times, you know, networks will pump factual information to build credibility. Right? >> Right. >> And get street cred, earn that trust. You know, you talk about zero trust. And then pump disinformation into the network. So they've now got a track. We'll get, we have Kevin Mandia on later with Sean Henry who's the CSO yeah, the the CSO or C S O, chief security officer of CrowdStrike >> more TLA. Well, so, you can think of it as almost the modern equivalent of the political ad where the candidate at the end says I support this ad or I stand behind whatever's in this ad. Forget about trying to define what is dis or misinformation. What is opinion versus fact. Let's have a standard for finding, for exposing where the information is coming from. So if you could see, if you're reading something and there is something that is easily de-code able that says this information is coming from a troll farm of a thousand bots and you can sort of examine the underlying ethos behind where this information is coming from. And you can take that into consideration. Personally, I'm not a believer in trying to filter stuff out. Put the garbage out there, just make sure people know where the garbage is coming from so they can make decisions about it. >> So I got a thought on that because, Kevin Mandia touched on it. Again, I want to ask about this. He said, so this whole idea of these, you know detecting the bots and monitoring the networks. Then he said, you can I think he said something that's to the effect of. "You can go on the offensive." And I'm thinking, okay, what does that mean? So for instance, you see it all the time. Anytime I see some kind of fact put out there, I got to start reading the comments and like cause I like to see both sides, you know. I'm right down the middle. And you'll go down and like 40 comments down, you're like, oh this is, this is fake. This video was edited, >> Right. >> Da, da, da, da, and then a bunch of other people. But then the bots take over and that gets buried. So, maybe going on the offensive is to your point. Go ahead and put it out there. But then the bots, the positive bots say, okay, by the way, this is fake news. This is an edited video FYI. And this is who put it out and here's the bot graph or something like that. And then you attack the bots with more bots and then now everybody can sort of of see it, you know? And it's not like you don't have to, you know email your friend and saying, "Hey dude, this is fake news." >> Right, right. >> You know, Do some research. >> Yeah. >> Put the research out there in volume is what you're saying. >> Yeah. So, it's an, it's just I thought it was an interesting segue into another area of security under the heading of election security. That is fraught with a lot of danger if done wrong, if done incorrectly, you know, you you get into the realm of opinion making. And we should be free to see information, but we also should have access to information about where the information is coming from. >> The other narrative that you hear. So, everything's down today again and I haven't checked lately, but security generally, we wrote about this in our Breaking Analysis. Security, somewhat, has held up in the stock market better than the broad tech market. Why? And the premise is, George Kurt said this on the last conference call, earnings call, that "security is non-discretionary." At the same time he did say that sales cycles are getting a little longer, but we see this as a positive for CrowdStrike. Because CrowdStrike, their mission, or one of their missions is to consolidate all these point tools. We've talked many, many times in the Cube, and in Breaking Analysis and on Silicon Angle, and on Wikibon, how the the security business use too many point tools. You know this as a former CTO. And, now you've got all these stove pipes, the number one challenge the CSOs face is lack of talent. CrowdStrike's premise is they can consolidate that with the Fal.Con platform, and have a single point of control. "Single pane of glass" to use that bromide. So, the question is, is security really non-discretionary? My answer to that is yes and no. It is to a sense, because security is the number one priority. You can't be lax on security. But at the same time the CSO doesn't have an open checkbook, >> Right. >> He or she can't just say, okay, I need this. I need that. I need this. There's other competing initiatives that have to be taken in balance. And so, we've seen in the ETR spending data, you know. By the way, everything's up relative to where it was, pre you know, right at the pandemic, right when, pandemic year everything was flat to down. Everything's up, really up last year, I don't know 8 to 10%. It was expected to be up 8% this year, let's call it 6 to 7% in 21. We were calling for 7 to 8% this year. It's back down to like, you know, 4 or 5% now. It's still healthy, but it's softer. People are being more circumspect. People aren't sure about what the fed's going to do next. Interest rates, you know, loom large. A lot of uncertainty out here. So, in that sense, I would say security is not non-discretionary. Sorry for the double negative. What's your take? >> I think it's less discretionary. >> Okay. >> Food, water, air. Non-discretionary. (David laughing) And then you move away in sort of gradations from that point. I would say that yeah, it is, it falls into the category of less-discretionary. >> Alright. >> Which is a good place to be. >> Dave Nicholson and David Vallante here. Two days of wall to wall coverage of Fal.Con 2022, CrowdStrike's big user conference. We got some great guests. Keep it right there, we'll be right back, right after this short break. (upbeat music)

>> From theCUBE studios in Palo Alto in Boston bringing you data driven insights from theCUBE and ETR. This is "Breaking Analysis" with Dave Vellante. >> In just over 10 years, CrowdStrike has become a leading independent security firm with more than 2 billion in annual recurring revenue, nearly 60% ARR growth, and approximate $40 billion market capitalization, very high retention rates, low churn, and a path to 5 billion in revenue by mid decade. The company has joined Palo Alto Networks as a gold standard pure play cyber security firm. It has achieved this lofty status with an architecture that goes beyond a point product. With outstanding go to market and financial execution, some sharp acquisitions and an ever increasing total available market. Hello, and welcome to this week's Wikibon Cube Insights powered by ETR. In this "Breaking Analysis" and ahead of Falcon, Fal.Con, CrowdStrike's user conference, we take a deeper look into CrowdStrike, its performance, its platform, and survey data from our partner ETR. Now, the general consensus is that spending on Cyber is non-discretionary and is held up better than other technology sectors. While this is generally true, as this data shows, it's nuanced. Let's explore this a bit. First, this is a year-to-date chart of the stock performance of CrowdStrike relative to Palo Alto, the BUG ETF, which is a Cyber index, the NASDAQ and SentinelOne, a relatively new entrant to the IPO public markets. Now, as you can see the security sector as evidenced by the orange line, that Cyber ETF, is holding up better than the overall NASDAQ which is off 28% year-to-date. Palo Alto has held up incredibly well, the best, being off only around 4% year-to-date. Whereas CrowdStrike is off in the double digits this year. But up as we talked about in one of our last "Breaking Analysis" on Cyber, up from its lows this past May. Now, CrowdStrike had a very nice beat and raise on August 30th. But the stop didn't respond well initially. We asked "Breaking Analysis" contributor, Chip Simonton for his technical take and he stated that CrowdStrike has bounced around for the last three months in its current range. He said that Cyber stocks have held up better than the rest of the market, as we're showing. And now might be a good time to take a shot but he is cautious. FedEx had a warning today of a global recession and that's obvious case for a concern. You know, maybe some of these quality Cyber stocks like Palo Alto and CrowdStrike and Zscaler will outperform in a recession, but that play is not for the faint of heart. In fact, it's feeling like a longer, more drawn out tech lash than many had hoped. Perhaps as much as 12 to 18 months of bouncing around with sellers still in control, is generally the sentiment from Simonton. So in terms of Cyber spending being non-discretionary, we'd say it's less discretionary than other it sectors but the CISO still does not have an open wallet, as we've reported before. We've seen that spending momentum has decelerated in all sectors throughout the year. This is an across the board trend. Now, independent of the stock price, George Kurtz, CEO of CrowdStrike, he's running a marathon, not a sprint. And this company is running at a nice pace despite tough macro headwinds. The company is free cash flow positive and is in the black, or a non-GAAP operating profit basis and yet it's growing ARR at nearly 60%. Frank Slootman uses the term inherent profitability, meaning that the company could drive more profits if it wanted to dial down expenses especially in go to market costs. But that would be a mistake for a company like CrowdStrike, in our opinion. While it has an impressive nearly 20,000 customers, there are hundreds of thousands of customers that CrowdStrike could penetrate. So like Snowflake and Slootman, Kurtz is not taking its foot off the gas. Now, the fundamental strength of CrowdStrike and its secret sauce is its architecture and platform, in our view, so let's take a deeper look. CrowdStrike believes that the unstoppable breach is a myth. Now, CISOs don't agree with that because they assume they're going to get breached, but that's CrowdStrike's point of view, so lofty vision. CrowdStrike's mission is to consolidate the patchwork of solutions by introducing modules that go beyond point products. CrowdStrike has more than 20 modules, I think 22, that span a range of capabilities as shown in this table. Now, there are a few critical aspects of the CrowdStrike architecture that bear mentioning. First is the lightweight agent, that is fundamental. You know, we're used to thinking that agentless is good and agent is bad, but in this case, a powerful but small, slim and easy to install but unobtrusive agent has its advantages because it supports multiple CrowdStrike modules. The second point is CrowdStrike from the beginning has been dogmatic about getting all the telemetry data into the cloud. It sort of shunned doing bespoke on prem so that all the data could be analyzed. So the more agents that CrowdStrike installs around the world, the more data it has access to and the better its intelligence. Few companies have access to more data, perhaps Microsoft given it scale and size is an exception in that endpoint space. CrowdStrike has developed a purpose-built threat graph and analytics platform that allows it to quickly ingest in near real time key telemetry data and detect not only known malware, that's pretty straightforward, pretty much anybody could do that. But using machine intelligence, it can also detect unknown malware and other potentially malicious behavior using indicators of attack, IOC, or IOAs. Humio is shown here as a company that CrowdStrike bought for around 400 million in early 2020, early 2021. It's the company's Splunk killer and will serve as an observability platform. It's really starting to take off, that's a great market for them to go after. CrowdStrike, to try to put it into sort of a summary, uses a three pronged approach. First is it's next generation anti-virus, meaning it's SaaS base. SAS based solution that can do fast lookups to telemetry data and that data lives in the cloud. And this leverages cloud strikes proprietary threat graph. Now, the second is endpoint detection and response. CrowdStrike sends all endpoint activity to the cloud and can process the data in real time. CrowdStrike EDR allows you to search data history and its partners with threat intelligent platforms who push the data into CrowdStrike, the CrowdStrike cloud. This increases CloudStrike's observation space. It also has containment capabilities in EDR to fence off compromised system. Now, the third leg of the stool is CrowdStrike's world class manage hunting approach. Like many firms, CrowdStrike has a crack team of experts that is looking at the data, but CrowdStrike's advantage is the amount of data, that observation space that we just talked about, and near real time capabilities of the architecture thanks to that proprietary database that they've developed. And all this is built in the cloud and so it enables global scale. And of course, agility. Now, let's dig into some of the survey data and take a look at what ETR respondents are saying about the spending momentum for CrowdStrike in context with its peers. Here's a very recent dataset, the October preliminary data from the October dataset in ETR's survey. Eric Bradley shared with us, ETR's head of strategy, and he runs the round tables, he's a frequent "Breaking Analysis" contributor. This is an XY graph with Netcore or spending momentum on the vertical axis and the overlap or pervasiveness in the survey on the horizontal axis. That dotted red line at 40% indicates an elevated level of spending velocity. Anything above that, we consider really impressive. Note the CrowdStrike progression since the pandemic started. The two notable points are one, that CrowdStrike has remained consistently above that 40% mark and two, it has made notable progress to the right. You can see that sort of squiggly line consistently increasing its share with one little anomaly there in the early days of over a two-year period. The other call out here is Microsoft in the upper-right. We circled Microsoft as usual. Microsoft messes up the data because it's such a dominant player and has referenced earlier as a massive scale and very quality telemetry from its endpoints. Unlike AWS, Microsoft is a direct competitor of CrowdStrike's. Nonetheless, the sector remains very strong with lots of players. Cyber is a large and expanding TAM with too many point tools that CrowdStrike is well positioned to consolidate, in our view. Now, here's a more narrow view of that same XY graph. What it does is it takes out Microsoft to kind of normalize the data a bit and it compares a number of firms that specialize in endpoint, along with CrowdStrike such as Tanium which also has a lightweight agent, by the way, and appears to be doing pretty well. SentinelOne did a relatively recent IPO, took off, stock hasn't done as well since, as you saw earlier. Carbon Black which VMware bought for around $2 billion and Cylance which is the Blackberry pivot. Now, we've also for context included Palo Alto and Cisco because they are major players with the big presence in security and they've got solutions that compete with CrowdStrike. But you can see how CrowdStrike looms large with a higher net score than these others. Although Palo Alto is very impressive, as is Cisco, steady. But Palo Alto also, sorry, CrowdStrike also has a very steady posture instead of just looming on that X axis. Let's now take a look at XDR, extended detection and response. XDR is kind of this bit of a buzzword but CrowdStrike seems to be taking the mantle and trying to sort of own the category and define it, in our view. It's a natural evolution of endpoint detection and response, EDR. In a recent ETR Roundtable hosted by our colleague, Eric Bradley, the sentiment among several CIOs is that existing SIEM, security information and event management platforms are inadequate and some see XDR as a replacement for, or at least a strong compliment to SIEM. CISOs want a single view of their data. Hmm, you haven't heard that before. They want help prioritizing potentially high impact breaches and they want to automate the low level stuff because the problem is sometimes too much information becomes information overload and you can't prioritize. So they want to consolidate platforms. They want better co consistency. They have too many dashboards, too many stove pipes. They have difficulty scaling and they have inconsistent telemetry data. As one CISO said, it's a call out here. "If the regulatory requirement isn't there, I absolutely would get rid of my SIEM." So CrowdStrike, we feel, is in a good position to continue to gain, share and disrupt this space. And that's what Dave Nicholson and I will be looking for next week when theCUBE is at Fal.Con, CrowdStrike's user conference. We'll be there for two days at the area in Vegas. In addition to CrowdStrike CEO, we'll hear from government cyber experts. We always hear that at security conferences and the CEO of Mandiant. Google just the other day closed its $5 billion plus acquisition of Mandiant, which is a threat intelligence expert and MSSP. I'm going to hear a lot about MSSPs by the way. CrowdStrike is a growing MSSP base. We think that's a really interesting sector because many companies don't have a SOC. As many as 50% of companies in the United States don't have a security operations center. So they need help, that's where MSPs come in. At the conference, there'll be a real focus on the Falcon platform. And we expect CrowdStrike to educate the audience on its multiple modules and how to take advantage of the capabilities beyond endpoint. And we'll also be watching for the ecosystem conversations. We saw this at reinforced, for example, where CrowdStrike and Okta were presenting together to show how these companies products compliment each other in the marketplace. Sometimes it gets confusing when you hear that CrowdStrike has an identity product. Okta, of course, is the identity specialist. So we'll be helping extract that signal from the noise. Because a generational company must have a strong ecosystem. CrowdStrike is evolving and our belief is that it has some work to do to create a stronger partner flywheel, and we're eager to dig into that next week. So if you're at the event, please do stop by theCUBE, say hello to Dave Nicholson and myself. Okay, we're going to leave it there today. Many thanks to Chip Simonton and Eric Bradley for their input and contributions to today's episode. Thanks to Alex Myerson, who does production, he also manages our podcast, Ken Schiffman as well, in our Boston studios, Kristen Martin and Cheryl Knight help get the word out on social media and our newsletters, and Rob Hof is our editor in chief over at siliconangle.com. He does some wonderful editing and I really appreciate that. Remember, all these episodes are available as podcasts wherever you listen, just search "Breaking Analysis" Podcast. I publish each week on wikibon.com and siliconangle.com and you can email me at david.vellante@siliconangle.com or DM me @DVellante or comment on our LinkedIn post. And please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching, and we'll see you next time on "Breaking Analysis". (upbeat music)

>>Welcome to the Cubes Coverage of Splunk.com 2021. My name is Dave Atlanta and the Cube has been covering.com events since 2012 and I've personally hosted many of them. And since that time we've seen the evolution of Splunk as a company and also the maturation in the way customers analyzed, protect and secure their organizations, data and applications. But the forced march to digital over the past 19 months has brought more rapid changes to sec UP teams than we've ever seen before. The adversary is capable. They're motivated and they're deploying very sophisticated techniques that have pressured security pros like never before. And with me to talk about these challenges and how Splunk is helping customers respond as jane wang is the vice president of security products that Splunk jane. Great to have you on the cube. Thanks for coming on. >>Very nice to meet you. Thank you for having me. >>You're very welcome. So how d how can you think about or how do you think about the fact that the imperative to accelerate digital transformation has impacted security teams? How has it impacted sec ops teams in your view? >>Yeah. Well, just going back to our customers and what I've learned from all the customer conversations I have every every week many of our customers are under a massive digital transformation. They're moving to the cloud and the cloud opens up more attack surface, more attack work surface, there's more threats that come over cloud, new workspaces to attack services, new api is to manage secure and protect and our customers are really struggling to gain the visibility they need to really manage and secure across all that infrastructure. >>Yeah. And we've also seen the whole, obviously the work from home trend, the hybrid work movement, you know, people aren't set up for that. I mean, you remember people were ripping out literally ripping out desktops and bringing them home and you know, the home network had to be upgraded. So lots of changes there. And we've we've talked a lot in the cube jane about the fragmentation of tooling and the lack of qualified talent when we talked to see. So as you ask him, the number one problem, I can't get, I can't hire enough talent in the field of of cybersecurity. So I wonder if you can address how this has made it more difficult for security teams to maintain end to end visibility across their environments. What's the fundamental challenge there? >>Yeah, well you're really you're really nailing this. The fundamental challenges that many security products are not built to integrate seamlessly with one another. When I'm talking to customers, their frontline security operations teams often have 30 different consoles open on their monitor at one time and there really manual disjointed processes, the copying and pasting hash names and iP addresses from one consults the other. It slows them down. It really slows them down in protecting those threats. So because those products aren't assigned to integrate together and all that data from each of those security tools isn't brought into one place. It just exacerbates the challenge for security operations seems makes their job really, really hard to do. Which takes time. It takes time. It makes it harder to detect and respond to threats quickly and today more than ever we need to be able to detect and respond to threats quickly. >>Yeah, I do a weekly program called Breaking Analysis and once a quarter I look at the cyberspace and I use a chart to emphasize this complexity. It's it's a from a company called operative, I don't know if you've ever seen it but it's this eye chart, it's this taxonomy of the security landscape and it's mind blowing how much complexity there is. So how to Splunk help organization organizations address these challenges. >>Yeah, so I think bringing, we have one security operations platform cloud native cloud delivered. There are many parts of being able to streamline workflows for when you're first detect a threat or a potential threat right through to when teams close and immediate that threatened the changes in their environment to ensure they're protected. So the whole thing is helping security teams detects faster, investigate faster and respond faster to threat. There are four parts to that in our security operations, platform Splunk security cloud. The first one is advanced security analytics. So the nature of threats is evolving. They're becoming more sophisticated. We have very smart, well funded Attackers whose day job who spend all their time trying to break into organizations. So you need really advanced security analytics to detect those threats, then we need to automate security operations so that it's not so manual, so you don't have poor folks sitting in front of multiple consoles doing manual tasks to respond to those threats and make sure their organizations are protected. One key thing is that this year Splunk acquired true Star so that we can bring in d do rationalize multiple sources of threat intelligence and apply that threat intelligence both to our analytics and our operations so that you have broader insights from the security community outside Splunk and that intelligence can really help and speed both detection and response. And the last thing that's been true about Splunk since spunk became Splunk many many years ago is that we are committed to partners and we deeply integrate with many other security tools uh in a very seamless way. So whatever investments customers have made within their security operations center, we will integrate and bring together those tools in one workspace. So there's the big advantages I think you get when, when you run your security operations said transplant security cloud, >>that's a nice little description. And having followed Splint for so many years, it's sort of, it tracks the progression of your ascendancy. You know, you started you you we we used to have log analytics that were just impossible. You sort of made that much easier took that to advanced kind of use big data techniques even though Splunk really never used that term. But but you were like the leader and big data um in terms of being able to analyze um uh data to help remediate issues. The automation key is p pieces key the acquisitions. You've made a very interesting um you mentioned around de doop threat intelligence but also you've done some cool stuff in the cloud and we always used to say jane watch for the ecosystem. We early too early, you know, last decade we saw you as a really hot company. We said one of the keys to your growth is going to be the ecosystem. And you've you've clearly made some progress there. I wonder if you could tell us more About the announcements that you're making here at.com. >>Yeah. Well we're going back everything that we do on the security team, every line of code every engineer writes is all around helping detect, investigate and respond faster to really secure organizations. So if I look at those intern I start with faster time to detect what have we done. So bringing in the threat intelligence that I mentioned again, that's really gonna help to take new threats and to take them really, really quickly. You don't have to spend time going and looking manually at external sources of threat intelligence. It will be brought right in to enterprise security at your fingertips. So that that's pretty huge. We're bringing other more advanced content right into our stem enterprise security. So that will help detect threats that our research team sees as emerging again. This is going to just bring bring that intelligence right to customers where they work every day, um faster time to investigate. So this is this is really exciting uh back in november we reduced and we are really something called risk based alerting. That is an amazing new capability that we've iterated on ever since. And we have more iterations that we're announcing um tomorrow actually. And so risk based alerting pulls together what may have been single atomic alerts that can often be overwhelming to a sock brings those together into one overarching alert that helps you see the whole pattern of an attack, the whole series of things that happened over time. That might be an attack on your organization. One customer told us that that reduced the time it took for them to do an investigation from eight hours down to 10 minutes to really helping faster time to investigate. And then the next one is faster time to respond. So we have a new visual playbook editor for our sore security orchestration and response to which is in the cloud but also available on prayer. But that new visual playbook editor really reduces the need for custom code. Makes playbooks more modular, so it can help anyone in the security operations team respond to threats really, really quickly. So faster time to detect, investigate and respond those are, those are really cool for us. And then there's some exciting partnerships that I want to talk about just to really focus on reducing the burden of all those disparate tools on consoles and bringing them down and and integrating them together. So we'll have some announcements. There are new integrations that we're releasing with Mandiant Aziz scalar and detects. I'm personally very excited about a fireside chat that Kevin Mandia, the Ceo and president of Mandiant, we'll be having tomorrow with our Ceo Doug merit. So those are some of the things we're announcing. It's a big year for security. Very excited >>to tell you that's, that's key. I want to just kind of go through and follow up on some of the faster time to detect with the threat intelligence. That's so important because we read about how long it takes sometimes for for organizations to even find out that somebody has infiltrated their environment. This risk based learning, it sounds like and you're so right, it's like paper cuts having a bottoms up analysis. It's almost overwhelming. You don't have a sense as to really where the focus should be. So if you can have more of a top down, hey start here and sort of bucket ties things. It's gonna, it's gonna accelerate and then the faster response time. The thing that strikes me jane with your visual playbook editor is as you well know, the the way in which bad guys get in now they're very stealthy, you almost have to be stealthy in your response. So if you have to write custom code that's going to alert the bad guys that they're they're seeing now seeing code that they've never seen before, they must have detected us and then they escalate, you know, they get you in a harder, tighter headlock. Uh and I love the partnerships, you know, we, we followed the trend toward remote security. Cloud security, where's the scale is a big player, Amanda you mentioned. So that's that's great too. I mean it feels like the puzzle pieces are coming together. It's it's almost like a game of constant, you know, you're never there but you've got to stay vigilant. >>I really think so today. I mean it's been a great 12 months that's blank. We have done so much over the past year leading up to this.com. I'm very excited to talk to folks about it. I think one thing I didn't really mention that I kind of touched on earlier in the talk that we're having was around cloud security monitoring. So holistic cloud security monitoring. We've got some updates there as well with deeper integrations into G C P A W S Azure, one dr SharePoint box net G drive. Like customers are using many, many cloud services today and they don't have a holistic view across all those services I speak to see so every week that tell me they just really need one view. Not to go into each of those cloud service providers or cloud services, one at a time to look at the security posture, they need that all in a central location. So we normalize, we ingest and normalize data from each of those cloud services so you can see threats consistently across each of them. I think that's really, really something different that Splunk is doing um that other security offerings are not doing. >>I think that's a super important point and I do hear that a lot from CsoS where they say look we have so many different environments, so many different tools and they each have their own little framework so we have to go in and and investigate and then come back out and then our teams have to go into a new sort of view and come back out and and they just run out of time and they just don't again, lack of lack of skills to actually do this, can't hire half fast enough, can't train fast enough. So so that higher level view but still the ability to drill down and understand what those root causes. That's it's a it's a it's a top down bottoms up type of approach and and so as opposed to just throwing grains of sand at the second teams and then hoping, you know, they find the pearl, so jane, I'll give you the last word, Maybe some final thoughts. >>No, I just wanted to thank everyone for listening. I want to thank everyone for joining dot com 21. We're very excited to hear from you and speak with you. So thank you very much. >>Excellent. Great having you in the cube, keep it right there, everybody for more coverage of the cube. Splunk dot com 21. We'll be right back, >>Yeah.

(upbeat music) >> Female: From our studios, in the heart of Silicon Valley, Palo Alto, California, this is a Cube conversation. >> Hey welcome back everybody. Jeffrey here with The Cube. We're in our Palo Alto studios today for a Cube conversation. Again, it's a little bit of a let down in the crazy conference season, so it gives us an opportunity to do more studio work, and check in with some folks. So we're really excited to have our next guest. We'd love to talk to practitioners, people out on the front lines that are really living this digital transformation experience. So we'd like to welcome in, all the way from Toronto, the NBA champion, Toronto, home of the Raptors, he's Phillip Armstrong, global C.I.O., and E.V.P. from Great-West Lifeco. Philip, great to see you. >> Thanks, Jeff, good afternoon. >> And I got to say congrats, you know, you took the title away from us this year, but a job well done, and we all rejoiced in Canada's happy celebration. I'm sure it was a lot of fun. >> Lots of excitement here in Toronto for sure. >> Great, so let's jump into it. A lot of conversations about digital transformations. You're right in the heart of it, you're running a big company that's complicated, it's old. So first off, give us a little bit of a background just for people that aren't familiar with Great-West Lifeco in terms of how long you've been around, the scale and size, and then we can get into some of the challenges and the opportunities that you're facing. >> Sure, I'd love to. Actually, one of probably the world's best kept secrets. So Great-West Lifeco is a holding company, and underneath that company, we have a number of companies. So for example in the U.S., you may have heard of Putnam Mutual Funds out of Boston, or Empower Retirement Services, the second largest pension administration company in the United States out of Denver. We have companies called Canada Life and Irish Life. We operate in Europe, the U.S., and Canada. We were formed in 1847, so we're 170 odd years old. Very old, established company, in fact, the first life insurance company to get its charter in Canada. So we were certainly not born digital, we were not born in the cloud. In fact, we weren't even born analog. I think our history goes back to parchment, green ink, and "I" shares. So this has been quite the digital transformation for our company. >> So when you think about digital transformation, insurance companies are always interesting, right? Because insurance companies, by their very nature, they created actuarials, and you guys have always been doing math, and you've always been forecasting, and building models. What does digital transformation mean for you, and that core business in the way you look at insurance and the products that you offer your customers? >> It's been massive, it's had a massive impact right across our company. We have 30 million customers around the globe. Customers' expectations are rising every single day. They want online access to their information. We're an insurance company, but we're also a wealth management company, so we're open to market timing and exposures to the market. Our pace in our business has accelerated dramatically. So just the expectation, the other companies, digitally-native companies are setting with our customers, has forced us to completely re-examine our traditional business models that have served us so well, almost to the point where you have to take a hand grenade and just blow it up and start again. This is very, very difficult when you've got actuarial tables that are working, that are built on hundreds of years of experience. We're moving into a completely new world now. We've come from a world where security has always been very important to us. We manage 1.4 trillion dollars of other people's money. We have traditional business models and traditional data centers, and we operate at a certain level, a certain pace, and all of that, all of that, now has to change. We have skill sets and people who are very, very technical in nature, in their jobs, and have we got the right skills to take us into the future? Can we future-proof our business? This has been, not just a technology transformation, but a massive cultural transformation for our company. A reinvention of all of our business models, the way we look at our customers. A lot of our business is done through advisors. We have half a million advisors around the world that give financial planning and advice to people, and allow them to have some financial security. Our relationship with them has to change, and their expectations in using technology has to change. So this digital transformation is only a thin sliver of the transformation that our company has been going through globally over the last few years. >> That's interesting, you talked on so many topics there I want to kind of break it down into three. One is the consumerization of IT that we've talked about over and over and over, and people's experience with Yahoo and Amazon, and shopping with Google and Google Maps, really drives their expectations of the way they want to interact with every application on their phone when they want to, how they want to. So that's interesting in terms of your customer engagement. The other piece I want to go in a little bit is your own employees. You've been around since 1847, the expectations of the kids that you're hiring out of college today, and what they expect in their work environment, also driven in a big part by the phones that they carry in their pockets. And then the third leg of the stool are these, I forget the word that you used, but your partners or associates, or these advisors that you are enabling with your technology stack, but they're, I assume, independent folks out there just like you see at the local insurance office, that you need to enable them in a very different way. You're sitting in the middle. How do you break down the problems across those three groups of people, or contingencies, or constituencies? That's the word I'm looking for. >> Let's start with our advisors. We have many relationships with advisors. We have a relationship with an advisory force that is almost like a tied sales force that is positioned just to sell our products. We have advisors who are quite independent, and yet they sell our products. And then we have advisors that occasionally sell our products, and everything in between. Companies that are advisors, sort of managing general agents. We have bank assurance arrangements. We have all kinds of distribution arrangements around the globe, with our company to distribute our products. But the heart of what we do is an advice-based channel with many variants. So what do those advisors want? The want tools, online tools, they want safe connectivity, they want fast access to the internet, they want to be able to pull in advice, they want video conferencing, they want to be able to be reachable by their customers, and really leverage technology to allow them to provide that timely advice and be responsive to market changes. Almost delivering a bespoke service to each individual, in yet a mass way that's simple and timely. When you look at our employees, our employees pretty much want the same thing. They want safe access to the internet, they want safe access to the cloud and our applications. We've had to go through massive amounts of cultural change and training and education to bring our employees into the new world with new skills and equip them, just ways of working. Video, introducing video into our company, upgrading our networks. The change behind all of this different way of working has been phenomenal. I wish you could see the building we're sitting in today, that I'm coming to you from today. It's a stone building that was built in the early 1930s, a prominent landmark here in Toronto. And from the outside, it looks archaic. When you walk into the lobby, it's all art deco and beautiful. They can't make buildings like this today. But in many ways, it epitomizes our company, because then you go up the elevators and walk onto the floors, and it's all open plan, all digitally enabled. We have Microsoft Teams in every meeting room. The floors are all modern and newly decorated and designed to allow us to collaborate and create new solutions for our customers. It's a real juxtaposition . And that, I feel, is a good analogy for our company right now, and what we're going through. >> So let's talk about how it's changed in terms of the infrastructure. Your job is to both provide tools to all these different constituents you talked about as well as protect it. So it's this interesting dynamic where before, you could build a moat, and keep everybody inside the brick building. But you can't do that anymore, and security has changed dramatically both with the cloud as well as all these hybrid business relationships that you described. So how did you address that? How have you seen that evolve over the last several years, and what are some of the top of mind issues that you have when you're thinking about I've got to give access to all these people. They want fast, efficient tools, they want really a great way for them to execute their job. At the same time, I've got to keep that $1.4 trillion and all that that represents secure. Not an easy challenge. >> Not easy at all. A few years ago, it was pretty trendy to say we're going to move everything to the cloud. I think now, especially for large, complex companies like ours, a hybrid cloud is the way to go. I think we're starting to see a lot more CIOs like myself say, yes I'd love to take advantage of the cloud, and I'm certainly moving a lot of my footprint to the cloud. To start with it was because of cost, but now I think it's because of agility and access to new technologies as well. But when you move things to the cloud, you have to be very cautious around how you do that. We have in-house data centers that we have systems, administration systems that are obfuscated from our clients by fancy front ends and easy-to-use experiences. And they're running on pennies on the dollar, and you can't make a business case to move that to the cloud. So a hybrid cloud is the way to go for us. But what we realized very quickly is that we need to push our Cyrus security and defenses out to the intelligent edge, out to the edge of the internet. Stop bad things happening, stop malware, stop infections coming into our organization before they even come into our organization. The cloud has complicated that. We're reducing our surface areas. I heard just the other day a colleague of mine said yeah the cloud is fabulous, it's a faster way to deliver your mistakes to your customers and in many ways, it is, if you're not careful with what you're doing. We've deployed technology like Zscaler and other types of sand-boxing technology. But it's always a cat and mouse game. The bad guys are putting artificial intelligence into their malware. We saw the other day a piece of malware coming into our organization through email, and when it was exploded, the first thing it did was try to check signatures to see if it was in a virtualized environment. And if it was, it just went back to sleep again and didn't activate. The nice thing about Zscaler and some of the technologies that I'm deploying is that they're proprietary. They don't have these signatures. And so we can screen out, we literally get hundreds of thousands, close to millions, of malware attempts coming into our organization on a daily basis. It is a constant fight. What we've also found is that organizations like ours are big targets. What companies are trying to do is not steal our data, because they know that we won't pay ransoms. What we'd like to do is spend that money protecting our customers with credit monitoring, or changing their passwords and helping them deal with if there is a breach. So the bad guys have changed their tactics. Instead of stealing our data, they'd like to try and penetrate our networks and our systems and cripple us. They would really like to bring us down. And that determines a different strategy and protection. >> You touch on so many things there, Philip. We could go for like three hours I think just on follow-ups to that answer. Let me drill in on a couple. One of them, I'm just curious to get your perspective on how you finance insurance. You made an interesting comment, you don't pay ransom, and you have a budget that you spend on security within all the other priorities you have on your plate. But you can't spend everything on insurance, you can't get ultimate 100% protection. So when you think about your trade-offs, when you think about security almost from like an insurance or business mindset, what's the right amount to spend? How do you think about the right amount to spend for security versus everything else that you have to spend on? >> That's a great question, and I've been talking to my peers around what is the right amount of money? You could spend tons and tons of money on Cyber and still be breached. You can do everything right and again, still be breached. You just have to be very pragmatic about where you direct your resources. For us, it was hardening the perimeter was the start. We wanted to stop things getting in as best we could, so we went out to the cloud and put defenses right at the edge, right at the intelligent edge, and extended our network out. Then we went and said, what is our weakest link, and through social engineering and through dropping things onto people's desktops and them trying to breach into our network, we got some pretty sophisticated technology in end point detection. We monitor our devices using our SIM, we have a dedicated monitoring center that is global, that is in-house and staffed. We've built up a lot of capabilities around that. So then it becomes prioritizing your crown jewels, your most sensitive data, trying to put that most sensitive data into protected zones on your network, and clustering even more defenses around that most sensitive data. I'm a big believer in a defense in depth strategy, so I would have multiple layers of cyber security that overlap. So if you can manage to circumvent some, you might get caught by others. And really that's about it. It's been a struggle. We have a lot of people who specialize in risk-management in our company. So everyone's got an opinion, but I think this is a common challenge for global CIOs. >> I'll share you a pro-tip in a couple of the security shows. It seems HVAC systems are ripe for attack, and the funniest one I've every heard was the automated thermometer in a lobby fish tank at a casino that was the access point. So IOT adds a different challenge. >> Or vending machines. >> Yeah, but HVAC came up like five times out of ten, so watch our for those HVAC systems. But, we're here as part of the Zscaler program, and you've already mentioned them before, their name is on this screen. You've talked before about leveraging partners, and Zscaler specifically, but you mentioned a whole host of really the top names in tech. I wonder if you could give us a bit more color on how do you partner? It's a very different way to look at people in a relationship with a company and the reps that you deal with, versus just buying a product and putting in their product. You really talk about partnering with these companies to help you take on this ever-evolving challenge that is security. >> That's a fabulous question. I know that I cannot match the research and development budgets of some of these very large tech companies. And I don't have the expertise. They're specialists, this is what they do. We were the first company I think to install Zscaler in Canada. We have a great relationship with that company, and Jay's onto something here. He's a thought leader in this space. We've been very pleased with our cooperation and support we got from Zscaler in helping us with our perimeter. When we look inside our company, the network played a big part of delivering cyber security and protection for our customers. We placed a phone call over to Cisco and said come on in and help us with this. We need to completely revamp our network, build a leaf and spine architecture, software-defined network, state of the art, we really want the best and the brightest to come in and help us design this network globally for us. So Cisco has been a superb partner. Cisco has one North American lab, where they try out their new technologies and they advance their technologies. It's just down the street here in Toronto, so we've been able to avail ourselves with some pretty decent thought-leadership in the space. And then also FireEye has been absolutely superb working with them, and we developed pretty close relationships with them. We support their activities, they come in and help us with ours. We've used their consulting agency, Mandiant, quite a bit, to give us advice and help us protect our organization. And I think aligning yourself with these quality companies, Microsoft, I have to call out Microsoft, have been superb, starting from the desktop and moving us through, vertically aligned into the cloud, and providing cyber security every step of the way. You can't rely on one vendor, you have to make sure that these suppliers are partners. You turn vendors into partners and you make sure that they play well together, and that they understand what your priorities are and where you want to go. We've been very transparent with them around what we like and what we don't like, and what we think is working well and what isn't working well. We just build this ecosystem that has to work well in this day and age. >> Well Phillip I think that's a great summary, that it's really important to have partners, and really have a deeper business relationship than simply exchanging money for services. The only way, in this really rapidly evolving world, to get by, because nobody can do it by themselves. I think you summarized that very, very well. So final question before I let you go back to the open floor plan, and all the hard working people over there at Great-West Lifeco. What are you priorities for the balance of the year? I can't believe it's July already, this year is just zooming by. What are some of the things, as you look down the road, that you've got your eye on? >> Well we're certainly watching some of the geo-political activities. We have large operations in Europe, from my accent you can probably tell I'm a Brit. So we're watching Brexit and how that plays out. We're certainly trying to develop new and innovative products for our customers, and certain segments are interesting. The millennial segment, the transference of wealth from people in the later generations into earlier generations, passing wealth down to their kids. Retirement is a really big category for us, and making sure that people have good retirement options and retirement products. And of course, we're always kicking tires, and we're looking out for any opportunities in the M&A market as well, as our industry consolidates and costs rise. So that's kind of what's keeping us busy, and of course rolling out really cool technology. >> All right well thanks for taking a few minutes in your very busy day to spend it with us, and give us your story on the global transformation, the digital transformation and Great-West Life Company. >> You're very welcome, Jeff. Nice chatting with you. >> You too, thanks again. So he's Phil, I'm Jeff, you're watching The Cube. Just had a Cube Conversation out of Palo Alto studios. Thanks for watching, we'll see you next time. (upbeat music)