>>Hi, we're back day two of Falcon, 2022. We're live from the area in Las Vegas, Silicon angles, the queue. My name is Dave Lanta and Rob Picard is here. He's the security lead for Vanta a company that CrowdStrike just made an investment in. Rob. Thanks for coming to the cube. >>Thank you very much. Happy to be here. So >>That's big news. You know, you got a, a big name, like CrowdStrike strategic investment. Tell us about that. >>Yeah, it's very exciting because CrowdStrike obviously is, you know, a major name in the security space and Vanta is a really leading the way in a lot of the compliance automation, but being able to sort of dip into that, that security space more and more having crowd strike behind us is huge. >>What is compliant? Compliance automation. Tell us more about what Vanta does. Yeah. >>So Vanta ultimately is a tool that gives you an automatic way to prepare for your SOC two audit or your ISO 27 0 1 audit or, you know, insert long list of dozens of standards we're working on here. But in the olden days you would provide a thousand screenshots to an auditor that proves that for the past year, past six months, you've been doing what you say you're doing, Banta just plugs directly into your systems and proves that evidence to them without the need for all of >>That. Okay. So software's a service and you yeah. Software charge monthly or okay. >>Yeah, something like that. >>Educate me if I'm cloud first or cloud only can't I just pull a SOC report off of AWS and send that to the auditors and say, here you go, >>That'll help. Right? Like if you, if you do that, if you're in AWS and you pull their, you know, I think their security hub, you can pull some of these controls in. Right. But the question is, what do you do then about your endpoints, right? What do you do about, Hey, did we off board everybody from all of the systems we have enabled, right? All of the SAS systems we use. And so what van does is we integrate with AWS, but we also integrate with every other system you're using, including your HR system and your identity provider, to make sure that, Hey, you know, all of these things are, are working in sync to ensure your compliance. So >>You're relatively new parent, but you ever, you know, the book, if you give a mouse, a cookie, you will, you will, the whole thing is you give a mouse, a cookie, and then 8 million things happen, all these other dependencies. And it goes around and around and around. Yes. He's gonna want some milk. Okay. I feel like it's the same thing in your world, right? I mean, there is, is, is there an end, when do you know you're done? >>Yeah. I mean, ultimately, you know, you're done when the O auditor hands you, your sock to report, you know, you have your at stage, you say, Hey, I'm sock too compliant. Or, you know, your ISO cert, but even then it's gonna keep going. Right. I think the tricky part is there are some key systems that you, you want to have, you know, your eyes on and you wanna be monitoring and making sure that Hey, in a year from now, when that audit happens, I'm not gonna be surprised at what they find. Right. And those are gonna be your cloud provider. Right. Those are gonna be your HR system telling you when people joined, when people left, and those are gonna be your identity provider and your endpoints, right. >>Are you guys obviously compliance experts? Is, is it really a matter of sort of codifying that expertise? Or is there a machine intelligence component involved, you know, discovery? How does it work? >>That's a great question, actually. And I think part of it is, you know, encoding that expertise in the product and making sure that, you know, there's not necessarily, you know, if you ask any given sock to auditor for like, Hey, what controls should I be using that you're gonna audit me against? And it's your job to come up with the control. So they'll provide you some, you know, their set, but it's gonna be different between them, right? The standard itself is not a list of controls, but what we can do is we can provide you that list of controls and say like, Hey, we've actually worked with a ton of auditors and they've worked with us and we can say, this is what you need to do to get started here. And then if you have custom controls to add later, you want you, you can do that. >>But so there's part of that's encoding the expertise, but then part of it is just understanding the world of, of the auditors enough that we can help guide you through it. Because, you know, like you said, you can go to AWS, you can get download a report, right. That says, look, I have, you know, these, so two controls past right now, but the question is, you know, you still have to then go hand that to an auditor, have conversations with them, get through all of their questions back to you. And that can get really, really in the weeds. So we have like teams of experts who sit on calls with auditors and customers and help them through this stuff when needed. Right. And hopefully it's not needed as much when you're, you know, automating most of it. So >>That's a, a component of your offering is, is a services capability. Is that part of the offering? Is that a for pay service? >>Yeah. So, you know, you have to talk to the sales team to understand how they bundle it all, but, you know, essentially we have these professional services teams and these partners that jump in, I think a lot of times it really is just, Hey, like the auditor asks this question. We don't know how to answer it. We'll send somebody to jump on, >>Let's jump on a call. Exactly. But if you need more intense, you >>Know, work services, then maybe that's available. Yeah. >>Okay. And, and is there a privacy aspect of your software? >>Yeah. So Vanta software does actually also support GDPR and CCPA to kind of help you. You know, it's hard to get your head around that stuff. You wanna talk about like encoding expertise, you know, having people inside Vanta who can talk through the product and say like, Hey, this is what we need to test for in a customer's environment. And this is what we need to point to that maybe, you know, you can't automatically test for, but we can give them some template policies or, or procedures for them to have in their company. And we can provide all of that to try to, to help you feel good about, Hey, we're, we're compliant with GDPR or we're compliant with CCPA and we're not gonna have problems here. And, >>And da is data, data sovereignty I presume is, is part of that. Like, >>You know, data sovereignty, man. I'm not the expert on data sovereignty. I'll tell you that. But I know that is definitely a part of that. I don't know, you know, how deep it goes when it comes to, you know, the requirements of any given company. >>Well, it's tricky because a lot of it hasn't been tested in the, in courts of law. That's just sort of guidelines there. Yeah. And then a lot of times you don't, how do you really know where the data is? Right. I mean, you kind of can infer it, but, >>And you can get real clever. You can start encrypting data that sits somewhere here, but you have the keys over here and say, no, no, no, the keys are in the right country. You know, that counts, >>Right. It gets real tricky. It's not really been tested that the logic of that, what are the hard parts of what you guys do and, and, and what makes you different from everybody else out there? >>Yeah. I mean, I think I'd say a couple things are, are really hard about what we do, right. One is maintaining good reputations with auditors because the goal is ultimately that an auditor sees Vanta and they say, okay, Vanta says that checkbox is checked. I don't have to worry about it. And that's where we are with so many auditors today. Right. But that wasn't like that in the beginning, in the beginning, it was, you know, Hey, we're showing you the code that actually looks and checks that box. Right. But the other hard part is just integrating with the long tail of systems that every customer needs, right? Like if you use a certain HR system and we don't support it, then that's gonna really dampen your value that you get outta the product. So the engineering challenges, maintaining a reliable set of both high quality tests and high quality integrations with these surfaces, >>What are the synergies with, with CrowdStrike kind of, you know, it's, maybe it seems obvious, but explain where you pick up and where they leave off. >>Yeah. I think that's a, that's a great point. So, you know, we have a very, like a very, a very simple agent that will run. If you need something on your laptop that says, Hey, look, this laptop, the disc is encrypted, right? The screen lock is set appropriately for my controls, right? So we have some, some basic capabilities it's based on OS query for, for those interested, but it's not a full fledged endpoint protection platform. Right. And that's where something like CrowdStrike can come in where we can integrate with them and say, okay, Hey, if you're ready to move on to something, that's, that's a little bit more full-fledged and a little bit more of a, you know, gonna protect you against malware and that sort of thing. Then you can move onto CrowdStrike and we can integrate directly with them and we can pull all the information we need and we can check all those boxes for you that say, Hey, you have appropriate malware protection, you have discs encrypted, you have whatever it may be. Right. We can pull that information from them. And we can also help you make sure that the people have access to CrowdStrike itself in your company are the right set of people. >>Who do you sell to, do you sell to the audit function within a company? Or do you sell directly to big auditors? Both. >>So it's, we're mainly selling to the whoever's responsible for getting that. So to getting that ISO, getting GDPR, you know, all these sorts of things at a company, right? So for a small business, right, a startup that's like two people could >>Be the developer >>Team. Exactly. We're selling either to the founders or developers or something like that. And we're saying, Hey, you don't wanna think about this at all. We can get you like 80% of the way there without having to send a single screenshot. And then there's like 20% of like, all right, we'll help you, you know, partner you with the right auditor. That's good for your company and, and get you over the line. But then as we go and we sell to a mid-market company, or, you know, even potentially an enterprise, we're talking to people who have very specific expertise in either security or compliance, who also don't wanna have to do all this manual work. >>And it's a pure SAS model. It runs in the cloud. How does it work? I just pointed at whatever software I want to, to, to, to get, you know, certified >>That's exactly right. It's, it's pure SAS. You go to, you know, the app do vanda.com. You log in and then you go to the integrations page, right. You're, you're starting fresh. And you say, okay, well, AWS, here's how you integrate AWS. Right? We use there assume role functionality and stuff like that to pull in, you know, read only data from AWS. And then you can also go to your Okta and you can say, okay, well, I can connect here through Okta, through, you know, an Okta app or I can connect to my Google through an oof that has the right permissions. So we try to just limit the amount of permissions we have or the scope of our, our, you know, roles. But really it's just, you know, it's all API based integrations that we then just pull the data. We need to prove that you're doing what you say you're doing all >>Well, Rob, congratulations on the funding and the activity here at, at CrowdStrike. Good show. So, you know, good luck to you in the future. >>Thank you very much. All right. >>You're very welcome. All right. Keep it right there, Dave. Valante for the cube. We'll be right back, but right after this strip break from Falcon 22, live from the area in Las Vegas,

>>from around the globe. It's the Cube with digital coverage of AWS reinvent 2020. Special coverage sponsored by AWS Worldwide Public sector. >>Welcome to the Cube. Virtual. This is our coverage of aws reinvent 2020. Specialized programming for worldwide public sector. I'm Lisa Martin. Got a couple of guests here from No. Veta, please welcome Steven Adelman, principal computer scientists, and Kevin Healed, vice president of Information Exploitation. Gentlemen, welcome to the Cube. >>Thank you. >>Thank you for having us. >>Alright, guys. So? So, Kevin, we're going to start with you. Give our audience an introduction to Nevada. What do you What do you guys do? Who are you? How do you play in the public sector Government space, >>right? Yeah. Thank you, Lisa. Eso, Nevada Nevada is a technology services company focused on government solutions. So primarily national security solutions. Eso think customers such as Doody, the intelligence community, FBI, law enforcement and things like that about 13 1300 employees worldwide, primarily in our in our field. Clear resource is, um, that really focused on cloud for solutions for our customers. So solving the tough mission challenges our customers have, so that could be in technology solutions such as Data Analytics A I M L i O T. Secure Workloads, full spectrum cyber Cobb video processing. Really anything that's a high end technology solution or something we do for the government. We have been a privilege. We have. It's a privilege to be a partner with AWS for for some time now. In fact, I think the first reinvent we may have been to Stephen was six years ago. Five years ago, two >>1012 or 13 >>s So we've we've we've been around for a while, really kind of enjoying it and certainly sad that we're missing an in person reinvent this year, but looking forward to doing it virtually so, we're actually advanced your partner with AWS with a machine learning and government competency. Andi really kind of thio pump the m l side of that. That was one of our first companies with compasses with AWS and led by a center of excellence that I have in my division that really focuses on machine learning and how we applied for the Michigan. And so, um, really, we focus on protecting the nation and protecting our activities in the country >>and on behalf of the country. We thank you, Steven. Give me a little bit of information from a double click perspective as computer scientists. What are some of the key challenges that no, that helps its customers to solve. And how do you do that with a W s? >>Yeah, Thank you. So really as, ah, company, that is is data first. So our initial love and and still are kind of strongest competency is in applying solutions to large data sets. And as you can imagine, uh, the bigger the data set them or compute you need the the more resource is you need and the flexibility from those resource is is truly important, which led us very early, as especially in the government space and public sector space to be in early. A doctor of cloud resource is because of the fact that, you know, rather than standing up a 200 node cluster at at many millions of dollars, we could we could spend up a W s resource is process a big data set, and then and then get the answers an analyst or on operator needed and then spin down. Those resource is when When when that kind of compute wasn't needed. And that is really, uh, kind of informed how we do our work Azaz Nevadans that that cloud infrastructure and now pushing into the edge compute space. Still kind of keeping those cloud best practices in play to get access to more data. That the two, the two biggest, I think revolutions that we've seen with regards to using data to inform business processes and missions has been that that cloud resource that allows us to do so much with so less and so much more flexibly and then the idea of cheap compute making it to the edge and the ability to apply sensors thio places where you know it would been a would have been, you know, operational cost prohibitive to do that and then, ironically, those air to things that aren't necessarily data analytics or machine learning focused but man, did they make it easier to collect that data and process that data and then get the answers back out. So that really has has has kind of, uh, shaped a lot of the way Nevada has grown as a company and how we serve our customers. >>So coming back over to you lets. One of the things that we've been talking about almost all year is just the acceleration in digital transformation and how much faster organizations, private sector, public sector need to innovate to stay relevant, to stay competitive. How do you are you working with government customers to help them innovate so quickly? >>You know, we're very fortunate that a set of customers that focuses actually innovation it's focuses. I rad on. Do you know we can't do the cool things we do without those customer relationships that really encourage us to, um, to try new things out and, quite frankly, fail quickly when we need Thio. And so, by establishing that relationship, what we've been able to do is to blend agile development. Actual acquisition with government requirements process, right? If if you know the typical stereotype of government work is it's this very stovepiped hard core acquisition process, right? And so we have been fortunate to instead try quick win kind of projects. And so one of the biggest things we do is partner with our government customers and try to find it difficult, um, challenged to solve over 6 to 12 month time, right? So instead of making this long four or five year acquisition cycles like show me, right. How can we solve this problem? And then we partner with the mission partner show success in six months show that we can do it with a smaller part of money, and then as we're able to actually make that happen, it expands in something bigger, broader, and then we kind of bringing together a coalition of the willing, if you will in the government and saying, Okay, are there other stakeholders to care about this problem, bring them on, bring their problems and bringing together? You know, we can't do that with some of the passionate people we have, like Stevens. A perfect example. When we talk about a car in the projects we're doing here, Stevens passion for this technology partner with our customers having these challenges and try to enhance what they're doing is a powerful combination. And then the last thing that we're able to is a company is we actually spend a decent amount of our own dollar dollars on I rad S O. R and D that we fund ourselves. And so, while finding those problems and spending government dollars in doing that. We also have spent our own dollars on machine learning Coyote sensor next Gen five g and things like that and how those compartment together partner together to go back to the government. >>Yeah, yeah, So I would even say, You know, there's this. There's a conventional wisdom that government is slow in plotting and a little bit behind commercial best practices. But there are There are pockets in growing pockets across the government, Um, where they're really they're really jumping ahead of, ah, lot of processes and getting in front of this curve and actually are quite innovative. And and because they kind of started off from behind, they could jump over a lot of kind of middle ground legacy technologies. And they're really innovating. As Kevin said with With With the card platform, we're partnering with um P E O Digital in the Air Force in South C, D. M and Air Force security forces as that kind of trifecta of stakeholders who all want toe kind of saw a mission problem and wanted to move forward quickly and leave the legacy behind and and really take a quantum leap forward. And if anything, they're they're driving us Thio, Innovate Mawr Thio Introduce more of those kind of modern back practices on bond. Nevada as a company loves to find those spots in the government sector where we've got those great partners who love what we're doing. And it's this great feedback loop where, um, where we can solve hard technical problems but then see them deployed to some really important and really cool and impactful missions. And we tend to recruit that that set that kind of nexus of people who want to both solve a really difficult problem but want to see it executed in a really impactful way as well. I mean, that really grates a great bond for us, and and I'm really excited to say that that a lot of the government it is really taking a move forward in this this this realm. And I think it's it's just good for our country and good for the missions that they support. >>Absolutely. And it's also surprising because, as you both said, you know, there is this expectation that government processes or lengthy, you know, laborious, um, not able to be turned around quickly. But as Kevin, you just said, you know helping customers. Government agencies get impact within 6 to 12 months versus 4 to 5 years. So you talked about Picard? Interesting name. Kevin. Tell me a little bit more about that technology and what it is that you guys deliver. That's unique. >>Well, honestly, it's probably best to start with Stephen. I can give you the high level. This is Stevens vision. I have to give him credit for that. And I will say way have lots of fun. Acronym. So it isn't Actually, it isn't backward. Um, right. Stephen doesn't actually stand for something. >>It stands for Platform for Integrated, a C three and Responsive for defense on >>Guy. You know >>that the Star Trek theme is the leg up from the last set of programs I had, >>which were >>my little ponies. So >>Oh, wow. That's a definite stuff in a different direction. Like >>it? Part of the great thing about working in the government is you get to name things, cool things, so but t get to your question eso So Picard really sprung out of this idea that I had a few years ago that the world but for our spaces, the Department of defense and the federal government was going to see a massive influx of the desire to consume sensors from from areas of responsibility, from installations and, frankly, from battlefields. Um, but they were gonna have to do it. In a way, um, uh, that presented some real challenges that you couldn't just kind of throw compute editor, throw traditional I t processes at it. You know, we have legacy sensors that are 40 years old sitting on installations. You know, old program, a logical controllers or facilities control systems that were written in cobalt in the seventies, right in the world are not even I, p based, most of them bond. Then on the other end of the spectrum, you have seven figure sensors that air, you know, throwing out megabits of second of data that are mounted to the back of jeeps. Right, That that air bouncing through the desert today. But we'll be bouncing through the jungle tomorrow, and you have to find all of those kind of in combined all of those together, um, and kind of create a cohesive data center for data set set for you know, the mission for, um, you know what we call a user to find common operating picture for a person. Thio kind of combine all of those different resource is and make it work for them. And so we found a great partner with security forces. Um, they realized that they wanted Thio to make a quantum leap forward. They had this idea that the next defender So there are there, like a military police outfit that the next defender was going to be a data driven defender and they were gonna have to win the information war war as much as they had to kind of dominate physical space. And they immediately got what we were trying to achieve, and it was just just great synergy. And then we've piled on some other elements, and we're really moving that platform forward to to kind of take every little bit of information we can get from the areas of responsibility and get it into a you know, your modern Data Lake, where they can extract information from all that data. >>Kevin, as the VP of information exploitation, that's a very interesting title. How are you helping government organizations to win the war on information? Leverage that information to make a big impact fast. >>Yeah. I mean, I think a lot of it is is that we try to break down the barriers between systems on data so that we can actually enable that data to fuse together to find and get insights into it. You know, as ML and I have become trendy topics, you know, they're very data hungry operations. And I think what Steven has done with the card and his team is really we want to be able to make those sensors seamless from a plug and play perspective that Aiken plug in a new sensor. It's a standards based, uh, interface that sends that data back so that we can and take it back to the user to find Operation Picture and make some decisions based off of that data. Um, you know, what's more is that data could even refused with more than the data that Stevens collecting off the sensors. It could be commercial data, other government data and I think is Davis. As Stephen said earlier, you have to get it back. And as long as you've gotten back in Labour's share with some of our mission partners, then you can do amazing things with it. And, you know, Stephen, I know you have some pretty cool ideas and what we're gonna do on the edge, right? How do we do some of this work of the edge where a sensor doesn't allow us to pull out that data back? >>Yeah, and and Thio follow on to what you were kind of referring to with regards to thio handling heterogeneous data from different sensors. Um, one of the main things that our government customers and we have seen is that there are a lot of historically there are a lot of vertical solutions where you know, the sensor, the platform, and then the data Laker kind of all part of this proprietary stack. And we quickly realized that that just doesn't work. And so one of the major thrust of that card platform was to make sure that we had ah, platform by which we could consume data through adapters from essentially any sensor speaking. Any protocol with any style data object, Whether that was an industry standard or a proprietary protocol, we could quickly interested and bring it into our Data lake. And then to pile on to what Kevin was talking about with compute. Right? So you have, uh, like, almost like a mass locks hierarchy of needs when it comes to cyber data or thio this coyote data or kind of unified data, Um, you know, you wanna turn it into basic information, alerts alarms, then you want to do reporting on it, or analytics or some some higher level workflow function. And then finally, you probably want to perform some analytics or some trending or sort of anomaly detection on it. And and that gets more computational e intensive each step of the way. And so you gotta You gotta build a platform that allows you to to both take some of that high level compute down to the edge, but also then bring some of that data up into the clouds where you could do that processing, and you have to have kind of fun jubilate e between that and so that hard platform allows you to kind of bring GP use and high processing units down to the edge and and make that work. Um, but then also and then as maybe even a first passive to rule out some of the most you know, some of the boring gated in the video Analytics platform. We call it Blue Sky and Blue Ocean. Right, so you're recording lots of video. That's not that interesting. How do you filter that out? So you're only sending the information The interesting video up eso You're not wasting bandwidth on stuff that just doesn't matter on DSO. It's It's a lot of kind of tuning these knobs and having a flexible enough platform that you could bring Compute down when you need it. And you could bring data up to compute on Big Cloud while you need it, and just kind of finding a way to tune that that that really does. I mean it. You know, that's a lot of words about how you do that. But what that comes to is flexible hardware and being able to apply those dev ops and C I. C D platform characteristics to that edge hardware and having a unified platform that allows you to kind of orchestrate your applications in your services all the way up and down your stack, from micro controllers to a big cloud instant creation. >>You make it sound so easy. Steven Kevin. Let's wrap it up with you in terms of like making impacts and going forward. We know the edge has exploded, even mawr, during this very interesting year. And that's going to be something that's probably going to stay, um, stay as a permanent impact or effect. What are some of the things that we can expect in 2021 in terms of how you're able to help government organizations capitalize on that, find things faster, make impact faster? >>Yeah. I mean, I think the cool thing we're seeing is that there's a lot more commoditization of sensors. There's a lot more censored information. And so let's use lighters. Example. We you know, things were getting cheaper, and so we can all of a sudden doom or or more things at the edge, and we ever would have expected. Right when you know Steven's team is integrating camera data and fence data from 40 years ago, you know, it's just saying on off it's not do anything fancy. But now we you know, you know, Stephen, I camera whether Metro you gave him before was, but the cost of light are has dropped so significantly that we can now then deploy that we can actually roll it out there and not being locked in their proprietary, uh, system. Um, so I see that being very powerful, you know? Also, I can see where you start having sensors interact with each other, right? So one sensor finds one thing and then a good example that we've started thio experiment with. And I think Steve, you could touch on it is using triggering a sensor, triggers a drone to actually investigate what's going on and then therefore, hybrid video back and then automatically can investigate instead of having to deploy a defender to actually see what happened at that. At that end, Points dio e don't know. There's it's amore detail you can provide there. >>Yeah, No. So exactly that Kevin. So So the power of the sensor is is something something old that that gives you very uninteresting Data like a one or a zero on on or off can detect something very specific and then do something kind of high speed, like task a drone to give you a visual assessment and then run object detection or facial recognition on, you know, do object detection to find a person and do facial recognition on that person to find out if that's a patrol walking through a field or a bad guy trying Thio invade your space. Um and so it's really the confluence and the gestalt of all of these sensors in the analytics working together, Um, that really creates the power from very simple, simple delivery. I think, um, there's this, You know, this idea that you know, ah 100 bytes of data is not that important. But when you put a million sensors giving you 100 bytes of data, you can truly find something extremely powerful. And then when you kind of and you make those interactions sing, um, it's amazing. Tow us the productivity that we can produce and the kind of fidelity of response that we can give thio actors in the space whether that's a defender trying to defend the base or a maintenance person trying thio proactively replace the fan or clean the fan on an H vac system. So So you know, you know, there isn't a fire at a base or for, uh, interesting enough. One of the things that we we've been able to achieve is we've taken maintenance data for helicopter engines and And we've been able to proactively say, Hey, you need to You need to take care of this part of the helicopter engine. Um and it saves money. It saves downtimes. It keeps the birds in the air. And it's a relatively simple algorithm that we were able to achieve. And we were able to do that with the maintenance people, bring them along in this endeavor and create analytics that they understood and could trust on DSO. I think that's really the power of this base. >>Tremendous power. I wish we had more time to to dig into it. Guys, thank you so much for sharing. Not just your insights, what nobody is doing but your passion for what you're doing and how you're making such an impact. Your passion is definitely palpable. Steven. Kevin, Thank you for joining me today. >>Thank you >>for my guests. I'm Lisa Martin. You're watching the Cube? Virtual. Yeah,