>>We're back with Jerome West, product management security lead at for HCI at Dell Technologies Hyper-converged infrastructure. Jerome, welcome. >>Thank you, David. >>Hey, Jerome, In this series, A blueprint for trusted infrastructure, we've been digging into the different parts of the infrastructure stack, including storage, servers and networking, and now we want to cover hyperconverged infrastructure. So my first question is, what's unique about HCI that presents specific security challenges? What do we need to know? >>So what's unique about Hyperconverge infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system, so like a server or a storage system or a virtualization piece of software. I mean, HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft, and internal partners like the Dell Power Edge team, the Dell storage team, the Dell networking team, and on and on. These partnerships, in these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past, we're seeing growing scope and sophistication in supply chain attacks. This mean an attacker is going to attack your software supply chain upstream so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short term solutions and we need long term solutions as well. >>So for the short term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio. We build our software on VMware, so we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily, VX Rail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle so that VMware will produce a patch and within 14 days we will integrate our own code. With the VMware release, we will have tested and validated the update and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, Vxl had over 40 releases of software updates last year for a longer term solution. We're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest, including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co engineer with effective collaborations with our, with our partners. >>Great, Thank you for that. That description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, and to me my takeaway was you gotta have a short term instant patch solution and then you gotta do an integration in a very short time, you know, two weeks to then have that integration done. And then longer term you have to have a software bill of materials so that you can ensure the providence of all the components help us. Is that a right way to think about cybersecurity resilience? Do you have, you know, a additives to that definition? >>I do. I really think that site cybersecurity and resilience for hci, because like I said, it has sort of unprecedented breadth across our portfolio. It's not a single thing, it's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me, let me give you an example. So hci, it's a, basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtual virtualizing hardware functionality, like say a storage controller, you could implement it in a hardware, but for hci, for example, in our VX rail portfolio, we, or our vxl product, we integrate it into a product called vsan, which is provided by our partner VMware. So that portfolio strength is still, you know, through our, through our partnerships. >>So what we do, we integrate these, these security functionality and features in into our product. So our partnership grows to our ecosystem through products like VMware, products like nsx, Verizon, Carbon Black and Bsphere. All of them integrate seamlessly with VMware. And we also leverage VMware's software, par software partnerships on top of that. So for example, VX supports multifactor authentication through bsphere integration with something called Active Directory Federation services for adfs. So there is a lot of providers that support adfs, including Microsoft Azure. So now we can support a wide array of identity providers such as Off Zero or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my my answer, we consume all of the security advantages of our partners, but we also expand on that to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >>Great. I mean that's super helpful. You've mentioned nsx, Horizon, Carbon Black, all the, you know, the VMware component OTH zero, which the developers are gonna love. You got Azure identity, so it's really an ecosystem. So you may have actually answered my next question, but I'm gonna ask it anyway cuz you've got this software defined environment and you're managing servers and networking and storage with this software led approach, how do you ensure that the entire system is secure end to end? >>That's a really great question. So the, the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example, the xra is the market's only co engineered solution with VMware, other vendors sell VMware as a hyperconverged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code and their process dovetails with ours because we have a secure development life cycle, which other products might talk about in their discussions with you that we integrate into our engineering life cycle. So because we follow the same framework, all of the, all of the codes should interoperate from a security standpoint. And so when we do our final validation testing when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >>That's great. All right, let's, let's close pitch me, what would you say is the strong suit summarize the, the strengths of the Dell hyperconverged infrastructure and converged infrastructure portfolio specifically from a security perspective? Jerome? >>So I talked about how hyper hyper-converged infrastructure simplifies security management because basically you're gonna take all of these features that are abstracted in in hardware, they're now abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be, say, you know, in for VX rail would be b be center, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the, the key to making it to hci. Now, what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co engineered, it's not bolted on. So I gave the example of, I gave the example of how we, we modify our software release process with VMware to make it very responsive. >>A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell that's not done through a partnership. So we digitally sign our software updates so you, the user can be sure that the, the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for, for example, the benefit to the customer is you don't have to create a complicated security framework that's hard for your users to use and it's hard for your system administrators to manage. It all comes in a package. So it, it can be all managed through vCenter, for example, or, and then the specific hyper, hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few pains of glass that the, the administrator or user ever has to worry about. It's all self contained and manageable. >>That makes a lot of sense. So you got your own infrastructure, you're applying your best practices to that, like the digital signatures, you've got your ecosystem, you're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason Jerome, this is so important is because SecOps teams, you know, they gotta deal with cloud security, they gotta deal with multiple clouds. Now they have their shared responsibility model going across multiple, They got all this other stuff that they have to worry, they gotta secure containers and the run time and, and, and, and, and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the, the securities is gonna get worse. So what my takeaway is, you're removing that infrastructure piece and saying, Okay guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners to, and your own teams to really nail that. Is that a fair summary? >>I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define, to define and develop a new security feature, the thing I keep foremost in mind is, will this be something our users want to use in our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user friendly and practical. And this is a challenge sometimes because we are, our products operate in highly regulated environments and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I, I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and, and other highly regulated environments, and we're very successful >>There. Excellent. Okay, Jerome, thanks. We're gonna leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry and so would appreciate that. >>I would look forward to it. Thank you very much, Dave. >>You're really welcome. In a moment I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. I wanna thank our guests for their contributions and helping us understand how investments by a company like Dell can both reduce the need for dev sec up teams to worry about some of the more fundamental security issues around infrastructure and have greater confidence in the quality providence and data protection designed in to core infrastructure like servers, storage, networking, and hyper-converged systems. You know, at the end of the day, whether your workloads are in the cloud, OnPrem or at the edge, you are responsible for your own security. But vendor r and d and vendor process must play an important role in easing the burden faced by security devs and operation teams. And on behalf of the cube production content and social teams as well as Dell Technologies, we want to thank you for watching a blueprint for trusted infrastructure. Remember part one of this series as well as all the videos associated with this program, and of course, today's program are available on demand@thecube.net with additional coverage@siliconangle.com. And you can go to dell.com/security solutions dell.com/security solutions to learn more about Dell's approach to securing infrastructure. And there's tons of additional resources that can help you on your journey. This is Dave Valante for the Cube, your leader in enterprise and emerging tech coverage. We'll see you next time.

(upbeat music) >> Hello everyone, and welcome to Fal.Con 2022, CrowdStrike's big user conference. You're watching the Cube. My name is Dave Vallante. I'm here with my co-host David Nicholson. CrowdStrike is a company that was founded over 10 years ago. This is about 11 years, almost to the day. They're 2 billion company in revenue terms. They're growing at about 60% a year. They've got a path they've committed to wall street. They've got a path to $5 billion by mid decade. They got a $40 billion market cap. They're free, free cash flow positive and trying to build essentially a generational company with a very growing Tam and a modern platform. CrowdStrike has the fundamental belief that the unstoppable breach is a myth. David Nicholson, even though CSOs don't believe that, CrowdStrike is on a mission. Right? >> I didn't hear the phrase. Zero trust mentioned in the keynote >> Right. >> What was mentioned was this idea that CrowdStrike isn't simply a tool, it's a platform. And obviously it takes a platform to get to 5 billion. >> Yeah. So let's talk about the keynote. George Kurtz, the CEO came on. I thought the keynote was, was measured, but very substantive. It was not a lot of hype in there. Most security conferences, the two exceptions are this one and Reinforce, Amazon's big security conference. Steven Schmidt. The first time I was at a Reinforce said "All this narrative about security is such a bad industry" and "We're not doing a great job." And "It's so scary." That doesn't help the industry. George Kurtz sort of took a similar message. And you know what, Dave? When I think of security outside the context of IT I think of like security guards >> Right. >> Like protecting the billionaires. Right? That's a powerful, you know, positive thing. It's not really a defensive movement even though it is defensive but so that was kind of his posture there. But he talked about essentially what I call, not his words permanent changes in the, in the in the cyber defense industry, subsequent to the pandemic. Again, he didn't specifically mention the pandemic but he alluded to, you know, this new world that we live in. Fal.Con is a hundred sessions, eight tracks. And really his contention is we're in the early innings. These guys got 20,000 customers. And I think they got the potential to have hundreds of thousands. >> Yeah. Yeah. So, if I'm working with a security company I want them to be measured. I'm not looking for hype. I don't want those. I don't want those guards to be in disco shirts. I want them in black suits. So, you know, so the, the, the point about measured is is I think a positive one. I was struck by the competence of the people who were on stage today. I have seen very very large companies become kind of bureaucratic. And sometimes you don't get the best of the best up on stage. And we saw a lot of impressive folks. >> Yeah. Michael Santonis get up, but before we get to him. So, a couple points that Kurtz made he said, "digital transformation is needed to bring modern architectures to IT. And that brings modern security." And he laid out that whole sort of old way, new way very Andy Jassy-like old guard, new guard. He didn't hit on it that hard but he basically said "security is all about mitigating risk." And he mentioned that the the CSO I say CSO, he says CSO or CSO has a seat at the board. Now, many CSOs are board level participants. And then he went into the sort of four pillars of, of workload, and the areas that they focus on. So workload to them is end point, identity, and then data. They don't touch network security. That's where they partner with the likes of Cisco, >> Right. >> And Palo Alto networks. But then they went deep into identity threat protection, data, which is their observability platform from an acquisition called Humio. And then they went big time into XDR. We're going to talk about all this stuff. He said, "data is the new digital currency." Talked a lot about how they're now renaming, Humio, Log Scale. That's their Splunk killer. We're going to talk about that all week. And he talked a little bit about the single agent architecture. That is kind of the linchpin of CrowdStrike's architecture. And then Michael Santonis, the CTO came on and did a deep dive into each of those, and really went deep into XDR extended, right? Detection and response. XDR building on EDR. >> Yeah. I think the subject of XDR is something we'll be, we'll be touching on a lot. I think in the next two days. I thought the extension into observability was very, very interesting. When you look at performance metrics, where things are gathering those things in and being able to use a single agent to do so. That speaks to this idea that they are a platform and not just a tool. It's easy to say that you aspire to be a platform. I think that's a proof point. On the subject, by the way of their fundamental architecture. Over the years, there have been times when saying that your infrastructure requires an agent that would've been a deal killer. People say "No agents!" They've stuck to their guns because they know that the best way to deliver what they deliver is to have an agent in the environment. And it has proven to be the right strategy. >> Well, this is one of the things I want to explore with the technical architects that come on here today is, how do you build a lightweight agent that can do everything that you say it's going to do? Because they started out at endpoint, and then they've extended it to all these other modules, you know, identity. They're now into observability. They've got this data platform. They just announced that acquisition of another company they bought Preempt, which is their identity. They announced Responsify, responsify? Reposify, which is sort of extends the observability and gives them visualization or visibility. And I'm like, how do you take? How do you keep an agent lightweight? That's one of the things I want to better understand. And then the other is, as you get into XDR I thought Michael Santonis was pretty interesting. He had black hat last month. He did a little video, you know. >> That was great >> Man in the street, what's XDR what's XDR what's XDR. I thought the best response was, somebody said "a holistic approach to end point security." And so it's really an evolution of, of EDR. So we're going to talk about that. But, how do you keep an agent lightweight and still support all these other capabilities? That's something I really want to dig into, you know, without getting bloated. >> Yeah, Yeah. I think it's all about the TLAs, Dave. It's about the S, it's about SDKs and APIs and having an ecosystem of partners that will look at the lightweight agent and then develop around it. Again, going back to the idea of platform, it's critical. If you're trying to do it all on your own, you get bloat. If you try to be all things to all people with your agent, if you try to reverse engineer every capability that's out there, it doesn't work. >> Well that's one of the things that, again I want to explore because CrowdStrike is trying to be a generational company. In the Breaking Analysis that we published this week. One of the things I said, "In order to be a generational company you have to have a strong ecosystem." Now the ecosystem here is respectable, you know, but it's obviously not AWS class. You know, I think Snowflake is a really good example, ServiceNow. This feels to me like ServiceNow circa 2013. >> Yeah. >> And we've seen how ServiceNow has evolved. You know, Okta, bought Off Zero to give them the developer angle. We heard a little bit about a developer platform today. I want to dig into that some more. And we heard a lot about everybody hates their DLP. I want to get rid of my DLP, data loss prevention. And so, and the same thing with the SIM. One of the ETR round table, Eric Bradley, our colleague at a round table said "If it weren't for the compliance requirements, I would replace my SIM with XDR." And so that's again, another interesting topic. CrowdStrike, cloud native, lightweight agent, you know, some really interesting tuck in acquisitions. Great go-to-market, you know, not super hype just product that works and gets stuff done, you know, seems to have a really good, bright future. >> Yeah, no, I would agree. Definitely. No hype necessary. Just constant execution moving forward. It's clearly something that will be increasingly in demand. Another subject that came up that I thought was interesting, in the keynote, was this idea of security for elections, extending into the realm of misinformation and disinformation which are both very very loaded terms. It'll be very interesting to see how security works its way into that realm in the future. >> Yeah, yeah, >> Yeah. >> Yeah, his guy, Kevin Mandia, who is the CEO of Mandiant, which just got acquired. Google just closed the deal for $5.4 billion. I thought that was kind of light, by the way, I thought Mandiant was worth more than that. Still a good number, but, and Kevin, you know was the founder and, >> Great guy. >> they were self-funded. >> Yeah, yeah impressive. >> So. But I thought he was really impressive. He talked about election security in terms of hardening you know, the election infrastructure, but then, boom he went right to what I see as the biggest issue, disinformation. And so I'm sitting there asking myself, okay how do you deal with that? And what he talked about was mapping network effects and monitoring network effects, >> Right. >> to see who's pumping the disinformation and building career streams to really monitor those network effects, positive, you know, factual or non-factual network or information. Because a lot of times, you know, networks will pump factual information to build credibility. Right? >> Right. >> And get street cred, earn that trust. You know, you talk about zero trust. And then pump disinformation into the network. So they've now got a track. We'll get, we have Kevin Mandia on later with Sean Henry who's the CSO yeah, the the CSO or C S O, chief security officer of CrowdStrike >> more TLA. Well, so, you can think of it as almost the modern equivalent of the political ad where the candidate at the end says I support this ad or I stand behind whatever's in this ad. Forget about trying to define what is dis or misinformation. What is opinion versus fact. Let's have a standard for finding, for exposing where the information is coming from. So if you could see, if you're reading something and there is something that is easily de-code able that says this information is coming from a troll farm of a thousand bots and you can sort of examine the underlying ethos behind where this information is coming from. And you can take that into consideration. Personally, I'm not a believer in trying to filter stuff out. Put the garbage out there, just make sure people know where the garbage is coming from so they can make decisions about it. >> So I got a thought on that because, Kevin Mandia touched on it. Again, I want to ask about this. He said, so this whole idea of these, you know detecting the bots and monitoring the networks. Then he said, you can I think he said something that's to the effect of. "You can go on the offensive." And I'm thinking, okay, what does that mean? So for instance, you see it all the time. Anytime I see some kind of fact put out there, I got to start reading the comments and like cause I like to see both sides, you know. I'm right down the middle. And you'll go down and like 40 comments down, you're like, oh this is, this is fake. This video was edited, >> Right. >> Da, da, da, da, and then a bunch of other people. But then the bots take over and that gets buried. So, maybe going on the offensive is to your point. Go ahead and put it out there. But then the bots, the positive bots say, okay, by the way, this is fake news. This is an edited video FYI. And this is who put it out and here's the bot graph or something like that. And then you attack the bots with more bots and then now everybody can sort of of see it, you know? And it's not like you don't have to, you know email your friend and saying, "Hey dude, this is fake news." >> Right, right. >> You know, Do some research. >> Yeah. >> Put the research out there in volume is what you're saying. >> Yeah. So, it's an, it's just I thought it was an interesting segue into another area of security under the heading of election security. That is fraught with a lot of danger if done wrong, if done incorrectly, you know, you you get into the realm of opinion making. And we should be free to see information, but we also should have access to information about where the information is coming from. >> The other narrative that you hear. So, everything's down today again and I haven't checked lately, but security generally, we wrote about this in our Breaking Analysis. Security, somewhat, has held up in the stock market better than the broad tech market. Why? And the premise is, George Kurt said this on the last conference call, earnings call, that "security is non-discretionary." At the same time he did say that sales cycles are getting a little longer, but we see this as a positive for CrowdStrike. Because CrowdStrike, their mission, or one of their missions is to consolidate all these point tools. We've talked many, many times in the Cube, and in Breaking Analysis and on Silicon Angle, and on Wikibon, how the the security business use too many point tools. You know this as a former CTO. And, now you've got all these stove pipes, the number one challenge the CSOs face is lack of talent. CrowdStrike's premise is they can consolidate that with the Fal.Con platform, and have a single point of control. "Single pane of glass" to use that bromide. So, the question is, is security really non-discretionary? My answer to that is yes and no. It is to a sense, because security is the number one priority. You can't be lax on security. But at the same time the CSO doesn't have an open checkbook, >> Right. >> He or she can't just say, okay, I need this. I need that. I need this. There's other competing initiatives that have to be taken in balance. And so, we've seen in the ETR spending data, you know. By the way, everything's up relative to where it was, pre you know, right at the pandemic, right when, pandemic year everything was flat to down. Everything's up, really up last year, I don't know 8 to 10%. It was expected to be up 8% this year, let's call it 6 to 7% in 21. We were calling for 7 to 8% this year. It's back down to like, you know, 4 or 5% now. It's still healthy, but it's softer. People are being more circumspect. People aren't sure about what the fed's going to do next. Interest rates, you know, loom large. A lot of uncertainty out here. So, in that sense, I would say security is not non-discretionary. Sorry for the double negative. What's your take? >> I think it's less discretionary. >> Okay. >> Food, water, air. Non-discretionary. (David laughing) And then you move away in sort of gradations from that point. I would say that yeah, it is, it falls into the category of less-discretionary. >> Alright. >> Which is a good place to be. >> Dave Nicholson and David Vallante here. Two days of wall to wall coverage of Fal.Con 2022, CrowdStrike's big user conference. We got some great guests. Keep it right there, we'll be right back, right after this short break. (upbeat music)