>>Okay. We're back at the area in Las Vegas, Falcon 22. You're watching the cube. My name is Dave Valante. Michael cent is here. He's the chief technology officer at CrowdStrike. Michael. Good to see you. Thanks. Thanks >>For >>Having me. Yeah. So this is your first time I think, on the cube. It is, and, and it's really a pleasure. I've been following you, watching you very closely. You're, you know, quite prominent and, and, you know, very articulate. I loved your keynote talking about what is XDR. I think you guys are gonna do really well in that space, cuz you've got clarity of vision and execution. Talk about some of the announcements that you made this week, particularly interested in, in insight. XDR what's that all about? >>Yeah. So I've been talking about XDR for a while and trying to help push the right narrative. There's a lot of marketing in the industry with XDR. So we've been talking a lot about what it, what it means that the benefit that it provides from a technology perspective, what you need in the architecture. So we firmly believe it's a philosophy and we build all of our technology to work together, but it's bringing in third parties. And that was really a lot of the, the announcements. My keynote was to show everybody the work that we've been doing to bring in data from Zscaler and Proofpoint. And we talked about bringing in data from a whole range of different vendors, firewall vendors, and we've been doing XDR use cases for a long time. So a big part of our strategy is to make security easy. And we've been doing a lot of XDR use cases with our Falcon insight module. So the announcement that I made was to relaunch Falcon insight as insight XDR and it means all of our close to 20,000 customers have access to the product. >>So that gets bundled right in it's like SAS automatically part of the portfolio >>Log off on Friday, come back on Monday and you're good to go. >>And then, and you, you just, you just called out Zscaler and Proofpoint you, I think you also mentioned Palo Alto network, Cisco for net as well. You're pulling in telemetry from, yeah, >>We've got a, we got a long map of, of people that we're integrating with. We talked about Cisco, we talked about for drop and for net, we announced that we're gonna be pulling in telemetry from, from Palo and a range of other vendors, Microsoft and others. And that's what XDR is about. It's about first party and third party integration and making all of the telemetry work together. >>I was talking to George about this yesterday is I think there's a lot of confusion. Sometimes when you have the dogma of cloud native, you know, snowflake, same thing, no, we're not doing OnPrem. This is hybrid. People think that that you're excluding on-prem data, but you're not, you can ingest on-prem data, right? >>We absolutely are not excluding on-prem. We will support and, and secure every workload, whether it's on-prem or in the cloud, whether it's connected to the internet or offline, a lot of the, the indicators of attack and the, and the detection techniques that we have are on the sensor itself. So you don't have to be connected anywhere for that capability to work. You get the benefit when you connect to the cloud of the additional visibility, the additional protection, but the core capabilities on the sensor that we have >>Given that you guys started 11 years ago, plus two days now, and you had that dogma cloud cloud, first cloud cloud, only Nate cloud native. Was there ever a point where you're like, you know, boy, we might be missing some of the market, you know? And, and you, you, you held true to your principles. Two part question. Did you ever question that and by focusing all your resources on cloud, what, what has that given you? >>It's there's been a Eliza focus on having a, a native cloud platform. It's easy to say cloud native. And if you look at a lot of the vendors in the industry today, if you are a, a customer and you ask them, Hey, can you gimme an on-premise product? I'm not gonna buy your product. They've got an on premise product. The problem is when you have two different versions, you end up having compromise. You have to manage two code bases, impact to your engineering team. Their features are different customers. Ultimately are the ones that miss out because if I have the on-prem version or if the cloud version, I may not get the same capability for us, it's been very clear. It's been a laser focus to be a cloud and cloud only from day one. >>You've renamed humo. I gotta stop using humo. I guess it's not called log scale, Falcon, complete log scale. You're bringing together security and observability. Although you're not doing the full spectrum of observability, you're just sort of focusing on, you know, part of it. Can you explain that? >>Yeah. So first of all, we did rebrand and bring the homeo brand closer to a crowd strike by renaming it Falcon log scale. And just to be clear, it's not just the rebranding of the name. We've been spending a lot of time. We made that acquisition in March of, of last year, and we've been doing a lot of work on the technology. We built out long, the Falcon long term retention. We built a whole bunch of capability into the product. So now was the right time to rebrand it as Falcon log scale. And at the same time, we also announced Falcon complete log scale. And it's part of the complete franchise. And that's where customers can get the value and the benefit of log scale, but they don't have to set it up. They don't have to manage it. They leave that to us. >>So you get pretty much involved in, in the, the M and a activity. You talked on stage yesterday about reify and, and what's going on there. You guys got, obviously gotta, still do that. You, but you made investments this week. You announced investments in salt security, the API specialist, and, and also Vanta compliance automation. What's the thinking behind that, you know, explain actually the fund that you guys are sprinkling around as a strategic investor and why those companies. Yeah. >>So there's two, two parts that, that I'm involved in on that part of my team. One is the M and a team. And one is the Falcon fund side of the business. Obviously two very different things. The, the M and a part of CrowdStrike, we're always looking to see for every technology space that we want to get into, you know, what is the best option build by a partner? Sometimes it's built sometimes it's a, it's a hybrid approach of build and partner. Other times we go down the path of M and a, and I was super excited about reify, great company, great technology. And as you said, we made announcements to we're investing as part of the fund into, into van and salt. We, we, we are very blessed. We're very fortunate to have achieved a lot of success in a short period of time. And we think we've got an opportunity to help fledgling companies to help them guide through the process of setting up the company, helping them with engineering principles and guidelines, helping them with the go to market perspective. So the fund is really about that. It's finding the next cybersecurity company working closely together, and it's been a huge success. You had banter and salt on earlier, and there's so much excitement about what they do. >>Yeah. I mean, it's clear, clear, compliment to what you guys are doing. I want to ask you about your lightweight agent. There, there are other firms that say they have a lightweight agent too. You know, what, what makes your lightweight agent so different? So special? >>Yeah. I've never seen a PowerPoint presentation. That's wrong. It's very easy to, to say your lightweight agent is, is, you know, super lightweight. And many times when you look at them, they're, they're not lightweight. They take a lot of effort to install. They need reboots. If you've got security, that's part of the operating system. If you've got security that requires to reboot, you can't go to a bank and say, Hey, you've got a hundred thousand machines. We're gonna install all of this technology, but you've gotta reboot it once, twice, three times. So what ends up happening is you see deployment cycles that go on for 12 months. I've spoken to organizations here this week that said we had budgeted to roll out your product in 18 months because of what we experienced in the past. And we did it in seven weeks. That's a lightweight agent with no reboot. And then you look at the updates. You look at the CPU resource utilization. So again, very easy to say lightweight. I haven't seen anything like what we've built at crowd strike. >>How do you keep an agent lightweight when you're both acquiring in companies and adding modules? I think you're, you're over 20 modules now. How, how is it that the, the agent can remain so lightweight? >>So we spent a lot of time building out the agent cloud architecture that we have, the, the concept of our agent is very different. It's not collecting data, storing it, trying to sell, send it up. We have a smart agent with smart filtering built in. So we're very careful in terms of the data that we collect, but think of the aperture on a camera. You know, if you wanna let more light in you, you widen the aperture. It's the same as our, our agent. If we wanna bring in more telemetry, we, we widen that aperture. So we're very efficient on the network. And we collect data. When machine process runs, we collect that telemetry. We use it in different ways, but we collect once and reuse it many times. So it's the same agent for NextGen AV for EDR, for our spotlight vulnerability management module. And when we're looking at M M and a, so coming back to your, your question, we will look at technology. And if we can't bring that technology and incorporate it into the agent that we already have, we won't acquire it. Worst thing in security is complexity. When you give an organization, 1, 2, 3, 5 plus agents, and then they have 3, 4, 5 plus management consoles. It's too hard when they're under attack. >>Well, it's like my, my business partner co-host John furrier says is that as an industry, we tend to solve complexity with more complexity. And it's, that's problematic. Can you talk about your, your threat graph? Like, what is that? Is it a, is it a graph database? Is it a purpose built? Is it a time series, database, a combination? What, what is >>That? Yeah, it is a graph database. When we, when, when the company was started, obviously the vision was to crowdsource telemetry from so many machines from millions of devices around the world. And the thesis at the time was as that capability scales out, there's nothing commercially available that will be able to ingest all of that data. And today we are processing over 7 trillion events every single week. We, we can't go and get something off the shelf. So we've had to build the, the technology from the ground up. That's the first part. Secondly, there is a temporal element to this. There's a time element. And we, we have an ontology built where we track the relationship between all the telemetry that we get. The reason why I believe we stand alone in EDI is because of that time element, the relationship that we have, and we just have so much context that makes it easy for the threat hunter speed and, and ease of use is critical in cyber. >>So you see in data in the database world, everything's kind of converging with all this function, you know, 11 years ago, these were pretty rudimentary. I shouldn't say rudimentary, but immature markets they've come a long way. If you had to start, if, if those capabilities that are there today with graph databases and time series databases were available in, in 2010, would you have used off the shelf technology, or would you have still developed your >>Own? We would've done the same thing that we've done today. >>And, and why can you explain what that, what that is it a performance thing? Is it just control? >>Yeah, look, it, it, it's everything that I talked about before, the, the benefit that you get from the approach that we've taken and the scalability that the requirements that we need, we still today, there's nothing that we can, we can go and get off the shelf that can scale and give us the performance that we need that can give us the ability to, to have that relationship data, the ontology of, of what we have in the platform and the way that we inter operate with all of the different modules that just wouldn't exist. We wouldn't have that capability. And what you'd find is we'd be pretty much the same as every other vendor where they have on-prem solutions, they have hybrid hosted solutions. And when you have those trade offs, you see it in the product. >>Yeah. So the, the point is you're very focused on the purpose of your, your proprietary technology. You're not trying to serve the all things to all people. You used the term yesterday in your keynote, which it, it caught my attention. You used the term ground truth, and it has very specific meaning. Can you explain what you meant by what is ground truth, you know, in the world? And what, what, what does it mean to CrowdStrike? Yeah, >>I was talking about ground truth as it relates to the acquisition of reify and the big thing for us, we wanted to bring additional capability to the platform, to give our customers external and internal visibility of all their assets and all their vulnerabilities. What's important with us, with our agent is today, we give you a single source of truth. When we put that agent onto a device, we tell you everything about the hardware. We tell you everything about who's logged in. We tell you everything about the applications that are running the relationships between the, of the device and the application. We're not a CMDB. We feed CMDB with information that is instant, that is live. And when we look at reify, it broadens again, I'll use the same word. It broadens the aperture. It gives us more visibility around what's going on. So we're, we're super excited about that because having information about all of your assets, all of your users, the applications they use, whether they're vulnerable, how you need to protect them, having it at your finger fingertips, it's a game changer >>Contract, can CrowdStrike be a generational company. And what do you have to do to ensure that that outcome occurs? We, >>We, I think we absolutely are. And, and we're we're path paving a path to, you know, really continuing to build out that platform. I said, in my keynote that I think we're at an early innings. I, if you buy, for example, as a customer, our insight module, cuz you wanna start with EDR, you've got 21 modules to go yesterday. Today we, we talked about discover 2.0, we talked about discover for IOT. I talked about the, the repository acquisition, a whole range of technology built on that single cloud agent architecture. And we've heard the success stories here this week from customers that have just gotten so much benefit. They've rolled out one agent and they've turned off eight or nine from other security vendors. So absolutely we can be a generational company with what we're doing. What >>Are the blockers to customers turning on those additional modules? Cause not, not all customers are using our modules. Is it that they've made an investment in an alternative technology and they're sort of hugging onto it or are there other technical blockers? Yes. >>It many times it's the investment, right? So if you've made a, an investment in the company, you've got a year to go, you might wanna sweat that asset. But typically what we find is the benefit that we have. It's a very simple conversation. If we can give people a cost and a technology benefit, they're gonna make the transition to move. There's so many technical benefits. We talked about the single agent, but the actual features of the modules themselves. But the big thing for us is we've done over 4,700 business value assessments where we sit down with an organization and we look at what they have. We look at what their spend is. We look at their FTEs, we look at the security outcomes that they get. And then we come out with a model that shows them technology and business value. And that's what really drives them to make the switch. >>So the business value in that VVA is not just a, a reduction in expected loss. That's part of it, better security you're gonna, you know, be, be, be lower your risk. But you're saying it's also the labor associated with that. Yeah, >>Absolutely. It's it's how do you operationalize the solution? How many people do you need? How long does it take you to respond? You know, how do you interact with third parties with your suppliers is taking in all of that data. We've spent a long time building out that model and it's, it's proving to be very successful customers. Love it. Is >>That, is that sort of novel ROI thinking in the security business or I'm trying to think of, I mean, I know for years it would watch art. Coviello stand up at RSA and tell us how, how this year's worse than last year. And so, but, but, but I never really heard, you know, a strong business case that would resonate with the, with the P and L manager, other than, you know, we gotta do this or we're gonna get hacked and you're gonna be screwed. Is that new thinking? Or am I, did I just miss it? >>I don't know if I wanna size new thinking. I think what happened, what changed was 10, 15 years ago at a conference you'd stand up and everybody would tell you ransomwares up and fishing is up. And at the end of it, people are trying to work out. Is that good? Or is that bad? It went up 20% based off what that doesn't work anymore. Everyone, you know, got tired of that. And a few of us have been doing it for a while. I I'm, I'm sort of two and a half decades into this. And if you, if you try to use that model of scaring people, they switch off, they want to understand the benefit. You know, the break in the car is so you can go and stop safely when you need it. And I look at security the same way we want to accelerate the company. We want to help companies do their job, but security is there to make sure they don't get into trouble. >>Yeah. It's like having two security guards by your side, right? I mean, they're gonna help you get through the crowd and move forward. So Michael, thanks so much for coming to the cube. Thanks for having me your time. You're you're very welcome. All right. Keep it right there. After this short break, Dave ante will be back with the cube live coverage from Falcon 22 at the area in Las Vegas.