>>Hello and welcome back to the Cube's coverage of AWS Reinvent 2022. I'm John Furrier, host of the Cube. We got a great conversation with Patrick Kauflin, vice president of Go to Market Strategy and specialization at Splunk. We're talking about the open cybersecurity scheme of framework, also known as the O C sf, a joint strategic collaboration between Splunk and aws. It's got a lot of traction momentum. Patrick, thanks for coming on the cube for reinvent coverage. >>John, great to be here. I'm excited for this. >>You know, I love this open source movement and open source and continues to add value, almost sets the standards. You know, we were talking at the CNCF Linux Foundation this past fall about how standards are coming outta open source. Not so much the the classic standards groups, but you start to see the developers voting with their code groups deciding what to adopt de facto standards and security is a real key part of that where data becomes key for resilience. And this has been the top conversation at reinvent and all around the industry, is how to make data a key part of building into cyber resilience. So I wanna get your thoughts about the problem that you see that's emerging that you guys are solving with this group kind of collaboration around the ocs f >>Yeah, well look, John, I I think, I think you, you've already, you've already hit the high notes there. Data is proliferating across the enterprise. The attack surface area is rapidly expanding. The threat landscape is ever changing. You know, we, we just had a, a lot of scares around open SSL before that we had vulnerabilities and, and Confluence and Atlassian, and you go back to log four J and SolarWinds before that and, and challenges with the supply chain. In this year in particular, we've had a, a huge acceleration in, in concerns and threat vectors around operational technology. In our customer base alone, we saw a huge uptake, you know, and double digit percentage of customers that we're concerned about the traditional vectors like, like ransomware, like business email compromise, phishing, but also from insider threat and others. So you've got this, this highly complex environment where data continues to proliferate and flow through new applications, new infrastructure, new services, driving different types of outcomes in the digitally transformed enterprise of today. >>And, and what happens there is, is our customers, particularly in security, are, are left with having to stitch all of this together. And they're trying to get visibility across multiple different services, infrastructure applications across a number of different point solutions that they've bought to help them protect, defend, detect, and respond better. And it's a massive challenge. And you know, when our, when our customers come to us, they are often looking for ways to drive more consolidation across a variety of different solutions. They're looking to drive better outcomes in terms of speed to detection. How do I detect faster? How do I bind the thing that when bang in the night faster? How do I then fix it quickly? And then how do I layer in some automation so hopefully I don't have to do it again? Now, the challenge there that really OCF Ocsf helps to, to solve is to do that effectively, to detect and to respond at the speed at which attackers are demanding. >>Today we have to have normalization of data across this entire landscape of tools, infrastructure, services. We have to have integration to have visibility, and these tools have to work together. But the biggest barrier to that is often data is stored in different structures and in different formats across different solution providers, across different tools that are, that are, that our customers are using. And that that lack of data, normalization, chokes the integration problem. And so, you know, several years ago, a number of very smart people, and this was, this was a initiative s started by Splunk and AWS came together and said, look, we as an industry have to solve this for our customers. We have to start to shoulder this burden for our customers. We can't, we can't make our customers have to be systems integrators. That's not their job. Our job is to help make this easier for them. And so OCS was born and over the last couple of years we've built out this, this collaboration to not just be AWS and Splunk, but over 50 different organizations, cloud service providers, solution providers in the cybersecurity space have come together and said, let's decide on a single unified schema for how we're gonna represent event data in this industry. And I'm very proud to be here today to say that we've launched it and, and I can't wait to see where we go next. >>Yeah, I mean, this is really compelling. I mean, it's so much packed in that, in that statement, I mean, data normalization, you mentioned chokes, this the, the solution and integration as you call it. But really also it's like data's not just stored in silos. It may not even be available, right? So if you don't have availability of data, that's an important point. Number two, you mentioned supply chain, there's physical supply chain that's coming up big time at reinvent this time as well as in open source, the software supply chain. So you now have the perimeter's been dead for multiple years. We've been talking with that for years, everybody knows that. But now combined with the supply chain problem, both physical and software, there's so much more to go on. And so, you know, the leaders in the industry, they're not sitting on their hands. They know this, but they're just overloaded. So, so how do leaders deal with this right now before we get into the ocs f I wanna just get your thoughts on what's the psychology of the, of the business leader who's facing this landscape? >>Yeah, well, I mean unfortunately too many leaders feel like they have to face these trade offs between, you know, how and where they are really focusing cyber resilience investments in the business. And, and often there is a siloed approach across security, IT developer operations or engineering rather than the ability to kind of drive visibility integration and, and connection of outcomes across those different functions. I mean, the truth is the telemetry that, that you get from an application for application performance monitoring or infrastructure monitoring is often incredibly valuable when there's a security incident and vice versa. Some of the security data that, that you may see in a security operation center can be incredibly valuable in trying to investigate a, a performance degradation in an application and understanding where that may come from. And so what we're seeing is this data layer is collapsing faster than the org charts are or the budget line items are in the enterprise. And so at Splunk here, you know, we believe security resilience is, is fundamentally a data problem. And one of the things that we do often is, is actually help connect the dots for our customers and bring our customers together across the silos they may have internally so that they can start to see a holistic picture of what resilience means for their enterprise and how they can drive faster detection outcomes and more automation coverage. >>You know, we recently had an event called Super Cloud, we're going into the next gen kind of a cloud, how data and security are all kind of part of this NextGen application. It's not just us. And we had a panel that was titled The Innovators Dilemma, kind of talk about you some of the challenges. And one of the panelists said, it's not the innovator's dilemma, it's the integrator's dilemma. And you mentioned that earlier, and I think this a key point right now into integration is so critical, not having the data and putting pieces together now open source is becoming a composability market. And I think having things snap together and work well, it's a platform system conversation, not a tool conversation. So I really wanna get into where the OCS f kind of intersects with this area people are working on. It's not just solution architects or cloud cloud native SREs, especially where DevSecOps is. So this that's right, this intersection is critical. How does Ocsf integrate into that integration of the data making that available to make machine learning and automation smarter and more relevant? >>Right, right. Well look, I mean, I I think that's a fantastic question because, you know, we talk about, we use Bud buzzwords like machine learning and, and AI all the time. And you know, I know they're all over the place here at Reinvent and, and the, there's so much promise and hope out there around these technologies and these innovations. However, machine learning AI is only as effective as the data is clean and normalized. And, and we will not realize the promise of these technologies for outcomes in resilience unless we have better ways to normalize data upstream and better ways to integrate that data to the downstream tools where detection and response is happening. And so Ocsf was really about the industry coming together and saying, this is no longer the job of our customers. We are going to create a unified schema that represents the, an event that we will all bite down on. >>Even some of us are competitors, you know, this is, this is that, that no longer matters because at the point, the point is how do we take this burden off of our customers and how do we make the industry safer together? And so 15 initial members came together along with AWS and Splunk to, to start to create that, that initial schema and standardize it. And if you've ever, you know, if you've ever worked with a bunch of technical grumpy security people, it's kind of hard to drive consensus about around just about anything. But, but I, I'm really happy to see how quickly this, this organization has come together, has open sourced the schema, and, and, and just as you said, like I think this, this unlocks the potential for real innovation that's gonna be required to keep up with the bad guys. But right now is getting stymied and held back by the lack of normalization and the lack of integration. >>I've always said Splunk was a, it eats data for breakfast, lunch, and dinner and turns it into insights. And I think you bring up the silo thing. What's interesting is the cross company sharing, I think this hits point on, so I see this as a valuable opportunity for the industry. What's the traction on that? Because, you know, to succeed it does take a village, it takes a community of security practitioners and, and, and architects and developers to kind of coalesce around this defacto movement has been, has been the uptake been good? How's traction? Can you share your thoughts on how this is translating across companies? >>Yeah, absolutely. I mean, look, I, I think cybersecurity has a, has a long track record of, of, of standards development. There's been some fantastic standards recently. Things like sticks and taxi for threat intelligence. There's been things like the, you know, the Mir attack framework coming outta mi mir and, and, and the adoption, the traction that we've seen with Attack in particular has been amazing to, to watch how that has kind of roared onto the scene in the last couple of years and has become table stakes for how you do security operations and incident response. And, you know, I think with ocs f we're gonna see something similar here, but, you know, we are in literally the first innings of, of this. So right now, you know, we're architecting this into our, into every part of our sort of backend systems here at Polan. I know our our collaborators at AWS and elsewhere are doing it too. >>And so I think it starts with bringing this standard now that the standard exists on a, you know, in schema format and there, there's, you know, confluence and Jira tickets around it, how do we then sort of build this into the code of, of the, the collaborators that have been leading the way on this? And you know, it's not gonna happen overnight, but I think in the coming quarters you'll start to see this schema be the standard across the leaders in this space. Companies like Splunk and AWS and others who are leading the way. And often that's what helps drive adoption of a standard is if you can get the, the big dogs, so to speak, to, to, to embrace it. And, and, you know, there's no bigger one than aws and I think there's no, no more important one than Splunk in the cybersecurity space. And so as we adopt this, we hope others will follow. And, and like I said, we've got over 50 organizations contributing to it today. And so I think we're off to a running >>Start. You know, it's interesting, choking innovation or having things kind of get, get slowed down has really been a problem. We've seen successes recently over the past few years. Like Kubernetes has really unlocked and accelerated the cloud native worlds of runtime with containers to, to kind of have the consensus of the community to say, Hey, if we just do this, it gets better. I think this is really compelling with the o the ocs F because if people can come together around this and get unified as well as all the other official standards, things can go highly accelerated. So I think, I think it looks really good and I think it's great initiative and I really appreciate your insight on that, on, on your relationship with Amazon. Okay. It's not just a partnership, it's a strategic collaboration. Could you share that relationship dynamic, how to start, how's it going, what's strategic about it? Share to the audience kind of the relationship between Splunk and a on this important OCS ocsf initiative. >>Look, I, I mean I think this, this year marks the, the 10th year anniversary that, that Splunk and AWS have been collaborating in a variety of different ways. I, I think our, our companies have a fantastic and, and long standing relationship and we've, we've partnered on a number of really important projects together that bring value obviously to our individual companies, but also to our shared customers. When I think about some of the most important customers at Splunk that I spend a significant amount of time with, I I I know how many of those are, are AWS customers as well, and I know how important AWS is to them. So I think it's, it's a, it's a collaboration that is rooted in, in a respect for each other's technologies and innovation, but also in a recognition that, that our shared customers want to see us work better together over time. And it's not, it's not two companies that have kind of decided in a back room that they should work together. It's actually our customers that are, that are pushing us. And I think we're, we're both very customer centric organizations and I think that has helped us actually be better collaborators and better partners together because we're, we're working back backwards from our customers >>As security becomes a physical and software approach. We've seen the trend where even Steven Schmidt at Amazon Web Services is, is the cso, he is not the CSO anymore. So, and I asked him why, he says, well, security's also physical stuff too. So, so he's that's right. Whole lens is now expanded. You mentioned supply chain, physical, digital, this is an important inflection point. Can you summarize in your mind why open cybersecurity schema for is important? I know the unification, but beyond that, what, why is this so important? Why should people pay attention to this? >>You know, I, if, if you'll let me be just a little abstract in meta for a second. I think what's, what's really meaningful at the highest level about the O C S F initiative, and that goes beyond, I think, the tactical value it will provide to, to organizations and to customers in terms of making them safer over the coming years and, and decades. I think what's more important than that is it's really the, one of the first times that you've seen the industry come together and say, we got a problem. We need to solve. That, you know, doesn't really have anything to do with, with our own economics. Our customers are, are hurt. And yeah, some of us may be competitors, you know, we got different cloud service providers that are participating in this along with aws. We got different cybersecurity solution providers participating in this along with Splunk. >>But, but folks who've come together and say, we can actually solve this problem if, if we're able to kind of put aside our competitive differences in the markets and approach this from the perspective of what's best for information security as a whole. And, and I think that's what I'm most proud of and, and what I hope we can do more of in other places in this industry, because I think that kind of collaboration from real market leaders can actually change markets. It can change the, the, the trend lines in terms of how we are keeping up with the bad guys. And, and I'd like to see a lot more of >>That. And we're seeing a lot more new kind of things emerging in the cloud next kind of this next generation architecture and outcomes are happening. I think it's interesting, you know, we always talk about sustainability, supply chain sustainability about making the earth a better place. But you're hitting on this, this meta point about businesses are under threat of going under. I mean, we want to keep businesses to businesses to be sustainable, not just, you know, the, the environment. So if a business goes outta business business, which they, their threats here are, can be catastrophic for companies. I mean, there is, there is a community responsibility to protect businesses so they can sustain and and stay Yeah. Stay producing. This is a real key point. >>Yeah. Yeah. I mean, look, I think, I think one of the things that, you know, we, we, we complain a lot of in, in cyber security about the lack of, of talent, the talent shortage in cyber security. And every year we kinda, we kind of whack ourselves over the head about how hard it is to bring people into this industry. And it's true. But one of the things that I think we forget, John, is, is how important mission is to so many people in what they do for a living and how they work. And I think one of the things that cybersecurity is strongest in information Security General and has been for decades is this sense of mission and people work in this industry be not because it's, it's, it's always the, the, the most lucrative, but because it, it really drives a sense of safety and security in the enterprises and the fabric of the economy that we use every day to go through our lives. And when I think about the spun customers and AWS customers, I think about the, the different products and tools that power my life and, and we need to secure them. And, and sometimes that means coming to work every day at that company and, and doing your job. And sometimes that means working with others better, faster, and stronger to help drive that level of, of, of maturity and security that this industry >>Needs. It's a human, is a human opportunity, human problem and, and challenge. That's a whole nother segment. The role of the talent and the human machines and with scale. Patrick, thanks so much for sharing the information and the insight on the Open cybersecurity schema frame and what it means and why it's important. Thanks for sharing on the Cube, really appreciate it. >>Thanks for having me, John. >>Okay, this is AWS Reinvent 2022 coverage here on the Cube. I'm John Furry, you're the host. Thanks for watching.

(upbeat music) (background crowd chatter) >> Hello, fantastic cloud community and welcome back to Las Vegas where we are live from the show floor at AWS re:Invent. My name is Savannah Peterson. Joined for the first time. >> Yeah, Doobie. >> VIP, I know. >> All right, let's do this. >> Thanks for having me Dave, I really appreciate it. >> I appreciate you doing all the hard work. >> Yeah. (laughs) >> You, know. >> I don't know about that. We wouldn't be here without you and all these wonderful stories that all the businesses have. >> Well, when I host with John it's hard for me to get a word in edgewise. I'm just kidding, John. (Savannah laughing) >> Shocking, I've never want that experience. >> We're like knocking each other, trying to, we're elbowing. No, it's my turn to speak, (Savannah laughing) so I'm sure we're going to work great together. I'm really looking forward to it. >> Me too Dave, I feel very lucky to be here and I feel very lucky to introduce our guest this afternoon, Clint Sharp, welcome to the show. You are with Cribl. Yeah, how does it feel to be on the show floor today? >> It's amazing to be back at any conference in person and this one is just electric, I mean, there's like a ton of people here love the booth. We're having like a lot of activity. It's been really, really exciting to be here. >> So you're a re:Ieinvent alumni? Have you been here before? You're a Cube alumni. We're going to have an OG conversation about observability, I'm looking forward to it. Just in case folks haven't been watching theCUBE for the last nine years that you've been on it. I know you've been with a few different companies during that time period. Love that you've been with us since 2013. Give us the elevator pitch for Cribl. >> Yeah, so Cribl is an observability company which we're going to talk about today. Our flagship product is a telemetry router. So it just really helps you get data into the right places. We're very specifically in the observability and security markets, so we sell to those buyers and we help them work with logs and metrics and open telemetry, lots of different types of data to get it into the right systems. >> Why did observability all of a sudden become such a hot thing? >> Savannah: Such a hot topic. >> Right, I mean it just came on the scene so quickly and now it's obviously a very crowded space. So why now, and how do you guys differentiate from the crowd? >> Yeah, sure, so I think it's really a post-digital transformation thing Dave, when I think about how I interact with organizations you know, 20 years ago when I started this business I called up American Airlines when things weren't working and now everything's all done digitally, right? I rarely ever interact with a human being and yet if I go on one of these apps and I get a bad experience, switching is just as easy as booking another airline or changing banks or changing telecommunications providers. So companies really need an ability to dive into this data at very high fidelity to understand what Dave's experience with their service or their applications are. And for the same reasons on the security side, we need very, very high fidelity data in order to understand whether malicious actors are working their way around inside of the enterprise. And so that's really changed the tooling that we had, which, in prior years, it was really hard to ask arbitrary questions of that data. You really had to deal with whatever the vendor gave you or you know, whatever the tool came with. And observability is really an evolution, allowing people to ask and answer questions of their data that they really weren't planning in advance. >> Dave: Like what kind of questions are people asking? >> Yeah sure so what is Dave's performance with this application? I see that a malicious actor has made their way on the inside of my network. Where did they go? What did they do? What files did they access? What network connections did they open? And the scale of machine data of this machine to machine communication is so much larger than what you tend to see with like human generated data, transactional data, that we really need different systems to deal with that type of data. >> And what would you say is your secret sauce? Like some people come at it, some search, some come at it from security. What's your sort of superpower as Lisa likes to say? >> Yeah, so we're a customer's first company. And so one of the things I think that we've done incredibly well is go look at the market and look for problems that are not being solved by other vendors. And so when we created this category of an observability pipeline, nobody was really marketing an observability pipeline at that time. And really the problem that customers had is they have data from a lot of different sources and they need to get it to a lot of different destinations. And a lot of that data is not particularly valuable. And in fact, one of the things that we like to say about this class of data is that it's really not valuable until it is, right? And so if I have a security breach, if I have an outage and I need to start pouring through this data suddenly the data is very, very valuable. And so customers need a lot of different places to store this data. I might want that data in a logging system. I might want that data in a metric system. I might want that data in a distributed tracing system. I might want that data in a data lake. In fact AWS just announced their security data lake product today. >> Big topic all day. >> Yeah, I mean like you can see that the industry is going in this way. People want to be able to store massively greater quantities of data than they can cost effectively do today. >> Let's talk about that just a little bit. The tension between data growth, like you said it's not valuable until it is or until it's providing context, whether that be good or bad. Let's talk about the tension between data growth and budget growth. How are you seeing that translate in your customers? >> Yeah, well so data's growing in a 25% CAGR per IDC which means we're going to have two and a half times the data in five years. And when you talk to CISOs and CIOs and you ask them, is your budget growing at a 25% CAGR, absolutely not, under no circumstances am I going to have, you know, that much more money. So what got us to 2022 is not going to get us to 2032. And so we really need different approaches for managing this data at scale. And that's where you're starting to see things like the AWS security data lake, Snowflake is moving into this space. You're seeing a lot of different people kind of moving into the database for security and observability type of data. You also have lots of other companies that are competing in broad spectrum observability, companies like Splunk or companies like Datadog. And these guys are all doing it from a data-first approach. I'm going to bring a lot of data into these platforms and give users the ability to work with that data to understand the performance and security of their applications. >> Okay, so carry that through, and you guys are different how? >> Yeah, so we are this pipeline that's sitting in the middle of all these solutions. We don't care whether your data was originally intended for some other tool. We're going to help you in a vendor-neutral way get that data wherever you need to get it. And that gives them the ability to control cost because they can put the right data in the right place. If it's data that's not going to be frequently accessed let's put it in a data lake, the cheapest place we can possibly put that data to rest. Or if I want to put it into my security tool maybe not all of the data that's coming from my vendor, my vendor has to put all the data in their records because who knows what it's going to be used for. But I only use half or a quarter of that information for security. And so what if I just put the paired down results in my more expensive storage but I kept full fidelity data somewhere else. >> Okay so you're observing the observability platforms basically, okay. >> Clint: We're routing that data. >> And then creating- >> It's meta observability. >> Right, observability pipeline. When I think a data pipeline, I think of highly specialized individuals, there's a data analyst, there's a data scientist, there's a quality engineer, you know, etc, et cetera. Do you have specific roles in your customer base that look at different parts of that pipeline and can you describe that? >> Yeah, absolutely, so one of the things I think that we do different is we sell very specifically to the security tooling vendors. And so in that case we are, or not to the vendors, but to the customers themselves. So generally they have a team inside of that organization which is managing their security tooling and their operational tooling. And so we're building tooling very specifically for them, for the types of data they work with for the volumes and scale of data that they work with. And that is giving, and no other vendor is really focusing on them. There's a lot of general purpose data people in the world and we're really the only ones that are focusing very specifically on observability and security data. >> So the announcement today, the security data lake that you were talking about, it's based on the Open Cybersecurity Framework, which I think AWS put forth, right? And said, okay, everybody come on. [Savannah] Yeah, yeah they did. >> So, right, all right. So what are your thoughts on that? You know, how does it fit with your strategy, you know. >> Yeah, so we are again a customer's first neutral company. So if OCSF gains traction, which we hope it does then we'll absolutely help customers get data into that format. But we're kind of this universal adapter so we can take data from other vendors, proprietary schemas, maybe you're coming from one of the other send vendors and you want to translate that to OCSF to use it with the security data lake. We can provide customers the ability to change and reshape that data to fit into any schema from any vendor so that we're really giving security data lake customers the ability to adapt the legacy, the stuff that they have that they can't get rid of 'cause they've had it for 10 years, 20 years and nothing inside of an enterprise ever goes away. That stuff stays forever. >> Legacy. >> Well legacy is working right? I mean somebody's actually, you know, making money on top of this thing. >> We never get rid of stuff. >> No, (laughing) we just added the toolkit. It's like all the old cell phones we have, it's everything. I mean we even do it as individual users and consumers. It's all a part of our little personal library. >> So what's happened in the field company momentum? >> Yeah let's talk trends too. >> Yeah so the company's growing crazily fast. We're north of 400 employees and we're only a hundred and something, you know, a year ago. So you can kind of see we're tripling you know, year over year. >> Savannah: Casual, especially right now in a lot of companies are feeling that scale back. >> Yeah so obviously we're keeping our eye closely on the macro conditions, but we see such a huge opportunity because we're a value player in this space that there's a real flight to value in enterprises right now. They're looking for projects that are going to pay themselves back and we've always had this value prop, we're going to come give you a lot of capabilities but we're probably going to save you money at the same time. And so that's just really resonating incredibly well with enterprises today and giving us an opportunity to continue to grow in the face of some challenging headwinds from a macro perspective. >> Well, so, okay, so people think okay, security is immune from the macro. It's not, I mean- >> Nothing, really. >> No segment is immune. CrowdStrike announced today the CrowdStrike rocket ship's still growing AR 50%, but you know, stocks down, I don't know, 20% right now after our- >> Logically doesn't make- >> Okay stuff happens, but still, you know, it's interesting, the macro, because it was like, to me it's like a slingshot, right? Everybody was like, wow, pandemic, shut down. All of a sudden, oh wow, need tech, boom. >> Savannah: Yeah, digitally transformed today. >> It's like, okay, tap the brakes. You know, when you're driving down the highway and you get that slingshotting effect and I feel like that's what's going on now. So, the premise is that the real leaders, those guys with the best tech that really understand the customers are going to, you know, get through this. What are your customers telling you in terms of, you know they're spending patterns, how they're trying to maybe consolidate vendors and how does that affect you guys? >> Yeah, for sure, I mean, I think, obviously, back to that flight to value, they're looking for vendors who are aligned with their interests. So, you know, as their budgets are getting pressure, what vendors are helping them provide the same capabilities they had to provide to the business before especially from a security perspective 'cause they're going to get cut along with everybody else. If a larger organization is trimming budgets across, security's going to get cut along with everybody else. So is IT operations. And so since they're being asked to do more with less that's you know, really where we're coming in and trying to provide them value. But certainly we're seeing a lot of pressure from IT departments, security departments all over in terms of being able to live and do more with less. >> Yeah, I mean, Celip's got a great quote today. "If you're looking to tighten your belt the cloud is the place to do it." I mean, it's probably true. >> Absolutely, elastic scalability in this, you know, our new search product is based off of AWS Lambda and it gives you truly elastic scalability. These changes in architectures are what's going to allow, it's not that cloud is cheaper, it's that cloud gives you on-demand scalability that allows you to truly control the compute that you're spending. And so as a customer of AWS, like this is giving us capabilities to offer products that are scalable and cost effective in ways that we just have not been able to do in the cloud. >> So what does that mean for the customer that you're using serverless using Lambda? What does that mean for them in terms of what they don't have to do that they maybe had to previously? >> It offers us the ability to try to charge them like a truly cloud native vendor. So in our cloud product we sell a credit model whereby which you deduct credits for usage. So if you're streaming data, you pay for gigabytes. If you're searching data then you're paying for CPU consumption, and so it allows us to charge them only for what they're consuming which means we don't have to manage a whole fleet of servers, and eventually, well we go to managing our own compute quite possibly as we start to get to scale at certain customers. But Lambda allowed us to not have to launch that way, not have to run a bunch of infrastructure. And we've been able to align our charging model with something that we think is the most customer friendly which is true consumption, pay for what you consume. >> So for example, you're saying you don't have to configure the EC2 Instance or figure out the memory sizing, you don't have to worry about any of that. You just basically say go, it figures that out and you can focus on upstream, is that right? >> Yep, and we're able to not only from a cost perspective also from a people perspective, it's allowed us velocity that we did not have before, which is we can go and prototype and build significantly faster because we're not having to worry, you know, in our mature products we use EC2 like everybody else does, right? And so as we're launching new products it's allowed us to iterate much faster and will we eventually go back to running our own compute, who knows, maybe, but it's allowed us a lot faster velocity than we were able to get before. >> I like what I've heard you discuss a lot is the agility and adaptability. We're going to be moving and evolving, choosing different providers. You're very outspoken about being vendor agnostic and I think that's actually a really unique and interesting play because we don't know what the future holds. So we're doing a new game on that note here on theCUBE, new game, new challenge, I suppose I would call it to think of this as your 30 second thought leadership highlight reel, a sizzle of the most important topic or conversation that's happening theme here at the show this year. >> Yeah, I mean, for me, as I think, as we're looking, especially like security data lake, et cetera, it's giving customers ownership of their data. And I think that once you, and I'm a big fan of this concept of open observability, and security should be the same way which is, I should not be locking you in as a vendor into my platform. Data should be stored in open formats that can be analyzed by multiple places. And you've seen this with AWS's announcement, data stored in open formats the same way other vendors store that. And so if you want to plug out AWS and you want to bring somebody else in to analyze your security lake, then great. And as we move into our analysis product, our search product, we'll be able to search data in the security data lake or data that's raw in S3. And we're really just trying to give customers back control over their future so that they don't have to maintain a relationship with a particular vendor. They're always getting the best. And that competition fuels really great product. And I'm really excited for the next 10 years of our industry as we're able to start competing on experiences and giving customers the best products, the customer wins. And I'm really excited about the customer winning. >> Yeah, so customer focused, I love it. What a great note to end on. That was very exciting, very customer focused. So, yo Clint, I have really enjoyed talking to you. Thanks. >> Thanks Clint. >> Thanks so much, it's been a pleasure being on. >> Thanks for enhancing our observability over here, I feel like I'll be looking at things a little bit differently after this conversation. And thank all of you for tuning in to our wonderful afternoon of continuous live coverage here at AWS re:Ieinvent in fabulous Las Vegas, Nevada with Dave Vellante. I'm Savannah Peterson. We're theCUBE, the leading source for high tech coverage. (bright music)

(upbeat music) >> Hello, everyone and welcome back to fabulous Las Vegas, Nevada, where we are here on the show floor at AWS re:Invent. We are theCUBE. I am Savannah Peterson, joined with John Furrier. John, afternoon, day two, we are in full swing. >> Yes. >> What's got you most excited? >> Just got lunch, got the food kicking in. No, we don't get coffee. (Savannah laughing) >> Way to bring the hype there, John. >> No, there's so many people here just in Amazon. We're back to 2019 levels of crowd. The interest levels are high. Next gen, cloud security, big part of the keynote. This next segment, I am super excited about. CUBE Alumni, going back to 2013, 10 years ago he was on theCUBE. Now, 10 years later we're at re:Invent, looking forward to this guest and it's about security, great topic. >> I don't want to delay us anymore, please welcome Mark. Mark, thank you so much for being here with us. Massive day for you and the team. I know you oversee three different units at Amazon, Inspector, Detective, and the most recently announced, Security Lake. Tell us about Amazon Security Lake. >> Well, thanks Savannah. Thanks John for having me. Well, Security Lake has been in the works for a little bit of time and it got announced today at the keynote as you heard from Adam. We're super excited because there's a couple components that are really unique and valuable to our customers within Security Lake. First and foremost, the foundation of Security Lake is an open source project we call OCFS, Open Cybersecurity Framework Schema. And what that allows is us to work with the vendor community at large in the security space and develop a language where we can all communicate around security data. And that's the language that we put into Security Data Lake. We have 60 vendors participating in developing that language and partnering within Security Lake. But it's a communal lake where customers can bring all of their security data in one place, whether it's generated in AWS, they're on-prem, or SaaS offerings or other clouds, all in one location in a language that allows analytics to take advantage of that analytics and give better outcomes for our customers. >> So Adams Selipsky big keynote, he spent all the bulk of his time on data and security. Obviously they go well together, we've talked about this in the past on theCUBE. Data is part of security, but this security's a little bit different in the sense that the global footprint of AWS makes it uniquely positioned to manage some security threats, EKS protection, a very interesting announcement, runtime layer, but looking inside and outside the containers, probably gives extra telemetry on some of those supply chains vulnerabilities. This is actually a very nuanced point. You got Guard Duty kind of taking its role. What does it mean for customers 'cause there's a lot of things in this announcement that he didn't have time to go into detail. Unpack all the specifics around what the security announcement means for customers. >> Yeah, so we announced four items in Adam's keynote today within my team. So I'll start with Guard Duty for EKS runtime. It's complimenting our existing capabilities for EKS support. So today Inspector does vulnerability assessment on EKS or container images in general. Guard Duty does detections of EKS workloads based on log data. Detective does investigation and analysis based on that log data as well. With the announcement today, we go inside the container workloads. We have more telemetry, more fine grain telemetry and ultimately we can provide better detections for our customers to analyze risks within their container workload. So we're super excited about that one. Additionally, we announced Inspector for Lambda. So Inspector, we released last year at re:Invent and we focused mostly on EKS container workloads and EC2 workloads. Single click automatically assess your environment, start generating assessments around vulnerabilities. We've added Lambda to that capability for our customers. The third announcement we made was Macy sampling. So Macy has been around for a while in delivering a lot of value for customers providing information around their sensitive data within S3 buckets. What we found is many customers want to go and characterize all of the data in their buckets, but some just want to know is there any sensitive data in my bucket? And the sampling feature allows the customer to find out their sensitive data in the bucket, but we don't have to go through and do all of the analysis to tell you exactly what's in there. >> Unstructured and structured data. Any data? >> Correct, yeah. >> And the fourth? >> The fourth, Security Data Lake? (John and Savannah laughing) Yes. >> Okay, ocean theme. data lake. >> Very complimentary to all of our services, but the unique value in the data lake is that we put the information in the customer's control. It's in their S3 bucket, they get to decide who gets access to it. We've heard from customers over the years that really have two options around gathering large scale data for security analysis. One is we roll our own and we're security engineers, we're not data engineers. It's really hard for them to build these distributed systems at scale. The second one is we can pick a vendor or a partner, but we're locked in and it's in their schemer and their format and we're there for a long period of time. With Security Data Lake, they get the best of both worlds. We run the infrastructure at scale for them, put the data in their control and they get to decide what use case, what partner, what tool gives them the most value on top of their data. >> Is that always a good thing to give the customers too much control? 'Cause you know the old expression, you give 'em a knife they play with and they they can cut themselves, I mean. But no, seriously, 'cause what's the provisions around that? Because control was big part of the governance, how do you manage the security? How does the customer worry about, if I have too much control, someone makes a mistake? >> Well, what we finding out today is that many customers have realized that some of their data has been replicated seven times, 10 times, not necessarily maliciously, but because they have multiple vendors that utilize that data to give them different use cases and outcomes. It becomes costly and unwieldy to figure out where all that data is. So by centralizing it, the control is really around who has access to the data. Now, ultimately customers want to make those decisions and we've made it simple to aggregate this data in a single place. They can develop a home region if they want, where all the data flows into one region, they can distribute it globally. >> They're in charge. >> They're in charge. But the controls are mostly in the hands of the data governance person in the company, not the security analyst. >> So I'm really curious, you mentioned there's 60 AWS partner companies that have collaborated on the Security lake. Can you tell us a little bit about the process? How long does it take? Are people self-selecting to contribute to these projects? Are you cherry picking? What does that look like? >> It's a great question. There's three levels of collaboration. One is around the open source project that we announced at Black Hat early in this year called OCSF. And that collaboration is we've asked the vendor community to work with us to build a schema that is universally acceptable to security practitioners, not vendor specific and we've asked. >> Savannah: I'm sorry to interrupt you, but is this a first of its kind? >> There's multiple schemes out there developed by multiple parties. They've been around for multiple years, but they've been built by a single vendor. >> Yeah, that's what I'm drill in on a little bit. It sounds like the first we had this level of collaboration. >> There's been collaborations around them, but in a handful of companies. We've really gone to a broad set of collaborators to really get it right. And they're focused around areas of expertise that they have knowledge in. So the EDR vendors, they're focused around the scheme around EDR. The firewall vendors are focused around that area. Certainly the cloud vendors are in their scope. So that's level one of collaboration and that gets us the level playing field and the language in which we'll communicate. >> Savannah: Which is so important. >> Super foundational. Then the second area is around producers and subscribers. So many companies generate valuable security data from the tools that they run. And we call those producers the publishers and they publish the data into Security Lake within that OCSF format. Some of them are in the form of findings, many of them in the form of raw telemetry. Then the second one is in the subscriber side and those are usually analytic vendors, SIM vendors, XDR vendors that take advantage of the logs in one place and generate analytic driven outcomes on top of that, use cases, if you will, that highlight security risks or issues for customers. >> Savannah: Yeah, cool. >> What's the big customer focus when you start looking at Security Lakes? How do you see that planning out? You said there's a collaboration, love the open source vibe on that piece, what data goes in there? What's sharing? 'Cause a big part of the keynote I heard today was, I heard clean rooms, I've cut my antenna up. I'd love to hear that. That means there's an implied sharing aspect. The security industry's been sharing data for a while. What kind of data's in that lake? Give us an example, take us through. >> Well, this a number of sources within AWS, as customers run their workloads in AWS. We've identified somewhere around 25 sources that will be natively single click into Amazon Security Lake. We were announcing nine of them. They're traditional network logs, BBC flow, cloud trail logs, firewall logs, findings that are generated across AWS, EKS audit logs, RDS data logs. So anything that customers run workloads on will be available in data lake. But that's not limited to AWS. Customers run their environments hybridly, they have SaaS applications, they use other clouds in some instances. So it's open to bring all that data in. Customers can vector it all into this one single location if they decide, we make it pretty simple for them to do that. Again, in the same format where outcomes can be generated quickly and easily. >> Can you use the data lake off on premise or it has to be in an S3 in Amazon Cloud? >> Today it's in S3 in Amazon. If we hear customers looking to do something different, as you guys know, we tend to focus on our customers and what they want us to do, but they've been pretty happy about what we've decided to do in this first iteration. >> So we got a story about Silicon Angle. Obviously the ingestion is a big part of it. The reporters are jumping in, but the 53rd party sources is a pretty big number. Is that coming from the OCSF or is that just in general? Who's involved? >> Yeah, OCSF is the big part of that and we have a list of probably 50 more that want to join in part of this. >> The other big names are there, Cisco, CrowdStrike, Peloton Networks, all the big dogs are in there. >> All big partners of AWS, anyway, so it was an easy conversation and in most cases when we started having the conversation, they were like, "Wow, this has really been needed for a long time." And given our breadth of partners and where we sit from our customers perspective in the center of their cloud journey that they've looked at us and said, "You guys, we applaud you for driving this." >> So Mark, take us through the conversations you're having with the customers at re:Inforce. We saw a lot of meetings happening. It was great to be back face to face. You guys have been doing a lot of customer conversation, security Data Lake came out of that. What was the driving force behind it? What were some of the key concerns? What were the challenges and what's now the opportunity that's different? >> We heard from our customers in general. One, it's too hard for us to get all the data we need in a single place, whether through AWS, the industry in general, it's just too hard. We don't have those resources to data wrangle that data. We don't know how to pick schema. There's multiple ones out there. Tell us how we would do that. So these three challenges came out front and center for every customer. And mostly what they said is our resources are limited and we want to focus those resources on security outcomes and we have security engines. We don't want to focus them on data wrangling and large scale distributed systems. Can you help us solve that problem? And it came out loud and clear from almost every customer conversation we had. And that's where we took the challenge. We said, "Okay, let's build this data layer." And then on top of that we have services like Detective and Guard Duty, we'll take advantage of it as well. But we also have a myriad of ISV third parties that will also sit on top of that data and render out. >> What's interesting, I want to get your reaction. I know we don't have much time left, but I want to get your thoughts. When I see Security Data Lake, which is awesome by the way, love the focus, love how you guys put that together. It makes me realize the big thing in re:Invent this year is this idea of specialized solutions. You got instances for this and that, use cases that require certain kind of performance. You got the data pillars that Adam laid out. Are we going to start seeing more specialized data lakes? I mean, we have a video data lake. Is there going to be a FinTech data lake? Is there going to be, I mean, you got the Great Lakes kind of going on here, what is going on with these lakes? I mean, is that a trend that Amazon sees or customers are aligning to? >> Yeah, we have a couple lakes already. We have a healthcare lake and a financial lake and now we have a security lake. Foundationally we have Lake Formation, which is the tool that anyone can build a lake. And most of our lakes run on top of Lake Foundation, but specialize. And the specialization is in the data aggregation, normalization, enridgement, that is unique for those use cases. And I think you'll see more and more. >> John: So that's a feature, not a bug. >> It's a feature, it's a big feature. The customers have ask for it. >> So they want roll their own specialized, purpose-built data thing, lake? They can do it. >> And customer don't want to combine healthcare information with security information. They have different use cases and segmentation of the information that they care about. So I think you'll see more. Now, I also think that you'll see where there are adjacencies that those lakes will expand into other use cases in some cases too. >> And that's where the right tools comes in, as he was talking about this ETL zero, ETL feature. >> It be like an 80, 20 rule. So if 80% of the data is shared for different use cases, you can see how those lakes would expand to fulfill multiple use cases. >> All right, you think he's ready for the challenge? Look, we were on the same page. >> Okay, we have a new challenge, go ahead. >> So think of it as an Instagram Reel, sort of your hot take, your thought leadership moment, the clip we're going to come back to and reference your brilliance 10 years down the road. I mean, you've been a CUBE veteran, now CUBE alumni for almost 10 years, in just a few weeks it'll be that. What do you think is, and I suspect, I think I might know your answer to this, so feel free to be robust in this. But what do you think is the biggest story, key takeaway from the show this year? >> We're democratizing security data within Security Data Lake for sure. >> Well said, you are our shortest answer so far on theCUBE and I absolutely love and respect that. Mark, it has been a pleasure chatting with you and congratulations, again, on the huge announcement. This is such an exciting day for you all. >> Thank you Savannah, thank you John, pleasure to be here. >> John: Thank you, great to have you. >> We look forward to 10 more years of having you. >> Well, maybe we don't have to wait 10 years. (laughs) >> Well, more years, in another time. >> I have a feeling it'll be a lot of security content this year. >> Yeah, pretty hot theme >> Very hot theme. >> Pretty odd theme for us. >> Of course, re:Inforce will be there this year again, coming up 2023. >> All the res. >> Yep, all the res. >> Love that. >> We look forward to see you there. >> All right, thanks, Mark. >> Speaking of res, you're the reason we are here. Thank you all for tuning in to today's live coverage from AWS re:Invent. We are in Las Vegas, Nevada with John Furrier. My name is Savannah Peterson. We are theCUBE and we are the leading source for high tech coverage. (upbeat music)

foreign welcome back to thecube's coverage of AWS re invent 2022 I'm John Furrier host of thecube we've got a great conversation with Patrick Coughlin vice president of go to market strategy and specialization at Splunk we're talking about the open cyber security schema framework also known as the ocsf a joint strategic collaboration between Splunk and AWS it's got a lot of traction momentum Patrick thanks for coming on thecube for reinvent coverage John great to be here I'm excited for this you know I love this open source movement and open source continues to add value almost sets the standards you know we were talking at the cncf Linux Foundation this past fall about how standards are coming out of Open Source not so much the the classic standards groups but you start to see the developers voting with their code groups deciding what to adopt to fact those standards and security is a real key part of that where data becomes key for resilience and this has been the top conversation at re invent and all around the industry is how to make data a key part of building into cyber resilience so I want to get your thoughts about the problem that you see that's emerging that you guys are solving with this group kind of collaboration around the ocsf yeah well look John I I think I think you you've already you've already hit the high notes there uh data is proliferating across the Enterprise uh the attack surface area is rapidly expanding the threat landscape is Ever Changing uh you know we we just had a a lot of uh uh scares around openssl before that we had vulnerabilities and Confluence in atlassian and you go back to log 4J and solarwinds before that um and challenges with the supply chain uh in this year in particular we've had a huge acceleration in in concerns and threat vectors around uh operational technology in our customer base alone we saw a huge uptick you know in double digit percentage of customers that we're concerned about the traditional vectors like like ransomware uh like business email compromise phishing but also from Insider threat and others um so you've got this this highly complex Flex environment where data continues to proliferate and flow through new applications new infrastructure new Services driving different types of outcomes in the digitally transformed Enterprise of today and and what happens there is is our customers particularly in security are left with having to stitch all of this together and they're trying to get visibility across multiple different Services infrastructure applications across a number of different point solutions that they've bought to help them protect defend detect and respond better and it's a massive Challenge and uh you know when our when our customers come to us they are often looking for ways to drive more consolidation uh across a variety of different solutions they're looking to drive better outcomes in terms of speed to detection how do I detect faster how do I find the thing that when banging in the night faster um how do I then fix it quickly and then how do I layer in some automation so hopefully I don't have to do it again now the Challenger that really ocf ocsf helps to to solve is to do that effectively to detect and to respond to the speed at which attackers are demanding today we have to have normalization of data across this entire landscape of tools infrastructure Services we have to have integration to have visibility um and these tools have to work together but the biggest barrier to that is often data is stored in different structures and in different formats across different solution providers across different tools that are that are that our customers are using um and that that lack of data normalization chokes the integration problem and so um you know several years ago a number of very smart people in this position this was a initiative started by Splunk and AWS came together and said look we as an industry have to solve this for our customers we have to start to shoulder this burden for our customers we can't we can't make our customers have to be systems integrators that's not their job our job is to help make this easier for them and so ocsf was born and over the last couple of years um we've built out this this collaboration to not just be AWS and Splunk uh but over uh 50 different organizations um uh um cloud service providers solution providers in the cyber security space have come together and said let's decide on a single unified schema for how we're going to represent event data in this industry um and uh I'm very proud to be here today to say that we've launched it and and um uh I can't wait to see where we go next yeah I mean this is really compelling I mean there's so much packed in that in that statement I mean data normalization you mentioned chokes this the the solution and the integration as you call it but really also it's like data is not just stored in silos it may not even be available right so if you don't have availability of data that's an important Point number two you mentioned supply chain there's physical supply chain is coming up big time at re invent this time as well as in open source the software supply chain so you now have the perimeter has been dead for multiple years we've been talking about that for years everybody knows that but now combined with the supply chain problem both physical and software there's so much more to go on and so you know the leaders in the industry they're not sitting on their hands they know this but they're just overloaded so so how do leaders deal with this right now before we get into the ocsf I want to just get your thoughts on what's the psychology of the of the business leader who's facing this landscape yeah well I mean unfortunately too many leaders feel like they have to face these trade-offs between you know how and where they are really focusing cyber resilience investments in the business um and and often there is a siled approach across security I.T developer operations or engineering rather than the ability to kind of Drive visibility integration and and connection of outcomes across those different functions I mean the truth is the Telemetry that that you get from an application for application performance monitoring or infrastructure monitoring is often incredibly valuable when there's a security incident and vice versa some of the security data um that you may see in a security operations center can be incredibly valuable when trying to investigate a performance degradation in an application and understanding where that may come from and so what we're seeing is this data layer is collapsing faster than the org charts are or the budget line items are in the Enterprise and so at Splunk here you know we believe security resilience is is fundamentally a data problem and one of the things that we do often is is actually help connect the dots for our customers and bring our customers together across the silos they may have internally so that they can start to see a holistic picture of what resilience means for their Enterprise and how they can drive faster detection outcomes and more automation coverage you know we recently had an event called super cloud we're going into the next gen kind of a cloud how data and security are all kind of part of this next-gen applications not just SAS and we had a panel that was titled the innovators dilemma kind of talk about getting some of the challenges and one of the panelists said it's not the innovators dilemma it's the integrators dilemma and you mentioned that earlier I think this is a key point right now integration is so critical not having the data and putting pieces together and now open source is becoming a composability market and I think having things snap together and work well it's a platform system conversation not a tool conversation so I really want to get into where the ocsf kind of intersects with this area people are working on it's not just solution Architects or cloud cloud native sres especially where devsecops is so this this intersection is critical how does ocsf integrate into that integration of the data making that available to make machine learning and automation smarter and more relevant right right well look I mean I I think that's a fantastic question because you know we talk about we use buzzwords like machine learning and AI all the time and you know I I know they're all over the place here at reinvented and and um there's so much promise and hope out there around these Technologies and these Innovations however uh machine learning AI is only as effective as the data is clean and normalized uh and and we will not realize the promise of these Technologies for outcomes in resilience unless we have better ways to normalize data upstream and better ways to integrate that data to the downstream tools where detection and response is happening and so ocsf was really about the industry coming together and saying this is no longer the job of our customers we are going to create a unified schema that represents the an event that we will all bite down on even some of us are competitors you know this is this is that that no longer matters because at the point the point is how do we take this burden off of our customers and how do we make the industry safer together um and so 15 initial members came together um along with AWS and Splunk to to start to create that uh that initial schema and standardize it and if you've ever you know if you ever worked with a bunch of technical grumpy security people it's kind of hard to drive consensus about around just about anything but uh um but I'm really happy to see how quickly this this organization Has Come Together has open sourced the schema um and and just as you said like I think this this unlocks the potential for real Innovation that's going to be required to keep up with the bad guys but right now is getting stymied and held back by the lack of normalization and the lack of integration I've always said Splunk was a it's AIDS data for breakfast lunch and dinner and turns it into insights and I think you bring up The Silo thing what's interesting is the cross company sharing I think this hits point on so I see this as a valuable opportunity for the industry what's the traction on that because you know to succeed it does take a village takes a community of security practitioners and and Architects and developers to kind of coalesce around this de facto movement has been has been uptake been good that's attraction can you share your thoughts on how this is translating across companies yeah absolutely I mean look I I think um cyber security has a long track record of of Standards development um there's been some fantastic standards recently things like um sticks and taxi for threat intelligence there's been things like the you know the minor attack framework coming out of my miter and and the adoption the traction that we've seen with attack in particular has been amazing to watch how that has kind of roared onto the scene in the last couple of years and has become table Stakes for um how you do security operations and incident response um and you know I think with ocsf we're going to see something similar here but you know we are in literally the first Innings of of this um so right now you know we're architecting this into our um into every part of our sort of back end systems here at spelunk I know um our collaborators at AWS and elsewhere are doing it too and so I think it starts with bringing this standard now the standard exists on a uh you know in schema format um and there's you know Confluence and jira tickets around it how do we then sort of build this into the code of of the the collaborators that have been leading the way on this and you know it's not going to happen overnight but I think in the coming quarters you'll start to see this schema um be the standard um across the leaders in this space companies like Splunk and AWS and others who are leading the way and often that's what helps Drive adoption of a standard is if you can get the big dogs so to speak to to embrace it and you know there's no bigger one than AWS and I think there's no no more important one than Splunk in the cyber security space and so as we adopt this we hope others will follow and like I said we've got over 50 organizations contributing to it today and so um I think we're off to a running start you know it's interesting choking Innovation or having things kind of get get slowed down has really been a problem we've seen successes recently over the past few years like kubernetes has really unlocked and accelerated the cloud native worlds of runtime with containers to kind of have the consensus of the community say hey if you we just do this it gets better I think this is really compelling with the ocsf because if people can come together around this and get unified as well as other the other official standards things can go highly accelerated so I think I think it looks really good and I think it's great initiative and I really appreciate your Insight on that on on your relationship with Amazon okay it's not just the Partnerships it's a strategic collaboration could you share that uh relationship Dynamic how to start how's it going what's strategic about it share to the audience kind of the relationship between Splunk and natives on this important ocsf initiative look I I mean I think this this year marks the the 10th year anniversary that that Splunk and AWS have been collaborating in a variety of different ways um I I think our our companies have um a fantastic and long-standing relationship and we've we've partnered on a number of really important projects together that bring value um obviously to our individual companies uh but also to our shared customers um uh when I think about some of the most important customers at Splunk that I spend a significant amount of time with um uh I I know how many of those are our AWS customers as well and I know how important AWS is to them so I think it's it's a it's a collaboration that is rooted in in a respect for each other's Technologies um and Innovation but also in a recognition that that our shared customers want to see us work better together over time and it's not it's not two companies that have kind of decided in a back room that they should work together it's actually our customers that are that are pushing us and I think we're both very customer-centric organizations and I think that has helped us actually be better collaborators and better Partners together um because we're working back backwards from our customers as security becomes a physical and software approach we've seen the trend where even Steven Schmidt at Amazon web services is the CSO he's not the CSO anymore so why he says well security is also physical stuff too so so lens is now expanded you mentioned supply chain physical digital this is an important inflection point can you summarize in your mind why open cyber security scheme information is important I know the unification but beyond that what why is this so important why should people pay attention to this you know I if if you'll let me be just a little abstract and meta for a second yeah I think what's what's really meaningful at the highest level about the ocsf initiative um and then it goes beyond I think the Tactical value it will provide to to organizations and to customers in terms of making them safer um over the coming years and and decades I think what's more important than that is it's really the one of the first times that you've seen um the industry come together and say we got a problem we need to solve that you know doesn't really have anything to do with with our own economics um our customers are are hurting and yeah some of us may be competitors um uh you know we got different cloud service providers that are participating in this along with AWS we've got different cyber security solution providers participating in this along with spelunk um but but folks have come together and say we can actually solve this problem um if if we're able to kind of put aside our competitive differences in the markets and approach this from the perspective of what's best for information security as a whole um and and I think that's what I'm most proud of uh and and what I hope we can do more of in other places in this industry because I think that kind of collaboration from real Market leaders can actually um change markets it can change the the the trend lines in terms of how we are keeping up with the bad guys and and I'd like to see a lot more of that and we're seeing a lot more new kind of things emerging in the cloud next kind of this next Generation architecture and alcohol thumbs are happening I think it's interesting you know we always talk about sustainability supply chain sustainability about making the earth a better place but you're hitting on this this meta point about businesses are under threat of going under I mean we want to keep businesses to businesses to be sustainable not just you know the the environment so if a business goes out of business which the threats here are can be catastrophic for companies I mean there is there is a community responsibility to protect businesses so they can sustain and stay stay producing this is a real key point yeah yeah I mean look I think I think one of the things that you know we We complain a lot in in cyber security about the lack of of talent the talent shortage and cyber security and every year we kind of we kind of uh whack ourselves over the head about how hard it is to bring people into this industry and it's true um but one of the things that I think we forget John is is how important mission is to so many people in what they do for a living and how they work and I think one of the things that cyber security is strongest in information security General and has been for decades is this sense of mission and people work in this industry not because it's it's it's always the the the most lucrative but because it really drives a sense of um Safety and Security in the Enterprises and the fabric of the economy that we use every day to go through our lives and when I think about the sport customers and AWS customers I think about um um the the different products and tools that power my life and and we need to secure them and and sometimes that means coming to work every day at that company and doing your job and sometimes that means working with others better faster and stronger to help drive that level of of maturity and security that this industry needs it's a human it's a human opportunity human problem and and challenge that's a whole other segment the role of the talent and the human machines and with scale Patrick thanks so much for sharing the information and the Insight on the open cyber security schema frame and what it means and why it's important thanks for sharing on thecube really appreciate it thanks for having me John okay this is AWS re invent 2022 coverage here on thecube I'm John Furrier the host thanks for watching foreign [Music]