(gentle music) >> Narrator: "TheCUBE's" live coverage is made possible by funding from Dell Technologies, creating technologies that drive human progress. (upbeat music) >> Hello everybody, welcome back to day four of "theCUBE's" coverage of MWC '23. We're here live at the Fira in Barcelona. Wall-to-wall coverage, John Furrier is in our Palo Alto studio, banging out all the news. Really, the whole week we've been talking about the disaggregation of the telco network, the new opportunities in telco. We're really excited to have AT&T and Snowflake here. Dave Whittington is the AVP, at the Chief Data Office at AT&T. Roddy Tranum is the Assistant Vice President, for Channel Performance Data and Tools at AT&T. And Phil Kippen, the Global Head Of Industry-Telecom at Snowflake, Snowflake's new telecom business. Snowflake just announced earnings last night. Typical Scarpelli, they beat earnings, very conservative guidance, stocks down today, but we like Snowflake long term, they're on that path to 10 billion. Guys, welcome to "theCUBE." Thanks so much >> Phil: Thank you. >> for coming on. >> Dave and Roddy: Thanks Dave. >> Dave, let's start with you. The data culture inside of telco, We've had this, we've been talking all week about this monolithic system. Super reliable. You guys did a great job during the pandemic. Everything shifting to landlines. We didn't even notice, you guys didn't miss a beat. Saved us. But the data culture's changing inside telco. Explain that. >> Well, absolutely. So, first of all IoT and edge processing is bringing forth new and exciting opportunities all the time. So, we're bridging the world between a lot of the OSS stuff that we can do with edge processing. But bringing that back, and now we're talking about working, and I would say traditionally, we talk data warehouse. Data warehouse and big data are now becoming a single mesh, all right? And the use cases and the way you can use those, especially I'm taking that edge data and bringing it back over, now I'm running AI and ML models on it, and I'm pushing back to the edge, and I'm combining that with my relational data. So that mesh there is making all the difference. We're getting new use cases that we can do with that. And it's just, and the volume of data is immense. >> Now, I love ChatGPT, but I'm hoping your data models are more accurate than ChatGPT. I never know. Sometimes it's really good, sometimes it's really bad. But enterprise, you got to be clean with your AI, don't you? >> Not only you have to be clean, you have to monitor it for bias and be ethical about it. We're really good about that. First of all with AT&T, our brand is Platinum. We take care of that. So, we may not be as cutting-edge risk takers as others, but when we go to market with an AI or an ML or a product, it's solid. >> Well hey, as telcos go, you guys are leaning into the Cloud. So I mean, that's a good starting point. Roddy, explain your role. You got an interesting title, Channel Performance Data and Tools, what's that all about? >> So literally anything with our consumer, retail, concenters' channels, all of our channels, from a data perspective and metrics perspective, what it takes to run reps, agents, all the way to leadership levels, scorecards, how you rank in the business, how you're driving the business, from sales, service, customer experience, all that data infrastructure with our great partners on the CDO side, as well as Snowflake, that comes from my team. >> And that's traditionally been done in a, I don't mean the pejorative, but we're talking about legacy, monolithic, sort of data warehouse technologies. >> Absolutely. >> We have a love-hate relationship with them. It's what we had. It's what we used, right? And now that's evolving. And you guys are leaning into the Cloud. >> Dramatic evolution. And what Snowflake's enabled for us is impeccable. We've talked about having, people have dreamed of one data warehouse for the longest time and everything in one system. Really, this is the only way that becomes a reality. The more you get in Snowflake, we can have golden source data, and instead of duplicating that 50 times across AT&T, it's in one place, we just share it, everybody leverages it, and now it's not duplicated, and the process efficiency is just incredible. >> But it really hinges on that separation of storage and compute. And we talk about the monolithic warehouse, and one of the nightmares I've lived with, is having a monolithic warehouse. And let's just go with some of my primary, traditional customers, sales, marketing and finance. They are leveraging BSS OSS data all the time. For me to coordinate a deployment, I have to make sure that each one of these units can take an outage, if it's going to be a long deployment. With the separation of storage, compute, they own their own compute cluster. So I can move faster for these people. 'Cause if finance, I can implement his code without impacting finance or marketing. This brings in CI/CD to more reality. It brings us faster to market with more features. So if he wants to implement a new comp plan for the field reps, or we're reacting to the marketplace, where one of our competitors has done something, we can do that in days, versus waiting weeks or months. >> And we've reported on this a lot. This is the brilliance of Snowflake's founders, that whole separation >> Yep. >> from compute and data. I like Dave, that you're starting with sort of the business flexibility, 'cause there's a cost element of this too. You can dial down, you can turn off compute, and then of course the whole world said, "Hey, that's a good idea." And a VC started throwing money at Amazon, but Redshift said, "Oh, we can do that too, sort of, can't turn off the compute." But I want to ask you Phil, so, >> Sure. >> it looks from my vantage point, like you're taking your Data Cloud message which was originally separate compute from storage simplification, now data sharing, automated governance, security, ultimately the marketplace. >> Phil: Right. >> Taking that same model, break down the silos into telecom, right? It's that same, >> Mm-hmm. >> sorry to use the term playbook, Frank Slootman tells me he doesn't use playbooks, but he's not a pattern matcher, but he's a situational CEO, he says. But the situation in telco calls for that type of strategy. So explain what you guys are doing in telco. >> I think there's, so, what we're launching, we launched last week, and it really was three components, right? So we had our platform as you mentioned, >> Dave: Mm-hmm. >> and that platform is being utilized by a number of different companies today. We also are adding, for telecom very specifically, we're adding capabilities in marketplace, so that service providers can not only use some of the data and apps that are in marketplace, but as well service providers can go and sell applications or sell data that they had built. And then as well, we're adding our ecosystem, it's telecom-specific. So, we're bringing partners in, technology partners, and consulting and services partners, that are very much focused on telecoms and what they do internally, but also helping them monetize new services. >> Okay, so it's not just sort of generic Snowflake into telco? You have specific value there. >> We're purposing the platform specifically for- >> Are you a telco guy? >> I am. You are, okay. >> Total telco guy absolutely. >> So there you go. You see that Snowflake is actually an interesting organizational structure, 'cause you're going after verticals, which is kind of rare for a company of your sort of inventory, I'll say, >> Absolutely. >> I don't mean that as a negative. (Dave laughs) So Dave, take us through the data journey at AT&T. It's a long history. You don't have to go back to the 1800s, but- (Dave laughs) >> Thank you for pointing out, we're a 149-year-old company. So, Jesse James was one of the original customers, (Dave laughs) and we have no longer got his data. So, I'll go back. I've been 17 years singular AT&T, and I've watched it through the whole journey of, where the monolithics were growing, when the consolidation of small, wireless carriers, and we went through that boom. And then we've gone through mergers and acquisitions. But, Hadoop came out, and it was going to solve all world hunger. And we had all the aspects of, we're going to monetize and do AI and ML, and some of the things we learned with Hadoop was, we had this monolithic warehouse, we had this file-based-structured Hadoop, but we really didn't know how to bring this all together. And we were bringing items over to the relational, and we were taking the relational and bringing it over to the warehouse, and trying to, and it was a struggle. Let's just go there. And I don't think we were the only company to struggle with that, but we learned a lot. And so now as tech is finally emerging, with the cloud, companies like Snowflake, and others that can handle that, where we can create, we were discussing earlier, but it becomes more of a conducive mesh that's interoperable. So now we're able to simplify that environment. And the cloud is a big thing on that. 'Cause you could not do this on-prem with on-prem technologies. It would be just too cost prohibitive, and too heavy of lifting, going back and forth, and managing the data. The simplicity the cloud brings with a smaller set of tools, and I'll say in the data space specifically, really allows us, maybe not a single instance of data for all use cases, but a greatly reduced ecosystem. And when you simplify your ecosystem, you simplify speed to market and data management. >> So I'm going to ask you, I know it's kind of internal organizational plumbing, but it'll inform my next question. So, Dave, you're with the Chief Data Office, and Roddy, you're kind of, you all serve in the business, but you're really serving the, you're closer to those guys, they're banging on your door for- >> Absolutely. I try to keep the 130,000 users who may or may not have issues sometimes with our data and metrics, away from Dave. And he just gets a call from me. >> And he only calls when he has a problem. He's never wished me happy birthday. (Dave and Phil laugh) >> So the reason I asked that is because, you describe Dave, some of the Hadoop days, and again love-hate with that, but we had hyper-specialized roles. We still do. You've got data engineers, data scientists, data analysts, and you've got this sort of this pipeline, and it had to be this sequential pipeline. I know Snowflake and others have come to simplify that. My question to you is, how is that those roles, how are those roles changing? How is data getting closer to the business? Everybody talks about democratizing business. Are you doing that? What's a real use example? >> From our perspective, those roles, a lot of those roles on my team for years, because we're all about efficiency, >> Dave: Mm-hmm. >> we cut across those areas, and always have cut across those areas. So now we're into a space where things have been simplified, data processes and copying, we've gone from 40 data processes down to five steps now. We've gone from five steps to one step. We've gone from days, now take hours, hours to minutes, minutes to seconds. Literally we're seeing that time in and time out with Snowflake. So these resources that have spent all their time on data engineering and moving data around, are now freed up more on what they have skills for and always have, the data analytics area of the business, and driving the business forward, and new metrics and new analysis. That's some of the great operational value that we've seen here. As this simplification happens, it frees up brain power. >> So, you're pumping data from the OSS, the BSS, the OKRs everywhere >> Everywhere. >> into Snowflake? >> Scheduling systems, you name it. If you can think of what drives our retail and centers and online, all that data, scheduling system, chat data, call center data, call detail data, all of that enters into this common infrastructure to manage the business on a day in and day out basis. >> How are the roles and the skill sets changing? 'Cause you're doing a lot less ETL, you're doing a lot less moving of data around. There were guys that were probably really good at that. I used to joke in the, when I was in the storage world, like if your job is bandaging lungs, you need to look for a new job, right? So, and they did and people move on. So, are you able to sort of redeploy those assets, and those people, those human resources? >> These folks are highly skilled. And we were talking about earlier, SQL hasn't gone away. Relational databases are not going away. And that's one thing that's made this migration excellent, they're just transitioning their skills. Experts in legacy systems are now rapidly becoming experts on the Snowflake side. And it has not been that hard a transition. There are certainly nuances, things that don't operate as well in the cloud environment that we have to learn and optimize. But we're making that transition. >> Dave: So just, >> Please. >> within the Chief Data Office we have a couple of missions, and Roddy is a great partner and an example of how it works. We try to bring the data for democratization, so that we have one interface, now hopefully know we just have a logical connection back to these Snowflake instances that we connect. But we're providing that governance and cleansing, and if there's a business rule at the enterprise level, we provide it. But the goal at CDO is to make sure that business units like Roddy or marketing or finance, that they can come to a platform that's reliable, robust, and self-service. I don't want to be in his way. So I feel like I'm providing a sub-level of platform, that he can come to and anybody can come to, and utilize, that they're not having to go back and undo what's in Salesforce, or ServiceNow, or in our billers. So, I'm sort of that layer. And then making sure that that ecosystem is robust enough for him to use. >> And that self-service infrastructure is predominantly through the Azure Cloud, correct? >> Dave: Absolutely. >> And you work on other clouds, but it's predominantly through Azure? >> We're predominantly in Azure, yeah. >> Dave: That's the first-party citizen? >> Yeah. >> Okay, I like to think in terms sometimes of data products, and I know you've mentioned upfront, you're Gold standard or Platinum standard, you're very careful about personal information. >> Dave: Yeah. >> So you're not trying to sell, I'm an AT&T customer, you're not trying to sell my data, and make money off of my data. So the value prop and the business case for Snowflake is it's simpler. You do things faster, you're in the cloud, lower cost, et cetera. But I presume you're also in the business, AT&T, of making offers and creating packages for customers. I look at those as data products, 'cause it's not a, I mean, yeah, there's a physical phone, but there's data products behind it. So- >> It ultimately is, but not everybody always sees it that way. Data reporting often can be an afterthought. And we're making it more on the forefront now. >> Yeah, so I like to think in terms of data products, I mean even if the financial services business, it's a data business. So, if we can think about that sort of metaphor, do you see yourselves as data product builders? Do you have that, do you think about building products in that regard? >> Within the Chief Data Office, we have a data product team, >> Mm-hmm. >> and by the way, I wouldn't be disingenuous if I said, oh, we're very mature in this, but no, it's where we're going, and it's somewhat of a journey, but I've got a peer, and their whole job is to go from, especially as we migrate from cloud, if Roddy or some other group was using tables three, four and five and joining them together, it's like, "Well look, this is an offer for data product, so let's combine these and put it up in the cloud, and here's the offer data set product, or here's the opportunity data product," and it's a journey. We're on the way, but we have dedicated staff and time to do this. >> I think one of the hardest parts about that is the organizational aspects of it. Like who owns the data now, right? It used to be owned by the techies, and increasingly the business lines want to have access, you're providing self-service. So there's a discussion about, "Okay, what is a data product? Who's responsible for that data product? Is it in my P&L or your P&L? Somebody's got to sign up for that number." So, it sounds like those discussions are taking place. >> They are. And, we feel like we're more the, and CDO at least, we feel more, we're like the guardians, and the shepherds, but not the owners. I mean, we have a role in it all, but he owns his metrics. >> Yeah, and even from our perspective, we see ourselves as an enabler of making whatever AT&T wants to make happen in terms of the key products and officers' trade-in offers, trade-in programs, all that requires this data infrastructure, and managing reps and agents, and what they do from a channel performance perspective. We still ourselves see ourselves as key enablers of that. And we've got to be flexible, and respond quickly to the business. >> I always had empathy for the data engineer, and he or she had to service all these different lines of business with no business context. >> Yeah. >> Like the business knows good data from bad data, and then they just pound that poor individual, and they're like, "Okay, I'm doing my best. It's just ones and zeros to me." So, it sounds like that's, you're on that path. >> Yeah absolutely, and I think, we do have refined, getting more and more refined owners of, since Snowflake enables these golden source data, everybody sees me and my organization, channel performance data, go to Roddy's team, we have a great team, and we go to Dave in terms of making it all happen from a data infrastructure perspective. So we, do have a lot more refined, "This is where you go for the golden source, this is where it is, this is who owns it. If you want to launch this product and services, and you want to manage reps with it, that's the place you-" >> It's a strong story. So Chief Data Office doesn't own the data per se, but it's your responsibility to provide the self-service infrastructure, and make sure it's governed properly, and in as automated way as possible. >> Well, yeah, absolutely. And let me tell you more, everybody talks about single version of the truth, one instance of the data, but there's context to that, that we are taking, trying to take advantage of that as we do data products is, what's the use case here? So we may have an entity of Roddy as a prospective customer, and we may have a entity of Roddy as a customer, high-value customer over here, which may have a different set of mix of data and all, but as a data product, we can then create those for those specific use cases. Still point to the same data, but build it in different constructs. One for marketing, one for sales, one for finance. By the way, that's where your data engineers are struggling. >> Yeah, yeah, of course. So how do I serve all these folks, and really have the context-common story in telco, >> Absolutely. >> or are these guys ahead of the curve a little bit? Or where would you put them? >> I think they're definitely moving a lot faster than the industry is generally. I think the enabling technologies, like for instance, having that single copy of data that everybody sees, a single pane of glass, right, that's definitely something that everybody wants to get to. Not many people are there. I think, what AT&T's doing, is most definitely a little bit further ahead than the industry generally. And I think the successes that are coming out of that, and the learning experiences are starting to generate momentum within AT&T. So I think, it's not just about the product, and having a product now that gives you a single copy of data. It's about the experiences, right? And now, how the teams are getting trained, domains like network engineering for instance. They typically haven't been a part of data discussions, because they've got a lot of data, but they're focused on the infrastructure. >> Mm. >> So, by going ahead and deploying this platform, for platform's purpose, right, and the business value, that's one thing, but also to start bringing, getting that experience, and bringing new experience in to help other groups that traditionally hadn't been data-centric, that's also a huge step ahead, right? So you need to enable those groups. >> A big complaint of course we hear at MWC from carriers is, "The over-the-top guys are killing us. They're riding on our networks, et cetera, et cetera. They have all the data, they have all the client relationships." Do you see your client relationships changing as a result of sort of your data culture evolving? >> Yes, I'm not sure I can- >> It's a loaded question, I know. >> Yeah, and then I, so, we want to start embedding as much into our network on the proprietary value that we have, so we can start getting into that OTT play, us as any other carrier, we have distinct advantages of what we can do at the edge, and we just need to start exploiting those. But you know, 'cause whether it's location or whatnot, so we got to eat into that. Historically, the network is where we make our money in, and we stack the services on top of it. It used to be *69. >> Dave: Yeah. >> If anybody remembers that. >> Dave: Yeah, of course. (Dave laughs) >> But you know, it was stacked on top of our network. Then we stack another product on top of it. It'll be in the edge where we start providing distinct values to other partners as we- >> I mean, it's a great business that you're in. I mean, if they're really good at connectivity. >> Dave: Yeah. >> And so, it sounds like it's still to be determined >> Dave: Yeah. >> where you can go with this. You have to be super careful with private and for personal information. >> Dave: Yep. >> Yeah, but the opportunities are enormous. >> There's a lot. >> Yeah, particularly at the edge, looking at, private networks are just an amazing opportunity. Factories and name it, hospital, remote hospitals, remote locations. I mean- >> Dave: Connected cars. >> Connected cars are really interesting, right? I mean, if you start communicating car to car, and actually drive that, (Dave laughs) I mean that's, now we're getting to visit Xen Fault Tolerance people. This is it. >> Dave: That's not, let's hold the traffic. >> Doesn't scare me as much as we actually learn. (all laugh) >> So how's the show been for you guys? >> Dave: Awesome. >> What're your big takeaways from- >> Tremendous experience. I mean, someone who doesn't go outside the United States much, I'm a homebody. The whole experience, the whole trip, city, Mobile World Congress, the technologies that are out here, it's been a blast. >> Anything, top two things you learned, advice you'd give to others, your colleagues out in general? >> In general, we talked a lot about technologies today, and we talked a lot about data, but I'm going to tell you what, the accelerator that you cannot change, is the relationship that we have. So when the tech and the business can work together toward a common goal, and it's a partnership, you get things done. So, I don't know how many CDOs or CIOs or CEOs are out there, but this connection is what accelerates and makes it work. >> And that is our audience Dave. I mean, it's all about that alignment. So guys, I really appreciate you coming in and sharing your story in "theCUBE." Great stuff. >> Thank you. >> Thanks a lot. >> All right, thanks everybody. Thank you for watching. I'll be right back with Dave Nicholson. Day four SiliconANGLE's coverage of MWC '23. You're watching "theCUBE." (gentle music)

>> Narrator: theCUBE's live coverage is made possible by funding from Dell Technologies, creating technologies that drive human progress. (bright upbeat music plays) >> Welcome back to Barcelona, everybody. You're watching theCUBE's coverage of MWC '23, my name is Dave Vellante. Just left a meeting with the CEO of Cisco, Chuck Robbins, to meet with Jeetu Patel, who's our Executive Vice President and General Manager of security and collaboration at Cisco. Good to see you. >> You never leave a meeting with Chuck Robbins to meet with Jeetu Patel. >> Well, I did. >> That's a bad idea. >> Walked right out. I said, hey, I got an interview to do, right? So, and I'm excited about this. Thanks so much for coming on. >> Thank you for having me. It's a pleasure. >> So, I mean you run such an important part of the business. I mean, obviously the collaboration business but also security. So many changes going on in the security market. Maybe we could start there. I mean, there hasn't been a ton of security talk here Jeetu, because I think it's almost assumed. It was 45 minutes into the keynote yesterday before anybody even mentioned security. >> Huh. >> Right? And so, but it's the most important topic in the enterprise IT world. And obviously is important here. So why is it you think that it's not the first topic that people mention. >> You know, it's a complicated subject area and it's intimidating. And actually that's one of the things that the industry screwed up on. Where we need to simplify security so it actually gets to be relatable for every person on the planet. But, if you think about what's happening in security, it's not just important for business it's critical infrastructure that if you had a breach, you know lives are cost now. Because hospitals could go down, your water supply could go down, your electricity could go down. And so it's one of these things that we have to take pretty seriously. And, it's 51% of all breaches happen because of negligence, not because of malicious intent. >> It's that low. Interesting. I always- >> Someone else told me the same thing, that they though it'd be higher, yeah. >> I always say bad user behavior is going to trump good security every time. >> Every single time. >> You can't beat it. But, you know, it's funny- >> Jeetu: Every single time. >> Back, the earlier part of last decade, you could see that security was becoming a board level issue. It became, it was on the agenda every quarter. And, I remember doing some research at the time, and I asked, I was interviewing Robert Gates, former Defense Secretary, and I asked him, yeah, but we're getting attacked but don't we have the best offense? Can't we have the best technology? He said, yeah but we have so much critical infrastructure the risks to United States are higher. So we have to be careful about how we use security as an offensive weapon, you know? And now you're seeing the future of war involves security and what's going on in Ukraine. It's a whole different ballgame. >> It is, and the scales always tip towards the adversary, not towards the defender, because you have to be right every single time. They have to be right once. >> Yeah. And, to the other point, about bad user behavior. It's going now beyond the board level, to it's everybody's responsibility. >> That's right. >> And everybody's sort of aware of it, everybody's been hacked. And, that's where it being such a complicated topic is problematic. >> It is, and it's actually, what got us this far will not get us to where we need to get to if we don't simplify security radically. You know? The experience has to be almost invisible. And what used to be the case was sophistication had to get to a certain level, for efficacy to go up. But now, that sophistication has turned to complexity. And there's an inverse relationship between complexity and efficacy. So the simpler you make security, the more effective it gets. And so I'll give you an example. We have this great kind of innovation we've done around passwordless, right? Everyone hates passwords. You shouldn't have passwords in 2023. But, when you get to passwordless security, not only do you reduce a whole lot of friction for the user, you actually make the system safer. And that's what you need to do, is you have to make it simpler while making it more effective. And, I think that's what the future is going to hold. >> Yeah, and CISOs tell me that they're, you know zero trust before the pandemic was like, yeah, yeah zero trust. And now it's like a mandate. >> Yeah. >> Every CISO you talk to says, yes we're implementing a zero trust architecture. And a big part of that is that, if they can confirm zero trust, they can get to market a lot faster with revenue generating or critical projects. And many projects as we know are being pushed back, >> Yeah. >> you know? 'Cause of the macro. But, projects that drive revenue and value they want to accelerate, and a zero trust confirmation allows people to rubber stamp it and go faster. >> And the whole concept of zero trust is least privileged access, right? But what we want to make sure that we get to is continuous assessment of least privileged access, not just a one time at login. >> Dave: 'Cause things change so frequently. >> So, for example, if you happen to be someone that's logged into the system and now you start doing some anomalous behavior that doesn't sound like Dave, we want to be able to intercept, not just do it at the time that you're authenticating Dave to come in. >> So you guys got a good business. I mentioned the macro before. >> Yeah. >> The big theme is consolidating redundant vendors. So a company with a portfolio like Cisco's obviously has an advantage there. You know, you guys had great earnings. Palo Alto is another company that can consolidate. Tom Gillis, great pickup. Guy's amazing, you know? >> Love Tom. >> Great respect. Just had a little webinar session with him, where he was geeking out with the analyst and so- >> Yeah, yeah. >> Learned a lot there. Now you guys have some news, at the event event with Mercedes? >> We do. >> Take us through that, and I want to get your take on hybrid work and what's happening there. But what's going on with Mercedes? >> Yeah so look, it all actually stems from the hybrid work story, which is the future is going to be hybrid, people are going to work in mixed mode. Sometimes you'll be in the office, sometimes at home, sometimes somewhere in the middle. One of the places that people are working more and more from is their cars. And connected cars are getting to be a reality. And in fact, cars sometimes become an extension of your home office. And many a times I have found myself in a parking lot, because I didn't have enough time to get home and I was in a parking lot taking a conference call. And so we've made that section easier, because we have now partnered with Mercedes. And they aren't the first partner, but they're a very important partner where we are going to have Webex available, through the connected car, natively in Mercedes. >> Ah, okay. So I could take a call, I can do it all the time. I find good service, pull over, got to take the meeting. >> Yeah. >> I don't want to be driving. I got to concentrate. >> That's right. >> You know, or sometimes, I'll have the picture on and it's not good. >> That's right. >> Okay, so it'll be through the console, and all through the internet? >> It'll be through the console. And many people ask me like, how's safety going to work over that? Because you don't want to do video calls while you're driving. Exactly right. So when you're driving, the video automatically turns off. And you'll have audio going on, just like a conference call. But the moment you stop and put it in park, you can have video turned on. >> Now, of course the whole hybrid work trend, we, seems like a long time ago but it doesn't, you know? And it's really changed the security dynamic as well, didn't it? >> It has, it has. >> I mean, immediately you had to go protect new endpoints. And those changes, I felt at the time, were permanent. And I think it's still the case, but there's an equilibrium now happening. People as they come back to the office, you see a number of companies are mandating back to work. Maybe the central offices, or the headquarters, were underfunded. So what's going on out there in terms of that balance? >> Well firstly, there's no unanimous consensus on the way that the future is going to be, except that it's going to be hybrid. And the reason I say that is some companies mandate two days a week, some companies mandate five days a week, some companies don't mandate at all. Some companies are completely remote. But whatever way you go, you want to make sure that regardless of where you're working from, people can have an inclusive experience. You know? And, when they have that experience, you want to be able to work from a managed device or an unmanaged device, from a corporate network or from a Starbucks, from on the road or stationary. And whenever you do any of those things, we want to make sure that security is always handled, and you don't have to worry about that. And so the way that we say it is the company that created the VPN, which is Cisco, is the one that's going to kill it. Because what we'll do is we'll make it simple enough so that you don't, you as a user, never have to worry about what connection you're going to use to dial in to what app. You will have one, seamless way to dial into any application, public application, private application, or directly to the internet. >> Yeah, I got a love, hate with my VPN. I mean, it's protecting me, but it's in the way a lot. >> It's going to be simple as ever. >> Do you have kids? >> I do, I have a 12 year old daughter. >> Okay, so not quite high school age yet. She will be shortly. >> No, but she's already, I'm not looking forward to high school days, because she has a very, very strong sense of debate and she wins 90% of the arguments. >> So when my kids were that age, I've got four kids, but the local high school banned Wikipedia, they can't use Wikipedia for research. Many colleges, I presume high schools as well, they're banning Chat GPT, can't use it. Now at the same time, I saw recently on Medium a Wharton school professor said he's mandating Chat GPT to teach his students how to prompt in progressively more sophisticated prompts, because the future is interacting with machines. You know, they say in five years we're all going to be interacting in some way, shape, or form with AI. Maybe we already are. What's the intersection between AI and security? >> So a couple very, very consequential things. So firstly on Chat GPT, the next generation skill is going to be to learn how to go out and have the right questions to ask, which is the prompt revolution that we see going on right now. But if you think about what's happening in security, and there's a few areas which are, firstly 3,500 hundred vendors in this space. On average, most companies have 50 to 70 vendors in security. Not a single vendor owns more than 10% of the market. You take out a couple vendors, no one owns more than 5%. Highly fractured market. That's a problem. Because it's untenable for companies to go out and manage 70 policy engines. And going out and making sure that there's no contention. So as you move forward, one of the things that Chat GPT will be really good for is it's fundamentally going to change user experiences, for how software gets built. Because rather than it being point and click, it's going to be I'm going to provide an instruction and it's going to tell me what to do in natural language. Imagine Dave, when you joined a company if someone said, hey give Dave all the permissions that he needs as a direct report to Chuck. And instantly you would get all of the permissions. And it would actually show up in a screen that says, do you approve? And if you hit approve, you're done. The interfaces of the future will get more natural language kind of dominated. The other area that you'll see is the sophistication of attacks and the surface area of attacks is increasing quite exponentially. And we no longer can handle this with human scale. You have to handle it in machine scale. So detecting breaches, making sure that you can effectively and quickly respond in real time to the breaches, and remediate those breaches, is all going to happen through AI and machine learning. >> So, I agree. I mean, just like Amazon turned the data center into an API, I think we're now going to be interfacing with technology through human language. >> That's right. >> I mean I think it's a really interesting point you're making. Now, from a security standpoint as well, I mean, the state of the art today in my email is be careful, this person's outside your organization. I'm like, yeah I know. So it's a good warning sign, but it's really not automated in any way. So two part question. One is, can AI help? You know, with the phishing, obviously it can, but the bad guys have AI too. >> Yeah. >> And they're probably going to be smarter than I am about using it. >> Yeah, and by the way, Talos is our kind of threat detection and response >> Yes. >> kind of engine. And, they had a great kind of piece that came out recently where they talked about this, where Chat GPT, there is going to be more sophistication of the folks that are the bad actors, the adversaries in using Chat GPT to have more sophisticated phishing attacks. But today it's not something that is fundamentally something that we can't handle just yet. But you still need to do the basic hygiene. That's more important. Over time, what you will see is attacks will get more bespoke. And in order, they'll get more sophisticated. And, you will need to have better mechanisms to know that this was actually not a human being writing that to you, but it was actually a machine pretending to be a human being writing something to you. And that you'll have to be more clever about it. >> Oh interesting. >> And so, you will see attacks get more bespoke and we'll have to get smarter and smarter about it. >> The other thing I wanted to ask you before we close is you're right on. I mean you take the top security vendors and they got a single digit market share. And it's like it's untenable for organizations, just far too many tools. We have a partner at ETR, they do quarterly survey research and one of the things they do is survey emerging technology companies. And when we look at in the security sector just the number of emerging technology companies that are focused on cybersecurity is as many as there are out there already. And so, there's got to be consolidation. Maybe that's through M & A. I mean, what do you think happens? Are company's going to go out of business? There's going to be a lot of M & A? You've seen a lot of companies go private. You know, the big PE companies are sucking up all these security companies and may be ready to spit 'em out and go back public. How do you see the landscape? You guys are obviously an inquisitive company. What are your thoughts on that? >> I think there will be a little bit of everything. But the biggest change that you'll see is a shift that's going to happen with an integrated platform, rather than point solution vendors. So what's going to happen is the market's going to consolidate towards very few, less than a half a dozen, integrated platforms. We believe Cisco is going to be one. Microsoft will be one. There'll be others over there. But these, this platform will essentially be able to provide a unified kind of policy engine across a multitude of different services to protect multiple different entities within the organization. And, what we found is that platform will also be something that'll provide, through APIs, the ability for third parties to be able to get their technology incorporated in, and their telemetry ingested. So we certainly intend to do that. We don't believe, we are not arrogant enough to think that every single new innovation will be built by us. When there's someone else who has built that, we want to make sure that we can ingest that telemetry as well, because the real enemy is not the competitor. The real enemy is the adversary. And we all have to get together, so that we can keep humanity safe. >> Do you think there's been enough collaboration in the industry? I mean- >> Jeetu: Not nearly enough. >> We've seen companies, security companies try to monetize private data before, instead of maybe sharing it with competitors. And so I think the industry can do better there. >> Well I think the industry can do better. And we have this concept called the security poverty line. And the security poverty line is the companies that fall below the security poverty line don't have either the influence or the resources or the know how to keep themselves safe. And when they go unsafe, everyone else that communicates with them also gets that exposure. So it is in our collective interest for all of us to make sure that we come together. And, even if Palo Alto might be a competitor of ours, we want to make sure that we invite them to say, let's make sure that we can actually exchange telemetry between our companies. And we'll continue to do that with as many companies that are out there, because actually that's better for the market, that's better for the world. >> The enemy of the enemy is my friend, kind of thing. >> That's right. >> Now, as it relates to, because you're right. I mean I, I see companies coming up, oh, we do IOT security. I'm like, okay, but what about cloud security? Do you that too? Oh no, that's somebody else. But, so that's another stove pipe. >> That's a huge, huge advantage of coming with someone like Cisco. Because we actually have the entire spectrum, and the broadest portfolio in the industry of anyone else. From the user, to the device, to the network, to the applications, we provide the entire end-to-end story for security, which then has the least amount of cracks that you can actually go out and penetrate through. The biggest challenges that happen in security is you've got way too many policy engines with way too much contention between the policies from these different systems. And eventually there's a collision course. Whereas with us, you've actually got a broad portfolio that operates as one platform. >> We were talking about the cloud guys earlier. You mentioned Microsoft. They're obviously a big competitor in the security space. >> Jeetu: But also a great partner. >> So that's right. To my opinion, the cloud has been awesome as a first line of defense if you will. But the shared responsibility model it's different for each cloud, right? So, do you feel that those guys are working together or will work together to actually improve? 'Cause I don't see that yet. >> Yeah so if you think about, this is where we feel like we have a structural advantage in this, because what does a company like Cisco become in the future? I think as the world goes multicloud and hybrid cloud, what'll end up happening is there needs to be a way, today all the CSPs provide everything from storage to computer network, to security, in their own stack. If we can abstract networking and security above them, so that we can acquire and steer any and all traffic with our service providers and steer it to any of those CSPs, and make sure that the security policy transcends those clouds, you would actually be able to have the public cloud economics without the public cloud lock-in. >> That's what we call super cloud Jeetu. It's securing the super cloud. >> Yeah. >> Hey, thanks so much for coming to theCUBE. >> Thank you for having me. >> Really appreciate you coming on our editorial program. >> Such a pleasure. >> All right, great to see you again. >> Cheers. >> All right, keep it right there. Dave Vellante with David Nicholson and Lisa Martin. We'll be back, right after this short break from MWC '23 live, in the Fira, in Barcelona. (bright music resumes) (music fades out)

(gentle music) >> Announcer: "theCube's" live coverage is made possible by funding from Dell Technologies, creating technologies that drive human progress. (upbeat music) (logo whooshing) >> Hey, everyone, welcome back to "theCube's" coverage of day one, MWC23 live from Barcelona, Lisa Martin here with Dave Vellante. Dave, we've got some great conversations so far This is the biggest, most packed show I've been to in years. About 80,000 people here so far. >> Yeah, down from its peak of 108, but still pretty good. You know, a lot of folks from China come to this show, but with the COVID situation in China, that's impacted the attendance, but still quite amazing. >> Amazing for sure. We're going to be talking about trends and mobility, and all sorts of great things. We have a couple of guests joining us for the first time on "theCUBE." Please welcome Dr. Srinivas Mukkamala or Sri, chief product officer at Ivanti. And Dave Shepherd, VP Ivanti. Guys, welcome to "theCUBE." Great to have you here. >> Thank you. >> So, day one of the conference, Sri, we'll go to you first. Talk about some of the trends that you're seeing in mobility. Obviously, the conference renamed from Mobile World Congress to MWC mobility being part of it, but what are some of the big trends? >> It's interesting, right? I mean, I was catching up with Dave. The first thing is from the keynotes, it took 45 minutes to talk about security. I mean, it's quite interesting when you look at the shore floor. We're talking about Edge, we're talking about 5G, the whole evolution. And there's also the concept of are we going into the Cloud? Are we coming back from the Cloud, back to the Edge? They're really two different things. Edge is all decentralized while you recompute. And one thing I observed here is they're talking about near real-time reality. When you look at automobiles, when you look at medical, when you look at robotics, you can't have things processed in the Cloud. It'll be too late. Because you got to make millisecond-based stations. That's a big trend for me. When I look at staff... Okay, the compute it takes to process in the Cloud versus what needs to happen on-prem, on device, is going to revolutionize the way we think about mobility. >> Revolutionize. David, what are some of the things that you're saying? Do you concur? >> Yeah, 100%. I mean, look, just reading some of the press recently, they're predicting 22 billion IoT devices by 2024. Everything Sri just talked about there. It's growing exponentially. You know, problems we have today are a snapshot. We're probably in the slowest place we are today. Everything's just going to get faster and faster and faster. So it's a, yeah, 100% concur with that. >> You know, Sri, on your point, so Jose Maria Alvarez, the CEO of Telefonica, said there are three pillars of the future of telco, low latency, programmable networks, and Cloud and Edge. So, as to your point, Cloud and low latency haven't gone hand in hand. But the Cloud guys are saying, "All right, we're going to bring the Cloud to the Edge." That's sort of an interesting dynamic. We're going to bypass them. We heard somebody, another speaker say, "You know, Cloud can't do it alone." You know? (chuckles) And so, it's like these worlds need each other in a way, don't they? >> Definitely right. So that's a fantastic way to look at it. The Cloud guys can say, "We're going to come closer to where the computer is." And if you really take a look at it with data localization, where are we going to put the Cloud in, right? I mean, so the data sovereignty becomes a very interesting thing. The localization becomes a very interesting thing. And when it comes to security, it gets completely different. I mean, we talked about moving everything to a centralized compute, really have massive processing, and give you the addition back wherever you are. Whereas when you're localized, I have to process everything within the local environment. So there's already a conflict right there. How are we going to address that? >> Yeah. So another statement, I think, it was the CEO of Ericsson, he was kind of talking about how the OTT guys have heard, "We can't let that happen again. And we're going to find new ways to charge for the network." Basically, he's talking about monetizing the API access. But I'm interested in what you're hearing from customers, right? 'Cause our mindset is, what value you're going to give to customers that they're going to pay for, versus, "I got this data I'm going to charge developers for." But what are you hearing from customers? >> It's amazing, Dave, the way you're looking at it, right? So if we take a look at what we were used to perpetual, and we said we're going to move to a subscription, right? I mean, everybody talks about subscription economy. Telcos on the other hand, had subscription economy for a long time, right? They were always based on usage, right? It's a usage economy. But today, we are basically realizing on compute. We haven't even started charging for compute. If you go to AWS, go to Azure, go to GCP, they still don't quite charge you for actual compute, right? It's kind of, they're still leaning on it. So think about API-based, we're going to break the bank. What people don't realize is, we do millions of API calls for any high transaction environment. A consumer can't afford that. What people don't realize is... I don't know how you're going to monetize. Even if you charge a cent a call, that is still going to be hundreds and thousands of dollars a day. And that's where, if you look at what you call low-code no-code motion? You see a plethora of companies being built on that. They're saying, "Hey, you don't have to write code. I'll give you authentication as a service. What that means is, Every single time you call my API to authenticate a user, I'm going to charge you." So just imagine how many times we authenticate on a single day. You're talking a few dozen times. And if I have to pay every single time I authenticate... >> Real friction in the marketplace, David. >> Yeah, and I tell you what. It's a big topic, right? And it's a topic that we haven't had to deal with at the Edge before, and we hear it probably daily really, complexity. The complexity's growing all the time. That means that we need to start to get insight, visibility. You know? I think a part of... Something that came out of the EU actually this week, stated, you know, there's a cyber attack every 11 seconds. That's fast, right? 2016, that was 40 seconds. So actually that speed I talked about earlier, everything Sri says that's coming down to the Edge, we want to embrace the Edge and that is the way we're going to move. But customers are mindful of the complexity that's involved in that. And that, you know, lens thought to how are we going to deal with those complexities. >> I was just going to ask you, how are you planning to deal with those complexities? You mentioned one ransomware attack every 11 seconds. That's down considerably from just a few years ago. Ransomware is a household word. It's no longer, "Are we going to get attacked?" It's when, it's to what extent, it's how much. So how is Ivanti helping customers deal with some of the complexities, and the changes in the security landscape? >> Yeah. Shall I start on that one first? Yeah, look, we want to give all our customers and perspective customers full visibility of their environment. You know, devices that are attached to the environment. Where are they? What are they doing? How often are we going to look for those devices? Not only when we find those devices. What applications are they running? Are those applications secure? How are we going to manage those applications moving forward? And overall, wrapping it round, what kind of service are we going to do? What processes are we going to put in place? To Sri's point, the low-code no-code angle. How do we build processes that protect our organization? But probably a point where I'll pass to Sri in a moment is how do we add a level of automation to that? How do we add a level of intelligence that doesn't always require a human to be fixing or remediating a problem? >> To Sri, you mentioned... You're right, the keynote, it took 45 minutes before it even mentioned security. And I suppose it's because they've historically, had this hardened stack. Everything's controlled and it's a safe environment. And now that's changing. So what would you add? >> You know, great point, right? If you look at telcos, they're used to a perimeter-based network. >> Yep. >> I mean, that's what we are. Boxed, we knew our perimeter. Today, our perimeter is extended to our home, everywhere work, right? >> Yeah- >> We don't have a definition of a perimeter. Your browser is the new perimeter. And a good example, segueing to that, what we have seen is horizontal-based security. What we haven't seen is verticalization, especially in mobile. We haven't seen vertical mobile security solutions, right? Yes, you hear a little bit about automobile, you hear a little bit about healthcare, but what we haven't seen is, what about food sector? What about the frontline in food? What about supply chain? What security are we really doing? And I'll give you a simple example. You brought up ransomware. Last night, Dole was attacked with ransomware. We have seen the beef producer colonial pipeline. Now, if we have seen agritech being hit, what does it mean? We are starting to hit humanity. If you can't really put food on the table, you're starting to really disrupt the supply chain, right? In a massive way. So you got to start thinking about that. Why is Dole related to mobility? Think about that. They don't carry service and computers. What they carry is mobile devices. that's where the supply chain works. And then that's where you have to start thinking about it. And the evolution of ransomware, rather than a single-trick pony, you see them using multiple vulnerabilities. And Pegasus was the best example. Spyware across all politicians, right? And CEOs. It is six or seven vulnerabilities put together that actually was constructed to do an attack. >> Yeah. How does AI kind of change this? Where does it fit in? The attackers are going to have AI, but we could use AI to defend. But attackers are always ahead, right? (chuckles) So what's your... Do you have a point of view on that? 'Cause everybody's crazy about ChatGPT, right? The banks have all banned it. Certain universities in the United States have banned it. Another one's forcing his students to learn how to use ChatGPT to prompt it. It's all over the place. You have a point of view on this? >> So definitely, Dave, it's a great point. First, we all have to have our own generative AI. I mean, I look at it as your digital assistant, right? So when you had calculators, you can't function without a calculator today. It's not harmful. It's not going to take you away from doing multiplication, right? So we'll still teach arithmetic in school. You'll still use your calculator. So to me, AI will become an integral part. That's one beautiful thing I've seen on the short floor. Every little thing there is a AI-based solution I've seen, right? So ChatGPT is well played from multiple perspective. I would rather up level it and say, generated AI is the way to go. So there are three things. There is human intense triaging, where humans keep doing easy work, minimal work. You can use ML and AI to do that. There is human designing that you need to do. That's when you need to use AI. >> But, I would say this, in the Enterprise, that the quality of the AI has to be better than what we've seen so far out of ChatGPT, even though I love ChatGPT, it's amazing. But what we've seen from being... It's got to be... Is it true that... Don't you think it has to be cleaner, more accurate? It can't make up stuff. If I'm going to be automating my network with AI. >> I'll answer that question. It comes down to three fundamentals. The reason ChatGPT is giving addresses, it's not trained on the latest data. So for any AI and ML method, you got to look at three things. It's your data, it's your domain expertise, who is training it, and your data model. In ChatGPT, it's older data, it's biased to the people that trained it, right? >> Mm-hmm. >> And then, the data model is it's going to spit out what it's trained on. That's a precursor of any GPT, right? It's pre-trained transformation. >> So if we narrow that, right? Train it better for the specific use case, that AI has huge potential. >> You flip that to what the Enterprise customers talk about to us is, insight is invaluable. >> Right. >> But then too much insight too quickly all the time means we go remediation crazy. So we haven't got enough humans to be fixing all the problems. Sri's point with the ChatGPT data, some of that data we are looking at there could be old. So we're trying to triage something that may still be an issue, but it might have been superseded by something else as well. So that's my overriding when I'm talking to customers and we talk ChatGPT, it's in the news all the time. It's very topical. >> It's fun. >> It is. I even said to my 13-year-old son yesterday, your homework's out a date. 'Cause I knew he was doing some summary stuff on ChatGPT. So a little wind up that's out of date just to make that emphasis around the model. And that's where we, with our Neurons platform Ivanti, that's what we want to give the customers all the time, which is the real-time snapshot. So they can make a priority or a decision based on what that information is telling them. >> And we've kind of learned, I think, over the last couple of years, that access to real-time data, real-time AI, is no longer nice to have. It's a massive competitive advantage for organizations, but it's going to enable the on-demand, everything that we expect in our consumer lives, in our business lives. This is going to be table stakes for organizations, I think, in every industry going forward. >> Yeah. >> But assumes 5G, right? Is going to actually happen and somebody's going to- >> Going to absolutely. >> Somebody's going to make some money off it at some point. When are they going to make money off of 5G, do you think? (all laughing) >> No. And then you asked a very good question, Dave. I want to answer that question. Will bad guys use AI? >> Yeah. Yeah. >> Offensive AI is a very big thing. We have to pay attention to it. It's got to create an asymmetric war. If you look at the president of the United States, he said, "If somebody's going to attack us on cyber, we are going to retaliate." For the first time, US is willing to launch a cyber war. What that really means is, we're going to use AI for offensive reasons as well. And we as citizens have to pay attention to that. And that's where I'm worried about, right? AI bias, whether it's data, or domain expertise, or algorithmic bias, is going to be a big thing. And offensive AI is something everybody have to pay attention to. >> To your point, Sri, earlier about critical infrastructure getting hacked, I had this conversation with Dr. Robert Gates several years ago, and I said, "Yeah, but don't we have the best offensive, you know, technology in cyber?" And he said, "Yeah, but we got the most to lose too." >> Yeah, 100%. >> We're the wealthiest nation of the United States. The wealthiest is. So you got to be careful. But to your point, the president of the United States saying, "We'll retaliate," right? Not necessarily start the war, but who started it? >> But that's the thing, right? Attribution is the hardest part. And then you talked about a very interesting thing, rich nations, right? There's emerging nations. There are nations left behind. One thing I've seen on the show floor today is, digital inequality. Digital poverty is a big thing. While we have this amazing technology, 90% of the world doesn't have access to this. >> Right. >> What we have done is we have created an inequality across, and especially in mobility and cyber, if this technology doesn't reach to the last mile, which is emerging nations, I think we are creating a crater back again and putting societies a few miles back. >> And at much greater risk. >> 100%, right? >> Yeah. >> Because those are the guys. In cyber, all you need is a laptop and a brain to attack. >> Yeah. Yeah. >> If I don't have it, that's where the civil war is going to start again. >> Yeah. What are some of the things in our last minute or so, guys, David, we'll start with you and then Sri go to you, that you're looking forward to at this MWC? The theme is velocity. We're talking about so much transformation and evolution in the telecom industry. What are you excited to hear and learn in the next couple of days? >> Just getting a complete picture. One is actually being out after the last couple of years, so you learn a lot. But just walking around and seeing, from my perspective, some vendor names that I haven't seen before, but seeing what they're doing and bringing to the market. But I think goes back to the point made earlier around APIs and integration. Everybody's talking about how can we kind of do this together in a way. So integrations, those smart things is what I'm kind of looking for as well, and how we plug into that as well. >> Excellent, and Sri? >> So for us, there is a lot to offer, right? So while I'm enjoying what I'm seeing here, I'm seeing at an opportunity. We have an amazing portfolio of what we can do. We are into mobile device management. We are the last (indistinct) company. When people find problems, somebody has to go remediators. We are the world's largest patch management company. And what I'm finding is, yes, all these people are embedding software, pumping it like nobody's business. As you find one ability, somebody has to go fix them, and we want to be the (indistinct) company. We had the last smile. And I find an amazing opportunity, not only we can do device management, but do mobile threat defense and give them a risk prioritization on what needs to be remediated, and manage all that in our ITSM. So I look at this as an amazing, amazing opportunity. >> Right. >> Which is exponential than what I've seen before. >> So last question then. Speaking of opportunities, Sri, for you, what are some of the things that customers can go to? Obviously, you guys talk to customers all the time. In terms of learning what Ivanti is going to enable them to do, to take advantage of these opportunities. Any webinars, any events coming up that we want people to know about? >> Absolutely, ivanti.com is the best place to go because we keep everything there. Of course, "theCUBE" interview. >> Of course. >> You should definitely watch that. (all laughing) No. So we have quite a few industry events we do. And especially there's a lot of learning. And we just raised the ransomware report that actually talks about ransomware from a global index perspective. So one thing what we have done is, rather than just looking at vulnerabilities, we showed them the weaknesses that led to the vulnerabilities, and how attackers are using them. And we even talked about DHS, how behind they are in disseminating the information and how it's actually being used by nation states. >> Wow. >> And we did cover mobility as a part of that as well. So there's a quite a bit we did in our report and it actually came out very well. >> I have to check that out. Ransomware is such a fascinating topic. Guys, thank you so much for joining Dave and me on the program today, sharing what's going on at Ivanti, the changes that you're seeing in mobile, and the opportunities that are there for your customers. We appreciate your time. >> Thank you >> Thank you. >> Yes. Thanks, guys. >> Thanks, guys. >> For our guests and for Dave Vellante, I'm Lisa Martin. You're watching "theCUBE" live from MWC23 in Barcelona. As you know, "theCUBE" is the leader in live tech coverage. Dave and I will be right back with our next guest. (gentle upbeat music)

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

(light music) >> Hello, and welcome to theCUBE's special presentation with Horizon3.ai with Rainer Richter, Vice President of EMEA, Europe, Middle East and Africa, and Asia Pacific, APAC Horizon3.ai. Welcome to this special CUBE presentation. Thanks for joining us. >> Thank you for the invitation. >> So Horizon3.ai, driving global expansion, big international news with a partner-first approach. You guys are expanding internationally. Let's get into it. You guys are driving this new expanse partner program to new heights. Tell us about it. What are you seeing in the momentum? Why the expansion? What's all the news about? >> Well, I would say in international, we have, I would say a similar situation like in the US. There is a global shortage of well-educated penetration testers on the one hand side. On the other side, we have a raising demand of network and infrastructure security. And with our approach of an autonomous penetration testing, I believe we are totally on top of the game, especially as we have also now starting with an international instance. That means for example, if a customer in Europe is using our service, NodeZero, he will be connected to a NodeZero instance, which is located inside the European Union. And therefore, he doesn't have to worry about the conflict between the European GDPR regulations versus the US CLOUD Act. And I would say there, we have a total good package for our partners that they can provide differentiators to their customers. >> You know, we've had great conversations here on theCUBE with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company. And obviously, I can just connect the dots here, but I'd like you to weigh in more on how that translates into the go-to-market here because you got great cloud scale with the security product you guys are having success with. Great leverage there, I'm seeing a lot of success there. What's the momentum on the channel partner program internationally? Why is it so important to you? Is it just the regional segmentation? Is it the economics? Why the momentum? >> Well, there are multiple issues. First of all, there is a raising demand in penetration testing. And don't forget that in international, we have a much higher level number or percentage in SMB and mid-market customers. So these customers, typically, most of them even didn't have a pen test done once a year. So for them, pen testing was just too expensive. Now with our offering together with our partners, we can provide different ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with a traditional manual pen test, and that is because we have our Consulting PLUS package, which is for typically pen testers. They can go out and can do a much faster, much quicker pen test at many customers after each other. So they can do more pen test on a lower, more attractive price. On the other side, there are others or even the same one who are providing NodeZero as an MSSP service. So they can go after SMP customers saying, "Okay, you only have a couple of hundred IP addresses. No worries, we have the perfect package for you." And then you have, let's say the mid-market. Let's say the thousand and more employees, then they might even have an annual subscription. Very traditional, but for all of them, it's all the same. The customer or the service provider doesn't need a piece of hardware. They only need to install a small piece of a Docker container and that's it. And that makes it so smooth to go in and say, "Okay, Mr. Customer, we just put in this virtual attacker into your network, and that's it and all the rest is done." And within three clicks, they can act like a pen tester with 20 years of experience. >> And that's going to be very channel-friendly and partner-friendly, I can almost imagine. So I have to ask you, and thank you for calling out that breakdown and segmentation. That was good, that was very helpful for me to understand, but I want to follow up, if you don't mind. What type of partners are you seeing the most traction with and why? >> Well, I would say at the beginning, typically, you have the innovators, the early adapters, typically boutique-size of partners. They start because they are always looking for innovation. Those are the ones, they start in the beginning. So we have a wide range of partners having mostly even managed by the owner of the company. So they immediately understand, okay, there is the value, and they can change their offering. They're changing their offering in terms of penetration testing because they can do more pen tests and they can then add others ones. Or we have those ones who offered pen test services, but they did not have their own pen testers. So they had to go out on the open market and source pen testing experts to get the pen test at a particular customer done. And now with NodeZero, they're totally independent. They can go out and say, "Okay, Mr. Customer, here's the service. That's it, we turn it on. And within an hour, you are up and running totally." >> Yeah, and those pen tests are usually expensive and hard to do. Now it's right in line with the sales delivery. Pretty interesting for a partner. >> Absolutely, but on the other hand side, we are not killing the pen tester's business. We are providing with NodeZero, I would call something like the foundational work. The foundational work of having an ongoing penetration testing of the infrastructure, the operating system. And the pen testers by themselves, they can concentrate in the future on things like application pen testing, for example. So those services, which we are not touching. So we are not killing the pen tester market. We are just taking away the ongoing, let's say foundation work, call it that way. >> Yeah, yeah. That was one of my questions. I was going to ask is there's a lot of interest in this autonomous pen testing. One because it's expensive to do because those skills are required are in need and they're expensive. (chuckles) So you kind of cover the entry-level and the blockers that are in there. I've seen people say to me, "This pen test becomes a blocker for getting things done." So there's been a lot of interest in the autonomous pen testing and for organizations to have that posture. And it's an overseas issue too because now you have that ongoing thing. So can you explain that particular benefit for an organization to have that continuously verifying an organization's posture? >> Certainly. So I would say typically, you have to do your patches. You have to bring in new versions of operating systems, of different services, of operating systems of some components, and they are always bringing new vulnerabilities. The difference here is that with NodeZero, we are telling the customer or the partner the package. We're telling them which are the executable vulnerabilities because previously, they might have had a vulnerability scanner. So this vulnerability scanner brought up hundreds or even thousands of CVEs, but didn't say anything about which of them are vulnerable, really executable. And then you need an expert digging in one CVE after the other, finding out is it really executable, yes or no? And that is where you need highly-paid experts, which where we have a shortage. So with NodeZero now, we can say, "Okay, we tell you exactly which ones are the ones you should work on because those are the ones which are executable. We rank them accordingly to risk level, how easily they can be used." And then the good thing is converted or in difference to the traditional penetration test, they don't have to wait for a year for the next pen test to find out if the fixing was effective. They run just the next scan and say, "Yes, closed. Vulnerability is gone." >> The time is really valuable. And if you're doing any DevOps, cloud-native, you're always pushing new things. So pen test, ongoing pen testing is actually a benefit just in general as a kind of hygiene. So really, really interesting solution. Really bringing that global scale is going to be a new coverage area for us, for sure. I have to ask you, if you don't mind answering, what particular region are you focused on or plan to target for this next phase of growth? >> Well, at this moment, we are concentrating on the countries inside the European Union plus United Kingdom. And of course, logically, I'm based in the Frankfurt area. That means we cover more or less the countries just around. So it's like the so-called DACH region, Germany, Switzerland, Austria, plus the Netherlands. But we also already have partners in the Nordic, like in Finland and Sweden. So we have partners already in the UK and it's rapidly growing. So for example, we are now starting with some activities in Singapore and also in the Middle East area. Very important, depending on let's say, the way how to do business. Currently, we try to concentrate on those countries where we can have, let's say at least English as an accepted business language. >> Great, is there any particular region you're having the most success with right now? Sounds like European Union's kind of first wave. What's the most- >> Yes, that's the first. Definitely, that's the first wave. And now with also getting the European INSTANCE up and running, it's clearly our commitment also to the market saying, "Okay, we know there are certain dedicated requirements and we take care of this." And we are just launching, we are building up this one, the instance in the AWS service center here in Frankfurt. Also, with some dedicated hardware, internet, and a data center in Frankfurt, where we have with the DE-CIX, by the way, the highest internet interconnection bandwidth on the planet. So we have very short latency to wherever you are on the globe. >> That's a great call out benefit too. I was going to ask that. What are some of the benefits your partners are seeing in EMEA and Asia Pacific? >> Well, I would say, the benefits for them, it's clearly they can talk with customers and can offer customers penetration testing, which they before even didn't think about because penetration testing in a traditional way was simply too expensive for them, too complex, the preparation time was too long, they didn't have even have the capacity to support an external pen tester. Now with this service, you can go in and even say, "Mr. Customer, we can do a test with you in a couple of minutes. We have installed a Docker container. Within 10 minutes, we have the pen test started. That's it and then we just wait." And I would say we are seeing so many aha moments then. On the partner side, when they see NodeZero the first time working, it's like they say, "Wow, that is great." And then they walk out to customers and show it to their typically at the beginning, mostly the friendly customers like, "Wow, that's great, I need that." And I would say the feedback from the partners is that is a service where I do not have to evangelize the customer. Everybody understands penetration testing, I don't have to describe what it is. The customer understanding immediately, "Yes. Penetration testing, heard about that. I know I should do it, but too complex, too expensive." Now for example, as an MSSP service provided from one of our partners, it's getting easy. >> Yeah, and it's great benefit there. I mean, I got to say I'm a huge fan of what you guys are doing. I like this continuous automation. That's a major benefit to anyone doing DevOps or any kind of modern application development. This is just a godsend for them, this is really good. And like you said, the pen testers that are doing it, they were kind of coming down from their expertise to kind of do things that should have been automated. They get to focus on the bigger ticket items. That's a really big point. >> Exactly. So we free them, we free the pen testers for the higher level elements of the penetration testing segment, and that is typically the application testing, which is currently far away from being automated. >> Yeah, and that's where the most critical workloads are, and I think this is the nice balance. Congratulations on the international expansion of the program, and thanks for coming on this special presentation. I really appreciate it. Thank you very much. >> You're welcome. >> Okay, this is theCUBE special presentation, you know, checking on pen test automation, international expansion, Horizon3.ai. A really innovative solution. In our next segment, Chris Hill, Sector Head for Strategic Accounts, will discuss the power of Horizon3.ai and Splunk in action. You're watching theCUBE, the leader in high tech enterprise coverage. (steady music)

(intro music) >> Hi everybody. Dave Vellante, back with Day Two coverage, we're live at the ARIA Hotel in Las Vegas for fal.con '22. Several thousand people here today. The keynote was, it was a little light. I think people were out late last night, but the keynote was outstanding and it's still going on. We had to break early because we have to strike early today, but we're really excited to have Stephan Goldberg here, Vice President of Technology Alliances at Claroty. And we're going to talk about an extremely important topic, which is the internet of things, the edge, we talk about it a lot. We haven't covered securing the edge here at theCUBE this week. And so Stephan really excited to have you on. >> Thank you for having me. >> You're very welcome. Tell us more about Claroty, C-L-A-R-O-T-Y, a very interesting spelling, but what's it all about? >> Claroty is cybersecurity company that specializes in cyber physical systems, also known as operational technology systems and the extended internet of things. The difference between the traditional IoT and what what everyone calls an IoT in the cyber physical system is that an IoT device has anything connected on the network that traditionally cannot carry an agent, a security camera, a card reader. A cyber physical system is a system that has influence and operates in the physical world but is controlled from the cyberspace. An example would be a controller, a turbine, a robotic arm, or an MRI machine. >> Yeah, so those are really high-end systems, run, are looked after by engineers, not necessarily consumers. So what's what's happening in that world? I mean, we've talked a lot on theCUBE about the schism between OT and IT, they haven't really talked a lot, but in the last several years, they've started to talk more. You look at the ecosystem of IoT providers. I mean, it's companies like Hitachi and PTC and Siemens. I mean, it's the different names than we're used to in IT. What are the big trends that you're seeing the macro? >> So, first of all, traditionally, most manufacturers and environments that were heavy on operations, operational technology, they had the networks air-gapped, completely separated. You had your IT network for business administration, you had the OT network to actually build stuff. Today with emerging technologies and even modern switching architecture everything is being converged. You have the same physical infrastructure in terms of networking, that carries both networks. Sometimes a human error, sometimes a business logic that needs to interconnect these networks to transmit data from the OT side of the house, to the IT side of the house, exposes the OT environment to cyber threats. >> Was that air-gap by design or was it just that there wasn't connectivity? >> It was air-gap by design, due to security and operational reasons, and also ownership in these organizations. The IT-managed space was completely separate from the OT-managed space. So whoever built a network for the controllers to build a car, for example, was an automation engineer and the vendors, that have built these networks, were automation vendors, unlike the traditional Ciscos of the world, that we're specializing in IT. Today we're seeing the IT vendors on the OT side, and the OT vendors, they're worried about the IT side. >> But I mean, tradition, I mean, engineers are control freaks. No offense, but, I'm glad they are, I'm thankful for that. So there must have been some initial reticence to them connecting up these air-gap systems. They went wanted to make sure that they were secure, that they did it right, and presumably that's where you guys come in. What are the exposures and risks of these, of this critical infrastructure that we should be aware of? >> So you're completely right. And from an operational perspective let let's call it change control is very rigorous. So they did not want to go on the internet and just, we're seeing it with adoption of cloud technologies, for example. Cloud as in industry four ago, five ago, cloud as in cyber security. We all heard Amol's keynote from this morning talking about critical infrastructures and we'll touch upon our partnership in a second, but CrowdStrike, CrowdStrike being considered and deployed within these environments is a new thing. It's a new thing because the OT operation managers and the chief information security officers, they understand that air-gap is no longer a valid strategy. From a business perspective, these networks are already connected. We're seeing the trends of cyber attacks, IT cyber attacks, like not Patreon, I'm not talking about the Stoxnet, the targeted OT. I'm talking about WannaCry, EternalBlue, IT vulnerabilities that did not target OT, but due to the outdated and the specification of OT posture on the networks, they hit healthcare, they hit OT much harder than they did IT. >> Was Log4J, did that sleep into OT, or any IT that. >> So, absolutely. >> So Log4J right, which was so pervasive, like so many of these malwares. >> All these vulnerabilities that, it's a windows vulnerability, it has nothing to do with OT. But then when you stop and you say, hold on, my human machine interface workstation, although it has some proprietary software by Rockwell or Siemens running on it, what is the underlying operating system? Oh, hold on, it's Windows. We haven't updated that for like eight years. We were focused on updating the software but not the underlying operating system. The vulnerabilities exist to a greater extent on the OT side of the house because of the same characteristic of operational technology environments. >> So the brute force air-gap approach was no longer viable because the business imperative came in and said, no, we have to connect these systems to digitally transform, or advance our business, there's opportunities to monetize, whatever it was. The business laid that out as an imperative. So now OT engineers have to rethink how they secure it. So what are the steps that they're taking and how does Claroty help? Is there a sort of a playbook, a sequential playbook? >> Absolutely, so before we discussed the maturity curve of adopting an CPS security, or OT security technology, let's touch upon the characteristic of the space and what it led vendors like Claroty to build. So you have the rigorous chain control. You have the security in mind, operations, lowered the risk state of mind. That led vendors, likes of Claroty, to build a solution. And I'm talking about seven, eight years ago, to be passive, mostly passive or passive only to inspect network and to analyze network and focus on detection rather than taking action like response or preventative maintenance. >> Um-hmm. >> It made vendors to build on-prem solutions because of the cloud-averse state of mind of this industry. And because OT is very specific, it led vendors to focus only on OT devices, overlooking what we discussed as IoT, Unfortunately, besides HMI and PLC, the controller in the plant, you also have the security camera. So when you install an OT security solution I'm talking about the traditional ones, they traditionally overlook the security camera or anything that is not considered traditional OT. These three observations, although they were necessary in the beginning, you understand the shortcomings of it today. >> Um-hmm. >> So cloud-averse led to on-prem which leads to war security. It's like comparing CrowdStrike and one of its traditional competitors in the antivirus space. What CrowdStrike innovated is the SaaS first, cloud-native solution that is continuously being updated and provide the best in cloud security, right? And that is very much like what Claroty's building. We decided to go SaaS first and cloud-native solution. >> So, because of cloud-aversion, the industry shows somewhat outdated deployment models, on-prem, which limited scale and created greater diversity, more stovepipes, all the problems that we always talk about. Okay, and so is the answer to that, just becoming more cloud, having more of an affinity to cloud? That was a starting point, right. >> This is exactly it. Air-gap is perceived as secured, but you don't get updates and you don't really know what's going on in your network. If you have a Claroty or a crosswork installer, you have much higher probability detecting fast and responding fast. If you don't have it, you are just blind. You will be bridged, that's the. >> I was going to say, plus, air-gap, it's true, but people can get through air-gaps, too. I mean, it's harder, but Stoxnet. Yeah, look at Stoxnet right, oh, it's mopping the floor, boom, or however it happened, but so yeah. >> Correct. >> So, but the point being, you know, assume that breach, even though I know CrowdStrike thinks that the unstoppable breach is a myth, but you know, you talk to people like Kevin Mandia, it's like, we assume you're going to get breached, right? Let's make that assumption. Yeah, okay, and so that means you've got to have visibility into the network. So what are those steps that you would, what's that maturity model that you referenced before? >> So on top of these underlying principles, which is cloud-native, comprehensive, not OT only, but XIoT, and then bring that the verticalization and OT specificity. On top of that, you're exactly right. There is a maturity curve. You cannot boil the ocean, deploy protections, and change the environment within one day. It starts with discovering everything that is connected to your network. Everything from the traditional workstations to the cameras, and of course ending up with the cyber physical systems on the network. That discovery cannot be only a high level profile, it needs to be in depth to the level you need to know application versions of these devices. If you cannot tell the application version you cannot correlate it to a vulnerability, right? Just knowing that's an HMI or that's a PLC by Siemens is insufficient. You need to know the app version, then you can correlate to vulnerability, then you can correlate to risk. This is the next step, risk assessment. You need to put up a score basically, on each one of these devices. A vulnerability score, risk score, in order to prioritize action. >> Um-hmm. >> These two steps are discovery and thinking about the environment. The next two steps are taking action. After we have the prioritized devices discovered on your network, our approach is that you need to ladle in and deploy protections from a preventative perspective. Claroty delivers recommended policies in the form of access control lists or rules. >> Right. >> That can leverage existing infrastructure without touching a device without patching it, just to protect it. The next step would be detection and response. Once you have these policies deployed you also can leverage them to spot policy deviations. >> And that's where CrowdStrike comes in. So talk about how you guys partner with CrowdStrike, what that integration looks like and what the differentiation is. >> So actually the integration with CrowdStrike crosses the the entire customer journey. It starts with visibility. CrowdStrike and us exchange data on the asset level. With the announcement during FalCon, with Falcon Discover for IoT, we are really, really proud working on that with CrowdStrike. Traditionally CrowdStrike discovered and provided data about the IT assets. And we did the same thing with CPS and OT. Today with Falcon Discover for IoT, and us expanding to the XIoT space, both of us look at all devices but we can discover different things. When you merge these data sets you have an unparalleled visibility into any environment, and specifically OT. The integrations continue, and maybe the second spotlight I'll put, but without diminishing the other ones, is detection and response. It's the XDR Alliance. Claroty is very proud to be one of the first partners, XDR Alliance partners, for CrowdStrike, fitting in to the XDR, to CrowdStrike's XDR, the data that is needed to mitigate and respond and get more context about breaches in these OT environments, but also take action. Also trigger action, via Claroty and leverage Claroty's network-centric capabilities to respond. >> We hear a lot. We heard a lot in today's keynote note about the data, the importance of data, of the graph database. How unique is this Stephan, in the industry, in your view? >> The uniqueness of what exactly? >> Of this joint solution, if you will, this capability. >> I told my counterparts from CrowdStrike yesterday, the go-to market ones and the product management ones. If we are successful with Falcon Discover for IoT, and that product matures, as we plan for it to mature, it will change the industry, the OT security industry, for all of us. Not only for Claroty, for all players in this space. And this is why it's so important for us to stay coordinated and support this amazing company to enter this space and provide better security to organizations that really support our lives. >> We got to leave it there, but this is such an important topic. We're seeing in the war in Ukraine, there's a cyber component in the future of war. >> Yes. >> Today. And what do they do? They go after critical infrastructure. So protecting that critical infrastructure is so important, especially for a country like the United States, which has so much critical infrastructure and a lot to lose. So Stephan, thanks so much. >> Thank you. >> For the work that you're doing. It was great to have you on theCUBE. >> Thank you. >> All right, keep it right there. Dave Vellante for theCUBE. We'll be right back from fal.con '22. We're live from the ARIA in Las Vegas. (techno music)

>> We're back at the ARIA Las Vegas. We're covering CrowdStrike's Fal.Con 22. First one since 2019. Dave Vellante and Dave Nicholson on theCUBE. Adam Meyers is here, he is the Senior Vice President of Intelligence at CrowdStrike. Adam, thanks for coming to theCUBE. >> Thanks for having me. >> Interesting times, isn't it? You're very welcome. Senior Vice President of Intelligence, tell us what your role is. >> So I run all of our intelligence offerings. All of our analysts, we have a couple hundred analysts that work at CrowdStrike tracking threat actors. There's 185 threat actors that we track today. We're constantly adding more of them and it requires us to really have that visibility and understand how they operate so that we can inform our other products: our XDR, our Cloud Workload Protections and really integrate all of this around the threat actor. >> So it's that threat hunting capability that CrowdStrike has. That's what you're sort of... >> Well, so think of it this way. When we launched the company 11 years ago yesterday, what we wanted to do was to tell customers, to tell people that, well, you don't have a malware problem, you have an adversary problem. There are humans that are out there conducting these attacks, and if you know who they are what they're up to, how they operate then you're better positioned to defend against them. And so that's really at the core, what CrowdStrike started with and all of our products are powered by intelligence. All of our services are our OverWatch and our Falcon complete, all powered by intelligence because we want to know who the threat actors are and what they're doing so we can stop them. >> So for instance like you can stop known malware. A lot of companies can stop known malware, but you also can stop unknown malware. And I infer that the intelligence is part of that equation, is that right? >> Absolutely. That that's the outcome. That's the output of the intelligence but I could also tell you who these threat actors are, where they're operating out of, show you pictures of some of them, that's the threat intel. We are tracking down to the individual persona in many cases, these various threats whether they be Chinese nation state, Russian threat actors, Iran, North Korea, we track as I said, quite a few of these threats. And over time, we develop a really robust deep knowledge about who they are and how they operate. >> Okay. And we're going to get into some of that, the big four and cyber. But before we do, I want to ask you about the eCrime index stats, the ECX you guys call it a little side joke for all your nerds out there. Maybe you could explain that Adam >> Assembly humor. >> Yeah right, right. So, but, what is that index? You guys, how often do you publish it? What are you learning from that? >> Yeah, so it was modeled off of the Dow Jones industrial average. So if you look at the Dow Jones it's a composite index that was started in the late 1800s. And they took a couple of different companies that were the industrial component of the economy back then, right. Textiles and railroads and coal and steel and things like that. And they use that to approximate the overall health of the economy. So if you take these different stocks together, swizzle 'em together, and figure out some sort of number you could say, look, it's up. The economy's doing good. It's down, not doing so good. So after World War II, everybody was exuberant and positive about the end of the war. The DGI goes up, the oil crisis in the seventies goes down, COVID hits goes up, sorry, goes down. And then everybody realizes that they can use Amazon still and they can still get the things they need goes back up with the eCrime index. We took that approach to say what is the health of the underground economy? When you read about any of these ransomware attacks or data extortion attacks there are criminal groups that are working together in order to get things spammed out or to buy credentials and things like that. And so what the eCrime index does is it takes 24 different observables, right? The price of a ransom, the number of ransom attacks, the fluctuation in cryptocurrency, how much stolen material is being sold for on the underground. And we're constantly computing this number to understand is the eCrime ecosystem healthy? Is it thriving or is it under pressure? And that lets us understand what's going on in the world and kind of contextualize it. Give an example, Microsoft on patch Tuesday releases 56 vulnerabilities. 11 of them are critical. Well guess what? After hack Tuesday. So after patch Tuesday is hack Wednesday. And so all of those 11 vulnerabilities are exploitable. And now you have threat actors that have a whole new array of weapons that they can deploy and bring to bear against their victims after that patch Tuesday. So that's hack Wednesday. Conversely we'll get something like the colonial pipeline. Colonial pipeline attack May of 21, I think it was, comes out and all of the various underground forums where these ransomware operators are doing their business. They freak out because they don't want law enforcement. President Biden is talking about them and he's putting pressure on them. They don't want this ransomware component of what they're doing to bring law enforcement, bring heat on them. So they deplatform them. They kick 'em off. And when they do that, the ransomware stops being as much of a factor at that point in time. And the eCrime index goes down. So we can look at holidays, and right around Thanksgiving, which is coming up pretty soon, it's going to go up because there's so much online commerce with cyber Monday and such, right? You're going to see this increase in online activity; eCrime actors want to take advantage of that. When Christmas comes, they take vacation too; they're going to spend time with their families, so it goes back down and it stays down till around the end of the Russian Orthodox Christmas, which you can probably extrapolate why that is. And then it goes back up. So as it's fluctuating, it gives us the ability to really just start tracking what that economy looks like. >> Realtime indicator of that crypto. >> I mean, you talked about, talked about hack Wednesday, and before that you mentioned, you know, the big four, and I think you said 185 threat actors that you're tracking, is 180, is number 185 on that list? Somebody living in their basement in their mom's basement or are the resources necessary to get on that list? Such that it's like, no, no, no, no. this is very, very organized, large groups of people. Hollywood would have you believe that it's guy with a laptop, hack Wednesday, (Dave Nicholson mimics keyboard clacking noises) and everything done. >> Right. >> Are there individuals who are doing things like that or are these typically very well organized? >> That's a great question. And I think it's an important one to ask and it's both it tends to be more, the bigger groups. There are some one-off ones where it's one or two people. Sometimes they get big. Sometimes they get small. One of the big challenges. Have you heard of ransomware as a service? >> Of course. Oh my God. Any knucklehead can be a ransomwarist. >> Exactly. So we don't track those knuckleheads as much unless they get onto our radar somehow, they're conducting a lot of operations against our customers or something like that. But what we do track is that ransomware as a service platform because the affiliates, the people that are using it they come, they go and, you know, it could be they're only there for a period of time. Sometimes they move between different ransomware services, right? They'll use the one that's most useful for them that that week or that month, they're getting the best rate because it's rev sharing. They get a percentage that platform gets percentage of the ransom. So, you know, they negotiate a better deal. They might move to a different ransomware platform. So that's really hard to track. And it's also, you know, I think more important for us to understand the platform and the technology that is being used than the individual that's doing it. >> Yeah. Makes sense. Alright, let's talk about the big four. China, Iran, North Korea, and Russia. Tell us about, you know, how you monitor these folks. Are there different signatures for each? Can you actually tell, you know based on the hack who's behind it? >> So yeah, it starts off, you know motivation is a huge factor. China conducts espionage, they do it for diplomatic purposes. They do it for military and political purposes. And they do it for economic espionage. All of these things map to known policies that they put out, the Five Year Plan, the Made in China 2025, the Belt and Road Initiative, it's all part of their efforts to become a regional and ultimately a global hegemon. >> They're not stealing nickels and dimes. >> No they're stealing intellectual property. They're stealing trade secrets. They're stealing negotiation points. When there's, you know a high speed rail or something like that. And they use a set of tools and they have a set of behaviors and they have a set of infrastructure and a set of targets that as we look at all of these things together we can derive who they are by motivation and the longer we observe them, the more data we get, the more we can get that attribution. I could tell you that there's X number of Chinese threat groups that we track under Panda, right? And they're associated with the Ministry of State Security. There's a whole other set. That's too associated with the People's Liberation Army Strategic Support Force. So, I mean, these are big operations. They're intelligence agencies that are operating out of China. Iran has a different set of targets. They have a different set of motives. They go after North American and Israeli businesses right now that's kind of their main operation. And they're doing something called hack and lock and leak. With a lock and leak, what they're doing is they're deploying ransomware. They don't care about getting a ransom payment. They're just doing it to disrupt the target. And then they're leaking information that they steal during that operation that brings embarrassment. It brings compliance, regulatory, legal impact for that particular entity. So it's disruptive >> The chaos creators that's.. >> Well, you know I think they're trying to create a they're trying to really impact the legitimacy of some of these targets and the trust that their customers and their partners and people have in them. And that is psychological warfare in a certain way. And it, you know is really part of their broader initiative. Look at some of the other things that they've done they've hacked into like the missile defense system in Israel, and they've turned on the sirens, right? Those are all things that they're doing for a specific purpose, and that's not China, right? Like as you start to look at this stuff, you can start to really understand what they're up to. Russia very much been busy targeting NATO and NATO countries and Ukraine. Obviously the conflict that started in February has been a huge focus for these threat actors. And then as we look at North Korea, totally different. They're doing, there was a major crypto attack today. They're going after these crypto platforms, they're going after DeFi platforms. They're going after all of this stuff that most people don't even understand and they're stealing the crypto currency and they're using it for revenue generation. These nuclear weapons don't pay for themselves, their research and development don't pay for themselves. And so they're using that cyber operation to either steal money or steal intelligence. >> They need the cash. Yeah. >> Yeah. And they also do economic targeting because Kim Jong Un had said back in 2016 that they need to improve the lives of North Koreans. They have this national economic development strategy. And that means that they need, you know, I think only 30% of North Korea has access to reliable power. So having access to clean energy sources and renewable energy sources, that's important to keep the people happy and stop them from rising up against the regime. So that's the type of economic espionage that they're conducting. >> Well, those are the big four. If there were big five or six, I would presume US and some Western European countries would be on there. Do you track, I mean, where United States obviously has you know, people that are capable of this we're out doing our thing, and- >> So I think- >> That defense or offense, where do we sit in this matrix? >> Well, I think the big five would probably include eCrime. We also track India, Pakistan. We track actors out of Columbia, out of Turkey, out of Syria. So there's a whole, you know this problem is getting worse over time. It's proliferating. And I think COVID was also, you know a driver there because so many of these countries couldn't move human assets around because everything was getting locked down. As machine learning and artificial intelligence and all of this makes its way into the cameras at border and transfer points, it's hard to get a human asset through there. And so cyber is a very attractive, cheap and deniable form of espionage and gives them operational capabilities, not, you know and to your question about US and other kind of five I friendly type countries we have not seen them targeting our customers. So we focus on the threats that target our customers. >> Right. >> And so, you know, if we were to find them at a customer environment sure. But you know, when you look at some of the public reporting that's out there, the malware that's associated with them is focused on, you know, real bad people, and it's, it's physically like crypted to their hard drive. So unless you have sensor on, you know, an Iranian or some other laptop that might be target or something like that. >> Well, like Stuxnet did. >> Yeah. >> Right so. >> You won't see it. Right. See, so yeah. >> Well Symantec saw it but way back when right? Back in the day. >> Well, I mean, if you want to go down that route I think it actually came from a company in the region that was doing the IR and they were working with Symantec. >> Oh, okay. So, okay. So it was a local >> Yeah. I think Crisis, I think was the company that first identified it. And then they worked with Symantec. >> It Was, they found it, I guess, a logic controller. I forget what it was. >> It was a long time ago, so I might not have that completely right. >> But it was a seminal moment in the industry. >> Oh. And it was a seminal moment for Iran because you know, that I think caused them to get into cyber operations. Right. When they realized that something like that could happen that bolstered, you know there was a lot of underground hacking forums in Iran. And, you know, after Stuxnet, we started seeing that those hackers were dropping their hacker names and they were starting businesses. They were starting to try to go after government contracts. And they were starting to build training offensive programs, things like that because, you know they realized that this is an opportunity there. >> Yeah. We were talking earlier about this with Shawn and, you know, in the nuclear war, you know the Cold War days, you had the mutually assured destruction. It's not as black and white in the cyber world. Right. Cause as, as Robert Gates told me, you know a few years ago, we have a lot more to lose. So we have to be somewhat, as the United States, careful as to how much of an offensive posture we take. >> Well here's a secret. So I have a background on political science. So mutually assured destruction, I think is a deterrent strategy where you have two kind of two, two entities that like they will destroy each other if they so they're disinclined to go down that route. >> Right. >> With cyber I really don't like that mutually assured destruction >> That doesn't fit right. >> I think it's deterrents by denial. Right? So raising the cost, if they were to conduct a cyber operation, raising that cost that they don't want to do it, they don't want to incur the impact of that. Right. And think about this in terms of a lot of people are asking about would China invade Taiwan. And so as you look at the cost that that would have on the Chinese military, the POA, the POA Navy et cetera, you know, that's that deterrents by denial, trying to, trying to make the costs so high that they don't want to do it. And I think that's a better fit for cyber to try to figure out how can we raise the cost to the adversary if they operate against our customers against our enterprises and that they'll go someplace else and do something else. >> Well, that's a retaliatory strike, isn't it? I mean, is that what you're saying? >> No, definitely not. >> It's more of reducing their return on investment essentially. >> Yeah. >> And incenting them- disincening them to do X and sending them off somewhere else. >> Right. And threat actors, whether they be criminals or nation states, you know, Bruce Lee had this great quote that was "be like water", right? Like take the path of least resistance, like water will. Threat actors do that too. So, I mean, unless you're super high value target that they absolutely have to get into by any means necessary, then if you become too hard of a target, they're going to move on to somebody that's a little easier. >> Makes sense. Awesome. Really appreciate your, I could, we'd love to have you back. >> Anytime. >> Go deeper. Adam Myers. We're here at Fal.Con 22, Dave Vellante, Dave Nicholson. We'll be right back right after this short break. (bouncy music plays)

>>The cube presents HPE discover 2022 brought to you by HPE. >>Hey everyone. Welcome back to the Cube's continuing coverage of HPE. Discover 22 live from Las Vegas, the Venetian expo center at Lisa Martin and Dave Velante have a very special guest. Next one of our esteemed alumni here on the cube, Antonio Neri, the president and CEO of HPE, Antonio. Thank you so much for joining us this morning. >>Well, thanks for free with us today. >>Great to be back here after three years away. Yeah. Sit on stage yesterday in front of a massive sea of people. The energy here is electric. Yeah. Must have felt great yesterday, but you, you stood on stage three years ago and said buy 20, 22. And here it is. Yeah. We're gonna deliver our entire portfolio as a service. What was it like to be on stage and say we've done that. Here's where we are. We are a new company. >>Well, first of all, as always, I love the cube to cover HP discover, as you said, has been many, many years, and I hope you saw a different company yesterday. I'm really proud of what happened yesterday, because it was a pivotable moment in our journey. If I reflect back in my four years as a CEO, we said the enterprise of the future will be edge centric, cloud enable and data driven in 2018. And I pledged to invest 4 billion over four years. And you see the momentum we have at the edge with our business. And then in 19, to your point, Lisa, we said, by the end of 2022, we will offer everything as a service. When you look at the floor behind us, everything is a as a service experience from the moment you log through IHP GreenLake platform to all the cloud services we offer. So for me, it is a proud moment because our team worked really hard to deliver on that province on the face of a lot of challenges, >>Tremendous challenges, the last couple years that nobody could have predicted or even forecast, how can we tolerate this? Talk to me about your customer conversations and how they have changed and evolved as every company today has to be a data company. >>Well, even this morning, up to this interview, I already met four customers in, in less than an hour and a half. And I will say all of them, first of all, really appreciated bringing HP discover back. And what they really appreciated was the fact that they had the opportunity to meet and greet and talk to people. The energy that comes from that engagement is second to none. And I think says something right about the moment we are at this time, where the return to work and everything else. I think this is a wake up call in many ways, but customers are telling us is that they want to engage with a partner that has a vision that can take them to their journey, whatever that journey is. And we know digital transformation is core to everything, but ultimately they are now more focused on delivering outcomes for the organization they're running in it. And that's why HP GreenLake is incredible well positioned to do so, you >>Know, just picking up on that. I, I, I counted Antonio. I think I've been to 14 HP and HPE discovers when you include Europe. Yeah. I mean, Frankford, London, Barcelona Madrid, of course, you know the us, and I've never seen why I've tweeted this out. I've never seen this type of energy. Right. People are excited to get back. That's part of it. The other big part of it is course the focus. Yeah. So that focus on as a service was a burn, the boat moment for HPV. >>I don't think it was a burn the boat moment. It was a moment that we have to decide how we think about the future and how we become even more relevant for customers. And we are very important to all the customers they buy from us. Right. But I think about the next 3, 5, 10 years, how we position the company, enter the future to be relevant to whatever they need to do. >>Well, what I mean by that is you're not turning back. No, the bridge is gone. You go, you're going forward. And so my question is, did the pandemic accelerate that move or did it, did it hinder it? And, and, and how so >>Actually it was an, a moment for us to think about how we go further and faster to what we call this journey to one, one platform, one experience. And, and we felt as a team, as an organization, this was a unique moment in time to go further, faster. So to us, it was a catalyst to accelerate that transformation. >>Yeah. Now I, I want to ask you a question in your keynote. I love this, cuz you say I'm often asked by customers, what workload should we move to the public cloud and what should stay on prem? I'm like, yeah, I get that question all the time. And I was waiting for the answer. You said, that's the wrong question. And I was like, wait, but that's the question everybody's asking. So it was really interesting that you said that. And I wonder if you could, you could comment. And I think you said basically the world's hybrid is your challenge with, with the customers in this initiative to actually get people to stop asking that question. Right. And not think about that. >>No, I think the challenge we all collectively have is that how we think about data and how we drive what I call a data first modernization, you know, strategy for our customers in an age to cloud architecture, which basically says you are living a hybrid world is not a question which workloads are put in the public cloud, which workloads are put OnPrem. You know, the, all the issues around data gravity and whatnot is a question of how I bring the cloud experience to all your workloads of data, wherever they live. And that's where, you know, the opportunity really exists. And as customers understand more and more about the new environments, how they work, how they enable these new experiences is all driven by that data. And that data has enormous value. So it's not about which cloud use is about how you bring the cloud experience to your data in workloads. >>When you're talking to CIOs, especially transformational CIOs, what's the value pro to those CIOs that wanna transform and need to transform with the power of HPE. >>More and more of them are becoming conscious about the fact that they need to go faster in everything they do. We have done some interesting analysis with the brands that have done a better job or have become way more proficient on extracting insight from the data. They are actually the brands that winning the marketplace, not just with customers driving the preference, but also in the market capitalization because they become where more sophisticated in driving better efficiency, which is a necessity today. Second is the fact that also they need to improve their security aspect of it, but they are creating new experiences and new revenue streams. And those transformational CIOs are transforming their business in the way they run it into more an innovation engine. And so that's why, you know, we love working with them because they are advanced and the push has to think differently in the way we think about the innovation. How >>Do you help customers go from data, rich insight, port to data, rich insight, rich actions, new revenue, streams, new services. >>Well, first of all, you have to deploy the right architecture, which starts with a network, obviously because digital transformation requires an on-ramp and the connectivity is the first step. Second is to make sure you have a true end to end visibility of that data. And that's why we announced yesterday with the data fabric, right? A, a revolutionary way to think about that age to cloud architecture from a data driven perspective. And then the third piece of this is, is the aspect of how we bring that intelligence to that data. And that's where, you know, we are enabling all these amazing services with AI machine learning with, with, you know, HP GreenLake, which is ultimately the way we are gonna enable them. >>What's your favorite announcement from this week? >>I think HP GreenLake, you know, I think I >>Mentioned a lot of GreenLake, >>36 times HP GreenLake. And to me, you know, as I think about what comes next, right, is about how we innovate now on the platform at the pace that customers are demanding. And so for me, there is a lot of things there, but obviously the private cloud enterprise edition was a big moment for us because that's the way we bring the cloud operating experience on-prem and at the edge, but also all the hybrid capabilities that Brian showed during the demo is something that I think customers now say, wow, I didn't know. We can do that. >>And thinking about your business, you know, despite some macro headwinds and, and like you, you reaffirmed your guidance on the, on the last earnings call. Does GreenLake give you better visibility or is it harder to predict? >>No, I think the more we get engaged with customers in running their workloads and data, the more visibility we get, you know, I said, you know, customers voted with the workloads and data. And in, in that context, you know, we already have 65,000 customers more than 120,000 users. And the one interesting stat, which I hope it didn't go lost during that transition was the, the fact that we now have under the GreenLake management over an next bite of data. And so to me, right, that's a unique, a unique opportunity for us to learn and improve the whole cycle. >>So obviously a big pillar of your strategy is the data. And I wanted, if you could talk more about that because I, I would observe, you know, we, the cube started in sort of as big data, you know, started to take off and you saw that had ecosystem and, and that ecosystem has dispersed now. Yeah. So gone into the cloud, it's got snowflakes pulling and some in Mongo. Now you have the opportunity with this ecosystem yeah. To have a data ecosystem. How do you look at the ecosystem and the value that your partners can build on top of GreenLake and specifically monetize? Well, >>If you walk through the floor, one of the things we changed this time is that the partners are actually in the flow of all our solutions, not sitting on a corner of the show floor, right? And, and, and that's because what we have done in the last three years has been together with our partners, but we conceive HP GreenLake with the partners in mind, at the core of everything we do in the platform. And that's why on Monday we announced the new partner one ready vantage program that actually opens the platform through our APIs for allowing them to add their own value on the platform, whether in their own services to the marketplace or the other way around they to use our capabilities in their own solutions. Because some of these cloud operating capabilities are hard to develop, whether it is, you know, metering and billing and all the other services, sometimes you don't don't have to build yourself. So that's why, what we love about our strategies, the partners can decide where to participate in this broad ecosystem and then grow with us and we can grow through them as well. >>So GreenLake as a service, the focus is, is very clear. Hybrid is very clear. What's less clear to me is, is that I'll and I'll ask you to comment, is this, we go a term called super cloud and super cloud is different than multi-cloud multi-cloud oh, I run in AWS or, and, or I run in Azure. I run in, in, in GCP, Supercloud builds a layer above that hides the underlying complexity of the primitives and the APIs, and then builds new value on top of that, out to the edge as well. You guys talk about the edge all the time. You have Aruba a as an asset, you got space space born. You're doing some pretty edge. Like, well, >>We have it here. Yeah. Yeah. We are connected to the ISS. So if you were to that show floor, you can actually see what's being processed today. >>I mean, that's, you don't get more edge than that. So my question is, is, is that part of the vision to actually build that I call super cloud layer? Or is it more to be focused on hybrid and connecting on-prem to the cloud? >>No, I, I don't like to call it super cloud because that means, unless you are a superpower, you can't do what you need to do. I, I think I call it a super straight okay. Right. That we are enabling to our H to cloud architecture. So the customers can build their own experiences and consume the services that they need to compete and win in today's market. So our H to cloud approach is to create that substrate with connectivity, obviously the cloud and the data capability that you need to operate in today's >>Environment. Okay. So they're fair enough. I would say that your customers are gonna build then the super cloud on top of that software. >>Well, actually we want to give it to them. They don't have to build anything. They just need to run the business. Well, they don't have the time to really build stuff. They just need to innovate that's our, our value proposition. So they don't have to waste cycles in doing so if it comes ready to go, why you want to build it? >>Well, when I say build it, I'm talking about building their business on top of it things you're not gonna, I agree with that, bringing their tools, financial services companies with their data, their tools, their ecosystem, connecting OnPrem to the clouds. Yeah. That above that substrate that's their as a digital. >>Yeah. And that's why I said yesterday with our approach, we're actually enabling customers to power the next generation business models that they need. We enable the substrate, they can innovate on the platform, these next gen business models, >>Tap your engineering mind. And I'd like you to talk about how architectures are changing you along with many, many other CEOs signed a letter to, to the us government, you know, urging them to, to, to pass the chips act. As I posted on LinkedIn, there were, there were a few notables missing apple wasn't on there, meta wasn't on there, Tesla wasn't on there. I'd like to see them step up and sign that. Yeah. And so why did you, you know, sign that? Why did you post that? And, and, and why is that important? >>Well, first of all, it's important to customers because obviously they need to get access to technologies in a more ubiquitous way. And second it's important for the United States. We live in a, in a global economy that today is going to a refactoring of sorts where supply chain disruption has caused a lot of consternation and disruption across many industries. And I think, you know, as we think about the next generation supply chains, which are built for resiliency and obviously inclusion, we need to make sure that the United States address this problem. Because once you fall behind, it takes a long time to catch up. Even if we sign the chips act, it's gonna take many years for us, but we need to start now. Otherwise we never get what we need to >>Get. I, I agree. We're late. I think pat Gelsinger has done a very good job laying out the mission, you know, to bring, I mean, to me, it's modest, bring 20% of the manufacturing back to the us by the end of the decade. I mean that that's not gonna be easy, but even so that's, >>That's, we need stuff somewhere. Absolutely. You know, we are great partners with Intel. I really support the vision that path has laid out. And its not just about Intel again, it's about our customers in the United States, >>HP and HPE now cuz H HP labs is part of, of HPE. I believe that's correct state. Well, >>We refocus HP labs as a part of our high performance. Yeah. And AI business. Yes. >>But H HP and, and now HPE possess custom Silicon expertise. We may, we always >>Had. >>Yeah, exactly. And, and you know, with the fabulous world, do you see, I mean, you probably do in some custom Silicon today that I don't really, you know, have visibility on, but do you see getting more into that? Is there a need for >>That? Yeah. Well we already design more than 60 different silicons that are included in our solution. More and more of that. Silicon is actually in support of our other service experience. That's truly programmable for this new way to deploy a cloud or a data fabric or a network in fabric of sorts. When you look our, our age portfolio as a part of green lake through our Aruba set of offerings, we actually have a lot of the Silicon building. Our switching portfolio that's program. Normally give us the ability to drive intelligent routing in the network at the application layer. But also as you know, many years ago, we introduced our own ILO, the lights out technology, the BMC type of support that allows us to provide security to the root of our systems. But now more implement a cloud operating security environment if you will, but there is many more in the analog space for AI at scale. And even the latest introduction with frontier. When you look at frontier that wonderful high performance exit scale system, the, the magic of that is in the Silicon we developed, which is the interconnect fabric. Plus the smart mix at massive massive scale for parallel computing. And then ultimately it's the software environment that we put on top of it. So we can process billion, billion, square transactions per second. >>And when you think about a lot of the AI today is modeling, that's done in the cloud. When you think about the edge actual real time in, you're not gonna send all that back to the cloud. When you have to make a left turn or a right turn, >>Stop sign. I think, you know, people need to realize that 70% of the data today is outside the public cloud and 50% is at the edge. And when you think about the real time use cases, actually 30% of that data will need to be processed real time. So which means you need to establish inference the rate at the edge and at the same time run, you know, the analytics at the edge, whether it's machine learnings or some sort of simulation they need to do at the edge. And so that's why, you know, we can provide inference. We can provide machine learning at the edge on top of the connectivity and the edge compute or cloud computing at the edge. But also we can provide on the other side, AI at scale for massive amount of data analytics. And >>Will that be part of the GreenLake? >>We already offered that experience. We already offered that as a HPC, as a service is one of the key services we provide at scale. And then you also have machine learning operations as a service. So we have both and with the data fabric, now we're gonna take it to one step forward so we can connect the data. And I think one of the most exciting services, I actually, I'm a true believer. That is the capability we develop through HP labs. Since you asked for that early on, which is called the swarm learning technology. Of >>Course. Yeah. I've talked to Dr. GU about there you >>Go. >>So, so he >>Will do a better job than me explaining, >>Hey, I don't know. You're pretty, pretty good at it, but he's awesome. I mean, I have to admit on your keynote, you specifically took the time to mention your support for women's rights. Yes. Will HPE pay for women to leave the state to have a medical procedure? >>Yeah. So what happened last week was a sad moment in a history. I believe we, as a company felt compelled to stand up and take a position on the rights of women to choose. And as a part of that, we already offer as a part of our benefits, the ability to travel and pay all the medical expenses related to their choice. >>Yeah. Well thank you for doing that. I appreciate it. As a, as a father of two daughters who have less rights than, than my wife did when she was their age, I applaud you for your bravery and standing up and, and thank you for doing that. How excited are you for Janet Jackson? >>I think is gonna be a phenomenal rap of the HP discover, I think is gonna be a great moment for people to celebrate the coming together. One of the feedback I got from the meetings early on from customers is that put aside the vision, the strategy, the solutions that they actually can experience themselves is the fact that the, the, the one thing that really appreciated it is that they can be together. They can talk to people, they can learn with each other from each other. That energy is obviously very palpable when you go through it. And I think, you know, the celebration tonight and I want to thank the sponsor for allowing us to do so, is, is the fact that, you know, it's gonna be a moment of reuniting ourselves and look at the Fu at the future with optimism, but have some fun. >>Well, that's great, Antonio, as I said, I've been to a lot of HP and HPE discovers. You've brought a new focus clearly to the company, outstanding job of, of getting people aligned. I mean, it's not easy. It's 60,000, you know, professionals a around the globe and the energy is like I've never seen before. So congratulations. Thank you so much for coming back in the queue. >>Thank you, Dave. And as always, we appreciate you covering the, the event. You, you share the news with all the audiences around the globe here and, and that's, that means us means a lot to us. Thank you. Thank you. >>And thank you for watching. This is Dave Velante for Lisa Martin and John furrier. We'll be right back with our next guest. Live from HPE. Discover 2022 in Las Vegas.

>> the CUBE presents Dell Technologies World brought to you by Dell. >> Hey everyone, welcome back to the CUBE'S coverage day one, Dell Technologies World 2022 live from The Venetian in Las Vegas. Lisa Martin, with Dave Vellante. We've been here the last couple of hours. You can hear probably the buzz behind me. Lots of folks here, we're think around seven to eight thousand folks in this solution expo, the vibe is awesome. We've got two guests helping to round out our day one coverage. Ryan Fournier joins us, senior director of product management Edge Solutions at Dell Technologies. And MuneyB Minttazuddin vice president of Edge Computing at VMware. Guys, welcome to the program. >> Oh, glad to be here. >> Yeah. >> Isn't it great to be here in person? >> Oh man, yes. >> The vibe, the vibe of day one is awesome. >> Yes. >> Oh yeah. >> I think it's fantastic. >> Like people give energy off to each other, right? >> Absolutely. So lots of some good news coming out today so far on day one. Let's talk about, Ryan let's start with you. With Edge, it's not new. We've been talking about it for a while, but what are some of the things that are new? What are some of the key trends that you are seeing that are driving changes at the Edge? >> Great, good question. We've been talking to a lot of customers. Okay, a lot of the customers you know, the different verticals really find that is a common theme happening around a massive digital transformation and really based on the pandemic, okay. Which caused some acceleration in some, but also not, but many are kind of laggers left behind. And one primary reason is the culture of the OT, IT, you know, lack of barriers or something like that. The OT is obviously the business outcomes, okay. Focused where the IT is more enabling the function and it'll take retail. For example, that's accelerated a significant usage of an in-store frictionless experience, okay. As well as supply chain automation, warehousing logistics, connected inventory, a lot of the new use cases in this new normal post that pandemic. It's really that new retail operating landscape. >> Consumers we are so demanding, we want the same experience that we have online and we want that in the store and that's really driving a lot of this out of consumer demand. >> Oh yeah, no. I think, you know, retail you know, the way you shop for milk and bread change during the pandemic, right? There was pre-pandemic. The online shopping in the United States was only 5%, but during the pandemic and afterwards that's going to caught up to 25, 30%. That's huge. How do you bring new processes in? How do you create omnichannel consumer experiences where online well as physical are blended together? Becomes a massive challenge for the retailers. So yes, Edge has been there for a long time. Innovation hasn't happened, but a simple credit card swipe When you used to pre-pandemic, just to go do your checkout now has become into a curbside pickup. Integration with like, it's just simple payment card processing is not complicated like, you know, crazy. So people are forced to go in a way and that's happening in manufacturing because they're supply chain issues, could be not. So a lot of that has accelerated this investment and what's kind of driving Edge Computing is if everything ran out of the cloud, then you almost need infinite bandwidth. So suddenly people are realizing that everything runs out of cloud. I can't process my video analytics in a store. That's a lot of video, right? >> So we often ask ourselves, okay, who's going to win the edge? You know, we have that conversation. The cloud guys? VMware? You know, Dell? How are they going to go at it? And so to your point, you're not going to do a round trip to the cloud too expensive, too slow. Now cloud guys will try to bring their cloud basically on prem or out to the edge. You're kind of bringing it from the data center. So how do you see that evolution? >> No, great question. As the edge market happens, right? So there's market data now which says enterprise edge workloads in the next five years are going to be the fastest growing workloads. But then you have different communities coming to solve that problem. Like you just said, John is, you know, hyperscalers are going, Hey, all of the new workloads were built on us, let's bring them to the edge. Data center workloads move to the edge. >> Now important community here are, you know, Telcos and Service Providers because they have assets that are highly distributed at the edge. However, they're networking assets like cell towers and stuff like that. There's opportunity to convert them into computer and storage assets. So you can provide edge computing POPs. So you're seeing a convergence of lot of industry segments, traditional IT, hyperscalers, telcos, and then OT like Ryan pointed out is naturally transforming itself. There's almost this confluence of this pot where all these different technologies need to come together. From VMware and Dell perspective, our mission is a multi-cloud edge. We want to be able to support multi-cloud services because you've heard this multiple times, is at the edge consumers and customers will require services from all the hyperscalers. They don't want buy a one hyperscaler suit to suit solution. They want to mix and match. So not bound. We want be multi-cloud south bound to support IT and OT environments. So that becomes our value proposition in the middle. >> Yep. >> So Ryan, you were talking about that IT, OT schism. And we talk about that a lot. I wonder if you could help us parse that a little bit, because you were using, for instance retail, as an example. Sometimes I think about in the industrial. >> And I think the OT people are kind of like having an engineering mindset. Don't touch my stuff. Kind of like the IT guys too, but different, you know. So there's so much opportunity at the edge. I wonder how you guys think about that? How you segment it? How you prioritize it? Obviously retail telco are big enough. >> Yep. >> That you can get your hands around them, but then there's to your point about all this data that's going to going to compute. It's going to come in pockets. And I wonder how you guys think about that schism and the other opportunity. >> Yeah, out there. It's also a great question, you know, in manufacturing. There's the true OT persona. >> Yeah. >> Okay, and that really is focused on the business outcomes. Things like predictive maintenance use cases, operational equipment effectiveness, like that's really around bottleneck analysis, and the process that go through that. If the plant goes down, they're fine, okay. They can still work on their own systems, but they're not needing that high availability solution. But they're also the decision makers and where to buy the Edge Computing, okay. So we need to talk more to the OT persona from a Dell perspective, okay. And to add on to Ryan, right. So industrial is an interesting challenge, right? So one of the things we did, and this is VMware and Dell working together at vMware it was virtual. We announced something called edge compute stack. And for the first time in 23 years of vMware history, we made the hypervisor layer real-time. >> Yep. >> What that means is in order to capture some of these OT workloads, you need to get in and operate it between the industrial PC and the program of logical controllers at a sub millisecond performance level, because now you're controlling robotic arms that you cannot miss a beat. So we actually created this real time functionality. With that functionality in the last six months, we've been able to virtualize PLCs, IPCs. So what I'm getting at is we're opening up an entire wide space of operational technology workloads, which we was not accessible to our market for the last 20 plus years. >> Now we're talking. >> Yeah. And that allows us that control plane infrastructure to edge compute. There's purpose built for edge allows us to pivot and do other solutions like analytics with the adoption of AI Analytics with our recent announcement of Deep North, okay. That provides that in store video analytics functionality. And then we also partner with PTC based on a manufacturing solution, working with that same edge compute stack. Think of that as that control plane, where again, like I said, you can pivot off a different solutions. Okay, so we leverage PTCs thing works. >> So, okay, great. So I wanted to go to that. So real-time's really interesting. >> 'Cause most of much of AI today is modeling done in the cloud. >> Yes. >> The real opportunity is real time inferencing at the edge. >> You got it. >> Okay, now this is why this gets so interesting. And I wonder if Project Monterey fits into this at all. because I feel like so why did Intel win? Intel won, it crushed all the Unix systems out there because it had PC volumes. And the edge volume's going to dwarf anything we've ever seen before. >> Yeah. >> So I feel like there's this new cocktail, you guys describe this convergence and this mixture and it's unknown. What's going to happen? That's why Project Monterey is so interesting. >> Of course. >> Yeah. >> Right? Because you're bringing together kind of hedging a lot of bets and serving a lot of different use cases. Maybe you could talk about where that might fit here. >> Oh absolutely. So the edge compute stack is made up of vSphere, Tanzu, which is vSphere's you know, VM container and Tanzu's our container technology and vSphere contains Monterey in it, right. And we've added vSAN a for storage at the edge. And connectivity is SD-WAN because a lot of the times it's far location. So you're not having a large footprint, you have one or two hoses, it's more wide area, narrow area. So the edge compute stack supports real-time, non-real-time time workloads. VMs and containers, CPU GPU, right. >> NPU, accelerators, >> NPU, DPU all of them, right. Because what you're dealing with here is that inferencing real time, because to Ryan's point, when you're doing predictive maintenance, you got to pick these signals up in like milliseconds. >> Yes. >> So we've gone our stack down to microseconds and we pick up and inform because if I can save this predictive maintenance in two seconds, I save millions of dollars in you know, wastage of product, right? >> And you may not even persist that data, right? You might just let it go, I mean, how much data does Tesla save? Right? I mean. >> You're absolutely right. A lot of the times, all you're doing is this volume of data coming at you. You're matching it to an inferencing pattern. If it doesn't match, you just drop, right. It's not persistent, but the moment you hit a trigger, immediately everything lights go off, you're login, you're applying outcome. So like super interesting at the edge. >> And the compute is going to go through the roof. So yeah, my premise is that, you know, general purpose x86 running SAP is not going to be the architecture for the edge. >> You're absolutely right. >> Going to be low cost, low power, super performance. 'Cause when you combine the CPU, GPU, NPU, you're going to blow away the performance that we've ever seen on the curves. >> There's also a new application pattern. I've called out something called edge-native applications. We went through this client-server architecture era. We built all this, you know, a very clear in architecture. We went through cloud native where everything was hyperscaled in the cloud. Both of the times we optimize our own compute. >> Yeah. >> At the edge, we got to optimize our owns data because it's not ephemeral compute that you have in hyperscale compute space, you have ephemeral data you got to deal with. So a new nature of application workloads are emerging. We call it edge-native apps. >> Yep. >> And those have very different characteristics, you know, to client server apps or you know, cloud native apps, which is amazing. It's driven by data analysts like developers, not like dot net Java developers. It's actually data analysts who are trying to mine this with fast patents and come out with outcomes, right? >> Yeah, I love that edge-native apps Lisa, that's a new term for me. >> Right, just trademark it on me. I made made it up. (panel laughing) >> Can you guys talk about a joint customer that you've really helped to dramatically transform in the last six months? >> You want to shout or I can go-- >> I think my industry is fine. >> Yeah, yeah. So, you know, at VMworld we talked about Oshkosh, which is again, like in the manufacturing space, we have retailers and manufacturers and we also brought in, you know, Proctor and Gamble and et cetera, et cetera, right? So the customers look at us jointly because you know edge doesn't happen in its own silo. It's a continuum from the data center to the cloud, to the edge, right. There's the continuum exists. So if only edge was in its own silo, you would do things. But the key thing about all of this, there's no right place, it's about that workload placement. Where do I place the workload for the most optimal business outcome? Now for real-time applications, it's at the edge. For non-real-time stuff it could be in the data center, it could be in a cloud. It doesn't really matter, where VMware and Dell strengths comes in with Oshkosh or all of those folks. We have the end-to-end. From you want place it in the data center, You want to place it in your charge to public cloud, You want to derive some of these applications. You want to place it at the far edge, which is a customer prem or a near edge, which is a telco. We've done joint announcements with telcos, like South Dakota Telecom, where we've taken their cell towers and converted them into compute and storage. So they can actually store it at the near edge, right. So this is 5G solutions. I also own the 5G part of the vMware business, but doesn't matter. Compute network storage, we got to find the right mix for placing the workload at the right place. >> You call that the near edge. I think of it as the far edge, but that's what you mean, right? >> Yeah, yeah. >> Way out there in the (mumbles), okay. >> It's all about just optimizing operations, reducing cost, increasing profitability for the customer. >> So you said edge, not its own silo. And I agree. >> it's not a silo. Is mobile a valid sort of example or a little test case because when we developed mobile apps, it drove a lot of things in the data center and in the cloud. Is that a way to think of about it as opposed to like PCs work under their own silo? Yeah, we connect to the internet, but is mobile a reasonable proxy or no? >> Mobile is an interesting proxy. When you think about the application again, you know, you got a platform by the way, you'll get excited by this. We've got mobile developers, mobile device manufacturers. You can count them in your fingers. They want to now have these devices sitting in factory floors because now these devices are so smart. They have sensors, temperature controls. They can act like these multisensory device at the edge, but the app landscape is quite interesting. I think John, where you were going was they have a very thin shim app layer that can be pushed from anywhere. The, the notion of these edge-native applications could be virtual machines, could be containers, could be, you know, this new thing called Web Assembly Wasm, which is a new type of technology, very thin shim layer which is mobile like app layer. But you know, all of these are combination of how these applications may get expressed. The target platforms could be anywhere from mobile devices to IOT gateways, to IOT devices, to servers, to, you know, massive data centers. So what's amazing is this thing can just go everywhere. And our goal is consistent infrastructure, consistent operations across the board. That's where VMware and Dell win together. >> Yeah. >> Yeah, excellent. And I was just talking to a customer today, a major airline manufacturer, okay. About their airport and the future with the mobile device just being frictionless, okay, no one wants to touch anything anymore. You can use your mobile device to do your check-in and you've got to you avoid kiosks, okay. So they're trying to figure out how to get rid of the kiosk. Now you need a kiosk for like checking baggage, okay. You can't get in the way of that, but at least that frictionless experience, for that airport in the future, but it brings in some other issues. >> It does, but I like the sound of that. Last question guys, where can customers go to learn more information about the joint solutions? >> So you can go to like our public websites obviously search on edge. And if you hear at the show, there's a lot of hands on labs, okay. There's a booth over there. A lot of Edge Solutions that we offer. >> Yeah, no, this is I guess as Ryan pointed our websites have these. We've had a lot of partnership in announcements together because you know, one of the things as we've expressed, manufacturing, retail, you know, when you get in the use cases, they involve ISPs, right? So they you know, they bring the value of you know, not just having a horizontal AI platform. We like opinionated models of fraud detection. So we're actually working with ecosystem of partners to make this real. >> So we may even hear more. >> The rich vertical solution, I call it the ISVs. They enrich our vertical solutions. >> Right. >> Oh, WeMo is going to be revolutionary. >> All right, can't wait. Guys thank you so much for joining David and me today and talking about what Dell and vMware are doing together and helping retailers manufacturers really convert the edge to incredible success. We appreciate your time. >> Thank you very much. Thanks Lisa, thanks John for having us. >> For Dave Vellante, I'm Lisa Martin. You're watching the CUBE. We are wrapping up day one of our coverage of Dell Technologies World 2022. We'll be back tomorrow, John Farrer and Dave Nicholson will join us. We'll see you then. (soft music)

>> You're watching theCUBE. Welcome to our continuous coverage of AWS re-Invent 2021. I'm Dave Nicholson. We've got an amazing event that's been going on for the last four days with two live sets, two studios, more than 100 guests, and two very distinguished gentlemen here on the set with us live in Las Vegas. I'd like to welcome Krishna Mohan, Vice President and Global Head of TCS's AWS Business Unit. Welcome Krishna. >> Thank you Dave. >> Dave: And also with us Aditya Jagapal Nagarajan. >> Thank you. >> Dave: I hope I did your name justice. >> Perfect. >> Right, I tried. And Aditya is Head of Strategy and Business Operations for the TCS AWS Business Unit. Krishna, starting with you, tell us about TCS and AWS over the last year. What's been going on. >> Yeah. >> Thank you Dave for having me here. It's great to be in person actually, back in re-Invent, back in person, 25,000 people, but still we have pretty good measures, health measures that way. So I'm very happy to be here. TCS AWS business unit was formed three quarters back and we actually had always AWS partnership, but we actually felt that it's important to kind of have a separate business unit, which is the full stack, multi dimensional unit providing cloud migration modernization across applications, data, and infrastructure, and also main focus on industry solutions. So it has been a great three quarters, and our partnership only enhanced significantly, predominantly what we're actually seeing in the last one year. The cloud overall transformation, I think it kind of taken a different shape. It used to be cloud migration, modernization, cloud native development, but from there it has moved to enterprise transformation, that's happening on cloud, and specifically AWS majority of the time. So with that, we actually see a lot of customers. Broadly you can categorize them into three, cloud for IT, cloud for business, and cloud for innovation. And we're definitely seeing maximum traction there with our customers across the three categories. So I'm super excited to be here at the re-Invent, you know, a couple of our customers were in the keynote, Abort and Adam and Doug. In the Western Union was the keynote, Shelly covered at Western union transformation in the partner keynote with Doug, and very happy to see Linda Cower, the transformation in the United Headlines with Adam. So it's really great to see how we are helping the customers on the transformation. That's definitely, you know, the way that we see. And we have made significant progress on the overall in the last three quarters. And these kinds of wins and business transformation that has actually happened is what resulted in TCS getting the Raising Star GSA award for us. So I'm pretty happy to actually carry this little thing here. >> Is that what this is? >> Absolutely. So it means a lot because our customer in our kind of reinforcing the value, the TCS, along with AWS is bringing to the customer. >> So I wasn't going to say anything. I just assumed that you were a 2001 Space Odyssey fan and you just brought, you know, a version of the monolith with you. I wasn't sure. Congratulations. >> Thank you. That's a quite an achievement especially in the relatively short period of time. And especially with the constraints that have been placed upon all of us. Did they give you like a schwag bag with a bunch of, with, you know, like they do at the academy awards? Are you familiar with that. >> We had a great fun event on Monday afternoon. >> Fantastic. >> Yeah. >> Aditya, talk about, you're a consultancy, your organization is a consultancy. Talk about how you engage with the customers that you are helping to bridge the divide between what their business requirements are, and the technology that AWS is delivering. Because I think we all agree that everything we're seeing here from AWS is wonderful, but without an organization like yours, actual end users, actual customers, have a hard time driving benefits. So, how do you approach that? >> Gladly thank you, Dave, and thank you for theCUBE for having us here. And just borrowing from what Krishna talked about, the three layers of value creation, the cloud for IT, cloud for business and cloud for innovation. We see the journeys clients take, to start with how they look at IT modernization, and go all the way to business transformation, and look at ecosystem transformation as well. For example, we just heard about Western Union and we just came off of one with SWBC where they have completely modernized the payment systems on AWS and TCS has been the partner for transforming that for them. And that not only just means the technology layers, but also re imagining business processes in the cloud. Moving on from the financial side, if you look at the digital farming, for example, we have been working with some of the leading, the transmitter players in the healthcare industry and in the manufacturing space to look at helping farmers with AI. Right? And helping them look at how they can ensure better analytics and drone capabilities for digital farming. Drug trial development and acceleration for time to market has been a front and center for all of us in the last two years where I've been helping pharmacy organizations get better and will bring up drug trials and reach the end customers better with cloud. So there's various examples here. >> I want to poke on that a little bit. >> Aditya: Yeah. So when TCS is engaging a customer, say in farming versus pharma, how much of your interaction with them is specialized by industry vertical or specific area expertise versus the generic workings that are going to be supporting that effort in the background? What does that look like? Are you going in first with a pharma discussion, first with the farm discussion, as opposed to an overall discussion? >> It's a great point you mentioned Dave because that's the sort of essence of TCS. Because the way we look at it, we actually appeal to the industry specific. So our domain and contextual knowledge is very important to appeal to the customers and to the various stakeholders, no longer are the days where you talk about technology as a means to an end. We talk about how end customers can benefit in that context of what they're going through in that industry. And how can then technology be part of that strategy, right? So, hence, as you rightly said, domain and context first, followed by technology powering the outcome. >> Even though farm and pharma sound a lot alike. >> Right, I showed you the very difference. >> And they may share some things in common. Yes, very, very different. Krishna, talk about your go to market motion. How are clients aware of TCS? Do you have teams that engage clients directly and then bring AWS into the conversation? Or are you being brought in by AWS? Is it a combination? What does that look like? >> So, very good relevant question. So our GTM strategies is TCS has been in the, you know, serving the enterprise customers and IT transformation for 52 years now. So we have a huge base. But specifically from an AWS BU perspective, we are focusing on selective verticals, banking financial services and insurance is large, life sciences, health care, and travel, transportation and hospitality. So these are the verticals that we're actually focusing on, and given our presence in the enterprise sector, we already have a direct sales teams who are engaging with the customers directly on enterprise transformation and business transformation. And once we have that conversation, we actually take all these solutions that we have built on AWS and along with AWS. There are few customers in the last three quarters, after farming the AWS business unit, one thing that we did is with AWS we're proactively going and identifying the logos and the customers. And with the focus not on technology, with the focus on how to solve their problems on the business side and how to create new business models. So it's kind of both. We bring in, AWS brings in logos as well, so Greenfield accounts, and as well as our contextual knowledge of the industry is how the GTM is working out, and working out pretty good. >> You mentioned, you've been at this for 52 years. >> Aditya: Yeah. >> You must've been very young when you started doing this. Talk about the internal dynamics. So think of TCS, the larger organization. You represent the AWS business unit. TCS has been doing this for a long time, predating what we think now of as cloud. I'm sure that you have long existing relationships with customers, where you've been doing things for them that aren't cloudy, and those things keep the lights on at TCS, right? Important sources of revenue. Yet you're going in and you're consulting and saying, hey, you know, it might be better for you, Mr. Customer, to work with AWS and TCS, as opposed to maybe being at a data center that TCS manages, I mean, how do you manage that internal dynamic? You've got to have people at TCS who are saying, stay away, that's my revenue, don't move my cheese. What does that look like? >> Very valid question Dave. So the way that TCS is actually looking at is, twin engine strategy. There's a cost and optimization strategy, which we have. We sell the customers and operations, running the BAU if you will, business as usual, then you have something called growth and transformation. So as a strategy that we are very clear that the path of business transformation is growth and transformation channel. So we as a company are very comfortable cannibalizing our C and O in a business because we want to be relevant to the market, relevant to the customer, and relevant to the partner ecosystem. So the only way you are relevant is actually to challenge yourself, cannibalize your own business, and for the long, you know, strategy of looking at how to grow. And that's how our twin engine strategy is working. And there are a lot of customers where we have developer with contextual knowledge serving 20 years, 25 years of the customers. We know how they work, what their business is actually, you know, what's going to be the future of the business. So we are in a better position to actually transform them. And as a company, we already took cannibalize our revenue. >> So Adi, give us an example of working with a customer and give us an idea of what that customer's perspective is in terms of their place on the spectrum of, I don't want to move anything if I don't have to versus, hey, you guys can't move fast enough to deliver what I want. Where are you seeing that spectrum of customer requirements at this point? Do you feel like you're having to lead people to water still? Where are we with that? >> Well, if you asked me this question a couple of years ago, it would be about, hey, look, here's a beautiful water and the lake looks good, why don't we spend by the side and see what it tastes like? Now the question is, how much water to drink? Right? So the point being that customers have fast realized that cloud is not just an IT decision, it's a business transformation decision. So if I may just call it back what Krishna talked about, the dual engine strategy. A clear Testament to that is some of our relationships, most of our relationships are the matter has been over two decades with our clients. And that's a perfect indication of being constantly relevant for them because as their models change, as their markets change, customer expectations change, we need to constantly innovate ourselves. >> You're innovating your business just like that. >> Absolutely. >> Correct. >> So you know, as we say, you're in the boat with them and you're going through the same changes. >> And so coming back to the question which you asked, the point was we give them a point of what experience they can have with cloud by each stakeholder. The CIO wants to look at how we can look at better sustainability of their operations, keep the lights on as you said, enhance stability with more automatable capabilities, looking at DevOps, the business is completely looking at how can cloud fundamentally change my business model. And you have both these stakeholders coexisting with the same outcome towards enterprise transformation. And that's the experience which we work with them to shape. To say what the starting point is? Where would they like to go? And how can we go to them in the journey? What's interesting here is, nobody has all the answers. Neither is AWS nor customer the TCS, but we are here to create a culture of discovering the right goal and the right answers. It's very important. That's the approach to getting it working. >> Krishna and our last minute together. You've just received the Rising Star Award, 2022 is rapidly approaching, this doesn't put any pressure on you at all for 2022 because people are going to ask, what are those rising stars do again in 2022? What's on the horizon, what are the two of you excited about for next year? >> I think we are super excited with how AWS, you know, definitely in Adam's keynote, if I had to take a couple of points that I'm taking away is in addition to enhancing their core cloud capabilities, but if there's pivoted on industry solutions, you know, the fin space that they have announced, and the industrial solutions that they have announced. So that is where it very clearly aligns to our strategy of TCS, helping customers look for change their business models, implement new business models, create ecosystem play. And that's basically where we are really super excited. And another point which I took from Adam is the, they're focused on Edge with IOT and private 5G. And that's very, very important especially when you look at it both IT, as well as the IOT transformation. So we are super excited with the potential, all the new bells and whistles AWS is rolled out in last four days, And looking forward for few more of this. >> Congratulations again. It's a fantastic acknowledgement of what you've been able to do over the last, just three quarters as you mentioned, closing out 2021 in a very, very good way. Looking forward to 2022. Thank you gentlemen for joining us today here on theCUBE, and thank all of you for joining us, for continuing continuous Cube coverage of AWS re-Invent 2021. We are the leader in hybrid technology event coverage. I'm Dave Nicholson stay tuned for more from theCUBE.

>>Welcome back to the cubes coverage here in Washington D. C. For a W. S. Public sector summit. I'm john fraser host of the queues and in person event but of course we have remote guests. It's a hybrid event as well. Amazon is streaming amazon web services, streaming all the teams, some of the key notes of course all the cube interviews are free and streaming out there as well on the all the cube channels and all the social coordinates. Our next guest is Melissa Pavlik President and Ceo POV con joining me here to talk about predictive maintenance, bringing that to life for the U. S. Air Force melissa. Thanks for coming in remotely on our virtual cube here at the physical event. >>Excellent, thank you. Good morning >>Show. People have been been um face to face for the first time since 2019. A lot of people remote calling in checking things out kind of an interesting time, right? We're living in so uh what's your, what's your take on all this? >>Sure. I mean it's a new way of doing business, right? Um I will say, I guess for us as a company we always have been remote so it's not too much of a change but it is definitely challenging, especially trying to engage with such a large user community such as the United States Air Force who isn't always used to working as remotely. So it's definitely a unique challenge for sure. >>Well let's get into, I love this topic. You had a real success story. There is a case study with the U. S. Air Force, what's the relationship take us through what you guys are doing together? >>Sure. Absolutely. So we started working with the Air Force now about five years ago on this subject and predictive maintenance. Sometimes you might hear me catch myself and say CBM plus condition based maintenance. They're synonymous. They mean the exact same thing basically. But about five years ago the Air Force was contemplating how do we get into a space of getting ahead of unscheduled maintenance events? Um if the military they're big push always his readiness how do we improve readiness? So to do that it was a big ask of do we have the data to get ahead of failures? So we started on this journey about five years ago as I said and frankly we started under the radar we weren't sure if it was going to work. So we started with two platforms. And of course when I think a lot of people here predictive maintenance, they immediately think of sensor data and sensors are wonderful data but unfortunately especially in an entity such as the Air Force not all assets are censored. So it also opened up a whole other avenue of how do we use the data that they have today to be able to generate and get ahead of failures. So it did start a really great partnership working not only with the individual, I'll say Air Force entities that Air Force Lifecycle Management Center but we also worked across all the major commands, the individual units, supply control, logistics and everyone else. So it's been a really great team effort to bring together all of those but typically would be rather segregated operations together. >>Yeah, they're getting a lot of props lately on a lot of their projects across the board and this one particular, how did you guys specifically help them modernize and with their and get this particular maintenance thing off the ground? >>Absolutely. I think quite simply it was what really we put their existing data to work. We really wanted to get in there and think about they already had a ton of data. There wasn't a need to generate more. We're talking about petabytes of information. So how do we use that and put it into a focus of getting ahead of failure? We said we established basically three key performance parameters right from the beginning it was, we knew we wanted to increase availability which was going to directly improve readiness. We needed to make sure we were reducing mission aborts and we wanted to get ahead of any kind of maintenance costs. So for us it was really how do we leverage and embrace machine learning and ai paired with just big data analytics and how do we take frankly what is more of a World War Two era architecture and turn it into something that is in the information age. So our modernization really started with how do we take their existing data and turn it into something that is useful and then simultaneously how do we educate the workforce and helping them understand what truly machine learning and AI offer because I think sometimes there's everyone has their own opinions of what that means, but when you put it into action and you need to make sure that it's something that they can take action on, right, it's not just pushing a dot moving numbers around, it's really thinking about and considering how their operations are done and then infusing that with the data on the back end, >>it's awesome. You know the old workflows in the cloud, this is legit, I mean physical assets, all kinds of things and his legacy is also but you want the modernization, I was gonna ask you about the machine learning and ai component, you brought that up. What specifically are you leveraging their from the ai side of the machine learning side? >>Absolutely for us, most and foremost we're talking about responsible a i in this case because unfortunately a lot of the data in the Air Force is human entry, so it's manual, which basically means it's open and rife for a lot of error into that data. So we're really focused heavily on the data integrity, we're really focused on utilizing different types of machine learning because I think on the surface the general opinion is there's a lot of data here. So it would open itself naturally into a lot of potential machine learning techniques, but the reality situation is this data is not human understandable unless you are a prior maintainer, frankly, it's a lot of codes, there's not a whole lot of common taxonomy. So what we've done is we've looked at those supervised and unsupervised models, we've taken a whole different approach to infusing it with truly, what I would say arguably is the most important key element, domain expertise. You know, someone who actually understands what this data means. So that way we can in in End up with actionable output something that the air force can actually put into use, see the results coming out of it. And thus far it's been great. Air mobility command has come back and said we've been able to reduce their my caps, which are parts waiting for maintenance by 18%. That's huge in this space. >>Yeah, it's interesting about unsupervised and supervised machine learning. That's a big distinct because you mentioned there's a lot of human error going on. That's a big part. Can you explain a little bit more because that was that to solve the human error part or was it the mix and match because the different data sets, but why the why both machine learning modes. >>So really it was to address both items frankly. When we started down this path, we weren't sure we were going to find right, We went in with some hypotheses and some of those ended up being true and others were not. So it was a way for us to quickly adjust as we needed to again put the data into actionable use and make sure we were responsibly doing that. So for us a lot of it, because it's human understanding and human error that goes into this natural language processing is a really big area in this space. So for us, adjusting between and trying different techniques is really where we were able to discover and find out what was going to be the most effective and useful in this particular space as well as cost effective. Because for us there's also this resistance, you have to have resist the urge to want to monitor everything. In this case we're talking about really focusing on those top drivers and depending on the type of data that we had, depending on the users that we knew were going to get involved with it as well as I would say, the historical information, it really would help us dictate on supervised versus supervised and going the unsupervised route. In some cases there's just still not ready for that because the data is just so manual. Once we get to a point where there is more automation and more automated data collection, unsupervised will definitely no doubt become more valuable right now though, in order to get those actionable. That supervised modeling was really what we found to be the most valuable >>and that makes total sense. You've got a lot of head room to grow into with Unsupervised, which is actually harder as you as you know, everyone, everyone everyone knows that. But I mean that's really the reality. Congratulations. I gotta ask you on the AWS side what part do they play in all this? Obviously the cloud um their relationship with the Air Force as well, what's their what's their role in this particular maintenance solution? >>Sure, absolutely. And I'll just say, I mean we're really proud to be a partner network with them and so when we started this there was no cloud, so today a lot of opportunity or things we hear about in the Air Force where like cloud one platform one, those weren't in existence, you know, five years ago or so. So for us when we started down this path and we had to identify very quickly a format and a host location that would allow us not only handle large amounts of data but do all of the deep analysis we needed to AWS GovCloud is where that came in. Plus it also is awesome that they were already approved at I. L. Five to be able to host that we in collaboration with them host a nist 801 +71 environment. And so it's really allowed us to to grow and deliver this this impact out over 6000 users today on the Air Force side. So for us with a W. S. Has been a great partnership. They obviously have some really great native services that are inside their cloud as well as the pairing and easy collaboration among not only licensed products but also all that free and open source that's out there because again, arguably that's the best community to pull from because they're constantly evolving and working in the space. But a W has been a really great partner for us and of course we have some of our very favorite services I'm happy to talk about, but they've been really great to work with >>what's the top services. >>So for us, a lot of top services are like ec two's work spaces, of course S three and Glacier um are right up there, but you really enjoy working across glue Athena were really big on, we find a commercial service we're looking for that's not yet available in Govcloud. And we pull in our AWS partners and ask, hey, you know when it's going to get into the gulf cloud space and they move pretty quickly to get those in there. So recent months are definitely a theme in blue. Well, >>congratulations, great solution, I love this application because it highlights the power of the cloud, What's the future in store for the U. S. Air Force when it comes to predictive maintenance. >>Sure. I mean, I think at this point they are just going to continue adding additional top driver analyses you through our work for the past couple years. We've identified a lot of operational and functional opportunities for them. So there's gonna be some definitely foundational changing coming along, some enabling new technologies to get that data integrity more automated as well so that there isn't such a heavy lift on the downstream, we're talking about data cleansing, but I think as far as predictive maintenance goes, we're definitely going to see more and more improvements across the readiness level, getting rid of and eliminating that unscheduled event that drives a lot of the readiness concerns that are out there. And we're also hoping to see a lot more improvement and I'd say enhancement across the supply chain because we know that's also an area that really they could get ahead on your part of our other work as we developed a five year long range supply forecast and it's really been opening some eyes to see how they can better plan, not only on the maintenance side but also supporting maintenance from a logistics and supply, >>great stuff melissa. Great to have you on President Ceo Path Con, you're also the business owner. Um how's things going with the business? The pandemic looks like I'm gonna come out of it stronger. Got the tailwind with cloud technology. The modernization boom is here in, in Govcloud, 10 years celebrating Govcloud birthday here at this event. How's business house? How are you doing >>good. Everything has actually been, we were, I guess fortunate, as I mentioned the very beginning, we were remote companies. So fortunately for us the pandemic did not have that much of an operational hiccup and being that a lot of our clients are in the federal space, we were able to continue working and amazingly we actually grew during the pandemic. We added quite a bit of a personnel to the team and so we're looking forward to doing some more predictive maintenance across, not only explaining the Air Force but the other services as well. >>You know, the people who were Agile had some cloud action going on, we're productive and they came out stronger melissa. Great to have you on the cube. Thank you for coming in remotely and joining our face to face event from the interwebs. Thank you so much for coming on cuba >>All right, thank you, john have a great rest of your day. >>Okay. I'm john for here at the cube with a W. S. Public sector summit in person and remote bringing guest on. We've got the new capability of bringing remotes in. We do in person. I'll see you face to face hear the cube and it's like to be here at the public sector summit. Thanks for watching. Mhm. Mhm >>robert, Herjavec

>>no real filter and that kind of stuff. But you're also an entrepreneur, right? And you know the business, you've been in software, you detect business. I'm instructing you get a lot of pictures, this entertainment business on our show, we're a bubble. We don't do a lot of tech deals that were talking because it's boring tv tech people love tech consumers love the benefit of text. No consumer opens up their iphone and says, oh my gosh, I love the technology behind my, what's it been like being on the shark tank? You know, filming is fun and hang out just fun and it's fun to be a celebrity at first your head gets really big and you get a really good tables at restaurants and who says texas has got a little possessed more skin in the game today in charge of his destiny. Great robert Herjavec. No, these two stars cube alumni >>welcome back to the cubes coverage of A W. S. Public sector seven. I'm john for your host of the cube got a great segment here on healthcare startup accelerators of course. Sandy carter is co hosting media. This one Vice President Aws. She's awesome on the cuBA and jennifer Blumenthal co founder and C of one record entrepreneur, very successful. Thanks for coming on jennifer. Thank good to see you. Sandy thanks for joining me again. You >>are most welcome, >>jennifer. Before we get into the whole accelerated dynamic, just take a minute to explain what you guys do. One record. >>Sure. So one record is a digital health company that enables users to access aggregate and share their healthcare information. So what that means is we help you as a person get your data and then we also help companies who would like to have workflows were consumers in the loop to get their data. So whether they're sharing it with a provider, researcher payer. >>So, Sandy, we've talked about this amazon web services, healthcare accelerator cohort batches. What do you call cohort batches? Cohorts explain what's going on with the healthcare accelerator? >>Yeah. So, um, we decided that we would launch and partner an accelerator program and accelerator program just provides to a start up a little bit extra technical help. A little bit extra subject matter expertise and introductions to funders. And so we decided we were going to start one for health care. It's one of the biggest disruptive industries in public sector. Um, and so we weren't sure how it's gonna go. We partnered with Kids X. Kids X is part of the Los Angeles system for medical. And so we put out a call for startups and we had 427 startups, we were told on average and accelerating it's 50-100. So we were blown away 31 different countries. So it was really amazing. And then what we've been doing is down selecting and selecting that Top 10 for our first cohort. So we're going from 427 down to 10. And so obviously we looked at the founders themselves to see the quality of the leadership of the company, um the strength of their technology and the fit of the technology into the broader overall healthcare and healthcare ecosystem. And so we were thrilled that jennifer and one record was one of the top 10 start ups in this space that we chose to be in the, in the cohort. And so now we're going to take it to the six weeks intensive where we'll do training, helping them with AWS, provide them A W. S. Credits and then Kid X will also provide some of the health care uh subject matter >>expertise as well. Can I get some of those credits over here to maybe? >>Yes, you can actually, you can talk to me don you can't >>Talk to me, Jennifer, I gotta ask you. So you're an entrepreneur. So doing start doing cos it's like a roller coaster. So now to make the top 10 but also be in the area of his accelerator, it's a partnership, right? You're making a bet. What's your take on all this? >>Well, we've always been partners with a W. S. We started building on AWS in the very beginning. So when I was setting up the company a huge decision early on with infrastructure and when I saw the launch of the accelerator, I had to apply because we're at the point in the company that we're growing and part of growing is growing with the VW. So I was really excited to take advantage of that opportunity and now in the accelerator, it's more of thinking about things that we weren't thinking about the services that we can leverage to fill in the gaps within our platform so we can meet our customers where they are >>using award winning MSP cloud status city, your partners, great relationship with the ecosystem. So congratulations Sandi. What's the disruption for the healthcare? Because right now education and health care, the two top areas we're seeing and we're reporting on where cloud scale developed two point or whatever buzzword digital transformation you want to use is impacting heavily healthcare industry. There's some new realities. What's your, what's your vision, what's your view? >>Hey john before she does that, I have to give a plug to Claudius city because they just made premier partner as well, which is a huge deal. Uh and they're also serving public sector. So I just wanted to make sure that you knew that too. So you can congratulate. Go ahead, jennifer >>Well, so if I zoom in, I think about a P. I. S. Every day, that's what I think about and I think about microservices. So for me and for one record, what we think about is legislation. So 21st century Cures act says that you as a consumer have to be able to access your healthcare data from both your providers and from your players and not just your providers, but also the underlying technology vendors and H. I. E. S. H. I am and it's probably gonna extend to really anyone who plays within the healthcare ecosystem. So you're just going to see this explosion of A. P. I. S. And we're just your one of that. I mean for the payers that we went into effect on july 1st. So I mean when you think about the decentralization of healthcare where healthcare is being delivered plus an api economy, you're just going to have a whole new model developing and then throwing price transparency and you've got a whole new cake. >>I'm smiling because I love the peacocks. In fact, last night I shouldn't have tweeted this but there's a little tweet flames going on around A. P. Is being brittle and all this stuff and I said, hey developer experience about building great software apps are there for you. It's not a glue layer by itself. You got to build software around the so kind of a little preaching to the younger generation. But this health care thing is huge because think about like old school health care, it was anti ap I was also siloed. So what's your take on has the culture is changing health care because the user experience, I want my records, I want my privacy, I want to maintain everything confidential but access. That's hard. >>I think well health care to be used to just be paper was forget about a. P. I. Is it was just paper records. I think uh to me you think about uh patient journey, like a patient journey starts with booking an appointment and then everything after that is essentially an api call. So that's how I think about it is to all these micro transactions that are happening all the time and you want your data to go to your health care provider so they can give you the proper care, you want your data to go to your pair so they can pay for your care and then those two stakeholders want your data so that they can provide the right services at the right time to the right channel. And that is just a series of api calls that literally sits on a platform. >>What's interesting, I'd love to get your take on the where you think the progress bar is in the industry because Fintech has shown the way you got defy now behind a decentralized finance, health care seems to be moving on in a very accelerated rate towards that kind of concept of cloud, scale, decentralization, privacy. >>Yeah, I mean, that's a big question, what's interesting to me around that is how healthcare stakeholders are thinking about where they're providing care. So as they're buying up practices primary care specialty care and they're moving more and more outside of the brick and mortar of the health care system or partnering with your startups. That's really where I think you're going to see a larger ecosystem development, you could just look at CVS and walmart or the dollar store if they're going to be moving into health care, what does that look like? And then if you're seeking care in those settings, but then you're going to Mayo clinic or Kaiser permanente, there's so many new relationships that are part of your hair circle >>delivery is just what does that even mean now, delivery of health >>care. It's wherever you it's like the app economy you want to ride right now, you want a doctor right now, that's where we're heading its ease of use. >>This is this exciting startups, changing the game. Yes, I love it. I mean, this is what it's all about this health >>Care, this is what it's all about. And if you look at the funding right now from VCS, we're seeing so much funding pour into health care, we were just looking at some numbers and in the second quarter alone, the funding went up almost 700%. And the amount of funding that is pouring into companies like jennifer's company to really transform healthcare, 30% of it is going into telehealth. So when you talked about, you know, kind of ai at the edge, getting the right doctor the right expert at the right time, we're seeing that as a big trend in healthcare to >>well jennifer, I think the funding dynamics aside the opportunity for market total addressable market is massive when the application is being decomposed, you got front end, whether it's telemedicine, you got the different building blocks of healthcare being radically reconfigured. It's a re factoring of healthcare. Yeah, >>I think if you just think about where we're sitting today, you had to use an app to prove proof of vaccination. So this is not just national, this is a global thing to have that covid wallet. We at one record have a covid wallet. But just a couple years from now, I need more than just by covid vaccination. I need all my vaccinations. I need all my lab results. I need all my beds. It's opening the door for a new consumer behavior pattern, which is the first step to adoption for any technology. >>So somebody else covid wallet. So I need >>that was California. Did the, did a version of we just have a pen and it's pretty cool. Very handy. I should save it to my drive. But my phone, but I don't jennifer, what's the coolest thing you're working on right now because you're in the middle of all the action. >>I get very excited about the payer app is that we're working on. So I think by the end of the month we will be connected to almost to all the blues in the United States. So I'm very excited when a user comes into the one record and they're able to get their clinical data from the provider organization and then their clinical financial and formulary data from their payers because then you're getting a complete view, You're getting the records for someone who gave you care and you're getting the records from someone who paid for your care. And that's an interesting thing that's really moving towards a complete picture. So from a personal perspective that gets exciting. And then from a professional perspective, it's really working with our partners as they're using our API s to build out workflows and their applications. >>It's an api economy. I'd like to ask you to on the impact side to the patient. I hear a lot of people complaining that hey, I want to bring my records to the doctor and I want to have my own control of my own stuff. A lot of times, some doctors don't even know other historical data points about a patient that could open up a diagnosis and, or care >>or they can't even refer you to a doctor. Most doctors really only refer within a network of people that they know having a provider directory that allows doctors refer, having the data from different doctors outside of their, you know, I didn't really allows people to start thinking beyond just their little box. >>Cool. Well, great to have you on and congratulations on being in the top 10 saying this is a wonderful example of how the ecosystem where you got cloud city, your MSP. You mentioned the shout out to them jerry Miller and his team by working together the cloud gives you advantages. So I have to ask, we look at amazon cloud as an entrepreneur. It's kind of a loaded question, but I'm going to ask it. I love it. >>You always do it >>when you look at amazon, what do you see as opportunities as an entrepreneur? Because I'll see the easy ones. They have computing everything else. But like what's the, what does cloud do for you as an entrepreneur? What does it, what does it make you do? >>Yeah. So for been working with jerry since the beginning for me when I think about it, it's really the growth of our company. So when we start building, we really just thinking about it from a monolithic build and we move to microservices and amazon has been there every step of the way to support us as that. And now, you know, the things that I'm interested in are specifically health lake and anything that's NLP related that we could plug into our solution for when we get data from different sources that are coming in really unstructured formats and making it structured so that it's searchable for people and amazon does that for us with their services that we can add into the applications. >>Yeah, we announced that data health like and july it has a whole set of templates for analytics, focused on health care as well as hip hop compliance out of the box as well. >>The I think I think that's what's important is people used to think application first. Now it's creating essentially a data lake, then analytics and then what applications you build on top of that. And that's how our partners think about it and that's how we try and service them using amazon as our problem. So >>you're honing in on the value of the data and how that conflicts and then work within the whatever application requests might come >>in. Yes, >>it's interesting. You know, we had an event last month and jerry Chen from Greylock partners came on and gave a talk called castles in the cloud. He's gonna be cute before. He's a, he's a veces, they talk about moats and competitive manage so having a moat, The old school perimeter moz how cloud destroyed that. He's like, no, now the castles are in the cloud, he pointed snowflake basically data warehouse in the cloud red shifts there too. But they can be successful. And that's how the cloud, you could actually build value, sustainable value in the cloud. If you think that way of re factoring not just hosting a huge, huge, huge thing. >>I think the only thing he, this was customer service because health care is still very personal. So it's always about how you interact with the end user and how you can help me get to where they need to be going >>and what do you see that going? Because that's, that's a good point. >>I think that is a huge opportunity for any new company that wants to enter healthcare, customer service as a service in health care for all the different places that health care is going to be delivered. Maybe there's a company that I don't know about, but when they come out, I'd like to meet them. >>Yeah, I mean, I can't think of one cover that can think of right now. This is what I would say is great customer service for health care. >>And if there is one out there contacted me because I want to talk to you about AWS. >>Yeah. And you need the app from one record that make it all >>happen. That's where Omni channel customer service across all health care entities. Yeah, that's >>a great billion dollar idea for someone listening to our show right now. >>Right, alright. So saying they had to give you the opportunity to talk more because this is a great example of how the world's very agile. What's the next step for the AWS Healthcare accelerator? Are there more accelerators? Do you do it by vertical? >>What happens next? So, with the healthcare accelerator, this was our first go at the accelerator. So, this is our first set of cohorts, Of course, all 427 companies are going to get some help from a W. S. as well. We also you'll love this john We also did a space accelerator. Make sure you ask Clint about that. So we have startups that are synthesizing oxygen on mars to sending an outpost box to the moon. I mean, it's crazy what these startups are doing. Um, and then the third accelerator we started was around clean energy. So sustainability, we sold that one out to, we had folks from 66 different countries participate in that one. So these have been really successful for us. So it reinvent. When we talk again, we'll be announcing a couple of others. So right now we've got healthcare, space, clean energy and we'll be announcing a couple other accelerators moving forward. >>You know, it's interesting, jennifer the pandemic has changed even our ability to get stories. Just more stories out there now. So you're seeing kind of remote hybrid connections, ap ideas, whether it's software or remote interviews or remote connections. There's more stories being told out there with digital transformation. I mean there wasn't that many before pandemic has changed the landscape because let's face it, people were hiding some really bad projects behind metrics. But when you pull the pandemic back and you go, hey, everyone's kind of emperors got no clothes on. Those are bad projects. Those are good projects that cloud investment worked or I didn't have a cloud investment. They were pretty much screwed at that point. So this is now a new reality of like value, you can't show me value. >>It's crazy to me when I meet people who tell me like we want to move to the cloud of like, why are you not on the cloud? Like this really just blows my life. Like I don't understand why you have on prem or while you did start on the cloud, this is more for larger organizations, but younger organizations, you know, the first thing you have to do, it's set up that environment. >>Yeah. And then now with the migration plans and seeing here, uh whereas education or health care or other verticals, you've got, now you've got containers to give you that compatibility and then you've got kubernetes and you've got microservices, you've got land. Uh I mean, come on, that's the perfect storm innovation. There's no excuses in my opinion. So, you know, if you're out there and you're not leveraging it, then you're probably gonna be out of business. That's my philosophy. Thank you for coming up. Okay. Sandy, thank you. Thank you, john Okay. Any of his coverage here, summit here in D. C. I'm john ferrier. Thanks for watching. Mm >>mm mm mhm. I have been in the software and technology industry for over 12 years now, so I've had >>the opportunity

(bright music) >> Hello and welcome to today's session of the 2021 AWS Global Public Sector Partner Awards for the award for Best Partner Transformation, Best Cybersecurity Solution. I'm now honored to welcome our next guests, General Keith Alexander, Founder, and Co-CEO of IronNet Cybersecurity, as well as Gil Quiniones, President and CEO of the New York Power Authority. Welcome to the program gentlemen, delighted to have you here. >> Good to be here. >> Terrific. Well, General Alexander, I'd like to start with you. Tell us about the collective defense program or platform and why is it winning awards? >> Well, great question and it's great to have Gil here because it actually started with the energy sector. And the issue that we had is how do we protect the grid? The energy sector CEOs came together with me and several others and said, how do we protect this grid together? Because we can't defend it each by ourselves. We've got to defend it together. And so the strategy that IronNet is using is to go beyond what the conventional way of sharing information known as signature-based solutions to behavioral-based so that we can see the events that are happening, the unknown unknowns, share those among companies and among both small and large in a way that helps us defend because we can anonymize that data. We can also share it with the government. The government can see a tax on our country. That's the future, we believe, of cybersecurity and that collective defense is critical for our energy sector and for all the companies within it. >> Terrific. Well, Gil, I'd like to shift to you. As the CEO of the largest state public power utility in the United States, why do you think it's so important now to have a collective defense approach for utility companies? >> Well, the utility sector lied with the financial sector as number one targets by our adversaries and you can't really solve cybersecurity in silos. We, NYPA, my company, New York Power Authority alone cannot be the only one and other companies doing this in silos. So what's really going to be able to be effective if all of the utilities and even other sectors, financial sectors, telecom sectors cooperate in this collective defense situation. And as we transform the grid, the grid is getting transformed and decentralized. We'll have more electric cars, smart appliances. The grid is going to be more distributed with solar and batteries charging stations. So the threat surface and the threat points will be expanding significantly and it is critical that we address that issue collectively. >> Terrific. Well, General Alexander, with collective defense, what industries and business models are you now disrupting? >> Well, we're doing the energy sector, obviously. Now the defense industrial base, the healthcare sector, as well as international partners along the way. And we have a group of what we call technical and other companies that we also deal with and a series of partner companies, because no company alone can solve this problem, no cybersecurity company alone. So partners like Amazon and others partner with us to help bring this vision to life. >> Terrific. Well, staying with you, what role does data and cloud scale now play in solving these security threats that face the businesses, but also nations? >> That's a great question. Because without the cloud, bringing collective security together is very difficult. But with the cloud, we can move all this information into the cloud. We can correlate and show attacks that are going on against different companies. They can see that company A, B, C or D, it's anonymized, is being hit with the same thing. And the government, we can share that with the government. They can see a tax on critical infrastructure, energy, finance, healthcare, the defense industrial base or the government. In doing that, what we quickly see is a radar picture for cyber. That's what we're trying to build. That's where everybody's coming together. Imagine a future where attacks are coming against our country can be seen at network speed and the same for our allies and sharing that between our nation and our allies begins to broaden that picture, broaden our defensive base and provide insights for companies like NYPA and others. >> Terrific. Well, now Gil, I'd like to move it back to you. If you could describe the utility landscape and the unique threats that both large ones and small ones are facing in terms of cybersecurity and the risks, the populous that live there. >> Well, the power grid is an amazing machine, but it is controlled electronically and more and more digitally. So as I mentioned before, as we transform this grid to be a cleaner grid, to be more of an integrated energy network with solar panels and electric vehicle charging stations and wind farms, the threat is going to be multiple from a cyber perspective. Now we have many smaller utilities. There are towns and cities and villages that own their poles and wires. They're called municipal utilities, rural cooperative systems, and they are not as sophisticated and well-resourced as a company like the New York Power Authority or our investor on utilities across the nation. But as the saying goes, we're only as strong as our weakest link. And so we need- >> Terrific. >> we need to address the issues of our smaller utilities as well. >> Yeah, terrific. Do you see a potential for more collaboration between the larger utilities and the smaller ones? What do you see as the next phase of defense? >> Well, in fact, General Alexander's company, IronNet and NYPA are working together to help bring in the 51 smaller utilities here in New York in their collective defense tool, the IronDefense or the IronDome as we call it here in New York. We had a meeting the other day, where even thinking about bringing in critical state agencies and authorities. The Metropolitan Transportation Authority, Port Authority of New York and New Jersey, and other relevant critical infrastructure state agencies to be in this cloud and to be in this radar of cybersecurity. And the beauty of what IronNet is bringing to this arrangement is they're trying to develop a product that can be scalable and affordable by those smaller utilities. I think that's important because if we can achieve that, then we can replicate this across the country where you have a lot of smaller utilities and rural cooperative systems. >> Yeah. Terrific. Well, Gil, staying with you. I'd love to learn more about what was the solution that worked so well for you? >> In cybersecurity, you need public-private partnerships. So we have private companies like IronNet that we're partnering with and others, but also partnering with state and federal government because they have a lot of resources. So the key to all of this is bringing all of that information together and being able to react, the General mentioned, network speed, we call it machine speed, has to be quick and we need to protect and or isolate and be able to recover it and be resilient. So that's the beauty of this solution that we're currently developing here in New York. >> Terrific. Well, thank you for those points. Shifting back to General Alexander. With your depth of experience in the defense sector, in your view, how can we stay in front of the attacks, mitigate them, and then respond to them before any damage is done? >> So having run our nations, the offense. I know that the offense has the upper hand almost entirely because every company and every agency defends itself as an isolated entity. Think about 50 mid-sized companies, each with 10 people, they're all defending themselves and they depend on that defense individually and they're being attacked individually. Now take those 50 companies and their 10 people each and put them together and collect the defense where they share information, they share knowledge. This is the way to get out in front of the offense, the attackers that you just asked about. And when people start working together, that knowledge sharing and crowdsourcing is a solution for the future because it allows us to work together where now you have a unified approach between the public and private sectors that can share information and defend each of the sectors together. That is the future of cybersecurity. What makes it possible is the cloud, by being able to share this information into the cloud and move it around the cloud. So what Amazon has done with AWS has exactly that. It gives us the platform that allows us to now share that information and to go at network speed and share it with the government in an anonymized way. I believe that will change radically how we think about cybersecurity. >> Yeah. Terrific. Well, you mention data sharing, but how is it now a common tactic to get the best out of the data? And now, how is it sharing data among companies accelerated or changed over the past year? And what does it look like going forward when we think about moving out of the pandemic? >> So first, this issue of sharing data, there's two types of data. One about the known threats. So sharing that everybody knows because they use a signature-based system and a set of rules. That shared and that's the common approach to it. We need to go beyond that and share the unknown. And the way to share the unknown is with behavioral analytics. Detect behaviors out there that are anonymous or anomalous, are suspicious and are malicious and share those and get an understanding for what's going on in company A and see if there's correlations in B, C and D that give you insights to suspicious activity. Like solar winds, recognizes solar winds at 18,000 companies, each defending themselves. None of them were able to recognize that. Using our tools, we did recognize it in three of our companies. So what you can begin to see is a platform that can now expand and work at network speed to defend against these types of attacks. But you have to be able to see that information, the unknown unknowns, and quickly bring people together to understand what that means. Is this bad? Is this suspicious? What do I need to know about this? And if I can share that information anonymized with the government, they can reach in and say, this is bad. You need to do something about it. And we'll take the responsibility from here to block that from hitting our nation or hitting our allies. I think that's the key part about cybersecurity for the future. >> Terrific. General Alexander, ransomware of course, is the hottest topic at the moment. What do you see as the solution to that growing threat? >> So I think, a couple things on ransomware. First, doing what we're talking about here to detect the phishing and the other ways they get in is an advanced way. So protect yourself like that. But I think we have to go beyond, we have to attribute who's doing it, where they're doing it from and hold them accountable. So helping provide that information to our government as it's going on and going after these guys, making them pay a price is part of the future. It's too easy today. Look at what happened with the DarkSide and others. They hit Colonial Pipeline and they said, oh, we're not going to do that anymore. Then they hit a company in Japan and prior to that, they hit a company in Norway. So they're attacking and they pretty much operate at will. Now, let's indict some of them, hold them accountable, get other governments to come in on this. That's the way we stop it. And that requires us to work together, both the public and private sector. It means having these advanced tools, but also that public and private partnership. And I think we have to change the rhetoric. The first approach everybody takes is, Colonial, why did you let this happen? They're a victim. If they were hit with missiles, we wouldn't be asking that, but these were nation state like actors going after them. So now our government and the private sector have to work together and we need to change that to say, they're victim, and we're going to go after the guys that did this as a nation and with our allies. I think that's the way to solve it. >> Yeah. Well, terrific. Thank you so much for those insights. Gil, I'd also like to ask you some key questions and of course, certainly people today have a lot of concerns about security, but also about data sharing. How are you addressing those concerns? >> Well, data governance is critical for a utility like the New York Power Authority. A few years ago, we declared that we aspire to be the first end-to-end digital utility. And so by definition, protecting the data of our system, our industrial controls, and the data of our customers are paramount to us. So data governance, considering data or treating data as an asset, like a physical asset is very, very important. So we in our cybersecurity, plans that is a top priority for us. >> Yeah. And Gil thinking about industry 4.0, how has the surface area changed with Cloud and IoT? >> Well, it's grown significantly. At the power authority, we're installing sensors and smart meters at our power plants, at our substations and transmission lines, so that we can monitor them real time, all the time, know their health, know their status. Our customers we're monitoring about 15 to 20,000 state and local government buildings across our states. So just imagine the amount of data that we're streaming real time, all the time into our integrated smart operations center. So it's increasing and it will only increase with 5G, with quantum computing. This is just going to increase and we need to be prepared and integrate cyber into every part of what we do from beginning to end of our processes. >> Yeah. And to both of you actually, as we see industry 4.0 develop even further, are you more concerned about malign actors developing more sophistication? What steps can we take to really be ahead of them? Let's start with General Alexander. >> So, I think the key differentiator and what the energy sector is doing, the approach to cybersecurity is led by CEOs. So you bring CEOs like Gil Quiniones in, you've got other CEOs that are actually bringing together forums to talk about cybersecurity. It is CEO led. That the first part. And then the second part is how do we train and work together, that collective defense. How do we actually do this? I think that's another one that NYPA is leading with West Point in the Army Cyber Institute. How can we start to bring this training session together and train to defend ourselves? This is an area where we can uplift our people that are working in this process, our cyber analysts if you will at the security operations center level. By training them, giving them hard tests and continuing to go. That approach will uplift our cybersecurity and our cyber defense to the point where we can now stop these types of attacks. So I think CEO led, bring in companies that give us the good and bad about our products. We'd like to hear the good, we need to hear the bad, and we needed to improve that, and then how do we train and work together. I think that's part of that solution to the future. >> And Gil, what are your thoughts as we embrace industry 4.0? Are you worried that this malign actors are going to build up their own sophistication and strategy in terms of data breaches and cyber attacks against our utility systems? What can we do to really step up our game? >> Well, as the General said, the good thing with the energy sector is that on the foundational level, we're the only sector with mandatory regulatory requirements that we need to meet. So we are regulated by the Federal Energy Regulatory Commission and the North American Electric Reliability Corporation to meet certain standards in cyber and critical infrastructure. But as the General said, the good thing with the utility is by design, just like storms, we're used to working with each other. So this is just an extension of that storm restoration and other areas where we work all the time together. So we are naturally working together when it comes to to cyber. We work very closely with our federal government partners, Department of Homeland Security, Department of Energy and the National Labs. The National Labs have a lot of expertise. And with the private sector, like great companies like IronNet, NYPA, we stood up an excellence, center of excellence with private partners like IronNet and Siemens and others to start really advancing the art of the possible and the technology innovation in this area. And as the governor mentioned, we partnered with West Point because just like any sporting or just any sport, actual exercises of the red team, green team, and doing that constantly, tabletop exercises, and having others try and breach your walls. Those are good exercises to really be ready against the adversaries. >> Yeah. Terrific. Thank you so much for those insights. General Alexander, now I'd like to ask you this question. Can you share the innovation strategy as the world moves out of the pandemic? Are we seeing new threats, new realities? >> Well, I think, it's not just coming out of the pandemic, but the pandemic actually brought a lot of people into video teleconferences like we are right here. So more people are working from home. You add in the 5G that Gil talked about that gives you a huge attack surface. You're thinking now about instead of a hundred devices per square kilometer up to a million devices. And so you're increasing the attack surface. Everything is changing. So as we come out of the pandemic, people are going to work more from home. You're going to have this attack surface that's going on, it's growing, it's changing, it's challenging. We have to be really good about now, how we trained together, how we think about this new area and we have to continue to innovate, not only what are the cyber tools that we need for the IT side, the internet and the OT side, operational technology. So those kinds of issues are facing all of us and it's a constantly changing environment. So that's where that education, that training, that communication, working between companies, the customers, the NYPA's and the IronNet's and others and then working with the government to make sure that we're all in sync. It's going to grow and is growing at an increased rate exponentially. >> Terrific. Thank you for that. Now, Gil, same question for you. As a result of this pandemic, do you see any kind of new realities emerging? What is your position? >> Well, as the General said, most likely, many companies will be having this hybrid setup. And for company's life like mine, I'm thinking about, okay, how many employees do I have that can access our industrial controls in our power plants, in our substations, and transmission system remotely? And what will that mean from a risk perspective, but even on the IT side, our business information technology. You mentioned about the Colonial Pipeline type situation. How do we now really make sure that our cyber hygiene of our employees is always up-to-date and that we're always vigilant from potential entry whether it's through phishing or other techniques that our adversaries are using. Those are the kinds of things that keep myself like a CEO of a utility up at night. >> Yeah. Well, shifting gears a bit, this question for General Alexander. How come supply chain is such an issue? >> Well, the supply chain, of course, for a company like NYPA, you have hundreds or thousands of companies that you work with. Each of them have different ways of communicating with your company. And in those communications, you now get threats. If they get infected and they reach out to you, they're normally considered okay to talk to, but at the same time that threat could come in. So you have both suppliers that help you do your job. And smaller companies that Gil has, he's got the 47 munis and four co-ops out there, 51, that he's got to deal with and then all the state agencies. So his ecosystem has all these different companies that are part of his larger network. And when you think about that larger network, the issue becomes, how am I going to defend that? And I think, as Gil mentioned earlier, if we put them all together and we operate and train together and we defend together, then we know that we're doing the best we can, especially for those smaller companies, the munis and co-ops that don't have the people and a security ops centers and other things to defend them. But working together, we can help defend them collectively. >> Terrific. And I'd also like to ask you a bit more on IronDefense. You spoke about its behavioral capabilities, it's behavioral detection techniques, excuse me. How is it really different from the rest of the competitive landscape? What sets it apart from traditional cybersecurity tools? >> So traditional cybersecurity tools use what we call a signature-based system. Think of that as a barcode for the threat. It's a specific barcode. We use that barcode to identify the threat at the firewall or at the endpoint. Those are known threats. We can stop those and we do a really good job. We share those indicators of compromise in those barcodes, in the rules that we have, Suricata rules and others, those go out. The issue becomes, what about the things we don't know about? And to detect those, you need behavioral analytics. Behavioral analytics are a little bit noisier. So you want to collect all the data and anomalies with behavioral analytics using an expert system to sort them out and then use collected defense to share knowledge and actually look across those. And the great thing about behavioral analytics is you can detect all of the anomalies. You can share very quickly and you can operate at network speed. So that's going to be the future where you start to share that, and that becomes the engine if you will for the future radar picture for cybersecurity. You add in, as we have already machine learning and AI, artificial intelligence, people talk about that, but in this case, it's a clustering algorithms about all those events and the ways of looking at it that allow you to up that speed, up your confidence in and whether it's malicious, suspicious or benign and share that. I think that is part of that future that we're talking about. You've got to have that and the government can come in and say, you missed something. Here's something you should be concerned about. And up the call from suspicious to malicious that gives everybody in the nation and our allies insights, okay, that's bad. Let's defend against it. >> Yeah. Terrific. Well, how does the type of technology address the President's May 2021 executive order on cybersecurity as you mentioned the government? >> So there's two parts of that. And I think one of the things that I liked about the executive order is it talked about, in the first page, the public-private partnership. That's the key. We got to partner together. And the other thing it went into that was really key is how do we now bring in the IT infrastructure, what our company does with the OT companies like Dragos, how do we work together for the collective defense for the energy sector and other key parts. So I think it is hit two key parts. It also goes on about what you do about the supply chain for software were all needed, but that's a little bit outside what we're talking about here today. The real key is how we work together between the public and private sector. And I think it did a good job in that area. >> Terrific. Well, thank you so much for your insights and to you as well, Gil, really lovely to have you both on this program. That was General Keith Alexander, Founder and Co-CEO of IronNet Cybersecurity, as well as Gil Quiniones, the President and CEO of the New York Power Authority. That's all for this session of the 2021 AWS Global Public Sector Partner Awards. I'm your host for theCUBE, Natalie Erlich. Stay with us for more coverage. (bright music)

>>Mhm >>Hello and welcome to today's session of the 2021 AWS Global Public Sector Partner Awards And I'm delighted to introduce our next guests. They are chris Saks Ceo of think stack and Michael Matthews President Ceo at mutual Credit Union. I'm your host for the cube Natalie. Ehrlich of course. And we're going to highlight the most impactful nonprofit partner award. Thank you gentlemen for joining the program. >>Thank you so much for having us. >>Terrific. Well delighted for you to be here. And Michael, I'd love to start with you. How did you figure out that cloud technology was critical to the future of mutual credit union? >>It's kind of by chance, Natalie, we're sitting down, we're looking at uh, racks of equipment in our I. T. Room and trying to keep everything up to date, um software updated, become a full time job and all of my staff and sat around and it come to a point where we were spending more time keeping upgrades, keeping servers upgraded. And we asked we reached out the things that they were a network provider at the time and we said, hey, whatever, what are our options? And they came back with several options and one of them was a W. S. And we explored it and uh we've not looked back. >>Terrific. Well, can you explain in further detail how you identified some of the gaps and what stood out to you about think stack, how this uh collaboration happened specifically? >>Well, some of the major gaps that you have is, you know, we're in Vicksburg Mississippi and I would say it's probably not the I. T mecca of the United States and staffing. What was a huge requirement for us if you're gonna make a move such as this, you've got to have the staffing and then along with the staffing is okay if you go out and we hire all these individuals to help help with this journey, are they going to become bored and you know, if we uh personally, if if I asked think stack, they would say, oh yes, don't do that hire us, but that's their job there, there there are parker vendor and so we went out, we asked other vendors that we use and what are the chances of us doing this and it was slim to none. And this type of technology you want, somebody who you can call and and all honesty, I want to be able to call chris and say chris, I'm having a problem versus, you know, one of my team called me and say we're having a problem, I'd rather call it and I love the vendor relationship. It has worked out well. Our major gaps in staffing though, Natalie >>what about staffing? >>That was our major gap. >>Oh God, it got it. Well, chris let's move on to you now. I'd love it if you could explain, you know, in some detail for our audience about the methodology of your company and also how you help your clients visualize their transformation processes. >>Yeah, for sure. Thanks Natalie. So we work with credit unions around the country and many of them are facing similar challenges to Michael at mutual. And in addition to staffing, they're often challenged with just the uncertain future of technology and that can include things like hurricanes, wildfires, various different disasters, pandemics and having to work remotely. But it also includes all of the opportunities that exist in transformative technologies for credit union. They need to keep pace with organizations like Robin Hood and stash and some of these other organizations that are providing cutting edge mobile apps and technology to their customers. And so how do you as an organization generally, that's a small nonprofit organization. How do you build the technology that will allow you to have a foundation to respond and react to whatever the world happens to throw actually, be that an opportunity to take advantage of for growth or some kind of risk from a cyber attack to a natural disaster. So what we try to do with our clients is take a very human centered approach first. And the idea behind that is to not walk in the door and talk about all the wonderful benefits of AWS or any other particular technology, but rather look at What do you expect. So if you take Michael, for example, you know, sitting down with him and trying to look out 10 years, what do you expect the industry to look like? What do you expect your organization to look like in? What goals do you have as a credit? You need to take advantage of those opportunities and to mitigate those risks. Once you identify those business needs, we can start looking at the humans that are involved in that experience. And so that would obviously be the employees and partners and vendors that support and make up the team at the credit union. And then obviously it's their current members and then any other members that they want to attract. And so you have to look at both sides of this. How how do you work securely efficiently? Um, as an employee on the flip side, how do you serve your members as well as you can serve them with cutting edge technology with technology that's always up and available. And then obviously with, with utmost security. So as we identify and build that picture, uh, we we generally do that with stick figures Natalie so we try to go in and and you know take um different personas and we use journey mapping and we use strategic foresight and various other exercise that help us uh literally paint a picture. Um and then from there we kind of back into that and say okay in order for you to accomplish these things into Have the organization that you want to have the next 10 years, what is your technology foundation and footprint need to look like to support that. And that's where we start to then back into that design which typically would include some type of public cloud services like AWS among other technologies from a cyber security perspective to build out that foundation and then allow them To respond and react to whatever the world throws at him over the next 10 years. >>Terrific. Well Michael would love to get your insight. How did you experience that human centered design focus, that think stack uh you know, is known for >>I think that's what says things take apart. You know, we there's numerous vendors you can go direct, there's there's plenty of software, there's plenty of technology out there you can buy. And as a credit union we can go out, we can just about get anything we wanted. But when we have a problem that we're trying to solve, it's not about that, it's about sitting down with chris his team and saying chris this this is a problem. We recently had one in password management, but we just this is a problem we're having. How do we solve this problem? And so the focus is not about trying to sell you another software. The focus is about solving the problem and having your staff and your team work more efficiently and effectively at their task. At the end of the day, you know, we're not arty people were in the financial service business. We rely on the solutions that we have to to help us do our jobs better and serve our members more effectively. >>Yeah, well, chris uh, you know, from your perspective, obviously human centered designed a really big component of your business, but what other key feature set your business apart from the competitive landscape? >>So I think the human centered design bleeds into another area that we really pride ourselves on, which is which is education and what I will call plain talk. So again, as Michael said, these organizations are our financial services, they're not technology experts, so you need to be able to communicate to those teams, those boards of directors, executive teams in a way that they can understand, and it can be uh somewhat difficult to talk about complex technical problems, um but when you boil it down back to that experience level, or you boil it down to a picture, it becomes a little easier to talk about. And what we want to be able to do as a partner is make sure our clients have confidence in the services or the products that they're purchasing, that they understand. How is this investment going to impact our credit union? How is this going to impact our members? And is this the right investment? It investments are, are significant. So we need to make sure that both parties understand the expectations of that investment and why they're doing that. So we take a lot of pride in the education and then probably the biggest piece uh and you know, it's one of those things that can be unappreciated, but its cybersecurity building, our infrastructure's with the tools and the processes and and the techniques so that everyone stays secure. I can tell you that there is nothing that would derail a digital transformation of an organization faster than a breach. So it's very important for us to make sure that those organizations, that everything that we do as fun as it is to talk about transformational technology equally as important that everything stays secure as we do it. >>Yeah. Well, excellent point. Certainly cybersecurity going to be a top uh topic for 2021 and beyond. Now, Michael, I'd like to move to you um what were the expected and unexpected business outcomes as a result of this partnership? >>Well, now we we we expected to have issues in the transition, which we really didn't um, I'll be honest with you, we we expected to have failures of servers. We expected stuff not to work because we were told by some of our other vendors that this will not work in a W S. Um and we were very surprised that most everything worked on AWS and it worked even better. Um some of the unexpected. So one of the main drivers of us moving to AWS was, I told you we had were limited on Rackspace I T room is when we want to implement a new service today, everything requires its own server. So everything needs an independent service, virtual server or physical server. We did not know how fast that could be done. So we would send a ticket in uh and we would say, hey, we need a new server here. The specs we're putting on this vendor, this is our time frame and we will get an email back the next morning. The servers ready to go where before? We weren't we didn't have that. That that was not an option. The main delay for new projects was to build up time and we weren't expecting that speech. No longer was that we all we expected that hey, we're not in a rush, but it'll be at least three months. And so now the team has to be ready to go as soon as you send the request in that we need this server is done uh and its speed up, speed up our time from uh, the idea our concept to going live with projects and we weren't that was something we had to get adjusted to. >>Yeah. And following up on that. What were some of the rational as well as the emotional impacts as a result of this collaboration? >>All right too. Two things and I don't know if they meet their, meet your that answer your question directly. But so one item we had in in a call, it's been several weeks back is when is the last time that anyone had to call it? Said, hey, I'm not working. My my can't access the server or I can complete dysfunction. And it's not been that way. We we've seen significantly improved up time, not only externally for our members who are logging in to do home banking or any other, any other feature, but internally for our staff we saw and I think it's just the entire transformation just made our company more resilient. What that was. I was as the metric we were seeing fewer instances of downtime. If we have downtown now, it's a power. We had an ice storm here in Mississippi, which is rare. Uh and we were down for a day. Um and if you lose internet today at any business you're down um The emotional side of I tell you, and it's been several years back on July four, we had a major major failure and our entire network was down and we this is prior to us moving to AWS and I'll just tell you I go home at night, this is the peace of mind that you can't put a dollar value on. I go home at night. And the last thing I'm worried about is my I. T. Network. I'm not worried about up time, I'm not worried about members, you know, going on facebook or any other social media and saying hey we can't we can't access your site what's going on and we don't have that anymore. And you know, I'm sure we could have had it any other way. But I leave that to the process of us moving from an in house holding everything on premise to moving to AWS, not only did it want to improve the results of those servers were able to back up to do different things, but it is to improve the overall working, working the functionality of our network. And I like I said I you can't put a dollar on this peace of mind and that is something I don't think there's any metric out there. You can measure, you can't measure that, but you know me and my team, we see it all the time. So >>Yeah, I agree, a peace of mind is certainly a priceless now Chris Let's move to you if you could outline to our audience some of the solutions that you provide, some of your other clients as well. Just give us a fuller picture of the services that you provide. Let's perhaps talk about, you know, 24/7 socks um services as well as data loss prevention or anything else that you think would be of interest to our audience? >>Yeah, for sure. So so obviously we I like to think of us like we design so we come in and we like to help you design and and figure out what your network needs to look like. That's not only your server and production network but also routing, switching. So Land Win S T Win various other networking projects equally. It's important that you can access the cloud as it is to move to the cloud, help with with productivity suite collaboration tools. Um and then finally, cyber security is a big part of that as well. So we try to come in and and look at all those things on the cybersecurity side. Very similar concept of what we do on the, on the cloud side, which is well design the tools and the infrastructure on the perimeter of the network, the configuration of any cloud environments, um such that they're secure and appropriate for your organization. Uh look at active directory or whatever organizational user management system you have to be using, implement those tools. Um and then as you mentioned, Natalie, we have a 24 x seven socks um with analysts watching that um that are all things that employees watching that board responding and reacting um using our our sin platform. And then we also have a 24 by seven uh network operations center or knocked. Um that is managing both the on site uh tools and network as well as any cloud uh networks that that they may have, keeping them up to date, doing all the routine maintenance, I will say from a cyber security perspective while it's not called the sock, the knock is just as important for cybersecurity as is the knock because we see that many cybersecurity attacks are often just taking advantage of systems that are not kept up to date. So the knock and that preventative maintenance is so important. So we do that for a lot of our clients. Some people pick and choose certain features. Some people use all of our services. >>Yeah. Terrific. Is that what you mean by security that's made to order? >>Yeah, exactly. Um you know, I think that's true of all technology. Um the biggest thing that we can do his look at the systems that you have during that design phase, we not only look at what technology should be should you be using, but also we take an assessment of your current team, What talent does your team have and where can we fill gaps if you have people that are doing security really well or you're doing preventative maintenance or some of these features? Uh Certainly you should keep that in house and we'll try to build services around those individuals that you have so that you're utilizing your talent to the best of your abilities and we're really fitting in um where you need us. >>Yeah. Terrific. Well, um you know, Michael, I'd like to shift to you now. What do you think will be the broader impact, you know, for the credit union industry? If others are not, you know, adopting the same kind of technologies um you know, to secure their cloud strategies. Mhm. >>I think whether credit unions want to or not, they're moving to the cloud. Um Most of our newest vendors are all cloud based. Um And so yes, he's either do it now or do it later. Which one do you want to be? And I do think that you're going to see more and more larger credit unions begin to move and it's scalable. It's more up time. It's easier to back up. A lot of people are hesitant. They don't want to take their information and move it out of town. They try to find a local data center are somewhere secure. And, and we looked at is what's the difference? You know, we, we we don't have latency issues with internet and fiber today. And so what is the difference of movement out of town and move to AWS by moving out of town? I still on the servers. I still leased the space. I still have to go over there. We have to have somebody there at all the time. And I'll be honest with you, I look at AWS as a trusted partner versus trying someone and then, and then it's not working locally and there's a lot of data centers you can, you can move to um I think I think it's going to come to the industry one way or the other. >>Yeah. Well, Terrific. Do you have any insight or you know, perhaps advice for another credit union who will, you know, like to take the next step? But, you know, as you mentioned, maybe a bit hesitant, >>I think doing your homework on it and looking at it as a, as a viable option is the first step. I know when I took it to my board and I talked about this um with chris and several people have so we we we talk about these things like the cloud, like it's this magical space and and our data is out there in Netherland and who knows where our data is. But when you break it down, you say, I have a East Coast data center and I have a West Coast data center. These are physical spaces where my dad is higher is held. Um I think it makes people think about a little differently. And and so when when you're if you're thinking about moving, if your if your in house today and you're thinking about how I'm gonna start outsourcing evaluate the cost, what are your ongoing cost, You know, who's gonna service you, Who's going to provide that service? And we've looked at other vendors over the years and I'll tell you, chris and his team have something unique that I found. Um I found very desirable in our situation is at our size and we're just under $300 million credit union. I don't think we have major projects that are too complicated to chris we're still, we're one of his better customers. I assume, chris me tell you something different in a minute, but we're not just a number, so I wouldn't go into a cube. You know, everybody knows each other. We're both small enough companies to where they're getting a lot bigger than we are now, but they're both small of companies where we're still, we we mean something to them, they care about moving to start versus just checking the box off. And so that's that's been our journey so far. Mhm. >>Yeah. Well, um, so, chris, uh, you know, first I want to know if Michael is one of your better customers, but uh, you know, really what I would I would really like to know is um, you know, what is your like, big sales pitch to? You know, as I mentioned to Michael, just some of those companies that are a little bit hesitant, a little bit on the edge. >>Michael is our best client of course because he's here doing this interview with us. No, um, you know, that that's something for us that are those, those human connections are, are, are so important and we do get very invested with any of the clients that we work with. But, um, in, in terms of the industry, I think Michael started to say at the beginning, which is, you're already there. We hear a lot of times from folks that they, I can't move to the cloud that the examiners or that the regulations do not allow them to be there. And that's, that's not true. Um, so what we're trying to do in partnership with KWS is educate the marketplaces as well as we can. Um, one of the biggest things that the cloud offers is this idea of flexibility and nimbleness and you know, unfortunately, I think Covid taught us that lesson, but there's, there's other lessons out there. I don't want to harp on Covid, I feel like that's all we talk about. Um, but if you look at any opportunity, whether it's a I machine learning, um, you know, Blockchain, pick the next technology, right? The reality is, none of us can really tell you where you're going to be in two years, maybe one year, three years, right? Like can you truly sit down after the past three years and tell me that you with no uncertainty, can tell me where your organization is going to be. And the reality is if you build your own data center right now, you have to make that guess Because you have to build something and designed for something and if you're making that investment, then you're doing that for the next probably 5-7 years. Whereas if you move to amazon you have the flexibility, whether that's scaling your organization up quickly, whether that's moving to the cloud, whether that's leveraging one of these technologies I just mentioned or in some cases even scaling back because things have hit a recession, we don't know what the future holds. But if you're in an environment like AWS, then you have the scalability and the flexibility to be able to move and pivot with that. And if you build your own and you happen to pick the wrong future, then then you could be in a bind and you've created your own limitations because you've decided to build for yourself. And I think that's the biggest thing is you can't build for yourself. You have to be flexible in this environment. That is that is the key. And the organizations that are flexible are the ones that are going to survive and thrive through all this uncertainty. Yeah. >>Well, really excellent point there. I totally agree with you. Wonderful to have you on our program. That was chris Saks Ceo of think stack as well as Michael Matthews, the president and Ceo at Mutual Credit Union. Thank you gentlemen for joining the show. Thanks so much. And that's all for this session of the AWS Global Public Sector Partner Awards. I'm your host Natalie or like thanks for >>watching. Mm.

>>Welcome back to HPD discovered 2021. My name is Dave Volonte and you're watching the cubes virtual coverage of discover we're going to dig into the most pressing topic not only for I. T. But entire organizations and that's cyber security with me. Miss O'Neil James, senior Director of security engineering at Hewlett Packard Enterprise. So Neil welcome to the cube. Come on in. >>Dave, thank you for having me. I appreciate it. >>Hey, you talked about Project Aurora today. Tell us about project Aurora. What is that? >>So I'm glad you asked. Project Aurora is a new framework that we're working on that attempts to provide the underpinnings for Zero Trust architectures inside of everything that we build at. Hp. Zero Trust is a way of providing a mechanism for enterprises to allow for everything in their enterprise. Whether it's a server, a human or anything in between to be verified and attested to before they're allowed to access or transact in certain ways. That's what we announced today. >>Well, so in response to a spate of damaging cyber attacks last month, President biden issued an executive order designed to improve the United States security posture and in that order essentially issued a zero trust mandate. You know, it's interesting. Zero Trust has gone from a buzzword to a critical part of a security strategy. So in thinking about a zero trust architecture, how do you think about that and how does project Aurora fit in? >>Yeah, Zero Trust architecture as a concept has has been around for quite some time now and over the last few years you've seen many a company attempting to provide technologies that they purport to be. Zero trust. Zero Trust is a framework. It's not one technology, it's not one tool, it's not one product. It is an entire framework of thinking and applying cyber security principles uh to everything that we just talked about beforehand. Project Aurora, as I said before hand, is designed to provide a way for our ourselves and our customers to be able to measure a test and verify every single piece of technology that we sell to them, whether it's a server or everything else in between. Now, we've got a long way to go before we're able to cover everything that HP sells. But for us these capabilities are the root of Zero Trust architectures, you need to be able to at any given moments notice, verify measure and a test and this is what we're doing with Project Aurora. >>So you founded a company called citadel and sold out to HPD last year. And my understanding is you were really the driving force behind the secure production identity framework, but you said zero Trust is really a framework, uh that's an open source project. Maybe you can explain what that is. I mean people talk about the nist framework for cybersecurity. How does that relate? What why is this important and how does Aurora fit into it? >>Yeah, so it's a good question. The next framework is a broader framework for cybersecurity that couples and covers many aspects of thinking about the security posture of an enterprise, whether it's network security, host based intrusion detection capabilities in response things of that sort Spiffy. What you're referring to secure production identity framework for everyone is an open source framework and technology base that we did work on when I was the ceo of Seattle. That was designed to provide a platform agnostic way to assign identity to anything that runs in a network. And so think about yourself or myself, we are uh, we have identities in our back pocket driver's license, passports, things of that sort. They provide a unique assertion of who we are and what we're allowed to do that does not exist in the world of software. And what spiffy does is it provides that mechanism so that you can actually use frameworks like project Aurora that can verify the underpinning infrastructure on top of which software workloads run to be able to verify the spiffy identities even better than before >>is the intensive product ties this capability within this framework. How do you approach this from HP standpoint >>suspicion inspire will and always will be. As far as I'm concerned, remain an open source project held by the cloud Native Computing Foundation. It's for the world. And we want that to be the case because we think that more of our enterprise customers are not living in the world of one vendor or two vendors. They have multiple vendors. And so we need to give them the tools and the flexibility to be able to allow for open source capabilities like Spiffy inspire to provide a way for them to assign these identities and assign policies and control regardless of the infrastructure choices they make today or tomorrow. H P E recognizes that this is a key differentiating capability for our customers. And our goal is to be able to look at our offerings that power the next generation of workloads, kubernetes instances, containers, serverless and anything that comes after that. And our responsibility to say, how can we actually take what we have and be able to provide those kinds of assertions, those underpinnings for zero trust that are going to be necessary to distribute those identities to others workloads and to do so in a scalable, effective and automated manner, which is one of the most important things that project Wara does. >>So a lot of companies senior will set up a security division, uh and and so, but is the IS HPV strategy to essentially uh embed security across its entire portfolio? How do you, how should we think about HP strategy in cyber? >>Yeah, so it's a it's a great question. Hp has a long history, uh security and other domains, networking and servers and storage and beyond. Uh the way we think about what we're building with project or this is plumbing, this is plumbing that must be and everything we built, customers don't buy one product from us and they think it's one custom, one company and something else from us and they think it's another company, they're buying HPV products. And our goal with Project Aurora is to ensure that this plumbing is widely and uniformly distributed and made available. So whether you're buying in Aruba device, a primary storage device or per alliance server. Project Aurora's capabilities are going to provide a consistent way to do the things that I've mentioned beforehand To allow for those zero trust architectures to become real. >>So it's I alluded to President biden's executive order previously, I mean you're a security practitioner or an expert in this area. It just seems as though, and I'd love to get your comments on this. I mean the adversaries are well funded. You know, they're either organized crime, their nation states, uh they're they're extracting a lot of very valuable information, they're monetizing that you've seen things like ransomware as a service now, so any any knucklehead can, can be in the ransomware business. Um it's just this endless escalation game. Um how do you see the industry approaching this? What needs to happen? So obviously I like what you're saying about the plumbing, you're not trying to attack this with a bunch of point tools, which is part of the problem. How do you see the industry coming together to solve this problem? >>Yeah, it's uh if you operate in the world of security, you have to operate from the standpoint of humility. And the reason why you have to operate from a standpoint of humility is because the attack landscape is constantly changing the things and tools and investments and techniques that you thought were going to thwart an attacker. Today, there quickly outdated within a week, a month, a quarter or whatever it might be. And so you have to be able to consistently and continuously evolve and adapt towards what customers are facing on any given moments notice I think to be able to as an industry tackle these issues more and more. So you need to be able to have all of us start to abide, not abide, but start to adopt these open source patterns. We recognize that every company hB included is here to serve customers and to make money for its shareholders as well. But in order for us to do that, we have to also recognize that they've got other technologies in their infrastructure as well. And so it's our belief, it's my belief that allowing for us to support open standards with spiffy inspire and perhaps with some of the aspects of what we're doing with project Aurora, I think allows for other people to be able to kind of deliver the same underpinning capabilities, the plumbing if you will, regardless of whether it's an HP product or somebody else along those lines as well. We need more of that generally across our industry and I think we're far from it. >>I mean this sounds like a war. I mean, it's it's more than a battle. It's a war that actually is never gonna end. Uh, and I don't think there is an end in sight. And you hear, see, so let's talk about the shortage of talent. Uh, they're getting inundated with point products and tools and then that just creates more technical debt. It's been interesting to watch interesting. Maybe it's not the right word, but the pivot 20 trust, endpoint security, cloud security and the exposure that we've now seen as a result of the pandemic was sort of rushed. And then of course, we've seen, you know, the the adversaries really take advantage of that. So, I mean, what you're describing is this ongoing, never ending battle, >>isn't it? Yeah, yeah, no, it's it's it's going to be ongoing. And by the way, Zero Trust is not the end state, right. I mean, there was things that we called the final nail in the coffin Five years ago, 10 years ago and yet the Attackers persevered. And that's because there's a lot of innovation out there. There's a lot of uh, infrastructure moving to dynamic architecture is like cloud and others that are going to be poorly configured and are going to not have necessarily the best and brightest providing security around that. So we have to remain vigilant. We have to work as hard as we can to help customers deploy Zero Trust architecture, but we have to be thinking about what's next. We have to be watching, studying and evolving to be able to prepare ourselves to be able to go after whatever the next capabilities are. >>What I like about what you're saying is, you're right. You have to have humility. I don't want to say. I mean it's it's hard because I do feel like a lot of times the vendor community says, okay, we have the answer to your point. You know, okay. We have a zero trust solution or we have a security solution and there is no silver bullet in this game. And I think what I'm hearing from you is look, we're providing infrastructure, Plumbing is the substrate, but it's an open system. It's got to evolve. We've anything you didn't say, but I love your thoughts on this is we got to collaborate with who some of you might think is your competitor because they're still, they're the good guys. >>Yeah. I mean our our customers are customers don't care that we're competitors with anybody. They care that we're helping them solve their problems for their business. So our responsibility is to figure out what we need to do to work together to provide the basic capabilities that allow for our customers to to remain in business. Right. If cybersecurity issues plague any of our customers, that doesn't affect just HP. That affects all of the companies that are serving that customer itself. So I think we have a shared responsibility to be able to protect our customers >>and you've been in cyber for much, if not most of your career. Right, correct. Let's go. So I got to ask you, did you have a superhero when you were a kid? Did you have sort of uh, you know, save the world thing going? >>Did I have to say, you know, I I didn't have to save the world thing going. But I had um I had, I had two parents that cared for for the world in many, many ways. They were both in the world of health care and so every day I saw them taking care of other people. And I think that probably rubbed off in some of the decisions that I made too >>Well. It's awesome. You can do a great work, really appreciate you coming on the cube and and thank you so much for your insights. >>I appreciate that. Thanks >>All right. Thank you for being with us for our ongoing coverage. HPD discovered 21. This is Dave Volonte. You're watching the cube. The leader in digital tech coverage will be right back. Mhm.