(upbeat music) >> Welcome back to theCUBE's coverage of VEEMON 2022. We're here at the Aria in Las Vegas. Dave Vellante with David Nicholson, my co-host for the week, two days at wall to wall coverage. Jason Buffington is here, JBuff, who does some amazing work for VEEAM, former Analyst from the Enterprise Strategy Group. So he's got a real appreciation for independence data, and we're going to dig into some data. You guys, I got to say, Jason, first of all, welcome back to theCUBE. It's great to see you again. >> Yeah, two and a half years, thanks for having me back. >> Yeah, that's right. (Jason laughs) Seems like a blur. >> No doubt. >> But so here's the thing as analysts, you can appreciate this, the trend is your friend, right? and everybody just inundates you with now, ransomware. It's the trend. So you get everybody's talking about the ransomware, cyber resiliency, immutability, air gaps, et cetera. Okay, great. Technology's there, it's kind of like the NFL, everybody kind of does the same thing. >> There's a lot of wonderful buzzwords in that sentence. >> Absolutely, but what you guys have done that's different is you brought in some big time thought leadership, with data and survey work which of course as an analyst we love, but you drive strategies off of this. So you got to, I'll set it up. You got a new study out that's pivoted off of February study of 3,600 organizations, and then you follow that up with a thousand organizations that actually got hit with ransomware. So tell us more about the study and the work that you've done there. >> Yeah, I got to say I have the best job ever. So I spent seven years as an analyst. And when I decided I didn't want to be an analyst anymore, I called VEEAM and said, I'd like to get in the fight and they let me in. But they let me do independent research on their behalf. So it's kind of like being an in-house counsel. I'm an in-house analyst. And for the beginning of this year, in February, we published a report called the Data Protection Trends Report. And it was over 3000 responses, right? 28 countries around the world looking at digital transformation, the effects of COVID, where are they are on BAS and DRS. But one of the new areas we wanted to look at was how pervasive is ransomware? How does that align with BCDR overall? So some of those just big thought questions that everyone's trying to solve for. And out of that, we said, "Wow, this is really worth double clicking." And so today, actually about an hour ago we published the Ransomware Trends Report and it's a thousand organizations all of which have all been survived. They all had a ransomware attack. One of the things I think I'm most proud of for VEEAM in this particular project, we use an independent research firm. So no one knows it's VEEAM that's asking the questions. We don't have any access to the respondents along the way. I wish we did, right? >> Yeah, I bet >> Go sell 'em back up software. But of the thousands 200 were CISOs, 400 were security professionals which we don't normally interact with, 200 backup admins, 200 IT ops, and the idea was, "Okay, you've all been through a really bad day. Tell us from your four different views, how did that go? What did you solve for? What did you learn? What are you moving forward with?" And so, yeah, some great learnings all around helping us understand how do we deliver solutions that meet their needs? >> I mean, there's just not enough time here to cover all this data. And I think I like about it is, like you said, it's a blind survey. You used an independent third party whom I know they're really good. And you guys are really honest about it. It's like, it was funny that the analyst called today for the analyst meeting when Danny was saying if 54% and Dave Russell was like, it's 52%, actually ended up being 53%. (Jason laughs) So, whereas many companies would say 75%. So anyway, what were some of the more striking findings of that study? Let's get into it a little bit. >> So a couple of the ones that were really startling for me, on average about one in four organizations say they have not been hit. But since we know that ransomware has a gestation for around 200 days from first intrusions, so when you have that attack, 25% may be wrong. That's 25% in best case. Another 16% said they only got hit once in the last year. And that means 60%, right on the money got hit more than once per year. And so when you think about it's like that school bully Once they take your lunch money once and they want lunch money, again, they just come right back again. Did you fix this hole? Did you fix that hole? Cool, payday. And so that was really, really scary. Once they get in, on average organizations said 47% of their production data was encrypted. Think about that. So, and we tested for, hey, was it in the, maybe it's just in the ROBO. So on the edge where the tech isn't as good, or maybe it's in the cloud because it's in a broad attack surface. Whatever it is, turns out, doesn't matter. >> So this isn't just nibbling around the edges. >> No. >> This is going straight to the heart of the enterprise. >> 47% of production data, regardless of where it's stored, data center ROBO or cloud, on average was encrypted. But what I thought was really interesting was when you look at the four personas, the security professional and the backup admin. The person responsible for prevention or mediation, they saw a much higher rate of infection than the CSOs and the IT pros, which I think the meta point there is the closer you are to the problem. the worst this is. 47% is bad. it's worse than that. As you get closer to it. >> The other thing that struck me is that a large proportion of, I think it was a third of the companies that paid ransom. >> Oh yeah. >> Weren't able to recover it. Maybe got the keys and it didn't work or maybe they never got the keys. >> That's crazy too. And I think one thing that a lot of folks, you watch the movies and stuff and you think, "Oh, I'm going to pay the Bitcoin. I'm going to get this magic incantation key and all of a sudden it's like it never happened. That is not how this works. And so yeah. So the question actually was did you pay and did it work right? And so 52%, just at half of organization said, yes. I paid and I was able to recover it. A third of folks, 27%. So a third of those that paid, they paid they cut the check, they did the ransom, whatever, and they still couldn't get back. Almost even money by the way. So 24% paid, but could not get back. 19% did not pay, but recovered from backup. VEEAM's whole job for all of 2022 and 23 needs to be invert that number and help the other 81% say, "No, I didn't pay I just recovered." >> Well, in just a huge number of cases they attacked the backup Corpus. >> Yes. >> I mean, that's was... >> 94% >> 94%? >> 94% of the time, one of the first intrusions is to attempt to get rid of the backup repository. And in two thirds of all cases the back repository is impacted. And so when I describe this, I talk about it this way. The ransomware thief, they're selling a product. They're selling your survivability as a product. And how do you increase the likelihood that you will buy what they're selling? Get rid of the life preserver. Get rid of their only other option 'cause then they got nothing left. So yeah, two thirds, the backup password goes away. That's why VEEAM is so important around cloud and disk and tape, immutable at every level. How we do what we do. >> So what's the answer here. We hear things like immutability. We hear terms like air gap. We heard, which we don't hear often, is orchestrated recovery and automated recovery. I wonder if you could get, I want to come back to... So, okay. So you're differentiating with some thought leadership, that's nice. >> Yep. >> Okay, good. Thank you. The industry thanks you for that free service. But how about product and practices? How does VEEAM differentiate in that regard? >> Sure. Now full disclosure. So when you download that report, for every five or six pages of research, the marketing department is allowed to put in one paragraph. It says, this is our answer. They call the VEEAM perspective. That's their rebuttal. To five pages of research, they get one paragraph, 250 word count and you're done. And so there is actually a commercial... >> We're here to buy here in. (chuckles) >> To the back of that. It's how we pay for the research. >> Everybody sells an onset. (laughs) >> All right. So let's talk about the tech that actually matters though, because there actually are some good insights there. Certainly the first one is immutability. So if you don't have a survivable repository you have no options. And so we provide air gaping, whether you are cloud based. So your favorite hyper-scale or one of the tens of thousands of cloud service providers that offer VEEAM products. So you can have, immutability at the cloud layer. You can certainly have immutability at the object layer on-prem or disk. We're happy to use all your favorite DDoS and then tape. It is hard to get more air-gaped and take the tape out drive, stick it on a shelf or stick it in a white van and have it shipped down the street. So, and the fact that we aren't dependent on any architecture, means choose your favorite cloud, choose your favorite disc, choose your favorite tape and we'll make all of 'em usable and defendable. So that's super key Number one. Super key number two there's three. >> So Platform agnostic essentially. >> Yeah. >> Cloud platform agenda, >> Any cloud, any physical, we work happily with everybody. Just here for your data. So, now you know you have at least a repository, which is not affectable. The next thing is you need to know, do you actually have recoverable data? And that's two different questions. >> How do you know? Right, I mean... >> You don't. So one of my colleagues, Chris Hoff, talks about how you can have this Nalgene bottle that makes sure that no water spills. Do you know that that's water? Is it vodka? Is it poison? You don't know. You just know that nothing's spilling out of it. That's an immutable repository. Then you got to know, can you actually restore the data? And so automating test restores every night, not just did the backup log work. Only 16% actually test their backups. That breaks my heart. That means 84% got it wrong. >> And that's because it just don't have the resource or sometimes testing is dangerous. >> It can be dangerous. It can also just be hard. I mean, how do you spend something up without breaking what's already live. So several years ago, VEEAM created the sandbox is what we call a data lab. And so we create a whole framework for you with a proxy that goes in you can stand up whatever you want. You can, if file exists, you can ping it, you can ODBC SQL, you can map the exchange. I mean, you can, did it actually come up. >> You can actually run water through the recovery pipes. >> Yes. >> And tweak it so that it actually works. >> Exactly. So that's the second thing. And only 16% of organizations do. >> Wow. >> And then the third thing is orchestration. So there's a lot of complexity that happens when you recover one workload. There is a stupid amount of complexity happens when you try cover a whole site or old system, or I don't know, 47% of your infrastructure. And so what can you do to orchestrate that to remediate that time? Those are the three things we found. >> So, and that orchestration piece, a number of customers that were in the survey were trying to recover manually. Which is a formula for failure. A number of, I think the largest percentage were scripts which I want you to explain why scripts are problematic. And then there was a portion that was actually doing it right. Maybe it was bigger, maybe it was a quarter that was doing orchestrated recovery. But talk about why scripts are not the right approach. >> So there were two numbers in there. So there was 16% test the ability to recover, 25% use orchestration as part of the recovery process. And so the problem where it is, is that okay, if I'm doing it manually, think about, okay, I've stood back up these databases. Now I have to reconnect the apps. Now I have to re IP. I mean, there's lots of stuff to stand up any given application. Scripts says, "Hey, I'm going to write those steps down." But we all know that, that IT and infrastructure is a living breathing thing. And so those scripts are good for about the day after you put the application in, and after that they start to gather dust pretty quick. The thing about orchestration is, if you only have a script, it's as frequently as you run the script that's all you know. But if you do a workflow, have it run the workflow every night, every week, every month. Test it the same way. That's why that's such a key to success. And for us that's VEEAM disaster recovery orchestra tour. That's a product that orchestrates all the stuff that VEEAM users know and love about our backend recovery engine. >> So imagine you're, you are an Excel user, you're using macros. And I got to go in here, click on that, doing this, sort of watching you and it repeats that, but then something changes. New data or new compliance issue, whatever... >> That got renamed directly. >> So you're going to have to go in and manually change that. How do you, what's the technology behind automated orchestration? What's the magic there? >> The magic is a product that we call orchestrator. And so it actually takes all of those steps and you actually define each step along the way. You define the IP addresses. You define the paths. You define where it's going to go. And then it runs the job in test mode every night, every week, whatever. And so if there's a problem with any step along the way, it gives you the report. Fix those things before you need it. That's the power of orchestrator. >> So what are you guys doing with this study? What can we expect? >> So the report came out today. In a couple weeks, we'll release regional versions of the same data. The reason that we survey at scale is because we want to know what's different in a PJ versus the Americas versus Europe and all those different personas. So we'll be releasing regional versions of the data along the way. And then we'll enable road shows and events and all the other stuff that happens and our partners get it so they can use it for consulting, et cetera. >> So you saw differences in persona. In terms of their perception, the closer you were to the problem, the more obvious it was, did you have enough end to discern its pearly? I know that's why you're due the drill downs but did you sense any preliminary data you can share on regions as West getting hit harder or? >> So attack rate's actually pretty consistent. Especially because so many criminals now use ransomware as a service. I mean, you're standing it up and you're spreading wide and you're seeing what hits. Where we actually saw pretty distinct geographic problems is the cloud is not of as available in all segments. Expertise around preventative measures and remediation is not available in all segments, in all regions. And so really geographic split and segment split and the lack of expertise in some of the more advanced technologies you want to use, that's really where things break down. Common attack plane, uncommon disadvantage in recovery. >> Great stuff. I want to dig in more. I probably have a few more questions if you don't mind, I can email you or give you a call. It's Jason Buffington. Thanks so much for coming on theCUBE. >> Thanks for having me. >> All right, keep it right there. You're watching theCUBE's live coverage of VEEAMON 2022. We're here in person in Las Vegas, huge hybrid audience. Keep it right there, be right back. (upbeat music)