(upbeat music) >> Welcome back to The Cube's coverage of Fal.Con 22. I'm Dave Vellante with Dave Nicholson. This is day one of our coverage. We had the big keynotes this morning. Derek Jeter was one of the keynotes. We have a big Yankee fan here: George Kurtz is the co-founder and CEO of CrowdStrike. George, thanks for coming on The Cube. >> It's great to be here. >> Boston fan, you know, I tweeted out Derek Jeter. He broke my heart many times, but I can't hate on Jeter. You got to have respect for the guy. >> Well, I still remember I was in Japan when Boston was down you know, by three games and came back to win. So I've got my own heartbreak as well. >> It did heal some wounds, but it almost changed the rivalry, you know? I mean, >> Yeah. >> Once, it's kind of neutralized it, you know? It's just not as interesting. I mean, I'm a season ticket holder. I go to all the games and Yankee games are great. A lot of it used to be, you would never walk into Fenway park with, you know pin stripes, when today there's as many Yankee fans as there are... >> I know. >> Boston fans. Anyway, at Fenway, I mean. >> Yeah. >> Why did you start CrowdStrike? >> Biggest thing for me was to really change the game in how people were looking at security. And at my previous company, I think a lot of people were buying security and not getting the outcome that they wanted. Not- I got acquired by a company, not my first company. So, to be clear, and before I started CrowdStrike, I was in the antivirus world, and they were spending a lot of money with antivirus vendors but not getting the outcome I thought they should achieve, which is to stop the breach, not just stop malware. And for me, security should be outcome based not sort of product based. And the biggest thing for us was how could we create the sales force of security that was focused on getting the right outcome: stopping the breach. >> And the premise, I've seen it, the unstoppable breach is a myth. No CSOs don't live by that mantra, but you do. How are you doing on that journey? >> Well I think, look, there's no 100% of anything in security, but what we've done is really created a platform that's focused on identifying and stopping breaches as well as now, extending that out into helping IT identify assets and their hygiene and basically providing more visibility into IT assets. So, we talked about the convergence of that. Maybe we'll get into it, but. >> Dave Vellante: Sure. >> We're doing pretty well. And from our standpoint, we've got a lot of customers, almost 20,000, that rely on us day to day to help stop the breach. >> Well, and when you dig into the CrowdStrike architecture, what's so fascinating is, you know, Dave, we've talked about this: agent bad. Well, not necessarily, if you can have a lightweight agent that can scale and support a number of modules, then you can consolidate all these point tools out there. You talked about in your keynote, your pillars, workloads, which really end points >> Right. >> ID, which we're going to talk about. Identity data and network security. You're not a network security specialist, >> Right. >> But the other three, >> Yes. >> You're knocking down. >> Yeah. >> You guys went deep into that today. Talk about that. >> We did, most folks are going to know us for endpoint and Cloud workload protection and visibility. We did an acquisition almost two years to the day on preempt. And that was our identity play, identity threat protection and detection. And that really turned out to be a smart move, because it's the hottest topic right now. If you look at all the breaches over the last couple years, it's all identity based. Big, big talking points in our keynotes today. >> Dave Vellante: Right. >> And then the third area is on data, and data is really the you know, the new currency that people trade in. So how do you identify and protect endpoints and workloads? How do you tie that together with identity, as well as understanding how you connect the dots and the data and where data flows? And that's really been our focus and we continue to deliver on that for customers. >> And you've had a real dogma, I'll call it, about Cloud Native. I've had this conversation with Frank Slootman, "No we're not going to do a halfway house." You, I think, said it really well today. I think it was you who said it. If you've got On-Prem and Cloud, you got two code bases, >> George Kurtz: Right. >> That you got to maintain. >> That's it, yeah. >> And that means you're taking away resources from one or the other. >> That's exactly right. And what a lot of our competitors have done is they started On-Prem as an AV vendor, and then they took what they had and they basically put it in a Cloud instance called a Cloud, which doesn't really scale. And then, you know, where they need to, they basically still keep their On-Prem, and that just diffuses your engineering team. And most of the On-Prem stuff doesn't even have the features of what they're trying to offer from the Cloud. So either you're Cloud Native or you're not. You can't be halfway. >> But it doesn't mean that you can't include and ingest On-Prem data- >> Well, absolutely. >> into your platform, and that's what I think most people just some reason don't seem to understand. >> Well our agents run wherever. They certainly run On-Prem. >> Dave Vellante: Right. Right. >> And they run in the Cloud, they run wherever. But the crowd in the CrowdStrike is the fact that we can crowdsource this threat information at scale into our threat graph, which gives us unique insight, 7 trillion events per week. And you can't do that if you're not Cloud Native. And that crowd gives the, we call, community immunity. We see all kinds of attacks across 176 different countries. That benefit accrues to all of our customers. >> But how do you envision and maintain and preserve a lightweight agent that can support so many modules? As you do more acquisitions and you knock down new areas and bring in new functionality, go after things like operations technology, how is it that you're able to keep that agent lightweight? >> Well, we started as a platform company, meaning that the whole idea was we're going to build a lightweight agent. First iteration had no security capabilities. It was collect data, get it into a common data architecture or threat graph, in one spot. And then once we had the data then we applied AI to it and we created different workflows. So, the first incarnation was get data into the Cloud at scale. And that still holds true today. So if you think about why we can actually have all these different modules without an impact on the performance, it's we collect data one time. It's a threat data, you know? We're not collecting user data, but threat data collection mechanism. Once we have all that data, then we can slice and dice and create other modules. So the new modules never have to even touch the agent 'cause we've already collected the data. >> I'm going to just keep going, Dave, unless you shove your way in. >> No, no, go ahead. No, no, no. I'm waiting to pounce. >> But okay, so, I think, George, but George, I need to ask you about a comment that you made about we're not just shoving it into a data lake. But you are collecting all the data. Can you explain that nuance? >> Yeah. So there's a difference between a collect and forward agent. It means they just collect a bunch of data. They'll probably store it in a lot of space on the endpoint. It's slow and cumbersome, and then they'll forward it up into another data lake. So you have no context going into no context. Our agent is a smart agent, which actually allows us to always track the context of all these processes in what's happening on the endpoint. And it's a mini graph, meaning we keep track of the relationships. And as we ship that contextual information to the Cloud, we never lose that context. And then it goes into the bigger graph database, always with the same level of context. So, we keep the context of each individual workload or endpoint, and then across the Cloud, we have the context of all of those put together. It's massive. And that allows us to create different insights rather than a data lake, which is, you know, you're looking for, you're creating a bigger needle stack looking for needles. >> And I'm envisioning almost an index that is super, super fast. I mean, you're talking about sub, well second kind of near real time responses, correct? >> Absolutely. So a lot of what we do in terms of protection is already pushed down to the endpoint , 'cause it has intelligence and the AI model. And then again, the Cloud is always looking for different anomalies, not only on each individual endpoint or workload, but across the entire spectrum of our customer base. And that's all real time. It continually self-learns from all the data we collect. >> So when, yeah, when you've made these architectural decisions over time, there was a time when saying that you needed to run an agent could be a deal killer somewhere for people who argued against that. >> George Kurtz: Right. >> You've made the right decision there, clearly. Having everything be crowdsourced into Cloud makes perfect sense. Has that, though, posed a challenge from a sovereignty perspective? If you were deploying stuff On-Prem all over the place, you don't need to worry about that. Everything is here >> George Kurtz: Yeah. >> in a given country. How do you address the challenges of sovereignty when these agents are sending data into some sort of centralized Cloud space that crosses boundaries? >> Well, yeah, I guess what we would, let me go back to the beginning. So I started company in 2011 and I had to convince people that delivering endpoint security from the Cloud was going to be a good thing. >> Dave Vellante: Right. (chuckles) >> You know, you go into a Swiss bank and a bunch of other places and they're like, you're crazy. Right? >> Dave Nicholson: Right. >> They all became customers afterwards, right? And you have to just look at what they're doing. And the question I would have in the early days is, well, let me ask you are you using Dropbox, Box? Are you using a Microsoft? You know, what are you using? Well, they're all sending data to the Cloud. So good news! You already have a model, you've already approved that, right? So let's talk about our benefit. And you know, you can either have an adversary steal your data or you can send threat data to our Cloud, which by the way is in a lot of sovereign Clouds that are out there. And when you actually break it down to what we're sending to the Cloud, it's threat data, right? It isn't user files and documents and stuff. It's threat data. So, we work through all of that. And the Cloud is bigger than CrowdStrike. So you look at Sales Force, Service Now, Workday, et cetera. That's being used all over the place, Box, Dropbox. We just tagged onto it. Like why shouldn't security be the platform of record, and why shouldn't CrowdStrike be the platform of record and be the pillar of Cloud security? >> Explain your observability strategy, 'cause you acquired Humio for, I mean, I think it was $400 million, which is a song. >> Yeah. >> And then Reposify is the latest acquisition. I see that as an extension, 'cause it gives you visibility. Is that part of your security, of your observability play? Explain where you do play and don't play. >> Sure. Well observability is a big, you know, fluffy word. Where we play is in probably the first two areas of observability, right? There's five, kind of, pillars. We're focused on event collection. Let's get events from the endpoints. Let's get events from really anywhere in the network. And we can do that with Humio is now log scale. And then the second piece is with our agents, let's get an understanding of their, the asset itself. What is the asset? What state is it in? Does it have vulnerabilities? Does it have, you know, is it running out of disc space? Is it have, does it have a performance issue? Those are really the first two, kind of, areas of observability. We're not in application performance, we're in let's collect data from the endpoint and other sources, and let's understand if the thing is working, right? And that's a huge value for customers. And we can do that because we already have a privileged spot on the endpoint with our agent. >> Got it. Question on the TAM. Like I look at your TAMs, your charts, I love it. You know, generally do. Were you taking known data from you know, firms like IDC >> George Kurtz: Yeah. >> and saying, okay we're going to play there, now we're made this acquisition. We're new modules, now we're playing there. Awesome. I think you got a big TAM. And I guess that's, that's the point. There's no lack of market for you. >> George Kurtz: Right. >> But I do feel like there's this unknown unquantifiable piece of your TAM. IDC can't see it, 'cause they're kind of looking back >> George Kurtz: Right. >> seein' what the market do last year and we'll forecast it out. It's almost, you got to be a futurist to see it. How do you think about your total available market and the opportunity that's out there? >> Well, it's well in excess of 120 billion and we've actually updated that recently. So it's even beyond that. But if you look at all the modules each module has a discreet TAM and again, for what, you know, what we're focused on is how do you give an outcome to a customer? So a lot of the modules map back into specific TAM and product categories. When you add 'em all up and when you look at, you know, some of the new things that we're coming out with, again, it's well in excess of 120 billion. So that's why we like to say like, you know, we're not an endpoint company. We're really, truly a security platform company that was born in the Cloud. And I think if you see the growth rates, and one of the things that we've talked about, and I think you might have pointed out in prior podcasts, is we're the second fastest company to 2 billion dollars in annual recurring revenue, only behind Zoom. And you know I would argue- great company, by the way, a customer- but that was a black Swan event in a pandemic, right? >> Dave Vellante: I'll say! >> Yeah. >> So we are rarefied air when you think about the capabilities that we have and the performance and the TAM that's available to us. >> The other thing I said in my breaking analysis was 'cause you guys aspire to be a generational company. And I think you got a really good shot at being one, but to be a generational company, you have to have an ecosystem. So I'd love you to talk about the ecosystem, but where you want to see it in five years. >> Well, it really is a good point and we are a partner first company. Ecosystem is really important. Cameras probably can't see all the vendors that are here that are our partners, right? It's a big part of this show that we're at. You see a lot of, well, you see some vendors behind us. >> Yep. >> We have to realize in 2022, and I think this is something that we did well and it's my philosophy, is we are not the only game in town. We like to be, and we are, for many companies the security platform on record, but we don't do everything. We talked about network in other areas. We can't do everything. You can't be good and try to do everything. So, for customers today, what they're looking at is best of platform. And in the early days of security, I've been in it over 30 years, it used to be best of breed products, then it was best of suite, now it's best of platform. So what do I mean by that? It means that customers don't want to engineer their own solution. They, like Lego blocks, they want to pull the platforms, and they want to stitch 'em together via API. And they want to say, okay, CrowdStrike works with Okta, works with Zscaler, works with Proofpoint, et cetera. And that's what customers want. So, ecosystem is incredibly important for us. >> Explain that. You mentioned Okta, I had another question for you. I was at Reinforce, and I saw this better together presentation, CrowdStrike and Okta talking about identity. You've got an identity module. Explain to people how you're not competing with Okta. You guys complement each other, there. >> Well, an identity kind of broker, if you will, is basically what Okta does in others, right? So you log in single sign on and you get access. They broker access to all these other applications. >> Dave Vellante: Right. >> That's not what we do. What we do is we look at those endpoints and workloads and domain controllers and directory services and we figure out, are there vulnerabilities and are there threats associated with them? And we call that out. The second piece, which is critical, is we prevent lateral movement. So if credentials are stolen we can prevent those credentials from being laundered or used and moved laterally, which is a key part of how breaches happen. We then create a trust score on those endpoints and workloads. And we basically say, okay, do we think the trust on the endpoint and workload is high or low? Do we think the identity, you know, is it George on the endpoint, or not? We give that a score. And we pass that along to Okta or Ping or whoever, and they then use that as part of their calculus in how they broker access to other resources. So it really is better together. >> So your execution has been stellar. This is my competition question. You obviously have competition out there. I think architecturally, you've got some advantages. You have a great relationship with AWS. I don't know what's going on with Google, but Kevin's up on stage. >> George Kurtz: Yeah. >> They're now part of Google. >> George Kurtz: We have a great relationship with them. >> Microsoft obviously, a competitor. You obviously do some things in, >> Right. >> in Azure. Are you building the security Cloud? >> We are. We think we are, because when you look at the amount of data that we actually ingest, when you look at companies using us for critical decisions and critical protection, not only on their On-Prem, but also in their Cloud environment, and the knowledge we have, we think it is a security Cloud. You know, you had, you had Salesforce and Workday and ServiceNow and each of them had their respective Clouds. When I started the company, there was no security Cloud. You know, it wasn't any of the companies that you know. It wasn't the firewall companies, wasn't the AV companies. And I think we really defined ourselves as the security Cloud. And the level of knowledge and insights we have in our Cloud, I think, are world class. >> But you know, it's a difference of being those- 'cause you mentioned those other, you know, seminal Clouds. They, like Salesforce, Workday, they're building their own Clouds. Maybe not so much Workday, but certainly Salesforce and ServiceNow built their own >> Yeah. >> Clouds, their own data centers. You're building on top of hyperscalers, correct? >> Well, >> Well you have your own data centers, too. >> We have our own data centers, yeah. So when we first started, we started in AWS as many do, and we have a great relationship there. We continue to build out. We are a huge customer and we also have, you know, with data sovereignty and those sort of things, we've got a lot of our sort of data that sits in our private Cloud. So it's a hybrid approach and we think it's the best of both worlds. >> Okay. And you mean you can manage those costs and it's, how do you make the decision? Is it just sovereignty or is it cost as well? >> Well, there's an operational element. There's cost. There's everything. There's a lot that goes into it. >> Right. >> And at the end of the day we want to make sure that we're using the right technology in the right Clouds to solve the right problem. >> Well, George, congratulations on being back in person. That's got to feel good. >> It feels really good. >> Got a really good audience here. I don't know what the numbers are but there's many thousands here, >> Thousands, yeah. >> at the ARIA. Really appreciate your time. And thanks for having The Cube here. You guys built a great set for us. >> Well, we appreciate all you do. I enjoy your programs. And I think hopefully we've given the audience a good idea of what CrowdStrike's all about, the impact we have and certainly the growth trajectory that we're on. So thank you. >> Fantastic. All right, George Kurtz, Dave Vellante for Dave Nicholson. We're going to wrap up day one. We'll be back tomorrow, first thing in the morning, live from the ARIA. We'll see you then. (calm music)

(upbeat music) >> Hello everyone, and welcome to Fal.Con 2022, CrowdStrike's big user conference. You're watching the Cube. My name is Dave Vallante. I'm here with my co-host David Nicholson. CrowdStrike is a company that was founded over 10 years ago. This is about 11 years, almost to the day. They're 2 billion company in revenue terms. They're growing at about 60% a year. They've got a path they've committed to wall street. They've got a path to $5 billion by mid decade. They got a $40 billion market cap. They're free, free cash flow positive and trying to build essentially a generational company with a very growing Tam and a modern platform. CrowdStrike has the fundamental belief that the unstoppable breach is a myth. David Nicholson, even though CSOs don't believe that, CrowdStrike is on a mission. Right? >> I didn't hear the phrase. Zero trust mentioned in the keynote >> Right. >> What was mentioned was this idea that CrowdStrike isn't simply a tool, it's a platform. And obviously it takes a platform to get to 5 billion. >> Yeah. So let's talk about the keynote. George Kurtz, the CEO came on. I thought the keynote was, was measured, but very substantive. It was not a lot of hype in there. Most security conferences, the two exceptions are this one and Reinforce, Amazon's big security conference. Steven Schmidt. The first time I was at a Reinforce said "All this narrative about security is such a bad industry" and "We're not doing a great job." And "It's so scary." That doesn't help the industry. George Kurtz sort of took a similar message. And you know what, Dave? When I think of security outside the context of IT I think of like security guards >> Right. >> Like protecting the billionaires. Right? That's a powerful, you know, positive thing. It's not really a defensive movement even though it is defensive but so that was kind of his posture there. But he talked about essentially what I call, not his words permanent changes in the, in the in the cyber defense industry, subsequent to the pandemic. Again, he didn't specifically mention the pandemic but he alluded to, you know, this new world that we live in. Fal.Con is a hundred sessions, eight tracks. And really his contention is we're in the early innings. These guys got 20,000 customers. And I think they got the potential to have hundreds of thousands. >> Yeah. Yeah. So, if I'm working with a security company I want them to be measured. I'm not looking for hype. I don't want those. I don't want those guards to be in disco shirts. I want them in black suits. So, you know, so the, the, the point about measured is is I think a positive one. I was struck by the competence of the people who were on stage today. I have seen very very large companies become kind of bureaucratic. And sometimes you don't get the best of the best up on stage. And we saw a lot of impressive folks. >> Yeah. Michael Santonis get up, but before we get to him. So, a couple points that Kurtz made he said, "digital transformation is needed to bring modern architectures to IT. And that brings modern security." And he laid out that whole sort of old way, new way very Andy Jassy-like old guard, new guard. He didn't hit on it that hard but he basically said "security is all about mitigating risk." And he mentioned that the the CSO I say CSO, he says CSO or CSO has a seat at the board. Now, many CSOs are board level participants. And then he went into the sort of four pillars of, of workload, and the areas that they focus on. So workload to them is end point, identity, and then data. They don't touch network security. That's where they partner with the likes of Cisco, >> Right. >> And Palo Alto networks. But then they went deep into identity threat protection, data, which is their observability platform from an acquisition called Humio. And then they went big time into XDR. We're going to talk about all this stuff. He said, "data is the new digital currency." Talked a lot about how they're now renaming, Humio, Log Scale. That's their Splunk killer. We're going to talk about that all week. And he talked a little bit about the single agent architecture. That is kind of the linchpin of CrowdStrike's architecture. And then Michael Santonis, the CTO came on and did a deep dive into each of those, and really went deep into XDR extended, right? Detection and response. XDR building on EDR. >> Yeah. I think the subject of XDR is something we'll be, we'll be touching on a lot. I think in the next two days. I thought the extension into observability was very, very interesting. When you look at performance metrics, where things are gathering those things in and being able to use a single agent to do so. That speaks to this idea that they are a platform and not just a tool. It's easy to say that you aspire to be a platform. I think that's a proof point. On the subject, by the way of their fundamental architecture. Over the years, there have been times when saying that your infrastructure requires an agent that would've been a deal killer. People say "No agents!" They've stuck to their guns because they know that the best way to deliver what they deliver is to have an agent in the environment. And it has proven to be the right strategy. >> Well, this is one of the things I want to explore with the technical architects that come on here today is, how do you build a lightweight agent that can do everything that you say it's going to do? Because they started out at endpoint, and then they've extended it to all these other modules, you know, identity. They're now into observability. They've got this data platform. They just announced that acquisition of another company they bought Preempt, which is their identity. They announced Responsify, responsify? Reposify, which is sort of extends the observability and gives them visualization or visibility. And I'm like, how do you take? How do you keep an agent lightweight? That's one of the things I want to better understand. And then the other is, as you get into XDR I thought Michael Santonis was pretty interesting. He had black hat last month. He did a little video, you know. >> That was great >> Man in the street, what's XDR what's XDR what's XDR. I thought the best response was, somebody said "a holistic approach to end point security." And so it's really an evolution of, of EDR. So we're going to talk about that. But, how do you keep an agent lightweight and still support all these other capabilities? That's something I really want to dig into, you know, without getting bloated. >> Yeah, Yeah. I think it's all about the TLAs, Dave. It's about the S, it's about SDKs and APIs and having an ecosystem of partners that will look at the lightweight agent and then develop around it. Again, going back to the idea of platform, it's critical. If you're trying to do it all on your own, you get bloat. If you try to be all things to all people with your agent, if you try to reverse engineer every capability that's out there, it doesn't work. >> Well that's one of the things that, again I want to explore because CrowdStrike is trying to be a generational company. In the Breaking Analysis that we published this week. One of the things I said, "In order to be a generational company you have to have a strong ecosystem." Now the ecosystem here is respectable, you know, but it's obviously not AWS class. You know, I think Snowflake is a really good example, ServiceNow. This feels to me like ServiceNow circa 2013. >> Yeah. >> And we've seen how ServiceNow has evolved. You know, Okta, bought Off Zero to give them the developer angle. We heard a little bit about a developer platform today. I want to dig into that some more. And we heard a lot about everybody hates their DLP. I want to get rid of my DLP, data loss prevention. And so, and the same thing with the SIM. One of the ETR round table, Eric Bradley, our colleague at a round table said "If it weren't for the compliance requirements, I would replace my SIM with XDR." And so that's again, another interesting topic. CrowdStrike, cloud native, lightweight agent, you know, some really interesting tuck in acquisitions. Great go-to-market, you know, not super hype just product that works and gets stuff done, you know, seems to have a really good, bright future. >> Yeah, no, I would agree. Definitely. No hype necessary. Just constant execution moving forward. It's clearly something that will be increasingly in demand. Another subject that came up that I thought was interesting, in the keynote, was this idea of security for elections, extending into the realm of misinformation and disinformation which are both very very loaded terms. It'll be very interesting to see how security works its way into that realm in the future. >> Yeah, yeah, >> Yeah. >> Yeah, his guy, Kevin Mandia, who is the CEO of Mandiant, which just got acquired. Google just closed the deal for $5.4 billion. I thought that was kind of light, by the way, I thought Mandiant was worth more than that. Still a good number, but, and Kevin, you know was the founder and, >> Great guy. >> they were self-funded. >> Yeah, yeah impressive. >> So. But I thought he was really impressive. He talked about election security in terms of hardening you know, the election infrastructure, but then, boom he went right to what I see as the biggest issue, disinformation. And so I'm sitting there asking myself, okay how do you deal with that? And what he talked about was mapping network effects and monitoring network effects, >> Right. >> to see who's pumping the disinformation and building career streams to really monitor those network effects, positive, you know, factual or non-factual network or information. Because a lot of times, you know, networks will pump factual information to build credibility. Right? >> Right. >> And get street cred, earn that trust. You know, you talk about zero trust. And then pump disinformation into the network. So they've now got a track. We'll get, we have Kevin Mandia on later with Sean Henry who's the CSO yeah, the the CSO or C S O, chief security officer of CrowdStrike >> more TLA. Well, so, you can think of it as almost the modern equivalent of the political ad where the candidate at the end says I support this ad or I stand behind whatever's in this ad. Forget about trying to define what is dis or misinformation. What is opinion versus fact. Let's have a standard for finding, for exposing where the information is coming from. So if you could see, if you're reading something and there is something that is easily de-code able that says this information is coming from a troll farm of a thousand bots and you can sort of examine the underlying ethos behind where this information is coming from. And you can take that into consideration. Personally, I'm not a believer in trying to filter stuff out. Put the garbage out there, just make sure people know where the garbage is coming from so they can make decisions about it. >> So I got a thought on that because, Kevin Mandia touched on it. Again, I want to ask about this. He said, so this whole idea of these, you know detecting the bots and monitoring the networks. Then he said, you can I think he said something that's to the effect of. "You can go on the offensive." And I'm thinking, okay, what does that mean? So for instance, you see it all the time. Anytime I see some kind of fact put out there, I got to start reading the comments and like cause I like to see both sides, you know. I'm right down the middle. And you'll go down and like 40 comments down, you're like, oh this is, this is fake. This video was edited, >> Right. >> Da, da, da, da, and then a bunch of other people. But then the bots take over and that gets buried. So, maybe going on the offensive is to your point. Go ahead and put it out there. But then the bots, the positive bots say, okay, by the way, this is fake news. This is an edited video FYI. And this is who put it out and here's the bot graph or something like that. And then you attack the bots with more bots and then now everybody can sort of of see it, you know? And it's not like you don't have to, you know email your friend and saying, "Hey dude, this is fake news." >> Right, right. >> You know, Do some research. >> Yeah. >> Put the research out there in volume is what you're saying. >> Yeah. So, it's an, it's just I thought it was an interesting segue into another area of security under the heading of election security. That is fraught with a lot of danger if done wrong, if done incorrectly, you know, you you get into the realm of opinion making. And we should be free to see information, but we also should have access to information about where the information is coming from. >> The other narrative that you hear. So, everything's down today again and I haven't checked lately, but security generally, we wrote about this in our Breaking Analysis. Security, somewhat, has held up in the stock market better than the broad tech market. Why? And the premise is, George Kurt said this on the last conference call, earnings call, that "security is non-discretionary." At the same time he did say that sales cycles are getting a little longer, but we see this as a positive for CrowdStrike. Because CrowdStrike, their mission, or one of their missions is to consolidate all these point tools. We've talked many, many times in the Cube, and in Breaking Analysis and on Silicon Angle, and on Wikibon, how the the security business use too many point tools. You know this as a former CTO. And, now you've got all these stove pipes, the number one challenge the CSOs face is lack of talent. CrowdStrike's premise is they can consolidate that with the Fal.Con platform, and have a single point of control. "Single pane of glass" to use that bromide. So, the question is, is security really non-discretionary? My answer to that is yes and no. It is to a sense, because security is the number one priority. You can't be lax on security. But at the same time the CSO doesn't have an open checkbook, >> Right. >> He or she can't just say, okay, I need this. I need that. I need this. There's other competing initiatives that have to be taken in balance. And so, we've seen in the ETR spending data, you know. By the way, everything's up relative to where it was, pre you know, right at the pandemic, right when, pandemic year everything was flat to down. Everything's up, really up last year, I don't know 8 to 10%. It was expected to be up 8% this year, let's call it 6 to 7% in 21. We were calling for 7 to 8% this year. It's back down to like, you know, 4 or 5% now. It's still healthy, but it's softer. People are being more circumspect. People aren't sure about what the fed's going to do next. Interest rates, you know, loom large. A lot of uncertainty out here. So, in that sense, I would say security is not non-discretionary. Sorry for the double negative. What's your take? >> I think it's less discretionary. >> Okay. >> Food, water, air. Non-discretionary. (David laughing) And then you move away in sort of gradations from that point. I would say that yeah, it is, it falls into the category of less-discretionary. >> Alright. >> Which is a good place to be. >> Dave Nicholson and David Vallante here. Two days of wall to wall coverage of Fal.Con 2022, CrowdStrike's big user conference. We got some great guests. Keep it right there, we'll be right back, right after this short break. (upbeat music)

(bright music) >> Welcome back everyone. theCube's live coverage here. Day two, of two sets, three days of theCube coverage here at VMware Explore. This is our 12th year covering VMware's annual conference, formerly called VM World. I'm John Furrier, with Dave Vellante. We'd love seeing the progress and we've got great security comes Tom Gill, senior vices, president general manager, networking and advanced security business group at VMware. Great to see you. Thanks for coming on. >> Thanks. for having me. >> Yeah, really happy we could have you on. >> I think this is my sixth edition on the theCube. Do I get frequent flyer points or anything? >> Yeah. >> You first get the VIP badge. We'll make that happen. You can start getting credits. >> Okay, there we go. >> We won't interrupt you. Seriously, you got a great story in security here. The security story is kind of embedded everywhere, so it's not called out and blown up and talked specifically about on stage. It's kind of in all the narratives in the VM World for this year. But you guys have an amazing security story. So let's just step back and to set context. Tell us the security story for what's going on here at VMware and what that means to this supercloud, multi-cloud and ongoing innovation with VMware. >> Yeah, sure thing. So probably the first thing I'll point out is that security's not just built in at VMware. It's built differently. So, we're not just taking existing security controls and cut and pasting them into our software. But we can do things because of our platform, because of the virtualization layer that you really can't do with other security tools. And where we're very, very focused is what we call lateral security or East-West movement of an attacker. 'Cause frankly, that's the name of the game these days. Attackers, you've got to assume that they're already in your network. Already assume that they're there. Then how do we make it hard for them to get to the stuff that you really want? Which is the data that they're going after. And that's where we really should. >> All right. So we've been talking a lot, coming into VMware Explore, and here, the event. About two things. Security, as a state. >> Yeah. >> I'm secure right now. >> Yeah. >> Or I think I'm secure right now, even though someone might be in my network or in my environment. To the notion of being defensible. >> Yeah. >> Meaning I have to defend and be ready at a moment's notice to attack, fight, push back, red team, blue team. Whatever you're going to call it. But something's happening. I got to be able to defend. >> Yeah. So what you're talking about is the principle of Zero Trust. When I first started doing security, the model was we have a perimeter. And everything on one side of the perimeter is dirty, ugly, old internet. And everything on this side, known good, trusted. What could possibly go wrong. And I think we've seen that no matter how good you make that perimeter, bad guys find a way in. So Zero Trust says, you know what? Let's just assume they're already in. Let's assume they're there. How do we make it hard for them to move around within the infrastructure and get to the really valuable assets? 'Cause for example, if they bust into your laptop, you click on a link and they get code running on your machine. They might find some interesting things on your machine. But they're not going to find 250 million credit cards. >> Right. >> Or the script of a new movie or the super secret aircraft plans. That lives in a database somewhere. And so it's that movement from your laptop to that database. That's where the damage is done and that's where VMware shines. >> So if they don't have the right to get to that database, they're not in. >> And it's not even just the right. So they're so clever and so sneaky that they'll steal a credential off your machine, go to another machine, steal a credential off of that. So, it's like they have the key to unlock each one of these doors. And we've gotten good enough where we can look at that lateral movement, even though it has a credential and a key, we're like wait a minute. That's not a real CIS Admin making a change. That's ransomware. And that's where you. >> You have to earn your way in. >> That's right. That's right. Yeah. >> And we're all kinds of configuration errors. But also some user problems. I've heard one story where there's so many passwords and username and passwords and systems that the bad guys scour, the dark web for passwords that have been exposed. >> Correct. >> And go test them against different accounts. Oh one hit over here. >> Correct. >> And people don't change their passwords all the time. >> Correct. >> That's a known vector. >> Just the idea that users are going to be perfect and never make a mistake. How long have we been doing this? Humans are the weakest link. So people are going to make mistakes. Attackers are going to be in. Here's another way of thinking about it. Remember log4j? Remember that whole fiasco? Remember that was at Christmas time. That was nine months ago. And whoever came up with that vulnerability, they basically had a skeleton key that could access every network on the planet. I don't know if a single customer that said, "Oh yeah, I wasn't impacted by log4j." So here's some organized entity had access to every network on the planet. What was the big breach? What was that movie script that got stolen? So there wasn't one, right? We haven't heard anything. So the point is, the goal of attackers is to get in and stay in. Imagine someone breaks into your house, steals your laptop and runs. That's a breach. Imagine someone breaks into your house and stays for nine months. It's untenable, in the real world, right? >> Right. >> We don't know in there, hiding in the closet. >> They're still in. >> They're watching everything. >> Hiding in your closet, exactly. >> Moving around, nibbling on your cookies. >> Drinking your beer. >> Yeah. >> So let's talk about how this translates into the new reality of cloud-native. Because now you hear about automated pentesting is a new hot thing right now. You got antivirus on data is hot within APIs, for instance. >> Yeah. >> API security. So all kinds of new hot areas. Cloud-native is very iterative. You know, you can't do a pentest every week. >> Right. >> You got to do it every second. >> So this is where it's going. It's not so much simulation. It's actually real testing. >> Right. Right. >> How do you view that? How does that fit into this? 'cause that seems like a good direction to me. >> Yeah. If it's right in, and you were talking to my buddy, Ahjay, earlier about what VMware can do to help our customers build cloud native applications with Tanzu. My team is focused on how do we secure those applications? So where VMware wants to be the best in the world is securing these applications from within. Looking at the individual piece parts and how they talk to each other and figuring out, wait a minute, that should never happen. By almost having an x-ray machine on the innards of the application. So we do it for both for VMs and for container based applications. So traditional apps are VM based. Modern apps are container based. And we have a slightly different insertion mechanism. It's the same idea. So for VMs, we do it with a hypervisor with NSX. We see all the inner workings. In a container world we have this thing called a service mesh that lets us look at each little snippet of code and how they talk to each other. And once you can see that stuff, then you can actually apply. It's almost like common sense logic of like, wait a minute. This API is giving back credit card numbers and it gives five an hour. All of a sudden, it's now asking for 20,000 or a million credit cards. That doesn't make any sense. The anomalies stick out like a sore thumb. If you can see them. At VMware, our unique focus in the infrastructure is that we can see each one of these little transactions and understand the conversation. That's what makes us so good at that East-West or lateral security. >> You don't belong in this room, get out or that that's some weird call from an in memory database, something over here. >> Exactly. Where other security solutions won't even see that. It's not like there algorithms aren't as good as ours or better or worse. It's the access to the data. We see the inner plumbing of the app and therefore we can protect the app from. >> And there's another dimension that I want to get in the table here. 'Cause to my knowledge only AWS, Google, I believe Microsoft and Alibaba and VMware have this. >> Correct >> It's Nitro. The equivalent of a Nitro. >> Yes. >> Project Monterey. >> Yeah. >> That's unique. It's the future of computing architectures. Everybody needs a Nitro. I've written about this. >> Yeah. >> Right. So explain your version. >> Yeah. >> It's now real. >> Yeah. >> It's now in the market, right? >> Yeah. >> Or soon will be. >> Here's our mission. >> Salient aspects. >> Yeah. Here's our mission of VMware. Is that we want to make every one of our enterprise customers. We want their private cloud to be as nimble, as agile, as efficient as the public cloud. >> And secure. >> And secure. In fact, I'll argue, we can make it actually more secure because we're thinking about putting security everywhere in this infrastructure. Not just on the edges of it. Okay. How do we go on that journey? As you pointed out, the public cloud providers realized five years ago that the right way to build computers was not just a CPU and a graphics process unit, GPU. But there's this third thing that the industry's calling a DPU, data processing unit. And so there's kind of three pieces of a computer. And the DPU is sometimes called a Smartnic. It's the network interface card. It does all that network handling and analytics and it takes it off the CPU. So they've been building and deploying those systems themselves. That's what Nitro is. And so we have been working with the major Silicon vendors to bring that architecture to everybody. So with vSphere 8, we have the ability to take the network processing, that East-West inspection I talked about, take it off of the CPU and put it into this dedicated processing element called the DPU and free up the CPU to run the applications that Ahjay and team are building. >> So no performance degradation at all? >> Correct. To CPU offload. >> So even the opposite, right? I mean you're running it basically Bare Metal speeds. >> Yes, yes and yes. >> And you're also isolating the storage from the security, the management, and. >> There's an isolation angle to this, which is that firewall, that we're putting everywhere. Not just that the perimeter, but we put it in each little piece of the server is running when it runs on one of these DPUs it's a different memory space. So even if an attacker gets to root in the OS, they it's very, very, never say never, but it's very difficult. >> So who has access to that resource? >> Pretty much just the infrastructure layer, the cloud provider. So it's Amazon, Google, Microsoft, and the enterprise. >> Application can't get in. >> Can't get in there. Cause you would've to literally bridge from one memory space to another. Never say never, but it would be very. >> But it hasn't earned the trust to get. >> It's more than barbwire. It's multiple walls. >> Yes. And it's like an air gap. It puts an air gap in the server itself so that if the server is compromised, it's not going to get into the network. Really powerful. >> What's the big thing that you're seeing with this supercloud transition. We're seeing multi-cloud and this new, not just SaaS hosted on the cloud. >> Yeah. >> You're seeing a much different dynamic of, combination of large scale CapEx, cloud-native, and then now cloud-native drills on premises and edge. Kind of changing what a cloud looks like if the cloud's on a cloud. >> Yeah. >> So we're the customer, I'm building on a cloud and I have on premise stuff. So, I'm getting scale CapEx relief from the hyperscalers. >> I think there's an important nuance on what you're talking about. Which is in the early days of the cloud customers. Remember those first skepticism? Oh, it'll never work. Oh, that's consumer grade. Oh, that's not really going to work. Oh some people realize. >> It's not secure. >> Yeah. It's not secure. >> That one's like, no, no, no it's secure. It works. And it's good. So then there was this sort of over rush. Let's put everything on the cloud. And I had a lot of customers that took VM based applications said, I'm going to move those onto the cloud. You got to take them all apart, put them on the cloud and put them all back together again. And little tiny details like changing an IP address. It's actually much harder than it looks. So my argument is, for existing workloads for VM based workloads, we are VMware. We're so good at running VM based workloads. And now we run them on anybody's cloud. So whether it's your east coast data center, your west coast data center, Amazon, Google, Microsoft, Alibaba, IBM keep going. We pretty much every. >> And the benefit of the customer is what. >> You can literally VMotion and just pick it up and move it from private to public, public to private, private to public, Back and forth. >> Remember when we called Vmotion BS, years ago? >> Yeah. Yeah. >> VMotion is powerful. >> We were very skeptical. We're like, that'll never happen. I mean we were. This supposed to be pat ourselves on the back. >> Well because alchemy. It seems like what you can't possibly do that. And now we do it across clouds. So it's not quite VMotion, but it's the same idea. You can just move these things over. I have one customer that had a production data center in the Ukraine. Things got super tense, super fast and they had to go from their private cloud data center in the Ukraine, to a public cloud data center out of harm's way. They did it over a weekend. 48 hours. If you've ever migrated a data center, that's usually six months. Right. And a lot of heartburn and a lot of angst. Boop. They just drag and dropped and moved it on over. That's the power of what we call the cloud operating model. And you can only do this when all your infrastructures defined in software. If you're relying on hardware, load balancers, hardware, firewalls, you can't move those. They're like a boat anchor. You're stuck with them. And by the way, they're really, really expensive. And by the way, they eat a lot of power. So that was an architecture from the 90's. In the cloud operating model your data center. And this comes back to what you were talking about is just racks and racks of X86 with these magic DPUs, or smart nics, to make any individual node go blisteringly fast and do all the functions that you used to do in network appliances. >> We just had Ahjay taking us to school, and everyone else to school on applications, middleware, abstraction layer. And Kit Culbert was also talking about this across cloud. We're talking supercloud, super pass. If this continues to happen, which we would think it will happen. What does the security posture look like? It feels to me, and again, this is your wheelhouse. If supercloud happens with this kind of past layer where there's vMotioning going on. All kinds of spanning applications and data across environments. >> Yeah. Assume there's an operating system working on behind the scenes. >> Right. >> What's the security posture in all this? >> Yeah. So remember my narrative about the bad guys are getting in and they're moving around and they're so sneaky that they're using legitimate pathways. The only way to stop that stuff, is you've got to understand it at what we call Layer 7. At the application layer. Trying to do security to the infrastructure layer. It was interesting 20 years ago, kind of less interesting 10 years ago. And now it's becoming irrelevant because the infrastructure is oftentimes not even visible. It's buried in some cloud provider. So Layer 7 understanding, application awareness, understanding the APIs and reading the content. That's the name of the game in security. That's what we've been focused on. Nothing to do with the infrastructure. >> And where's the progress bar on that paradigm. One to ten. Ten being everyone's doing it. >> Right now. Well, okay. So we as a vendor can do this today. All the stuff I talked about, reading APIs, understanding the individual services looking at, Hey, wait a minute this credit card anomalies, that's all shipping production code. Where is it in customer adoption life cycle? Early days 10%. So there's a whole lot of headroom for people to understand, Hey, I can put these controls in place. They're software based. They don't require appliances. It's Layer 7, so it has contextual awareness and it's works on every single cloud. >> We talked about the pandemic being an accelerator. It really was a catalyst to really rethink. Remember we used to talk about Pat as a security do over. He's like, yes, if it's the last thing I do, I'm going to fix security. Well, he decided to go try to fix Intel instead. >> He's getting some help from the government. >> But it seems like CISOs have totally rethought their security strategy. And at least in part, as a function of the pandemic. >> When I started at VMware four years ago, Pat sat me down in his office and he said to me what he said to you, which is like, "Tom," he said, "I feel like we have fundamentally changed servers. We fundamentally change storage. We fundamentally change networking. The last piece of the puzzle of security. I want you to go fundamentally change it." And I'll argue that the work that we're doing with this horizontal security, understanding the lateral movement. East- West inspection. It fundamentally changes how security works. It's got nothing to do with firewalls. It's got nothing to do with Endpoint. It's a unique capability that VMware is uniquely suited to deliver on. And so Pat, thanks for the mission. We delivered it and it's available now. >> Those WET web applications firewall for instance are around, I mean. But to your point, the perimeter's gone. >> Exactly. >> And so you got to get, there's no perimeter. so it's a surface area problem. >> Correct. And access. And entry. >> Correct. >> They're entering here easy from some manual error, or misconfiguration or bad password that shouldn't be there. They're in. >> Think about it this way. You put the front door of your house, you put a big strong door and a big lock. That's a firewall. Bad guys come in the window. >> And then the windows open. With a ladder. >> Oh my God. Cause it's hot, bad user behavior trumps good security every time. >> And then they move around room to room. We're the room to room people. We see each little piece of the thing. Wait, that shouldn't happen. Right. >> I want to get you a question that we've been seeing and maybe we're early on this or it might be just a false data point. A lot of CSOs and we're talking to are, and people in industry in the customer environment are looking at CISOs and CSOs, two roles. Chief information security officer, and then chief security officer. Amazon, actually Steven Schmidt is now CSO at Reinforce. They actually called that out. And the interesting point that he made, we had some other situations that verified this, is that physical security is now tied to online, to your point about the service area. If I get a password, I still got the keys to the physical goods too. >> Right. So physical security, whether it's warehouse for them or store or retail. Digital is coming in there. >> Yeah. So is there a CISO anymore? Is it just CSO? What's the role? Or are there two roles you see that evolving? Or is that just circumstance. >> I think it's just one. And I think that the stakes are incredibly high in security. Just look at the impact that these security attacks are having on. Companies get taken down. Equifax market cap was cut 80% with a security breach. So security's gone from being sort of a nuisance to being something that can impact your whole kind of business operation. And then there's a whole nother domain where politics get involved. It determines the fate of nations. I know that sounds grand, but it's true. And so companies care so much about it they're looking for one leader, one throat to choke. One person that's going to lead security in the virtual domain, in the physical domain, in the cyber domain, in the actual. >> I mean, you mention that, but I mean, you look at Ukraine. I mean that cyber is a component of that war. I mean, it's very clear. I mean, that's new. We've never seen. this. >> And in my opinion, the stuff that we see happening in the Ukraine is small potatoes compared to what could happen. >> Yeah. >> So the US, we have a policy of strategic deterrence. Where we develop some of the most sophisticated cyber weapons in the world. We don't use them. And we hope never to use them. Because our adversaries, who could do stuff like, I don't know, wipe out every bank account in North America. Or turn off the lights in New York City. They know that if they were to do something like that, we could do something back. >> This is the red line conversation I want to go there. So, I had this discussion with Robert Gates in 2016 and he said, "We have a lot more to lose." Which is really your point. >> So this brand. >> I agree that there's to have freedom and liberty, you got to strike back with divorce. And that's been our way to balance things out. But with cyber, the red line, people are already in banks. So they're are operating below the red line line. Red line meaning before we know you're in there. So do we move the red line down because, hey, Sony got hacked. The movie. Because they don't have their own militia. >> Yeah. >> If their were physical troops on the shores of LA breaking into the file cabinets. The government would've intervened. >> I agree with you that it creates tension for us in the US because our adversaries don't have the clear delineation between public and private sector. Here you're very, very clear if you're working for the government. Or you work for an private entity. There's no ambiguity on that. >> Collaboration, Tom, and the vendor community. I mean, we've seen efforts to try to. >> That's a good question. >> Monetize private data and private reports. >> So at VMware, I'm very proud of the security capabilities we've built. But we also partner with people that I think of as direct competitors. We've got firewall vendors and Endpoint vendors that we work with and integrate. And so coopetition is something that exists. It's hard. Because when you have these kind of competing. So, could we do more? Of course we probably could. But I do think we've done a fair amount of cooperation, data sharing, product integration, et cetera. And as the threats get worse, you'll probably see us continue to do more. >> And the government is going to trying to force that too. >> And the government also drives standards. So let's talk about crypto. Okay. So there's a new form of encryption coming out called processing quantum. >> Quantum. Quantum computers have the potential to crack any crypto cipher we have today. That's bad. Okay. That's not good at all because our whole system is built around these private communications. So the industry is having conversations about crypto agility. How can we put in place the ability to rapidly iterate the ciphers in encryption. So, when the day quantum becomes available, we can change them and stay ahead of these quantum people. >> Well, didn't NIST just put out a quantum proof algo that's being tested right now by the community? >> There's a lot of work around that. Correct. And NIST is taking the lead on this, but Google's working on it. VMware's working on it. We're very, very active in how do we keep ahead of the attackers and the bad guys? Because this quantum thing is a, it's an x-ray machine. It's like a dilithium crystal that can power a whole ship. It's a really, really, really powerful tool. >> Bad things will happen. >> Bad things could happen. >> Well, Tom, great to have you on the theCube. Thanks for coming on. Take the last minute to just give a plug for what's going on for you here at VMWorld this year, just VMware Explore this year. >> Yeah. We announced a bunch of exciting things. We announced enhancements to our NSX family, with our advanced load balancer. With our edge firewall. And they're all in service of one thing, which is helping our customers make their private cloud like the public cloud. So I like to say 0, 0, 0. If you are in the cloud operating model, you have zero proprietary appliances. You have zero tickets to launch a workload. You have zero network taps and Zero Trust built into everything you do. And that's what we're working on. Pushing that further and further. >> Tom Gill, senior vices president, head of the networking at VMware. Thanks for coming on. We do appreciate it. >> Thanks for having us. >> Always getting the security data. That's killer data and security of the two ops that get the most conversations around DevOps and Cloud Native. This is The theCube bringing you all the action here in San Francisco for VMware Explore 2022. I'm John Furrier with Dave Vellante. Thanks for watching. (bright music)

(upbeat music) >> The cybersecurity landscape has changed dramatically over the past 24 to 36 months. Rapid cloud migration has created a new layer of security defense, sure, but that doesn't mean CISOs can relax. In many respects, it further complicates, or at least changes, the CISO's scope of responsibilities. In particular, the threat surface has expanded. And that creates more seams, and CISOs have to make sure their teams pick up where the hyperscaler clouds leave off. Application developers have become a critical execution point for cyber assurance. "Shift left" is the kind of new buzz phrase for devs, but organizations still have to "shield right," meaning the operational teams must continue to partner with SecOps to make sure infrastructure is resilient. So it's no wonder that in ETR's latest survey of nearly 1500 CIOs and IT buyers, that business technology executives cite security as their number one priority, well ahead of other critical technology initiatives including collaboration software, cloud computing, and analytics rounding out the top four. But budgets are under pressure and CISOs have to prioritize. It's not like they have an open checkbook. They have to contend with other key initiatives like those just mentioned, to secure the funding. And what about zero trust? Can you go out and buy zero trust or is it a framework, a mindset in a series of best practices applied to create a security consciousness throughout the organization? Can you implement zero trust? In other words, if a machine or human is not explicitly allowed access, then access is denied. Can you implement that policy without constricting organizational agility? The question is, what's the most practical way to apply that premise? And what role does infrastructure play as the enforcer? How does automation play in the equation? The fact is, that today's approach to cyber resilience can't be an "either/or," it has to be an "and" conversation. Meaning, you have to ensure data protection while at the same time advancing the mission of the organization with as little friction as possible. And don't even talk to me about the edge. That's really going to keep you up at night. Hello and welcome to this special CUBE presentation, "A Blueprint for Trusted Infrastructure," made possible by Dell Technologies. In this program, we explore the critical role that trusted infrastructure plays in cybersecurity strategies, how organizations should think about the infrastructure side of the cybersecurity equation, and how Dell specifically approaches securing infrastructure for your business. We'll dig into what it means to transform and evolve toward a modern security infrastructure that's both trusted and agile. First up are Pete Gerr and Steve Kenniston, they're both senior cyber security consultants at Dell Technologies. And they're going to talk about the company's philosophy and approach to trusted infrastructure. And then we're going to speak to Parasar Kodati, who's a senior consultant for storage at Dell Technologies to understand where and how storage plays in this trusted infrastructure world. And then finally, Rob Emsley who heads product marketing for data protection and cyber security. We're going to going to take a deeper dive with Rob into data protection and explain how it has become a critical component of a comprehensive cyber security strategy. Okay, let's get started. Pete Gerr, Steve Kenniston, welcome to theCUBE. Thanks for coming into the Marlborough studios today. >> Great to be here, Dave. Thanks. >> Thanks, Dave. Good to see you. >> Great to see you guys. Pete, start by talking about the security landscape. You heard my little wrap up front. What are you seeing? >> I thought you wrapped it up really well. And you touched on all the key points, right? Technology is ubiquitous today. It's everywhere. It's no longer confined to a monolithic data center. It lives at the edge. It lives in front of us. It lives in our pockets and smartphones. Along with that is data. And as you said, organizations are managing sometimes 10 to 20 times the amount of data that they were just five years ago. And along with that, cyber crime has become a very profitable enterprise. In fact, it's been more than 10 years since the NSA chief actually called cyber crime the biggest transfer of wealth in history. That was 10 years ago. And we've seen nothing but accelerating cyber crime and really sophistication of how those attacks are perpetrated. And so the new security landscape is really more of an evolution. We're finally seeing security catch up with all of the technology adoption, all the build out, the work from home and work from anywhere that we've seen over the last couple of years. We're finally seeing organizations, and really it goes beyond the IT directors, it's a board level discussion today. Security's become a board level discussion. >> Yeah, I think that's true as well. It's like it used to be that security was, "Okay, the SecOps team. You're responsible for security." Now you've got, the developers are involved, the business lines are involved, it's part of onboarding for most companies. You know, Steve, this concept of zero trust. It was kind of a buzzword before the pandemic. And I feel like I've often said it's now become a mandate. But it's still fuzzy to a lot of people. How do you guys think about zero trust? What does it mean to you? How does it fit? >> Yeah. Again, I thought your opening was fantastic. And this whole lead in to, what is zero trust? It had been a buzzword for a long time. And now, ever since the federal government came out with their implementation or desire to drive zero trust, a lot more people are taking it a lot more seriously, 'cause I don't think they've seen the government do this. But ultimately, it's just like you said, right? If you don't have trust to those particular devices, applications, or data, you can't get at it. The question is, and you phrase it perfectly, can you implement that as well as allow the business to be as agile as it needs to be in order to be competitive? 'Cause we're seeing, with your whole notion around DevOps and the ability to kind of build, make, deploy, build, make, deploy, right? They still need that functionality but it also needs to be trusted. It needs to be secure and things can't get away from you. >> Yeah. So it's interesting. I've attended every Reinforce since 2019, and the narrative there is, "Hey, everything in the cloud is great. And this narrative around, 'Oh, security is a big problem.' doesn't help the industry." The fact is that the big hyperscalers, they're not strapped for talent, but CISOs are. They don't have the capabilities to really apply all these best practices. They're playing Whac-A-Mole. So they look to companies like yours, to take your R&D and bake it into security products and solutions. So what are the critical aspects of the so-called Dell Trusted Infrastructure that we should be thinking about? >> Yeah, well, Dell Trusted Infrastructure, for us, is a way for us to describe the the work that we do through design, development, and even delivery of our IT system. So Dell Trusted Infrastructure includes our storage, it includes our servers, our networking, our data protection, our hyper-converged, everything that infrastructure always has been. It's just that today customers consume that infrastructure at the edge, as a service, in a multi-cloud environment. I mean, I view the cloud as really a way for organizations to become more agile and to become more flexible, and also to control costs. I don't think organizations move to the cloud, or move to a multi-cloud environment, to enhance security. So I don't see cloud computing as a panacea for security, I see it as another attack surface. And another aspect in front that organizations and security organizations and departments have to manage. It's part of their infrastructure today, whether it's in their data center, in a cloud, or at the edge. >> I mean, I think that's a huge point. Because a lot of people think, "Oh, my data's in the cloud. I'm good." It's like Steve, we've talked about, "Oh, why do I have to back up my data? It's in the cloud?" Well, you might have to recover it someday. So I don't know if you have anything to add to that or any additional thoughts on it? >> No, I mean, I think like what Pete was saying, when it comes to all these new vectors for attack surfaces, you know, people did choose the cloud in order to be more agile, more flexible. And all that did was open up to the CISOs who need to pay attention to now, okay, "Where can I possibly be attacked? I need to be thinking about is that secure?" And part of that is Dell now also understands and thinks about, as we're building solutions, is it a trusted development life cycle? So we have our own trusted development life cycle. How many times in the past did you used to hear about vendors saying you got to patch your software because of this? We think about what changes to our software and what implementations and what enhancements we deliver can actually cause from a security perspective, and make sure we don't give up or have security become a hole just in order to implement a feature. We got to think about those things. And as Pete alluded to, our secure supply chain. So all the way through, knowing what you're going to get when you actually receive it is going to be secure and not be tampered with, becomes vitally important. And then Pete and I were talking earlier, when you have tens of thousands of devices that need to be delivered, whether it be storage or laptops or PCs, or whatever it is, you want to be know that those devices can be trusted. >> Okay, guys, maybe Pete, you could talk about how Dell thinks about its framework and its philosophy of cyber security, and then specifically what Dell's advantages are relative to the competition. >> Yeah, definitely, Dave. Thank you. So we've talked a lot about Dell as a technology provider. But one thing Dell also is is a partner in this larger ecosystem. We realize that security, whether it's a zero trust paradigm or any other kind of security environment, is an ecosystem with a lot of different vendors. So we look at three areas. One is protecting data in systems. We know that it starts with and ends with data. That helps organizations combat threats across their entire infrastructure. And what it means is Dell's embedding security features consistently across our portfolios of storage, servers, networking. The second is enhancing cyber resiliency. Over the last decade, a lot of the funding and spending has been in protecting or trying to prevent cyber threats, not necessarily in responding to and recovering from threats. We call that resiliency. Organizations need to build resiliency across their organization, so not only can they withstand a threat, but they can respond, recover, and continue with their operations. And the third is overcoming security complexity. Security is hard. It's more difficult because of the things we've talked about, about distributed data, distributed technology, and attack surfaces everywhere. And so we're enabling organizations to scale confidently, to continue their business, but know that all the IT decisions that they're making have these intrinsic security features and are built and delivered in a consistent, secure way. >> So those are kind of the three pillars. Maybe we could end on what you guys see as the key differentiators that people should know about that Dell brings to the table. Maybe each of you could take a shot at that. >> Yeah, I think, first of all, from a holistic portfolio perspective, right? The secure supply chain and the secure development life cycle permeate through everything Dell does when building things. So we build things with security in mind, all the way from, as Pete mentioned, from creation to delivery, we want to make sure you have that secure device or asset. That permeates everything from servers, networking, storage, data protection, through hyperconverged, through everything. That to me is really a key asset. Because that means you understand when you receive something it's a trusted piece of your infrastructure. I think the other core component to think about, and Pete mentioned, as Dell being a partner for making sure you can deliver these things, is that even though that's part of our framework, these pillars are our framework of how we want to deliver security, it's also important to understand that we are partners and that you don't need to rip and replace. But as you start to put in new components, you can be assured that the components that you're replacing as you're evolving, as you're growing, as you're moving to the cloud, as you're moving to more on-prem type services or whatever, that your environment is secure. I think those are two key things. >> Got it. Okay. Pete, bring us home. >> Yeah, I think one of the big advantages of Dell is our scope and our scale, right? We're a large technology vendor that's been around for decades, and we develop and sell almost every piece of technology. We also know that organizations might make different decisions. And so we have a large services organization with a lot of experienced services people that can help customers along their security journey, depending on whatever type of infrastructure or solutions that they're looking at. The other thing we do is make it very easy to consume our technology, whether that's traditional on premise, in a multi-cloud environment, or as a service. And so the best-of-breed technology can be consumed in any variety of fashion, and know that you're getting that consistent, secure infrastructure that Dell provides. >> Well, and Dell's got probably the top supply chain, not only in the tech business, but probably any business. And so you can actually take your dog food, or your champagne, sorry, (laughter) allow other people to share best practices with your customers. All right, guys, thanks so much for coming up. I appreciate it. >> Great. Thank you. >> Thanks, Dave. >> Okay, keep it right there. After this short break, we'll be back to drill into the storage domain. You're watching "A Blueprint for Trusted Infrastructure" on theCUBE, the leader in enterprise and emerging tech coverage. Be right back. (upbeat music)

(inspiring music) >> Welcome back to The Cube's coverage here in Las Vegas. I'm John Furrier for re:Mars coverage. Two days of live action, a lot of things happening in space, robotics, automation, and machine learning. That's Mars spelled backwards, but that's machine learning, automation, robotics and space. Got a great guest, Jens Ortmann, associate director at Boston Consulting Group, also known as BCG. Jens, welcome to The Cube. >> Thank you very much. >> So tell me what you're working on. You've got a very cool project you're working on, 'Involved'. Take us through what it is, explain what the project is. >> Yeah, so I'm part of the data science unit within BCG Gamma and I'm focusing on solving business problems for the automotive industry. What I would like to talk about is actually a small internal site project that we were building. It's a conversion rate engine, where we built an advanced analytics tool that computes the conversion rate for car dealerships, at scale. So for every single car dealer in a market, we can compute the conversion rate. >> John: What is a conversion rate? Can you explain that? >> So a conversion rate is very simple. It's actually out of the people that come into your car dealership, how many do you, as a car dealer, manage to sell a car to? >> So, what's your sell, through monthly kind of- >> Per visitor that come into, so your walk-ins. >> So, physical? >> Physical, yeah. So this was for physical stores. It's actually a key metric for sales performance for car dealerships, or for the automotive manufacturers to be aware of. >> So I'm watching here in the show floor at re:Mars, you've got the 'Just Walk Through', which is Amazon's 'take whatever you want and go', are you seeing you're getting analytics on like people coming in, you can see them, there's a drop off rate? Take me through how it works, the challenges because I don't envision like, "Oh, so they walked in and they left but they didn't leave with a car." It's not take and walk out, it's not grab and go. But the concept of using computer vision, I can imagine it being a popular thing. So how do you measure this, people coming in? >> It's actually a big challenge that we learned when we were doing this project. Traditionally, people were measuring it with like these laser sensors but the signal is very, very messy. Now when we wanted to do it at scale, we partnered with an Israeli startup called Play Sense, who aggregate mobile phone data. So we used mobile footfall data to measure how many people visit a store. So it actually is a combination of three main data sources to get to the conversion rate. One, as I mentioned, the mobile footfall data, the second one is building footprints, actual outlines of buildings that we source from the cadastral agency that we need to use it to cut out the footfall data to get the visitors. And the third one, of course, is sales that we get from the official car registration data. Then we combine those to have the key numbers. >> Is there a facial recognition involved in this? >> There's no facial recognition involved. >> So the tire kickers that come in and kick the tires and leave, but might come back. Is that factored in too, or? >> So there is a lot of pre-processing going on to really only get the signals from visitors. So filtering out people that maybe come into the store after hours, cleaning crews, people that come into the store every day, people that work there, they would be in the footfall data. So we applied some logic to identify exactly those people that are most likely actually visitors interested in buying a car >> Well everyone can relate to buying a car, obviously. I wanted you to step back and you mentioned scale. Can you scope the scale of the problem for us? How big is this observation space? What systems are involved? 'Cause when you say scale, I'm thinking all the dealerships in the aggregate. Or, is it by franchise or is it anonymous data? Can you scale the scope of this thing, or scope the scale? >> So we built this as a prototype for the German market and we used the top 10 car brands in Germany. They have around 10,000 car dealerships, for which we all have data. The actual mobile phone footprint data, it's a lot more. I think it was 30 million data points. >> Are you triangulating that? How does that mobile data work? Signal? >> So the mobile data is coming through apps. So mobile apps where you allow the app to track your location. >> Got it, okay. >> That gets anonymized and then you have these mobile data aggregators, like Play Sense. >> Got it, okay. >> That sell the data on. >> So you have to plug into a lot of systems? >> Yes. >> To make all this work. >> Yes and a lot of different data sources. >> And how easy is that? What's the challenge there? Is it cloud integration? How are you guys pulling this together? >> So we build it as a prototype initially, based on our own internal infrastructure, using basic Python and regular cloud infrastructure to process the data. >> All right, so I'm looking at my notes here. Data sets, you have a lot of data sets. What kind of analytics are you running on that? Can you share some examples? >> So I have to be careful since we filed a patent on this but a lot of the thing is actually in data processing, making sure that the data points we get are accurate and usable for this, and then differentiating between the different types of businesses that people are running. So there is on the one hand, you have the problem of outliers, basically filtering out when numbers don't make sense. On the other hand, there is a lot going on in the business itself. Like what do you do when a car dealership sells cars of multiple brands? You see only one visitor seeing cars of different brands but you see sales for two different types of brands. So this is just two examples of some of the processing that we had to implement to make this happen. >> So where can people find out information on this project? Or is it pretty much not public? Are you sharing anything publicly? >> So currently, we have held off the publication on this because we filed a patent on it. We're now about to go to market, building out a solution for the US as well, to then bring this to clients. >> What do you think about this show here at re:Mars? What's your assessment of the vibe? What's it like? Share with the folks who aren't here, what's your takeaway? >> It's really fun. It's really impressive. And it has a great, really inspiring vibe of cool innovative solutions. >> Yeah, you get the creative geniuses, you got the industrial geniuses, you got the software geniuses, all kind of coming together, and they're real people and they're here as a community. To me, the positive future vibe of this show, really is resonating in the keynotes and the energy. It's a forward thinking, positive message. And it's not marketing, this is the vibe. >> Exactly, I think it's something we really need at the moment. >> Yeah, we can solve all of the global problems by going to the moon and Mars. First the moon, then Mars. Who knows, maybe the breakthrough is there. >> People solve a lot of fundamental issues along the way that'll help in a lot of different areas as well. >> I wonder if I'll be alive when there's tourism in the moon. I was just joking with the folks earlier, "Oh yeah, I left that part on Earth, I have to go get it." Cause there's going to be a whole infrastructure there. Construction, all in good time. Okay, what's next for you guys? Tell me what's next on the project. You got a patent pending, so you're a little bit tight lipped and quiet on the secret sauce, I get that. What's next for the vision of the project? >> So this is just one example of how we can use this. Especially this footfall data set in an innovative way in the automotive industry. What we would like to look into is getting more details. Currently, we only see a single data point for a visitor. What would be interesting to understand, also, like the journey of visitors. Did they visit other car dealerships? Or, where are they from? What demographics do they come from? If you can tie that to a geographic location. And then on the business side as well, linking this for example, for companies to marketing campaigns. Does advertisement catch on? Do discounts catch on? Do they drive more people into the stores? Do they drive more sales? How does it affect conversion rate? Also, benchmark within the network, how different car dealerships are performing, how different brands are performing. And then eventually, everything is going to online. This can also be a foundation to set a baseline for online sales, which is still at the very early stages in the automotive industry. >> Yeah, I think there's a lot of reference implementations here for other applications, not just dealerships, all footfall traffic. That's interesting. The question I have for you, and the final question really before we wrap up, is the convergence of online, offline, physical, virtual. It's pretty clear we're living in a hybrid steady state right now, with all the post pandemic and the innovations pulled forward. So, having a device on me, IOT device or phone, will be a big part of things. So I'm buying online and I'm walking in, I'm one presence, virtually and physical. How do you guys see that around the corner? What's next there? Because I can see that coming together in my mind. >> It is. I mean, we can see it happen at Tesla. Tesla barely has any physical dealerships anymore, they have showrooms and do all the sales online. And I think that has a large impact on the industry at the moment. Driving the more traditional manufacturers also to think about what can be and what can be in a digital and online first world. >> Yeah, well this is happening. Well, Jens, thanks for coming on. I appreciate the commentary on re:Mars. Thanks for sharing your perspective and sharing about your project at Boston Consulting Group, also known as BCG. >> Thank you very much. >> Very reputable firm. Okay, that's the Cube coverage here at re:Mars. I'm John Furrier, your host. Two days of wall to wall coverage here. It's a great show. Machine learning, automation, robotics, and space, Mars. Of course, you got Reinvent, the big show, and at Reinforce, the security show. You got the space-software-robotics show, security. And then of course Reinvent is the big show. The Cube covers it, all three will be here. So keep watching here for more coverage. We'll be right back. (gentle inspiring music)

(soft electronic music) >> Welcome to this special CUBE Conversation. I'm John Furrier here, in theCUBE's Palo Alto studio. We're here, remotely, with Nick Halsey who's the CEO of OKERA, hot startup doing amazing work in cloud, cloud data, cloud security, policy governance as the intersection of cloud and data comes into real stable operations. That's the number one problem. People are figuring out, right now, is how to make sure that data's addressable and also secure and can be highly governed. So Nick, great to see you. Thanks for coming on theCUBE. >> It's great to be here, John, thank you. >> So you guys have a really hot company going on, here, and you guys are in an intersection, an interesting spot as the market kind of connects together as cloud is going full, kind of, whatever, 3.0, 4.0. You got the edge of the network developing with 5G, you've got space, you've got more connection points, you have more data flowing around. And the enterprises and the customers are trying to figure out, like, okay, how do I architect this thing. And oh, by the way, I got a, like all these compliance issues, too. So this is kind of what you could do. Take a minute to explain what your company's doing. >> Yeah, I'm happy to do that, John. So we're introduced a new category of software that we call universal data authorization or UDA which is really starting to gain some momentum in the market. And there're really two critical reasons why that happening. People are really struggling with how do I enable my digital transformation, my cloud migration while at the same time making sure that my data is secure and that I'm respecting the privacy of my customers, and complying with all of these emerging regulations around data privacy like GDPR, CCPA, and that alphabet soup of regulations that we're all starting to become aware of. >> I want to ask about the market opportunity because, you know, one of the things we see and the cloud covers normal conversations like, "Hey, modern applications are developing." We're starting to see cloud-native. You're starting to see these new use cases so you're starting to see new expectations from users and companies which creates new experiences. And this is throwing off all kinds of new, kinds of data approaches. And a lot of people are scratching their head and they feel like do they slow it down, they speed it up? Do I get a hold of the compliance side first? Do I innovate? So it's like a real kind of conflict between the two. >> Yeah, there's a real tension in most organizations. They're trying to transform, be agile, and use data to drive that transformation. But there's this explosion of the volume, velocity, and variety of data, we've all heard about the three Ds, we'll say there're five Ds. You know, it's really complicated. So you've got the people on the business side of the house and the Chief Data Officer who want to enable many more uses of all of these great data assets. But of course, you've got your security teams and your regulatory and compliance teams that want to make sure they're doing that in the right way. And so you've got to build a zero-trust infrastructure that allows you to be agile and be secure at the same time. And that's why you need universal data authorization because the old manual ways of trying to securely deliver data to people just don't scale in today's demanding environments. >> Well I think that's a really awesome approach, having horizontally scalable data. Like infrastructure would be a great benefit. Take me through what this means. I'd like to get you to define, if you don't mind, what is universal data authorization. What is the definition? What does that mean? >> Exactly and people are like, "I don't understand security. "I do data over here and privacy, "well I do that over here." But the reality is you really need to have the right security platform in order to express your privacy policies, right. And so in the old days, we used to just build it into the database, or we'd build it into the analytic tools. But now, we have too much data in too many platforms in too many locations being accessed by too many, you know, BI applications and A-I-M-L data apps and so you need to centralize the policy definition and policy enforcement so that it can be applied everywhere in the organization. And the example I like to give, John, is we are just like identity access management. Why do I need Okta or Sale Point, or one of those tools? Can't I just log in individually to, you know, SalesForce or to GitHub or? Sure, you can but once you have 30 or 40 systems and thousands of users, it's impossible to manage your employee onboarding and off-boarding policy in a safe and secure way. So you abstract it and then you centralize it and then you can manage and scale it. And that's the same thing you do with OKERA. We do all of the security policy enforcement for all of your data platforms via all of your analytic tools. Anything from Tableau to Databricks to Snowflake, you name it, we support those environments. And then as we're applying the security which says, "Oh, John is allowed access to this data in this format "at this time," we can also make sure that the privacy is governed so that we only show the last four digits of your social security number, or we obfuscate your home address. And we certainly don't show them your bank balance, right? So you need to enable the use of the data without violating the security and privacy rights that you need to enforce. But you can do both, with our customers are doing at incredible scale, then you have sort of digital transformation nirvana resulting from that. >> Yeah, I mean I love what you're saying with the scale piece, that's huge. At AWS's Reinforce Virtual Conference that they had to run because the event was canceled due to the Delta COVID surge, Stephen Schmidt gave a great keynote, I called it a master class, but he mainly focused on cyber security threats. But you're kind of bringing that same architectural thinking to the data privacy, data security piece. 'Cause it's not so much you're vulnerable for hacking, it's still a zero-trust infrastructure for access and management, but-- >> Well you mean you need security for many reasons. You do want to be able to protect external hacks. I mean, every week there's another T-Mobile, you know, you name it, so that's... But 30% of data breaches are by internal trusted users who have rights. So what you needed to make sure is that you're managing those rights and that you're not creating any long tails of data access privilege that can be abused, right? And you also need, one of the great benefits of using a platform like OKERA, is we have a centralized log of what everybody is doing and when, so I could see that you, John, tried to get into the salary database 37 times in the last hour and maybe we don't want to let you do that. So we have really strong stakeholder constituencies in the security and regulatory side of the house because, you know, they can integrate us with Splunk and have a single pane of glass on, weird things are happening in the network and there's, people are trying to hit these secure databases. I can really do event correlation and analysis, I can see who's touching what PII when and whether it's authorized. So people start out by using us to do the enforcement but then they get great value after they've been using us for a while, using that data, usage data, to be able to better manage their environments. >> It's interesting, you know, you bring up the compliance piece as a real added value and I wasn't trying to overlook it but it brings up a good point which is you have, you have multiple benefits when you have a platform like this. So, so take me through like, who's using the product. You must have a lot of customers kicking the tires and adopting it because architecturally, it makes a lot of sense. Take me through a deployment of what it's like in the customer environment. How are they using it? What is some of the first mover types using this approach? And what are some of the benefits they might be realizing? >> Yeah, as you would imagine, our early adopters have been primarily very large organizations that have massive amounts of data. And they tend also to be in more regulated industries like financial services, biomedical research and pharmaceuticals, retail with tons of, you know, consumer information, those are very important. So let me give you an example. We work with one of the very largest global sports retailers in the world, I can't use their name publicly, and we're managing all of their privacy rights management, GDPR, CCPA, worldwide. It's a massive undertaking. Their warehouse is over 65 petabytes in AWS. They have many thousands of users in applications. On a typical day, an average day OKERA is processing and governing six trillion rows of data every single day. On Black Friday, it peaked over 10 trillion rows of data a day, so this is scale that most people really will never get to. But one of the benefits of our architecture is that we are designed to be elastically scalable to sort of, we actually have a capability we call N scale because we can scale to the Nth degree. We really can go as far as you need to in terms of that. And it lets them do extraordinary things in terms of merchandising and profitability and market basket analysis because their teams can work with that data. And even though it's governed and redacted and obfuscated to maintain the individuals' privacy rights, we still let them see the totality of the data and do the kind of analytics that drive the business. >> So large scale, big, big customer base that wants scale, some, I'll say data's huge. What are some of the largest data lakes that you guys have been working with? 'Cause sometimes you hear people saying our data lakes got zettabytes and petabytes of content. What are some of the, give us a taste of the order of magnitude of some of the size of the data lakes and environments that your customers were able to accomplish. >> I want to emphasize that this is really important no matter what size because some of our customers are smaller tech-savvy businesses that aren't necessarily processing huge volumes of data, but it's the way that they are using the data that drives the need for us. But having said that, we're working with one major financial regulator who has a data warehouse with over 200 petabytes of data that we are responsible for providing the governance for. And one thing about that kind of scale that's really important, you know, when you want to have everybody in your organization using data at that scale, which people think of as democratizing your data, you can't just democratize the data, you also have to democratize the governance of the date, right? You can't centralize policy management in IT because then everybody who wants access to the data still has to go back to IT. So you have to make it really easy to write policy and you have to make it very easy to delegate policy management down to the departments. So I need to be able to say this person in HR is going to manage these 50 datasets for those 200 people. And I'm going to delegate the responsibility to them but I'm going to have centralized reporting and auditing so I can trust but verify, right? I can see everything they're doing and I can see how they are applying policy. And I also need to be able to set policy at the macro level at the corporate level that they inherit so I might just say I don't care who you are, nobody gets to see anything but the last four digits of your social security number. And they can do further rules beyond that but they can't change some of the master rules that you're creating. So you need to be able to do this at scale but you need to be able to do it easily with a graphical policy builder that lets you see policy in plain English. >> Okay, so you're saying scale, and then the more smaller use cases are more refined or is it more sensitive data? Regulated data? Or more just levels of granularity? Is that the use case? >> You know, I think there's two things that are really moving the market right now. So the move to remote work with COVID really changed everybody's ideas about how do you do security because you're no longer in a data center, you no longer have a firewall. The Maginot Line of security is gone away and so in a zero-trust world, you know, you have to secure four endpoints: the data, the device, the user, and the application. And so this pretty radical rethinking of security is causing everybody to think about this, big, small, or indifferent. Like, Gartner just came out with a study that said by 2025 75% of all user data in the world is going to be governed by privacy policy. So literally, everybody has to do this. And so we're seeing a lot more tech companies that manage data on behalf of other users, companies that use data as a commodity, they're transacting data. Really, really understand the needs for this and when you're doing data exchange between companies that is really delicate process that have to be highly governed. >> Yeah, I love the security redo. We asked Pat Gelsinger many, many years ago when he was a CEO of VMware what we thought about security and Dave Allante, my co-host at theCUBE said is it a do-over? He said absolutely it's a do-over. I think it was 2013. He mused around that time frame. It's kind of a do-over and you guys are hitting it. This is a key thing. Now he's actually the CEO of Intel and he's still driving forward. Love Pat's vision on this early, but this brings up the question okay, if it's a do-over and these new paradigms are existing and you guys are building a category, okay, it's a new thing. So I have to ask you, I'm sure your customers would say, "Hey, I already got that in another platform." So how do you address that because when you're new you have to convince the customer that this is a new thing. Like, I don't-- >> So, so look, if somebody is still running on Teradata and they have all their security in place and they have a single source of the truth and that's working for them, that's great. We see a lot of our adoption happening as people go on their cloud transformation journey. Because I'm lifting and shifting a lot of data up into the cloud and I'm usually also starting to acquire data from other sources as I'm doing that, and I may be now streaming it in. So when I lift and shift the data, unfortunately, all of the security infrastructure you've built gets left behind. And so a lot of times, that's the forcing function that gets people to realize that they have to make a change here, as well. And we also find other characteristics like, people who are getting proactive in their data transformation initiatives, they'll often hire a CDO, they'll start to use modern data cataloging tools and identity access management tools. And when we see people adopting those things, we understand that they are on a journey that we can help them with. And so we partner very closely with the catalog vendors, with the identity access vendors, you know, with many other parts of the data lake infrastructure because we're just part of the stack, right? But we are the last mile because we're the part of the stack that lets the user connect. >> Well I think you guys are on a wave that's massive and I think it's still, it's going to be bigger coming forward. Again, when you see categories being created it's usually at the beginning of a bigger wave. And I got to ask you because one thing's I've been really kind of harping on on theCUBE and pounding my fist on the table is these siloed approaches. And you're seeing 'em everywhere, I mean, even in the consumer world. LinkedIn's a silo. Facebook's a silo. So you have this siloed mentality. Certainly in the enterprise they're no stranger to silos. So if you want to be horizontally scalable with data you've got to have it free, you've got to break the silos. Are we going to get there? Is this the beginning? Are we breaking down the silos, Nick, or is this the time or what's your reaction to that? >> I'll tell you something, John. I have spent 30 years in the data and analytics business and I've been fortunate enough to help launch many great BI companies like Tableau and Brio Software, and Jaspersoft and Alphablocks we were talking about before the show. Every one of those companies would have been much more successful if they had OKERA because everybody wanted to spread those tools across the organization for better, more agile business analytics, but they were always held back by the security problem. And this was before privacy rights were even a thing. So now with UDA and I think hand-in-hand with identity access management, you truly have the ability to deliver analytic value at scale. And that's key, you need simplicity at scale and that is what lets you let all parts of your organization be agile with data and use it to transform the business. I think we can do that, now. Because if you run in the cloud, it's so easy, I can stand up things like Hadoop in, you know, like Databricks, like Snowflake. I could never do that in my on-prem data center but I can literally press a button and have a very sophisticated data platform, press a button, have OKERA, have enforcement. Really, almost any organization can now take advantage of what only the biggest and most sophisticated organizations use to be able to do it. >> I think Snowflake's an example for all companies that you could essentially build in the shadows of the big clouds and build your own franchise if you nail the security and privacy and that value proposition of scale and good product. So I got, I love this idea of security and privacy managed to a single platform. I'd love to get your final thought while I got you here, on programmability because I'm seeing a lot of regulators and people in the privacy world puttin' down all these rules. You got GDPR and I want to write we forgot and I got all these things... There's a trend towards programmability around extraction of data and managing data where just a simple query could be like okay, I want to know what's goin' on with my privacy and we're a media company and so we record a lot of data too, and we've got to comply with all these like, weird requests, like hey, can you, on June 10th, I want, can you take out my data? And so that's programmatic, that's not a policy thing. It's not like a lawyer with some privacy policy. That's got to be operationalized. So what's your reaction to that as this world starts to be programmable? >> Right, well that's key to our design. So we're an API first approach. We are designed to be a part of a very sophisticated mesh of technology and data so it's extremely simple to just call us to get the information that you need or to express a policy on the fly that might be created because of the current state-based things that are going on. And that's very, very important when you start to do real-time applications that require geo-fencing, you're doing 5G edge computing. It's a very dynamic environment and the policies need to change to reflect the conditions on the ground, so to speak. And so to be callable, programmable, and betable, that is an absolutely critical approach to implementing IUDA in the enterprise. >> Well this is super exciting, I feel you guys are on, again, a bigger wave than it appears. I mean security and privacy operating system, that's what you guys are. >> It is. >> It is what it is. Nick, great to chat with you. >> Couldn't have said it better. >> I love the category creation, love the mojo and I think you guys are on the right track. I love this vision merging data security policy in together into one to get some enablement and get some value creation for your customers and partners. Thanks for coming on to theCUBE. I really appreciate it. >> Now, it's my pleasure and I would just give one piece of advice to our listeners. You can use this everywhere in your organization but don't start with that. Don't boil the ocean, pick one use case like the right to be forgotten and let us help you implement that quickly so you can see the ROI and then we can go from there. >> Well I think you're going to have a customer in theCUBE. We will be calling you. We need this. We've done a lot of digital events now with the pandemic, so locked data that we didn't have to deal with before. But thanks for coming on and sharing, appreciate it. OKERA, hot startup. >> My pleasure, John and thank you so much. >> So OKERA conversation, I'm John Furrier here, in Palo Alto. Thanks for watching. (soft electronic music)

>> From the SiliconANGLE Media office in Boston, Massachusetts, it's theCUBE. Now, here's your host, Dave Vellante. >> Hello, everyone, and welcome to this week's Cube Insights, powered by ETR. Today is November 8, 2019 and I'd like to address one of the most important topics in the minds of a lot of executives. I'm talking about CEOs, CIOs, Chief Information Security Officers, Boards of Directors, governments and virtually every business around the world. And that's the topic of cyber security. The state of cyber security has changed really dramatically over the last 10 years. I mean, as a cyber security observer I've always been obsessed with Stuxnet, which the broader community discovered the same year that theCUBE started in 2010. It was that milestone that opened my eyes. Think about this. It's estimated that Stuxnet cost a million dollars to create. That's it. Compare that to an F-35 fighter jet. It costs about $85-$100 million to build one. And that's on top of many billions of dollars in R&D. So Stuxnet, I mean, it hit me like a ton of bricks. That the future of war was all about cyber, not about tanks. And the barriers to entry were very, very low. Here's my point. We've gone from an era where thwarting hacktivists was our biggest cyber challenge to one where we're now fighting nation states and highly skilled organized criminals. And of course, cyber crime and monetary theft is the number one objective behind most of these security breaches that we see in the press everyday. It's estimated that by 2021 cyber crime is going to cost society $6 trillion in theft, lost productivity, recovery costs. I mean, that's just a staggeringly large number. It's even hard to fathom. Now, the other C-change is how organizations have had to respond to the bad guys. It used to be pretty simple. I got a castle and the queen is inside. We need to protect her, so what do we do? We built a mote, put it around the perimeter. Now, think of the queen as data. Well, what's happened? The queen has cloned herself a zillion times. She's left the castle. She's gone up to the sky with the clouds. She's gone to the edge of the kingdom and beyond. She's also making visits to machines and the factories and hanging out with the commoners. She's totally exposed. Listen, by 2020, there's going to be hundreds of billions of IP addresses. These are going to be endpoints and phones, TVs, cameras, tablets, automobiles, factory machines, and all these represent opportunities for the bad guys to infiltrate. This explosion of endpoints that I'm talking about is created massive exposures, and we're seeing it manifest itself in the form of phishing, malware, and of course the weaponization of social media. You know, if you think that 2016 was nuts, wait 'til you see how the 2020 presidential election plays out. And of course, there's always the threat of ransomware. It's on everybody's minds these days. So I want to try to put some of this in context and share with you some insights that we've learned from the experts on theCUBE. And then let's drill into some of the ETR data and assess the state of security, the spending patterns. We're going to try to identify some of those companies with momentum and maybe some of those that are a little bit exposed. Let me start with the macro and the challenged faced by organization and that's complexity. Here's Robert Herjavec on theCUBE. Now, you know him from the Shark Tank, but he's also a security industry executive. Herjavec told me in 2017 at the Splunk.com Conference that he thought the industry was overly complex. Let's take a look and listen. >> I think that the industry continues to be extremely complicated. There's a lot of vendors. There's a lot of products. The average Fortune 500 company has 72 security products. There's a stat that RSA this year, that there's 1500 new security start-ups every year. Every single year. How are they going to survive? And which ones do you have to buy because they're critical and provide valuable insights? And which ones are going to be around for a year or two and you're never going to hear about again? So it's a extremely challenging complex environment. >> So it's that complexity that had led people like Pat Gelsinger to say security is a do-over, and that cyber security is broken. He told me this years ago on theCUBE. And this past VM World we talked to Pat Gelsinger and remember, VMware bought Carbon Black, which is an endpoint security specialist, for $2.1 billion. And he said that he's basically creating a cloud security division to be run by Patrick Morley, who is the Carbon Black CEO. Now, many have sort of questioned and been skeptical about VMware's entrance into the space. But here's a clip that Pat Gelsinger shared with us on theCUBE this past VM World. Let's listen and we'll come back and talk about it. >> And this move in security, I am just passionate about this, and as I've said to my team, if this is the last I do in my career is I want to change security. We just not are satisfying our customers. They shouldn't put more stuff on our platforms. >> National defense issues, huge problems. >> It's just terrible. And I said, if it kills me, right, I'm going to get this done. And they says, "It might kill you, Pat." >> So this brings forth an interesting dynamic in the industry today. Specifically, Steven Smith, the CISO of AWS, at this year's Reinforce, which is their security conference, Amazon's big cloud security conference, said that this narrative that security is broken, it's just not true, he said. It's destructive and it's counterproductive. His and AWS's perspective is that the state of cloud security is actually strong. Kind of reminded me of a heavily messaged State of the Union address by the President of the United States. At the same time, in many ways, AWS is doing security over. It's coming at it from the standpoint of a clean slate called cloud and infrastructure as a surface. Here's my take. The state of security in this union is not good. Every year we spend more, we lose more, and we feel less safe. So why does AWS, the security czar, see if differently? Well, Amazon uses this notion of a shared responsibility security model. In other words, they secure the S3 buckets, maybe the EC2 infrastructure, not maybe, the EC2 infrastructure. But it's up to the customer to make sure that she is enforcing the policies and configuring systems that adhere to the EDIX of the corporation. So I think the shared security model is a bit misunderstood by a lot of people. What do I mean by that? I think sometimes people feel like well, my data's in the cloud, and AWS has better security than I do. Here I go, I'm good. Well, AWS probably does have better security than you do. Here's the problem with that. You still have all these endpoints and databases and file servers that you're managing, and that you have to make sure comply with your security policies. Even if you're all on the cloud, ultimately, you are responsible for securing your data. Let's take a listen to Katie Jenkins, the CISO of Liberty Mutual, on this topic and we'll come back. >> Yeah, so the shared responsibility model is, I think that's an important speaking point to this whole ecosystem. At the end of the day, Liberty Mutual, our duty is to protect policyholder data. It doesn't matter if it's in the cloud, if it's in our data centers, we have that duty to protect. >> It's on you. >> All right, so there you have it from a leading security practitioner. The cloud is not a silver bullet. Bad user behavior is going to trump good security every time. So unfortunately the battle goes on. And here's where it gets tricky. Security practitioners are drowning in a sea of incidents. They have to prioritize and respond to, and as you heard Robert Herjavec say, the average large company has 75 security products installed. Now, we recently talked to another CISO, Brian Lozada, and asked him what's the number one challenge for security pros. Here's what he said. >> Lack of talent. I mean, we're starving for talent. Cyber security's the only field in the world with negative unemployment. We just don't have the actual bodies to actually fill the gaps that we have. And in that lack of talent CISOs are starving. We're looking for the right things or tools to actually patch these holes and we just don't have it. Again, we have to force the industry to patch all of those resource gaps with innovation and automation. I think CISOs really need to start asking for more automation and innovation within their programs. >> So bottom line is we can't keep throwing humans at the problem. Can't keep throwing tools at the problem. Automation is the only way in which we're going to be able to keep up. All right, so let's pivot and dig in to some of the ETR data. First, I want to share with you what ETR is saying overall, what their narrative looks like around spending. So in the overall security space, it's pretty interesting what ETR says, and it dovetails into some of the macro trends that I've just shared with you. Let's talk about CIOs and CISOs. ETR is right on when they tell me that these executives no longer have a blank check to spend on security. They realize they can't keep throwing tools and people at the problem. They don't have the bodies, and as we heard from Brian Lozada. And so what you're seeing is a slowdown in the growth, somewhat of a slowdown, in security spending. It's still a priority. But there's less redundancy. In other words, less experimentation with new vendors and less running systems in parallel with legacy products. So there's a slowdown adoption of new tools and more replacement of legacy stuff is what we're seeing. As a result, ETR has identified this bifurcation between those vendors that are very well positioned and those that are losing wallet share. Let me just mention a few that have the momentum, and we're going to dig into this data in more detail. Palo Alto Networks, CrowdStrike, Okta, which does identity management, Cisco, who's coming at the problem from its networking strength. Microsoft, which recently announced Sentinel for Azure. These are the players, and some of them that are best positioned, I'll mention some others, from the standpoint spending momentum in the ETR dataset. Now, here's a few of those that are losing momentum. Checkpoint, SonicWall, ArcSight, Dell EMC, which is RSA, is kind of mixed. We'll talk about that a little bit. IBM, Symantec, even FireEye is seeing somewhat higher citations of decreased spending in the ETR surveys and dataset. So there's a little bit of a cause for concern. Now, let's remember the methodology here. Every quarter ETR asks are you green, meaning adopting this vendor as new or spending more? Are you neutral, which is gray, are you spending the same? Or are you red, meaning that you're spending less or retiring? You subtract the red from the green and you get what's called a net score. The higher the net score, the better. So here's a chart that shows a ranking of security players and their net scores. The bars show survey data from October '18, July '19, and October '19. In here, you see strength from CrowdStrike, Okta, Twistlock, which was acquired by Palo Alto Networks. You see Elastic, Microsoft, Illumio, the core, Palo Alto Classic, Splunk looking strong, Cisco, Fortinet, Zscaler is starting to show somewhat slowing net score momentum. Look at Carbon Black. Carbon Black is showing a meaningful drop in net score. So VMware has some work to do. But generally, the companies to the left are showing spending momentum in the ETR dataset. And I'll show another view on net score in a moment. But I want to show a chart here that shows replacement spending and decreased spending citations. Notice the yellow. That's the ETR October '19 survey of spending intentions. And the bigger the yellow bar, the more negative. So Sagar, the director of research at ETR, pointed this out to me, that, look at this. There are about a dozen companies where 20%, a fifth of the customer base is decreasing spend or ripping them out heading into the year end. So you can see SonicWall, CA, ArcSight, Symantec, Carbon Black, again, a big negative jump. IBM, same thing. Dell EMC, which is RSA, slight uptick. That's a bit of a concern. So you can see this bifurcation that ETR has been talking about for awhile. Now, here's a really interesting kind of net score. What I'm showing here is the ETR data sorted by net score, again, higher is better, and shared N, which is the number of shared accounts in the survey, essentially the number of mentions in that October survey with 1,336 IT buyers responded. So how many of that 1,300 identified these companies? So essentially it's a proxy for the size of the install base. So showing up on both charts is really good. So look, CrowdStrike has a 62% net score with a 133 shared account. So a fairly sizable install base and a very high net score. Okta, similar. Palo Alto Networks and Splunk, both large, continue to show strength. They got net scores of 44% and 313 shared N. Fortinet shows up in both. Proofpoint. Look at Microsoft and Cisco. With 521 and 385 respectively on the right hand side. So big install bases with very solid net scores. Now look at the flip side. Go down to the bottom right to IBM. 132 shared accounts with a 14.4% net score. That's very low. Check Point similarly. Same with Symantec. Again, bifurcation that ETR has been citing. Really stark in this chart. All right, so I want to wrap. In some respects from a practitioner perspective, the sky erectus is falling. You got increased attack surface. You've got exploding number of IP addresses. You got data distributed all over the place, tool creep. You got sloppy user behavior, overwork security op staff, and a scarcity of skills. And oh, by the way, we're all turning into a digital business, which is all about data. So it's a very, very dangerous time for companies. And it's somewhat chaotic. Now, chaos, of course, can mean cash for cyber security companies and investors. This is still a very vibrant space. So just by the way of comparison and looking at some of the ETR data, check this out. What I'm showing is companies in two sectors, security and storage, which I've said in previous episodes of breaking analysis, storage, and especially traditional storage disk arrays are on the back burner spending wise for many, many shops. This chart shows the number of companies in the ETR dataset with a net score greater than a specific target. So look, security has seven companies with a 49% net score or higher. Storage has one. Security has 18 above 39%. Storage has five. Security has 31 companies in the ETR dataset with a net score higher than 30%. Storage only has nine. And I like to think of 30% as kind of that the point at which you want to be above that 30%. So as you can see, relatively speaking, security is an extremely vibrant space. But in many ways it is broken. Pat Gelsinger called it a do-over and is affecting a strategy to fix it. Personally, I don't think one company can solve this problem. Certainly not VMware, or even AWS, or even Microsoft. It's too complicated, it's moving too fast. It's so lucrative for the bad guys with very low barriers to entry, as I mentioned, and as the saying goes, the good guys have to win every single day. The bad guys, they only have to win once. And those are just impossible odds. So in my view, Brian Lozada, the CISO that we interviewed, nailed it. The focus really has to be on automation. You know, we can't just keep using brute force and throwing tools at the problem. Machine intelligence and analytics are definitely going to be part of the answer. But the reality is AI is still really complicated too. How do you operationalize AI? Talk to companies trying to do that. It's very, very tricky. Talk about lack of skills, that's one area that is a real challenge. So I predict the more things change the more you're going to see this industry remain a game of perpetual whack a mole. There's certainly going to be continued consolidation, and unquestionably M&A is going to be robust in this space. So I would expect to see continued storage in the trade press of breaches. And you're going to hear scare tactics by the vendor community that want to take advantage of the train wrecks. Now, I wish I had better news for practitioners. But frankly, this is great news for investors if they can follow the trends and find the right opportunities. This is Dave Vellante for Cube Insights powered by ETR. Connect with me at David.Vellante@siliconangle.com, or @dvellante on Twitter, or please comment on what you're seeing in the marketplace in my LinkedIn post. Thanks for watching. Thank you for watching this breaking analysis. We'll see you next time. (energetic music)

>> Narrator: Live from New York, it's theCube! Covering AWS Global Summit 2019, brought to you by Amazon Web Services. >> Welcome back, we're here at the Javits Center in New York City for AWS Summit, I'm Stu Miniman, my cohost is Corey Quinn and happy to welcome to the program Scott Mullins, who's the head of Worldwide Financial Services Business Development with Amazon Web Services based here in The Big Apple, thanks so much for joining us. >> Thanks for having me, Stu, thanks for having me, Corey. >> All right so we had obviously financial services big location here in New York City. We just had FINRA on our program, had a great conversation about how they're using AWS for their environments, but give us a thumbnail if you will about your business, your customers and what you're seeing there. >> Sure, we're working with financial institutions all the way from the newest FinTech startups, all the way to organizations like FINRA, the largest exchanges and brokers dealers like Nasdaq, as well as insurers and the largest banks. And I've been here for five years and in that time period I actually went from being a customer speaking at the AWS Summit here in the Javits Center on stage like Steve Randich was today to watching more and more financial institutions coming forward, talking about their use in the cloud. >> Yeah before we get into technology, one of the biggest trends of moving to cloud is I'm moving from CapEx more to OpEx and oh my gosh there's uncertainty because I'm not locking in some massive contract that I'm paying up front or depreciating over five years but I've got flexibility and things are going to change. I'm curious what you're seeing as the financial pieces of how people both acquire and keep on the books what they're doing. >> Yeah it can be a little bit different, right, then what most people are used to. They're used to kind of that muscle memory and that rhythm of how you procured technology in the past and there can be a stage of adjustment, but cost isn't really the thing that people I think look to the most when it comes to cloud today, it's all about agility and FINRA is a great example. Steve has talked about over and over again over the last several years how they were able to gain such business agility and actually to do more, the fact that they're now processing 155 billion market events every night and able to run all their surveillance routines. That's really indicative of the value that people are looking for. Being able to actually get products to market faster and reducing development cycles from 18 months to three months, like Allianz, one of our customers over in Europe has been able to do. Being able to go faster I think actually trumps cost from the standpoint of what that biggest value driver that we're seeing our customers going after in financial services. >> We're starting to see such a tremendous difference as far as the people speaking at these keynotes. Once upon a time you had Netflix and folks like that on stage telling a story about how they're using cloud to achieve all these amazing things, but when you take a step back and start blinking a little bit, they fundamentally stream movies and yes, produce some awesome original content. With banks and other financial institutions if the ATM starts spitting out the wrong number, that's a different point on the spectrum of are people going to riot in the street. I'm not saying it's further along, people really like their content but it's still a different use case with a different risk profile. Getting serious companies that have world shaking impact to trust public cloud took time and we're seeing it with places like FINRA, Capital One has been very active as far as evangelizing their use of cloud. It's just been transformative. What does that look like, from being a part of that? >> Well you know it's interesting, so you know you just said it, financial services is the business of risk management. And so to get more and when you see more and more of these financial institutions coming forward and talking about their use of cloud, what that really equates to is comfort, they've got that muscle memory now, they've probably been working with us in some way, shape or form for some great period of time and so if you look at last year, you had Dean Del Vecchio from Guardian Life Insurance come out on stage at Reinvent and say to the crowd "Hey we're a 158 year old insurance company but we've now closed our data center and we're fully on AWS and we've completed the transformation of our organization". The year before you saw Goldman Sachs walk out and say "Yeah we've been working with AWS for about four years now and we're actually using them for some very interesting use cases within Goldman Sachs". And so typically what you've seen is that over the course of about a two year to sometimes a four year time period, you've got institutions that are working deeply with us, but they're not talking about it. They're gaining that muscle memory, they're putting those first use cases to begin to scale that work up and then when they're ready man, they're ready to talk about it and they're excited to talk about it. What's interesting though is today we're having this same summit that we're having here in Cape Town in Africa and we had a customer, Old Mutual, who's one of the biggest insurers there, they just started working with us in earnest back in May and they were on stage today, so you're seeing that actually beginning to happen a lot quicker, where people are building that muscle memory faster and they're much more eager to talk about it. You're going to see that trend I think continue in financial services over the next few years so I'm very excited for future summits as well as Reinvent because the stories that we're going to see are going to come faster. You're going to see more use cases that go a lot deeper in the industry and you're going to see it covering a lot more of the industry. >> It's very much not, IT is no longer what people think of in terms of Tech companies in San Francisco building products. It's banks, it's health care and these companies are transitioning to become technology companies but when your entire, as you mentioned, the entire industry becomes about risk management, it's challenging sometimes to articulate things when you're not both on the same page. I was working with a financial partner years ago at a company I worked for and okay they're a financial institution, they're ready to sign off on this but before that they'd like to tour US East one first and validate that things are as we say they are. The answer is yeah me too, sadly, you folks have never bothered to invite me to tour an active AZ, maybe next year. It's challenging to I guess meet people where they are and speak the right language, the right peace for a long time. >> And that's why you see us have a financial services team in the first place, right? Because your financial services or health care or any of the other industries, they're very unique and they have a very specific language and so we've been very focused on making sure that we speak that language that we have an understanding of what that industry entails and what's important to that industry because as you know Amazon's a very customer obsessed organization and we want to work backwards from our customers and so it's been very important for us to actually speak that language and be able to translate that to our service teams to say hey this is important to financial services and this is why, here's the context for that. I think as we've continued to see more and more financial institutions take on that technology company mindset, I'm a technology company that happens to run a bank or happens to run an exchange company or happens to run an insurance business, it's actually been easier to talk to them about the services that we offer because now they have that mindset, they're moving more towards DevOps and moving more towards agile. And so it's been really easy to actually communicate hey, here are the appropriate changes you have to make, here's how you evolve governance, here's how you address security and compliance and the different levels of resiliency that actually improve from the standpoint of using these services. >> All right so Scott, back before I did this, I worked for some large technology suppliers and there were some groups on Wall Street that have huge IT budgets and IT staffs and actually were very cutting edge in what they were building, in what they were doing and very proud of their IT knowledge, and they were like, they have some of the smartest people in the industry and they spend a ton of money because they need an edge. Talking about transactions on stock markets, if I can translate milliseconds into millions of dollars if I can act faster. So you know, those companies, how are they moving along to do the I need to build it myself and differentiate myself because of my IT versus hey I can now have access to all the services out there because you're offering them with new ones every day, but geez how do I differentiate myself if everybody can use some of these same tools. >> So that's my background as well and so you go back that and milliseconds matter, milliseconds are money, right? When it comes to trading and actually building really bespoke applications on bespoke infrastructure. So I think what we're seeing from a transitional perspective is that you still have that mindset where hey we're really good at technology, we're really good at building applications. But now it's a new toolkit, you have access to a completely new toolkit. It's almost like The Matrix, you know that scene where Neo steps into that white room and hey says "I need this" and then the shelves just show up, that's kind how it is in the cloud, you actually have the ability to leverage the latest and greatest technologies at your fingertips when you want to build and I think that's something that's been a really compelling thing for financial institutions where you don't have to wait to get infrastructure provisioned for you. Before I worked for AWS, I worked for large financial institutions as well and when we had major projects that we had to do that sometimes had a regulatory implication, we were told by our infrastructure team hey that's going to be six months before we can actually get your dev environment built so you can actually begin to develop what you need. And actually we had to respond within about thirty days and so you had a mismatch there. With the cloud you can provision infrastructure easily and you have an access to an array of services that you can use to build immediately. And that means value, that means time to market, that means time to answering questions from customers, that means really a much faster time to answering questions from regulatory agencies and so we're seeing the adoption and the embrace of those services be very large and very significant. >> It's important to make sure that the guardrails are set appropriately, especially for a risk managed firm but once you get that in place correctly, it's an incredible boost of productivity and capability, as opposed to the old crappy way of doing governance of oh it used to take six weeks to get a server in so we're going to open a ticket now whenever you want to provision an instance and it only takes four, yay we're moving faster. It feels like there's very much a right way and a wrong way to start embracing cloud technology. >> Yeah and you know human nature is to take the run book you have today and try to apply it to tomorrow and that doesn't always work because you can use that run book and you'll get down to line four and suddenly line four doesn't exist anymore because of what's happened from a technological change perspective. Yeah I think that's why things like AWS control tower and security hub, which are those guardrails, those services that we announced recently that have gone GA. We announced them a couple of weeks ago at Reinforce in Boston. Those are really interesting to financial services customers because it really begins to help automate a lot of those compliance controls and provisioning those through control tower and then monitoring those through security hub and so you've seen us focus on how do we actually make that easier for customers to do. We know that risk management, we know that governance and controls is very important in financial services. We actually offer our customers a way to look from a country specific angle, add the different countries and the rule sets and the requirements that exist in those countries and how you map those to our controls and how you map those into your own controls and all the considerations that you have, we've got them on our public website. If you went to atlas.aws right now, that's our compliance center, you could actually pick the countries you're interested in and we'll have that mapping for you. So you'll see us continue to invest in things like that to make that much easier for customers to actually deploy quickly and to evolve those governance frameworks. >> And things like with Artifact, where it's just grab whatever compliance report you need, submit it and it's done without having to go through a laborious process. It's click button, receive compliance in some cases. >> If you're not familiar with it you can go into the AWS console and you've got Artifact right there and if you need a SOC report or you need some other type of artifact, you can just download it right there through the console, yeah it's very convenient. >> Yeah so Scott you know we talked about some of the GRC pieces in place, what are you seeing trends out there kind of globally, you know GDRP was something that was on everybody's mind over the last year or so. California has new regulations that are coming in place, so anything specific in your world or just the trends that you're seeing that might impact our environments-- >> I think that the biggest trends I would point to are data analytics, data analytics, data analytics, data analytics. And on top of that obviously machine learning. You know, data is the lifeblood of financial services, it's what makes everything go. And you can look at what's happening in this space where you've got companies like Bloomberg and Refinitiv who are making their data products available on AWS so you can get B-Pipe on AWS today, you can also get the elektron platform from Refintiv and then what people are trying to do in relation to hey I want to organize my data, I want to make it much easier to actually find value in data, both either from the standpoint of regulatory reporting, as you heard Steve talk about on stage today. FINRA is building a very large data repository that they have to from the standpoint of a regulatory perspective with CAT. Broker dealers have to actually feed the CAT and so they are also worried about here in the US, how do I actually organize my data, get all the elements I have to report to CAT together and actually do that in a very efficient way. So that's a big data analytic project. Things that are helping to make that much easier are leg formations, so we came up with leg formation last year and so you've got many financial institutions that are looking at how do you make building a data leg that much easier and then how do you layer analytics on top of that, whether it's using Amazon elastic map reduce or EMR to actually run regulatory reporting jobs or how do I begin to leverage machine learning to actually make my data analytics from a standpoint of trade surveillance or fraud detection that much more enriched and actually looking for those anomalies rather than just looking for a whole bunch of false positives. So data analytics I think is what I would point to as the biggest trend and how to actually make data more useful and how to get to data insights faster. >> On the one end it seems like there's absolutely a lot of potential in this, on the other it feels in many cases with large scale data analytics, it's we have all these tools for machine learning and the rest that we can wind up passing out to you but you need to figure out what to do with them, how to make it work and it's unclear outside of a few specific use cases and I think you've alluded to a couple of those how to take in a typical business that maybe doesn't have an enormous pile of data and start applying machine learning to it in a way that makes intelligent sense. That feels right now like a storytelling failure to some extent industry wide. We're starting to see some stories emerge but it still feels a little "Gold Rush"-y to some extent. >> Yeah I would say, and my advice would be don't try to boil the ocean or don't try to boil the data leg, meaning you want to do machine learning, you've got a great amount of earnestness about that but picture use case, really hone in on what you're trying to accomplish and work backwards from that. And we offer tooling that can be really helpful in that, you know with stage maker you can train your models and you can actually make data science available to a much broader array of people than just your data scientists. And so where we see people focusing first, is where it matters to their business. So if you've got a regulatory obligation to do surveillance or fraud detection, those are great use cases to start with. How do I enhance my existing surveillance or fraud detection, so that I'm not just wading again through a sea of false positives. How do I actually reduce that workload for a human analyst using machine learning. That's a one step up and then you can go from there, you can actually continue to work deeper into the use cases and say okay how do I treat those parameters, how do I actually look for different things that I'm used to with the rules based systems. You can also look at offering more value to customers so with next best offer with Amazon Personalize, we now have encapsulated the service that we use on the amazon.com retail site as a service that we offer to customers so you don't have to build all that tooling yourself, you can actually just consume Personalize as a service to help with those personalized recommendations for customers. >> Scott, really appreciate all the updates on your customers in the financial services industry, thanks so much for joining us. >> Happy to be here guys, thanks for having me. >> All right for Corey Quinn, I'm Stu Miniman, back with more here at AWS Summit in New York City 2019, thanks as always for watching theCube.

>> live from Boston, Massachusetts. It's the Cube covering A W s reinforce 2019 brought to you by Amazon Web service is and its ecosystem partners. >> Okay, welcome back. Everyone's two cubes Live coverage here in Boston, Massachusetts, for AWS reinforce. This is Amazon Web services Inaugural conference around Cloud security There first of what? Looks like we'll be more focused events around deep dive security to reinvent for security. But not no one's actually saying that. But it's not a summit. It's ah, branded event Reinforce. We're hearing Mark Ryland off director Office of the Sea. So at eight of us, thanks for coming back. Good to see you keep alumni. Yeah, I'm staying here before It's fun. Wait A great Shadow 80 Bucks summit in New York City Last year we talked about some of the same issues, but now you have a dedicated conference here on the feedback from the sea. So as we've talked to and the partners in the ecosystem is, it's great to have an event where they go deep dives on some of the key things that are really, really important to security. Absolutely. This is really kind of a vibe that how reinvents started, right? So reinventing was a similar thing for commercial. You're deep, not easy to us. Three here, deeper on Amazon. But with security. Yeah, security lens on some of the same issues. One thing that happened >> and kind of signal to us that we needed an event like this over the years with reinvent was consistently over the years, the security and compliance track became one of the most important tracks that was oversubscribed in overflow rooms and like, Hey, there's a signal here, right? And so, but at the same time, we wanted to be able to reach on audience. Maybe they wouldn't go to reinvent because they thought I'd say It's all the crazy Dale Ops guys were doing this cloud thing. But now, of course, they're getting the strong message in their security organizations like, Hey, we're doing cloud. Or maybe as a professional, I need to really get smart about this stuff. So it's been a nice transition from still a lot of the same people, but definitely the different crowd that's coming here and was a cross pollination between multiple and I was >> just at Public sector summit. They about cyber security from a national defense and intelligence standpoint. Obviously, threesome Carlson leads That team you got on the commercial side comes like Splunk who our data and they get into cyber. So you started to see kind of the intersection of all the kind of Amazon ecosystems kind of coming around security, where it's now part of its horizontal. It's not just these are the security vendors and partners writes pretty much everyone's kind of becoming native into thinking about security and the benefits that you guys have talk about that what Amazon has to have a framework, a posture. Yeah, they call it shared responsibility. But I get that you're sharing this with the ecosystem. Makes sense. Yeah, talk about the Amazon Web service is posture for this new security >> world. Well, the new security world is if you look at like a typical security framework like Mist 853 120 50 controls all these different things you need to worry about if you're a security professional. And so what eight obvious able to do is say, look, there's a whole bunch of these that we can take care of on your behalf. There's some that we'll do some things and you got to do some things and there's some There's still your responsibility, but we'll try to make it easy for you to do those parts. So right off the bat we can get a lot of wins from just hey, there's a lot of things will just take care of. And you could essentially delegate to us. And for the what remain, You'll take your expertise and you'll re focus it on more like applications security. There still may be some operating systems or whatever. If using virtual machine service, you still have to think about that. But even there, we'll use we have systems Manager will make it easy to do patch management, updating, et cetera. And if you're willing to go all the way to is like a lambda or some kind of a platform capability, make it super easy because all you gotta do is make sure your code is good and we'll take care of all the infrastructure automatically on your behalf so that share responsibility remains. There's a lot of things you still need to be careful about and do well, but your experts can refocus. They could be very you know like it's just a lot less to worry about it. So it's really a message for howto raise the bar for the whole community, but yet still have >> that stays online with the baby value properties, which is, you know, build stuff, ship fast, lower prices. I mazon ethos in general. But when you think about the core A. W. S what made it so great Waas you can reduce the provisioning of resource is to get something up and running. And I think that's what I'm taking away from the security peace you could say. We know Amazon Web service is really well, and we're gonna do these things. You could do that so us on them and then parts to innovate. So I get that. That's good. The other trend I want to get your reaction to is comments we've had on the Cube with si SOS and customers is a trend towards building in house coding security. Your point about Lambda some cool things air being enabled through a B s. There's a real trend of big large companies with security teams just saying, Hey, you know what? I wanna optimize my talent to code and be security focused on use cases that they care about. So you know, Andy Jazz talks about builders. You guys are about builders you got cos your customers building absolutely. Yet they don't want Tonto, but they are becoming security. So you have a builder mindset going on in the big enterprises. >> Yes, talk about that dynamic. That's a That's a really important trend. And we see that even in security organizations which historically were full of experts but not full of engineers and people that could write code. And what we're seeing now is people say, Look, I have all this expertise, but I also see that with a software defined the infrastructure and everything's in a P I. If I pair up in engineering team with a security professional team, then well, how good things will happen because the security specials will say, Gosh, I do this repetitive task all the time. Can you write code to do that like, Yeah, we can write code to do that. So now I can focus on things that require judgment instead of just more rep repetitive. So So there's a really nice synergy there, and our security customers are becoming builders as well, and they're codifying if you moment expression in code, a policy that used to be in a document. And now they write code this as well. If that policy is whatever password length or how often we rode a credentials, whatever the policy is where Icho to ensure that that actually happening. So it's a real nice confluence of security expertise with the engineering, and they're not building the full stack >> themselves. This becomes again Aki Agility piece I had one customer on was an SMS business. They imported to eight of US Cloud with three engineers, and they wrote all the Kuban aged code themselves. They could have used, you know, other things, but they wanted to make sure it's stable so they could bring in some suppliers that could add value. So, again, this is new. Used to be this way back in the old days, in House developers build the abs on the mainframe, build the APS on the mini computers and then on I went to outsourcing, so we're kind of back. The insourcing is the big trend now, >> right in with the smaller engineering team, I can do a lot that used to require so many more people with a big waterfall method and long term projects. And now I take all these powerful building blocks and put an engineering team five people or what we would call it to pizza team five or six people off to the side, given 34 weeks, and they can generate a really cool system that would have required months and not years before. So that's a big trend, and it applies across the board, including two security. >> I think there's a sea change, and I think it's clear what I like about this show is this cloud security. But it's also they have the on premises conversation, Mrs Legacy applications that have been secured and or need to be secured as they evolve. And then you got cloud native and all these things together where security has to be built in. Yeah, this is a key theme, so I want to get your thoughts on this notion of built in security from Day one. What's your what's your view on this? And how should customers start thinking >> about it? And >> what did you guys bringing to the table? Well, I think that's just a general say maturation that goes on in the industry, >> whether it's cloud or on Prem is that people realize that the old methods we used to use like, Hey, I'm gonna build a nap And then I'm gonna hand it to the security team and they're gonna put firewalls around it That's not really gonna have a good result. So security by design, having security is equal co aspect of If I'm getting doing an architecture, I look a performance. I look, it cost. I look at security. It's just part of my system designed. I don't think of it as like a bolt on afterwards, so that leads to things like, you know, Secure Dev ops and kind of integration teams through. This could be happening on premises to it's just part of I T. Modernization. But Cloud is clearly a driver as well, and cloud makes it easier because it's all programmable. So things that are still manual on premises, you can do in a more automated getting into a lot of conversations here under the covers, A lot of under the hood conversations here around >> security BC to one of the most popular service is you guys have obviously compute a big part of the mission Land, another of the feature VPC traffic flows, where mirroring was a big announcement. Like we talked about that a lot of talking about the E c two nitro. You gave a talk on that. Did you just unpacked it a little bit because this has been nuanced out there. It's out there people are interested in. What's that talk about inscription is, is in a popular conversation taking minutes? Explain your talk. Sure, So we've talked for now a year and 1/2 >> about how we've essentially rien. Imagine reinvented our virtual machine architecture, too. Go from a primarily soft defined system where you have a mainboard with memory and intel processor and all that kind of a coup treatments of a standard server. And then your virtual ization layer would run a full copy of an operating system, which we call a Dom zero privileged OS that would mediate access between the guest OS is in this and the outside world because it would maintain the device model like how do I talk to a network card? How I talked to a storage device. I talked through the hyper visor, but through also a dom zero Ah, copy of Lennox. A copy of Windows to do all that I owe. So what we just did over the past few years, we begin to take all the things we're running inside that privileged OS and move that into dedicated hardware software, harbor combination where we now have components we call nitro components their actual separate little computers that do dbs processing. They do vpc processing they do instance, storage. So at this point now, we've taken all of the components of that damn zero. We've moved it out into these You could call Cho processors. I almost think of them is like the Nitro controllers. The main processor and the Intel motherboard is a co processor where customer workloads run because the trust now is in these external all systems. And when you go to talk to the outside world from easy to now you're talking through these very trusted, very powerful co processors that do encryption. They do identity management for you. They do a lot of work that's off the main processor, but we can accelerate it. We could be more assured that it's trustworthy. It can it can protect itself from potential types of hacks that might have been exposed if that, say, an encryption key was in the and the main motherboard. Now it's not so it's a long story until one hour version and doing three minutes now. But overall we feel that we built a trustworthy system for virtual. What was the title of talk so people can find it online? So I was just called the night to architecture security implications of the night to architecture. So it's taking information that we had out there. But we're like highlighting the fact that if you're a security professional, you're gonna really like the fact that this system has it has no damn zero. It has no shell. You can't log into the system as a human being. It's impossible to log in. It's all software to find suffer driven, and all the encryption features air in these co processors so we can do like full line made encryption of 100 gigabits of network traffic. It's all encrypted like that's never been done before. Really, in the history of computing, what's the benefit of nitro architectural? Simply not shelter. More trust built into it a trusted root. That's not the main board encryption, off load and more isolation. Because even if I somehow we're toe managed to the impossible combination of facts to get sort of like ownership of that main board, I still don't have access to the outside world. From there, I have to go through a whole another layer of very secure software that mediates between the inner world of where customer were close run and the outside world where the actual cloud is. So it's just a bunch of layers that make things more secure, >> and I'm sure Outpost will have that as well. Can you waste on that? Seem to me to hear about that. Okay, Encryption, encrypt everything. Is it philosophy we heard in the keynote? You also talked about that as well. Um, encrypting traffic on the hour. I didn't talk about what that means. What was talked to you? What's the big conversation around? Encryption within a. W s just inside and outside. What's the main story there? >> There's a lot of pieces to the pie, but a big one that we were talking about this week is a pretty long term project we call Project lever. It was actually named after a ah female cryptographer. Eventually Park team that was help. You know, one of the major factors, including World War Two, are these mathematicians and cryptographers. So we we wanted to do a big scale encryption project. We had a very large scale network and we had, you know, all the features you normally have, but we wanted to make it so that we really encrypted everything when it was outside of our physical control. So we done that took a long time. Huge investment, really exciting now going forward, everything we build. So any time data that customers give to us or have traffic between regions between instances within the same region outside reaches, whenever that traffic leaves our physical control so kind of our building boundaries or gates and guards and going down the street on a fiber optic to another data center, maybe not far away or going inter continent intercontinental links are going sub oceanic links all those links. Now we encrypt all the traffic all the time. >> And what's the benefit of that? So the benefit of that is there. Still, you know, it's it's obscure, >> but there is a threat model where, you know, governments have special submarines that are known to exist that go in, sniff those transoceanic links. And potentially a bad guy could somehow get into one of those network junction points or whatever. Inspect traffic. It's not, I would say, a high risk, but it's possible now. That's a whole nother level of phishing attacks. Phishing attack, submarine You're highly motivated to sniff that line couldn't resist U. S. O. So that's now so people could feel comfortable that that protection exists and even things like here's a kind of a little bit of scare example. But we have customers that say, Look, I'm a European customer and I have a very strong sense of regional reality. I wanna be inside the European community with all my data, etcetera, and you know, what about Brexit? So now I've got all this traffic going through. A very large Internet peering point in London in London won't be part of Europe anymore according to kind of legal norms. So what are you doing in that case? Unless they Well, how about this? How about if yes, the packets are moving through London, but they're always encrypted all the time. Does that make you feel good? Yeah, that makes me feel good. I mean, I so my my notion of work as extra territorial extra additional congee modified to accept the fact that hey, if it's just cipher text, it's not quite the same as unscripted. >> People don't really like. The idea of encrypted traffic. I mean, just makes a lot of sense. Why would absolutely Why wouldn't you want to do that right now? Final question At this event, a lot of attendee high, high, high caliber people on the spectrum is from biz dab People building out the ecosystem Thio Hardcore check. He's looking under the hood to see SOS, who oversee the regime's within companies, either with the C i O or whatever had that was formed and every couple is different. But there's a lot of si SOS here to information security officers. You are in the office of the Chief Security Information officer. So what is the conversations they're having? Because we're hearing a lot of Dev ops like conversations in the security bat with a pretty backdrop about not just chest undead, but hack a phone's getting new stuff built and then moving into production operations. Little Deb's sec up So these kinds of things, we're all kind of coming together. What are you hearing from those customers inside Amazon? Because I know you guys a customer driven in the customers in the sea SOS as your customer. What are they saying? What are they asking for? So see, so's our first getting their own minds around >> this big technical transformations that are happening on dhe. They're thinking about risk management and compliance and things that they're responsible for. They've got a report to a board or a board committee say, Hey, we're doing things according to the norms of our industry or the regulated industries that we sit in. So they're building the knowledge base and the expertise and the teams that can translate from this sort of modern dev ops e thing to these more traditional frameworks like, Hey, I've got this oversight by the Securities Exchange Commission or by the banking regulators, or what have you and we have to be able to explain to them why our security posture not only is maintained, it in some ways improved in these in this new world. So they're they're challenge now is both developing their own understanding, which I think they're doing a good job at, but also kind of building this the muscle of the strength. The terminology translate between these new technologies, new worlds and more traditional frameworks that they sit within and people who give oversight over them. So you gotta risk. So there's risk committees on boards of these large publics organizations, and the risk committees don't know a lot about cloud computing. So s O they're part of what they do now is they do that translation function and they can say, Look, I've I've got assurance is based on my work that I do in the technology and my compliance frameworks that I could meet the risk profiles that we've traditionally met in other ways with this new technology. So it's it's a pretty interesting >> had translations with the C I A. Certainly in public sector, those security oriented companies, a cz well, as the other trend, they're gonna educate the boards and they're secure and not get hacked the obsolete. And then there's the innovation side of it. Yeah, we actually gotta build out. Yes. This is what we just talked about a big change for our C says. That we talk to and work with all the time is that hey, we're in engineering community now. We didn't used to write a lot of code, and now we do. We're getting strong in that way. Or else we're parting very closely with an engineering team who has dedicated teams that support our security requirements and build the tools. We need to know that things are going well from our perspective. So that's a really cool, I think, changing that. I think that is probably one >> of my favorite trends that I see because he really shows the criticality of security was pretty much all critically, only act. But having that code coding focus really shows that they're building in house use case that they care about and the fact that I can now get native network traffic. Yeah, and you guys are exposing new sets of service is with land and other things >> over the top. >> It just makes for a good environment to do these clouds. Security things. That seems to be the show >> in a nutshell. Yeah, I think that's one of the nice thing about this show. Is It's a very positive energy here. It's not like the fear and scary stuff sometimes hear it. Security conference is like a the sky's falling by my product kind of thing Here. It's much more of a collaborative like, Hey, we got some serious challenges. There's some bad guys out there. They're gonna come after us. But as a community using new tooling, new techniques, modern approaches, modernization generally like let's get rid of a lot of these crusty old systems we've never updated for 10 or 20 years. It's a positive energy, which is really exciting. Good Mark, get your insights out. So this is your wheelhouse Show. Congratulations. >> You got to ask you the question. Just take your see. So Amazon had off just as an industry participant riding this way, being involved in it. What is the most important story that needs to be told in the press? In the media that should be told what's as important. Either it's being told it, then should be amplified or not being told and be written out. What's the What's the top story? I don't think that even after all this time that you know when people >> hear public cloud computing. They still have this kind of instinctive reaction like, Oh, that sounds kind of scary or a little bit risky and, you know, way need to get to the point where those words don't elicit some sense of risk in people's minds, but rather elicit like, Oh, cool, that's gonna help me be secure instead of being a challenge. Now that's a journey, and people have to get there, and our customers who go deep, very consistently, say, And I'm sure you've had them say to you, Hey, I feel more confident in my cloud based security. Then I do my own premises security. But that's still not the kind of the initial reaction. And so were we still have a ways, a fear based mentality. Too much more >> of a >> Yeah. Modernization base like this is the modern way to get the results in the outcomes I want, and cloud is a part of that, and it doesn't not only doesn't scare me, I want to go there because it's gonna take a community as well. Yeah, Mark, thanks so much for coming back on the greatest. Be hearing great Mark Mark Riley, direct of the office of the chief information security at Amazon Web services here, sharing his inside, extracting the signal. But the top stories and most important things >> being being >> said and discussed and executed here, it reinforced on the Cube. Thanks for watching. We'll be right back with more after this short break.

>> live from Boston, Massachusetts. It's the Cube covering AWS Reinforce 2019. Brought to you by Amazon Web service is and its ecosystem partners. Welcome >> back, everyone. Day two of live coverage here in Boston, Massachusetts, for AWS Amazon Web services. Inaugural conference called Reinforce. This is a Cloud security conference, the first of its kind. It's the beginning of what we see as a new generation of shift in now new category called Cloud Security. Obviously, Cloud has been growing. Security equation is changing and evolving. I got a great guest here. Colby Alan, who's a platform architect at ZIP with based in Seattle. Great for joining us. Thanks for coming on. Thanks for having me. So we're chatting before we came on about your journey and your Dev ops chops you guys have built over there that I want to get into that just quickly explain what you guys do real quick. Set the context. >> Yes, it is on SMS text messaging provider way Specialize in toll free messaging. We also texting able landline phone numbers. Our business is kind of really split into two parts way. Have you know your traditional Sadd's application that ran runs like a sad That's where you can, you know, have the you I thio interface your landline phone number eight under number With that messaging, no, top that We run a carrier grade network. So we have direct binds into all the major carriers in the U. S. Bringing online some Canadian carriers. That's really where the power of our platform and we own the network on DSO way started Nicolo and over the last last year, which has spent nine months moving all that into Amazon and >> forget about that. So explain the architecture. You guys move yet polos with network you moved to Amazon with three people. Just classic devils. A lot of hard work, I'm sure take us through what happened. What was the old environment? And now what does it look like now? >> Yeah, so, you know, when I just started with, you know, they were interesting place. They were just starting a huge growth. And so at that point, they existed in a few data centers in the U. S. And running the empire workloads on or bare metal databases on. The problem was, there was just a scaling problem, right? I mean, we couldn't way We're looking at the type of scale we needed and trying to procure hardware. And we just couldn't physically get it fast enough with the right amount of budget. So I come from a previous place doing a job? Yes. I mean, that's kind of what I've done for a lot of years. So, you know, I convinced my boss stay here. Let's let's run the stats happen. Eight of us. So we built that ran it, launched our new version of arse as application in Amazon. And at that point, you know, our traffic skyrocketed. You know, I think last year we had somewhere to 180% growth, right? And, you know, our core infrastructure just wasn't surviving. Right is outages and problems. And so, you know, we took it and we we went to Amazon with it. And, you know, we rebuilt it all. And it was a really interesting thing, because Amazon was Luther releasing features and we were consuming them, right? Five. Siri's and Nitro came out, and we're like finally waken get performance of the networking interfaces. Then they released the D instances within ve Emmys, or like finally, our databases will survive and they can go fast enough, you know? And then we leveraging huge Aurore instances, real impact power, the back end of this thing. So you >> guys really tapped really? At the right time? You guys were growing. You saw the, you know, that scale potentially bursting. You saw the scale coming in growth coming in the company you could almost see. Okay, look, we got a plan. So you go to Amazon News Service is what's the impact on the staff has been any more people. What's been the impact on? >> Yeah, I think the big thing is the initial move. We did it for three of us. I mean, it was a lot of work. We spent a lot of time doing it. A lot of people, sleepless nights, a lot of long weekends. But now you know, we've got a really stable platform, and, you know, we were able to really continue processing our message. Growth is increased, and we know we haven't, you know, had to totally re architect things again, right? The architecture's work has grown and expanded. Stale ability has been fantastic for us. The performance, of course, is you know, some of >> the best walking commercial for eight of us, a question paper. But if you'll have that same experience, but what's interesting is you guys essentially are, in my opinion, representative of the trend that we're seeing, which is certainly in security as they catch up the devil. That's a big story here. Security now can level up with speed of the Dev ops kind of engineering philosophy and pointing, but it's it's the trend of building your own and a lot of companies. They're reinvesting in teams of people because they're close to the action and they can actually code if I quickly use cases that they know are bona fide, whether it's a low level platform service, primitive or right up into the app, using machine learning and data. So you know you have now that now you had security in there. This is where the action is and so cos I mean, I see the successful ones like you guys coming in saying You know what? Let's not boil the ocean over. Let's just solve one problem scale and then let's look at the service is that we can leverage to doom or take us through that philosophies. I think you guys were great example of that. >> So, I mean, if we touch on the security aspect, I think that that was a big thing is way. Don't run a dedicate security team. My team is the security team, right? And that was a big thing that both me and my director is. You know, we wanted the people building it to be doing the security. And, you know, the that was what was really, you know, easy with eight of us is, you know, we could turn on all these fancy features. It was just, you know, a flag and Terra formed all of a sudden way. Have encryption arrest. It's something we've never had before. So there's that. And then, you know, to the builder methodology be because we came from such a scrappy like way. Got to go fast, like we didn't have time to evaluate software bringing consultants, you know, it's so, you know, we kind of just kind of adopted that, you know, it's better for us a lot of times to kind of roll our own thing. Andan there, times where there's software that's a good fit for it. I mean, we do use some external vendors on things, and >> that's really more of a decision on the platform. But as you look at the platform engineer, you go. Okay, we gotta build here. Let's weigh No, he don't really is not me that be a core competency. Let's go look at some vendors for this, this and that. But ultimately, if you look at something that's really core, you can dig into it. And certainly with Kubernetes and with a lot of the service is coming out sas after taking eventually Cloud Native. >> Yeah, yeah, through you're you're so we're huge Criminality is 100% kubernetes everywhere, and I think that that's really been another big thing for us is you know, it's it's brought our application up a level to be able to integrate, be more reliable. I mean, you know where you used to have this external service discovery piece, and then you have your security peace. You know where kubernetes I can go deploy a container application. Describe it all at once, right? It's all in my coat config so I can audit it for our compliance sees. You know we can co to review for our compliance, sees but the same time I deploy the whole thing. I'm not. Here's this team to point the There's this other team then coming by trying to secure the app. It it's all together. >> The old way would have been kind of build it out, maybe use some software. Have all these silo teams. Yes, and that's kind of all kind of built in. >> Yeah, we kinda just opened it out, right? I mean, you know, from from arse, as teams leveraging a lot of, you know, the security features that are available to us to our core piece, which is a very different type of software, you know, is leveraging the same pieces and same type of monitoring principle. >> It's interesting, You know, the Kino. There's something people hemming and hard around, like the word Dev sec ops. I mean, I love Devon. We've been we've been part of that since day one. It's been fun to be part of it, but we saw the benefits of it. Clearly. You see, no doubt there's no debate. But when you start getting into some of the semantic definitions, go to security known feel that, by the way, is fragmented like crazy and now you get the growth of the cloud is starting to see cloud security become its own thing That's different than the on premises side. So what's your take on that? Because a lot of people are wanting their going to cloud anyway. So what's that they're saying on premise, security posturing and cloud security? In your opinion? >> Yeah, so I mean, it is drastically different. I think part of it's the tool set that's available, right? I mean, we ran data centers. I've automated data centers, but, you know, they're just not at the level of which I could do the automation in the auditing in the cloud. So I feel like I found actually, some respects makes it easier for me to do security on run security and audit security numbers. The data center. You know, I don't run a lot of tooling and a lot of things to get all the views. I need it, But there's a lot of really separate systems, you know, in the cloud you have, like this one. Nice, fundamental, a p I. That hi is a person who has to build the infrastructure can use, but it's the same a p I that I put my security had on that. Like I used to make security, right, security groups, things of that sort. It's all the same, right? I'm not having to learn five different applications has been really important for our team because, you know, my team comes from the vast majority of no true Dev ops Thio. You know, we've been upgraded from people in our knock, you know, and have them really just learned the one ecosystem >> is you don't want to fragment the team. Yeah, I don't wanna have five different skill sets, kind of >> their victims. We just We don't wanna have tools that only one person knew how to do right. We wanted people to take vacations right? And like, we don't want to have a tool that's like only only that person knows how to run it, nobody else does. And so >> that was the big thing for us. What you think about the show here, reinforce all say it's not an Amazon Webster's summit. They do the summits which assistance see a commercial version of reinventing regions. This is a branded show is obviously their cloud security going hard at it. What's your take. So far, >> I've really enjoyed it. I mean, so I've gone to some. It's I've been to reinvent for a few years spoken to reinvent once, you know? But, you know, those things were fun, but they're so big and there's so much going on, you know, it's it's refreshing to be in this reinforced conference and focus on the security side. Sitting talks were like, You have people getting into kms and like some of these really pivotal tools. Yeah, it's been really, really >> get down and dirty here. Yeah, And people talk to, you know, approachable >> without, like, having to deal with all of Amazon, right? I can focus on, like, this one little >> portion reinvent you kidding? Walked through the hallways just like >> yeah, I mean, Well, where one hotel Are you gonna >> be at that point now, right? Yeah. >> Okay. So I gotta ask you about the dev ops question. We've been commenting yesterday day Volonte, who is on his way in. He and I were talking with a lot of si sos and a lot of practitioners. And the conversation generally was security needs to catch up to Dev ops and to pay who you talk to. They may or may not believe that way. Think that to be true. We think security now has the level up with the speed of Dev ops from his agility things that are highlights. For example, you guys have What's your take on that when someone says, Hey, security's got to catch up the devil Is it really catching a prism or transformation? What's your view on this >> will be like when you say catching up like it takes a negative. You know, I don't want to be negative there on DSO. I feel like it's a transformation. That means the same thing of going from the data center as as just as an operational engineer to Amazon is, there wasn't catching up. It was you just changing everything you do and how you think. And I think you know that's That's the same thing that a lot of security people I've seen struggle with was their success. Life are the ones that have gone, and I understand that, like, >> what do you think is the most important story happening in this world security cloud security screen general that should be covered by media that should be covered by the industry that is covered him should be amplified Maur or isn't covered and should be talking about what's the what is the most important stories that should be told. >> Well, so again, you know, I'm a fundamental layer, so things to me that I are always over shouted or like, you know, just encryption, right? I mean, everybody's like train encryption on. But, you know, I feel that talks I've gone to today or deeper dives into that. I feel like, you know, the kms product of Amazon. I feel like is a very powerful product that isn't super talked about. It's been nice here because they talked about 100 like you go to reinvent you don't really see a lot of kms type things are crowded, just them. And, you know, I think it makes some of those very difficult products to run in a data center very easy. You know what you hear on the security side is unsecured, as three buckets are like. Security groups are in conflict. Configure it incorrectly. And you know, no one knows that commercial. Everyone knows that. You know Elasticsearch not turned into a new s three right compromises You choose your database of choice of public. But for me, I think it's like a part that I feel is missing with Amazon is the ease of use of like, clicking a button. And >> now I have >> full Aurora encryption by default >> and the service you can just turn on what's next for you guys. Give us a peek into some of the things they're working on. What excited about? >> So I mean, we're making Ah, big thing is, you know, so we spend a lot of building now we're kind of going back and really kind of wrapping are a lot of our compliance is so zip it is a hole has been working towards a lot of stock to type compliance, seize on things like that. So, you know, we've been working through governance and no deploying. You know, software that kind of is more actively watching our environment and alerting us or helping us make sure we're staying at C. I s type benchmark so that you know, when my boss comes to me and says, Show me that we're doing this, I can just say, Oh, here's dashboard. So we were really not like via more secure State is a big, big product that we're working with right now. We leverage cloud health and those kind of the two external vendors that we've really partnered with. And so, you know, this year's been adopting those into the system. That's when the eight of us side, you know, we still just run Cooper Nettie. So there's a lot going on in the Cuban aunties ecosystem that we're also working on. So, like, service, mash and things of that sort like, How can I take this idea of security groups in this least trust model infrastructural e up to kubernetes, which by default this kind of flattened open. And so, you know, we've been exploring envoy and sdo linker D or write our own, you know, you know, and looking through those things and and then again wrote, making more robust CCD pipeline. So container scanning vulnerability, protecting our edge way running cloudfront wife for a while. But, you know, a lot of this year's gonna be spent, you know, Evaluate Now you know, we deployed a lost about 10 and got it turned on right because it works. But diving more deeply into like some of the autumn mediations >> have a fun environment right now, is it? You can knock down some core business processes, scale them up, and then you got the toys to play with the open source front. You got kubernetes really a robust ecosystem. They're just It's a lot of fun. >> Yeah, Criminal has definitely been exciting to play with >> advice to fellow practitioners and platform engineers because, you know, you guys been successful with transmission A the best. You got your hands on a lot of cool things. You got a good view, the landscape on security side of the deaf, upside for the people out there who were like they want to jump in with a parachute open. Whatever makes you that nervous, Some people are aggressively going at it hard core. Some have cultural change issues. What's your invite? General advice to your >> fellow appears My advice is just jump in and do it right. I mean, you know, don't be afraid. I mean, we had a really fast transformation, and we failed a lot very fast, and we weren't afraid of it. I mean, you know, if we weren't failing, we weren't doing it right. You know, in my opinion, right. We had to fail a few times a year. I was gonna work. And so I think, you know, don't be scared to jump in and just build, you know, right the automation. See what it does. Run some tests against it. >> You know, it's almost like knowing what not to do is the answer. Get some testing out there, get his hands dirty. >> What's gonna work for you? What's gonna work for your business? And the only way you're going to do that is to actually do it. >> Showed up in specialized Colby. Thanks for coming and sharing the great insight. Kobe Alan, platform engineer for Zip Whip Great company here. The Cube. Bring all the action. Extracting the signal from the noise. Great insights. And here, coming from reinforced here in Boston, eight dresses. First conference around. Cloud security will be right back after this short break

(upbeat music) >> Live from Boston, Massachusetts, it's theCube, covering AWS reInforce, 2019. Brought to you by Amazon Web Services and its ecosystem partners. >> Okay, welcome back, everyone. We are here live in Boston with theCube's coverage of AWS, Amazon Web Services, reInforce their inaugural conference, getting into the security event business because the customers are here and it's growing like crazy. I'm John Furrier, Dave Vellante. We are two guests of a hot startup called Valtix, Vishal Jain CEO, and Brian Lazear, Chief Product Officer. Valtix, you guys just launched out of stealth, congratulations. >> Thank you. >> You guys got some good pedigree I here, in the company. >> Yeah. >> Welcome to the cube. >> Thank you so much. >> Thank you John. >> Okay, so first of all, before we get to the conference, which I think is very relevant, you guys are are getting out there. What do you guys do? What is Valtix all about? What is the core problem you solve? Why start this company? What's the value proposition? >> Yeah, so Valtix is building the first cloud native network security platform. So before you start a company, you talk to lot of customers, and you talk to customers, and we saw the cloud is real. You can see here, cloud is real. And we saw that network security, have challenges in how to scale in the cloud, that mainly because of three things to look at that main thing is that the cloud is crawling. The data center used to be like three and four. Now the customer says is hard in the morning in the keynote, they have suddenly one than 10, hundred and 30 PCs. So the new logical perimeter you're seeing. Second thing we saw was that the apps are agile. And the third thing is security is always falling behind DevOps. So if you want to make security to be scaled with apps. >> So, you're saying level up the security apps piece to the DevOps pace. So DevOps is kind of pushing things really fast. You mentioned cloud come the new way. I mean, I remember the conversations around Software Defined data center, Brian, that was the holy grail for the on premises activity, was going to put some software on the storage and you got virtualization, we're done. In comes the cloud, changed the game on the Hadoop ecosystem, change the game on the on premises ecosystem. So what has it actually done differently? Where's it going? Where's the game happening now for security with kind of, because software is key to it? Where do you see it? >> Yeah, we definitely see that, I mean, DevOps is doing such a great job in the public cloud. I mean, DevOps is just, they're really doing a great job with the tooling, the teamwork, you know, automation aspects, and traditionally, security is always had a little bit of a lag to that. And in the cloud, that distance is much greater than ever has before so the security teams, particularly we do, which is network security, they are struggling. And so we focus on providing them a really good platform for that. And that platform includes the firewall. So we are building a cloud based firewall, that goes to the customer's premise, it's all structured around a controller, we have a cloud based controller that manages the firewall is in their central place to configure things. And also that controller is very aware of the applications. So we're keen on giving them that cloud-like experience with a vendor like us that comes over the top, and it can provide that capability as they grow. >> And the status of the product is what, shipping? It's a service? >> Yep. >> Explain the product. >> So last week, we did launch. We announced our funding, and we launched the the availability of the product, and it is built as a SAS. So the controller is a SAS model. The customer does own the firewall, we're a software company, so the software goes into their cloud premise, and it has all the services that they need for protecting their network edge. >> So what are the finer aspects, what are the real differences of network security in the cloud relative to traditional network security? >> Yeah, so what we saw was that the enterprises try to bring the our on prem vendor to the cloud, based as boxes, and as you said, a software defined environment, you need to bring up something more. So what we do is, we bring the whole lifecycle and three core elements of that is the visibility that we do the inventory of the apps, across your accounts, across your regions, across the cloud even. And second thing is how to plumb yours in the path and how to build an unified enforcement solution, which is what we call a firewall. So and built on three principles, cloud native, unification, and performance. >> And the the purpose of the company, when was the origination? When would you get the idea? Was it like, you decided to start a company? What was the motivation? >> Yeah, the big motivation was that, again, we talked to our customers, and we saw the cloud is real. But security is a big impediment to the public adoption and that's why we have this conference here, as well. And then we noticed the network security is not scaling the cloud. We like the problem, we found a team. Our team has the networking background, security background, and the cloud background. And we like the problem. We like a team and he said, okay, let's attack this problem and go after the market. >> So the blocker is scale, right? >> Scale and agility. Okay, so it's a company like Cisco is not solving this problem? Yeah, so what they did was they tried to bring the appliances to the cloud, in a virtual form factor. But in this new world of the cloud, getting sprawl. Agile's... You need kind of centralized control model to secure this new logical perimeter. You can't be appliance by appliance to secure the perimeter. You need to have a more data. >> You can't throw boxes at them. >> Yeah. >> Right, whether whether it's physical or virtual Yeah, exactly. I mean, what Vishal's pointing out too is that we want one aspect of what we do is that there's this super elegance to that day zero. You can just click a button and we deploy the gateway through the controller. That gateway is your firewall. Its right there. I mean, its almost instantaneous. So, even that level reflects the cloud native capabilities. That really gets people excited because the alternative is they grudgingly have to go and get the license and build it and build their functions to scale it and we handle all that. >> And I get why the hardware box model doesn't scale. Why doesn't the software defined virtual appliance scale? >> Yeah. Well, the background is that we see a couple competitors. We see the classic NG firewall players and we see the cloud native capabilities. On the cloud native side, they've made efforts to get into a virtual form factor, but its still basically a box. Its a VM form factor. The instrumentation for it, in a cloud environment, its sub-par and there's still a lot of manual effort to get these things up and running. The plumbing, its not... The user experience is very poor. >> So, its really bring your own box as opposed to here's a... >> Yeah and it has to be a solid form factor. >> So, network security, we heard yesterday at the partner event I attended, and I heard the folks from Amazon up there and they're getting serious about this cause they see the big enterprise opportunity. They want channel marketing, all kinds of new things. But, network security kind of has that same vibe that DevOps had. Which was, you have different consumption mechanisms, the customers are buying services, the pricing's different, the scale is different, you have policy, APIs too, its very cloud native. Are customers ready for that or is your controller, Valtix controller the gateway drug to the cloud so to speak cause, certainly if all those things are changing, that means the old just can be retrofitted for the new. You got to have something from scratch. And not a lot of people are lifting and shifting beyond infrastructure as a service. That's easy to replicate with the cloud, but when you get into some of the nuances with the apps that you're mentioning, these new dynamics have to be pure play features. >> Correct. >> Are you a solution to that? Or are you a gateway to that? Its the controller right? >> Yeah, we are a solution. For example, as I said, we do the full lifecycle. We have a controller will discover all your apps, so, an enterprise can have apps that cross your accounts and cross your cloud even and we discover all the apps. Second thing is once we discover the apps, put yourself in the path of security and we do that automatically. Third thing is enforcement. For that, we have two core engines, as I said. Provide re-development, which we call a cloud firewall from Valtix and secondly the cloud controller, which sees everything. So, its a global view of the entire enterprise infrastructure. >> In your marketing documentation, you talk about the trade-offs that people have to make between security and agility. That's always been a trade-off. Do you solve that problems and if so, how? >> So, again when we saw the customer we talked to and they bring their workshop appliances, or appliances to the cloud, then there are two choices they have. One is that are apps agile, but then you cannot secure using the client's model, so you kind of insecure, or naked we call it. The other option is that you must have heard, security slows me down. So you kind of become a secure and rigid. So every time you have a new app, a new EPC, you open a ticket and you install the new firewall. So, what we are giving a third option because both options I gave are bad choices, so we give a third option, which is agile and secure. That's what a centralized controller and a Valtix file will give you that option. >> Vishal and Brian, I want to get your thoughts on why you guys, so be the devil's advocate. You guys are just a startup, although your startups actually doing well in the cloud environment, I'm being a skeptic, I'm trying to shoot my own narrative here. But the reality is you guys are young company, you want to get the attention of the enterprise or customers, what's the pitch? Why you guys? What's your backgrounds, pedigrees, the backgrounds you guys bring to the table with software, talk about why you guys? What's the differentiator? >> In terms of the team, I would say, there are three core pillars, networking, security, and cloud, right? So, this team has built up billions of parkline and deployed in thousands of enterprises and there were two core expertise initially the team was, building fast performance by plans. Second thing is decoupling the control development. I mentioned some of that. So, those are some of the aspects and then you build your team around network expertise, security expertise, and a cloud expertise. >> Have they done it before? >> Yes, multiple times. >> How big's the team? >> The team is right now twenty people. >> Twenty people? And you just raised 14 million or over 14 million? >> Yeah, over 14 million we raised and we announced it last week. >> Yeah, great. Congratulations. >> What are some of the backgrounds of the team members? >> I mean they're Cisco, Juniper, Palo Alto, Google Cloud... >> Fortinet. >> Yeah, Fortinet. Its kind of that bench strength of security in a networking cloud and then I think the other component to that is that we all come from a common denominator of building, hands on building, shipping and marketing products that are transformative. That's also exciting. So, we see this and say, this is clearly transformative or this big market opportunity to help customers and we're like, ecstatic. >> Yeah, the cloud really... It sounds like to me you guys have a real holistic systems view of the world. Because the cloud is essentially an operating system or large, distributed computer and decentralized with crypto and blockchain. Its the system thinking that's interesting. Right, you guys have that... To know the network, you got to know the system. And you get into the apps, you got to understand that middle layer that's developing with Kubernetes and containers. With cloud native, that's developing really fast. So, to see that end to end is more of a systems kind of mindset. A lot of companies are lacking that because they've outsourced everything to global SI's and now they got to rebuild. Capital One's Sie So said, we're investing everything building. We're building more. So, they're builders, they're systems guys. What's your reaction to that? >> Yeah, so basically we also know this, that all of the enterprise we talk to were told that a lot of wine products, what we're building the platform. So, we'll be starting off with the food services, but its a platform, so a wholistic platform could do the full network security in the public cloud. That's what we are working towards. >> What's the differentiator? Why you guys? What's the main value proposition that you guys bring to the table? What's in it for the customer? >> Correct, the main value proposition is the team can build it and second thing is taking a cloud related approach to this problem. We are building for the cloud and we are building using the cloud are the principles. >> So you just went through your raise, so all these answers to the questions are fresh in your mind. But, Brian you talked about a large market. Help us understand that because the market is enormous, its like a hundred billion dollars or whatever it is, but its so fragmented, there's so many different segments. How do you guys look at the TAM and then the served market for you guys, that you go after? >> Our goal is to protect their data center, this new data center, basically everything that's going in or out of the data center on the network side, that's our focus. We didn't mention some of these services, but in the product we're shipping right now, it does decryption of TLS traffic, it does firewall, it does intrusion prevention, it does WAF, so it has this, and more, so there's this set of things that when we talk to the customers, they'll say, my blueprint for the cloud is like the prep, I have to stack all these things together, risk in security says you have to emulate that environment, its worked well here, make it happen out there. And so that's where you see people getting a little bit amped up. Its hard to do that. We have a platform that can consolidates that really well and knows the system level things that John was mentioning, but it is covering a lot of space, but we are very optimistic. We're making good grounds with that. >> So its a platform approach versus five, six products? >> Exactly, so the consolidation story connects really well. >> What's the most important story that needs to be told in the security industry today in your opinion? What do you think that customers should know about, that the media and or the industry should be discussing? >> The main thing is that we talk about DevOps. DevOps is very agile. So one thing is the current security is slowing me down. Security has to be agile, especially network security, we have heard in the past, slows you down. So that's, in the cloud world, the main reason people are going to cloud is because of the agility and network security should not stop that. >> So, security's slowing down... >> Yeah and we don't want that. >> Its a deep bottleneck for mass adoption, we're seeing that more and more and that problem statement, there's a lot of Ops angles to this. Its understanding, like multi-AZ deploys and the Transit Gateway, the new Transit Gateway from Amazon and how does this all work together and we're on top of that in the network security perspective. >> What do you think about the show here? Amazon's inaugural re:Inforce. Its not a summit, summits are regional re-invents. This is its own name, just like re-invent's different for the customer. Re-invent isn't re:Inforce. Pretty important, pretty strategic for Amazon Web Services. What do you guys think? >> I think its great. I mean, we have been using all alternatives like Transit, their mutilated support, the ST bucket. We use all the infrastructure they provide. Its always good to know what they are doing because in the reinvent around Transit Gateway and we incorporate that into our product. So, we want to be ahead of what they announcing, incorporate that and giving our customer what they need as a whole solution. >> So, Brian you're running the product, Chief Product Officer. What's on the roadmap? (laughter) >> Lots of good stuff. >> C'mon! >> We're very busy. >> Feed your request coming in. Give you their services, you could just bang them out, no big deal. (talking over each other) >> Just so easy, 2,000 a year. Amazon does it, you could do a couple hundred a year, no problem. >> There's probably a couple things. One is that we will continue to expand to other clouds because our customers want that. But its also just about more capabilities. So, they're seeing what we could do today. There's a lot that it could do and they're with us, they're on the journey with us and saying we want more help and this show is an example of that. The cloud is becoming more than a thing and security's getting emphasized, literally, its emphasized here. So, we're happy to help our customers along. >> Well you guys are launched, what's the priority? You're obviously hiring, what kind of culture do you have? What are some of your needs here? Put a plug for the company real quick. >> In terms of hiring, initially I'm also hiring more engineering, building the product. They're the core of the engine. But, now we are expanding the go to market team, we have sales, marketing and we are going to expand on both the sides, like sell and build more and sell more. >> Yeah, get the revenue in. Congratulations, hot startup. Good job, well done. Thanks for coming on theCube. >> Thanks John. >> Valtix launching with new product out of stealth with funding, getting off the runway, here at Amazon Websters Re:Invent theCube coverage. I'm John Furrier, Dave Vellante. Stay with us for more after this short break. (upbeat music)

>> Live from Boston, Massachusetts. It's theCube. Covering AWS Reinforce 2019. Brought to you by Amazon Web Services and its ecosystem partners. >> Hello everyone. Welcome back to the live Cube coverage here in Boston, Massachusetts for AWS, Amazon Web Services Reinforce with their inaugural conference around security, I'm (mumbles). We've got two great guests, from Splunk, Cube alumnis, and also, we do the Cube coverage Dot Conf., their annual conference, Haiyan Song, SVP, General Manager Security Market, Oliver Freidrichs, Vice President of Security Products, formerly with a company you sold to Splunk, doing Security Phantom, which was mentioned in the partner summit, so congratulations. Great to see you guys. >> Thank you. >> Thank you for having us. >> So you guys are a really great example of a company that's been constantly innovating, on top of AWS, as a partner, differentiating, continuing to do business, and been successful. All the talk about Amazon could compete with partners, there's always been that myth. You guys have been operating successfully, got great customers on AWS, now you have the security conference, so now it's like a whole new party for you guys. 'Cause you don't go off to reinvent anymore, certainly, the big event, what do you guys think about all this Reinforce focus? >> First of all, I'm just super impressed. The size, the scale, and the engagement from the ecosystem that they have over here, and I think, you know you mentioned we've been really partnering and being successful. I think the secret is really about, just be very customer-focused. It's about what the customer needs, it's not what does each of us need, and when we have that focus, we know how to partner, we know how to engage. One of the examples that we have here is we're partnering up as the capture the flag exercise and it's powered by Splunk, it's put up by AWS Reinforce, and we wanted to bring the best user engagement, gamification of learning to this audience. >> And there's a demand for a security conference because a new breed, a new generation of engineering and enterprises as they move to DevOps, with security, all those same principals now apply, but the stakes are higher because you got to share data, you got to get the data, it's the data-driven problem. You guys are thinking outside-- I think four years ago at Dot Conf, the cyber security focus front and center, mainstream. >> Very much so. And I think for us, security is a big part of our user conference, too. But we're getting inspirations from this event and how we can further, really implify that message for our customers. But we're just so glad we're part of this, thank you for having us. >> We're glad, big love covering you, big success story. Oliver, I want to get to you on the Phantom. Yesterday it was mentioned in a great demo of the security hub, security hub's the big news here, it's one of their major announcements, what is a security hub? >> Yeah, so security hub, and you're right it was just announced that it reached general availability, which means it's available now to the rest of the world. It's a place to centralize a lot of your security management in AWS. So when you have detections, or Amazon calls them findings, coming from other security servers so they're centralized in security hub, where you can then inspect them, take action, investigate them. And one of the reasons we're here, is we've established an integration with security hub, where you can now take a finding coming from security hub, pull it into Splunk Phantom, and run an automation playbook to be able to, at machine speed, take action on a threat. So typically, you know if you're a human, you're looking at an event, and you're deciding what do I do, well I might want to go an suspend an AMI or go and move that AMI or change the access control group to a different access control group so that AMI can only communicate with a certain protected network if it's infected. Automation lets you do that instantaneously, so if you have an attacker who unfortunately may have gained control of your AMI, this allows you to react immediately, very very quickly to take action in that environment. >> And this is where the holes are in the network, and its administrative errors and (mumbles) sittin' out there that someone just configure it, now they're like, they could be out there, no one knows. >> Exactly. >> Could be just tired, I didn't configure it properly. But you guys were in the demos, I want to get your reaction that, because I was sittin' in the room, they highlighted Phantom in the demo. >> That's right. >> And so that was super important. Talk about that integration. What's actually going on under the covers there. >> Yeah, so at a basic level, we're pulling findings through the security hub API, into the automation platform. And then at that point, a playbook kicks off. And a playbook is basically, think of it as a big if this/then that statement. You see a threat, and you go and take a number of actions. You might go and block a port, you might go an suspend that AMI, you might go and disable a user, but you basically build that logic up based on a known threat, and you decide, here's what I'm going to do when I see this threat, and I'm going to turn that into a codified playbook that you can then run very rapidly. On the back end, we've had to integrate with a dozen other APIs like EC2, S3, Guard Duty and others to be able to take action in the environment as well to remediate threats, like changing the access control list or group on a resource. So it's closing that end-to-end loop. >> Hold on, Dave , one quick question on that followup. Then the SISO came in from Capital One and was off the record with this comment, was not really a sensitive comment, but I want to highlight and your both reaction to this. He says in terms of workforce and talent, mentality, 'cause the question came up about talent and whatnot, he sees a shift from better detection to better alerts, because of some of the demos, and implying, kind of connecting the dots, that the trend is to automate the threat detections the way you guys had demoed with Phantom, and then he was tying it back to, from a resource perspective, it frees his team up to do other things. This is a real trend. You agree with that statement? >> Absolutely. >> What's your thoughts? >> Honestly, we believe that we can be automating up to 90% of the level one analysts. There's a lot of routine route work that's done today in the SOC, and it's unforgiving, nobody wants to be a Tier One analyst, they all want to get promoted or go somewhere else, because it's literally a rat race. >> It's boring and it's repetitive, you just automate it. >> Who wants to do that, so we can automate that, we can free up about 50% of the analysts' time to actually focus on proactive activities, things that actually matter, like hunting, research and other development, writing counter-measures, versus the continually keeping up and drinking from a fire hose. >> So I wonder if we could talk about how Splunk has evolved. You guys started before cloud, which came in 2006 and then really took off later, before the sort of big data craze, and you guys mopped up in big data. You never really use that term in your marketing, but you kind of became the big data leader defacto, you got an IPO with actually relatively, by today's comparisons, small raises, >> Compared to today, yeah, yeah (laughs). >> Incredibly successful story, very capital-efficient. But then the cloud comes in, you mopped up on prem, how would you describe how the cloud has changed your strategy, obviously you go out an acquire companies heavily focused on automation, but how would you describe your cloud strategy and how has that changed Splunk? >> That's a great question. I think the fact that you have so many people here, just tells you that the whole industry is going through this transformation. Not only the digital transformation, the cloud transformation. And I'm glad you mentioned our root, it's all about big data, and nowadays security, in many ways, is actually more about data than anything else. 'Cause the data represents your business, and you protect your data, how do you leverage the data, represents your security strategy. The evolution for us, when you zero that into cloud is, we have really been a very early adopter of cloud, we've been providing cloud services for our customers from the very beginning, at least six years ago when we introduced a product called Storm and we continued to evolve that as the technology evolved, we evolved that with customers. So nowadays you probably know cloud is one of our fastest-growing segments of our business. The technology team has been really innovating, really really fast. How do we take a technology that we built for on-prem, how do we rebuilt it to be cloud-native, to be elastic, to be secure in the new way of DevOps. Those are some of the super exciting things we're doing as a company, and on the security side we're also, how do we help customers secure a hybrid world? 'Cause we truly believe the world going to stay hybrid for a long long time and we have companies like AWS really sort of pioneering and focusing and doing things great for the cloud, we still have a lot of customers who need companies and technologies and solutions like what Splunk bring in to bridge the world. >> I want to get you guys' thoughts on some comments we've had with some SISOs in the past, and I really can't say the names probably, but one of them, she was very adamant around integration. And now when you're dealing with an ecosystem, integration's been a big part of the conversation, and the quote was, on integration, "have APIs and "don't have it suck." And we evaluate peoples' integration based upon the qualities of their APIs. Implying that APIs are an integration point. You guys have a lot of experience with APIs, your thoughts on this importance of integration and the roles that APIs play, because that's, again, feeds automation, again it's a key, central component of the conversations these days. Integration, your reaction to that. >> So, maybe I'll start. I'd say we would not have had the success of Phantom Cyber or the Soar market, if not for having those APIs. 'Cause automation was not a new concept. It's been tried and probably not succeeded for many times, and the reason that we've been experiencing this great adoption and success with Phantom technology is because the availability of APIs. I think the other thing I would just add, I'm sure he has lot of experience in working that, Splunk was always positioned ourself as we want to be the neutral party, to bring everything together. And nowadays we're so glad we're doin' the integration, not only on the data side, which is still important. Bring the data, bring the dark data and shining a light on top of that, but also turning that into action through this type of API integration. >> So good investment, betting on integration years ago. >> Absolutely. >> Early on. >> We also change our culture. We previously say how many apps we have in our Splunk base. Now with Oliver being part of the team, Phantom being part of the portfolio, we say how many apps and how many APIs we had to integrate. That a change of metrics. >> All right, Oliver. It's up to you now. I'm sure you know I know where you stand on this, APIs being, a renaissance of APIs going to the next level, 'cause a lot of new things goin' on with Kubernetes and other things. You've got State now, you got Stateless, which is classic rest APIs, but now you got State data that's going to play a big role. Your thoughts on that, don't make the APIs suck, and we're going to evaluate vendors based upon how good their API is. >> Yeah, I think, look it's a buying decision today. It's a procurement decision whether or not you have open APIs. I think buyers are forcing us as an industry, as vendors, to have APIs that don't suck. We're highly motivated to have APIs that work well. >> That sounds like a t-shirt ready to come out (laughs) >> That's a great idea. >> The Cube API's coming, by the way. >> What does that mean, to have APIs that don't suck? >> So the, a great definition I heard recently was, the API that you use as a vendor to interface with your product should be the same API that customers can use to interface with your product. And if all of a sudden they're different, and you're offering a lesser API to customers, that's when they start sucking. As long as you're eating your own dog food, I think that's a good definition. >> So it's not neutered, it's as robust, and as granular. >> Exactly, exactly. And I think what, 20 years ago there were no APIs in security. To do what we do today, to automate all of this security response techniques that we do today, it wasn't even possible. We had to get to a certain level of API availability to even get to this stage. And today, again, unless, if you're a black box, people aren't going to buy your product anymore. >> Yeah, so, again, go the next level is visibility's another topic. So if you open the APIs up, the data's gettin' better, so therefore you can automate the level one alert, threat detections, move people up to better alerting, better creativity, then begs the question, at what point does the visibility increase? What has to happen in the industry to have that total shared environment around data sharing, because open APIs implies sharing of data. Where visibility could be benefited greatly . >> Yeah, I think visibility is really the key. You can't measure what you can't, you can't manage what you can't measure, and you can't, you have to see everything in your environment, your assets, users, devices, and all of your data. So visibility is essential. And it comes in a number of forms. One is getting access to your policy data, your configuration data, seeing how are my things configured? What assets do I have? Where are my S3 buckets? How many AMIs do I have? Who owns them? How many accounts do I have? I think that was one of the challenges before, probably the last three to four years, before that period, enterprises were setting up a lot of these shadow cloud environments, 'cause you could buy Amazon with your credit card, essentially. So that was one of the problems that we would see in the enterprise, when a developer would go and create their own Amazon environment. So getting visibility into that is really been a big advancement in the last few years. Finding those things. >> The birth of multi-cloud. Go ahead John. >> Doesn't make it easier. >> We were talking earlier in our intro Dave and I on the keynote analysis around you can configure it, you can secure it, and then we were riffing on the DevOps movement, which essentially decimated the configuration management landscape. Which was at that time a provisioning issue around developers. They'd have to essentially stand up and manage the network, and go and make sure the ports are all there, and they got load balances are in place, and that was a developer's job. Infrastructure as code took that away. That was a major bottom, hierarchical needs, that was the lowest need. Now with security, if DevOps can take away the configuration management and infrastructure as code, it's time for security to take away a lot of the configuration or security provisioning, if you will. So the question is, what are some of those security provisioning, heavy liftings, tasks that are going to be taken away when developers don't have to worry about security? So as this continues with cloud native, it becomes security native. As a developer, and I don't want to get in and start configuring stuff. I want the security team to magically, security as code, as Dave said. Where are we on that? What's your guys' thoughts on getting to that point? Is it coming soon? Is it here now? What are some of those provisioning tasks that are going to be automated away? >> I think we made a lot of progress in that area already. The ability to simply configure your environment, that Amazon has continued to add layers of check boxes and compliance that allow you to configure the environment far more seamlessly than having to go down into the granular access control list and defining a granular access control policy on your network ports or AMIs, for example. So I think the simplification of that has improved pretty dramatically. And even some of the announcements today in terms of adding more capabilities to do that. Encryption by default. I don't have to go configure my encryption on my data at rest. It's there. And I don't even have to think about it. So if someone steals a physical hard drive, which is very difficult to begin with, out of an Amazon data center, my data's encrypted, and nobody can get access to that. I don't even have to worry about that. So that's one of the benefits that I think the cloud adds, is there's a lot of default security built in that ends up normalizing security and actually making the cloud far more secure than traditional corporate environments and data centers. >> Well I still think you have to opt in, though. Isn't that what I heard? >> Opt in, yes. I would just add to that, I think it's like a rising tides. So the cloud is making lot of the infrastructure side more secure, more native, and then that means we need to pay more attention to the upper level applications and APIs, and identities, and access controls. I think the security team continue to have lot of jobs. Even yesterday they said well, not only we need to do what we need to do to secure the AWS, we also now get involved in every decision, all the other compa-- you know, like functions are doing, taking new sort of SASS services. So I guess message is the security professional continue to have jobs, and your job going to be more and more sophisticated, but more and more relevant to the business, so that I think is the change. >> So question. Oliver, you described what a good API experience is, from a customer perspective, Haiyan, you talked about hybrid. Can you compare the on prem experience with the cloud experience for your customers and how and they coming together? >> You want me to try that first? >> Sure. >> Okay. So, I think lot of the things that people have learned to protect or defend, or do detection response in the on prem world, is still very relevant in the cloud world. It's just the cloud world, I think it's just now really transforming to become more DevOps-centric. How you should design security from the get-go, versus in the on prem world was more okay, let's try to figure out how to monitor this thing, because we didn't really give lot of thoughts to security at the very beginning. So I think that is probably the biggest sort of mentality or paradigm shift, but on the other hand, people don't go and just flip into one side versus the other, and they still need to have a way of connecting what's happening in the current world, the current business, the one that's bring home the bacon, to the new world that's going to bring home the bacon in the future. So they're both really important for them. And I think having a technology as AWS and their whole ecosystem, that all embracing that hybrid world and ecosystem plate no one sort of single vendor going to do all of them, and pick the right solutions to do what you do. So in security, I think it's, you going to continue to evolve, to become more, when the security's built in, what is the rising tide that's going to dictate the rest of the security vendors do. You cannot just think as 10 years ago, five years ago, even two years ago. >> So that bolt-on mentality in the first decade of the millennium was a boon for Splunk. It was beautiful. 'Cause we got to figure out what happened, and you provided the data to show that. How does Splunk differentiate from all the guys that are saying "oh yeah, Splunk, they're on prem, we're the cloud guys." What's your story there? >> Our story is you can't really sort of secure something if you don't have experience yourself. Splunk cloud is probably one of the top, say 10 customers of AWS. We live in the cloud, we experience the cloud, we use the word drink, you know, like eat our own dog food, we like to say we drink our own champagne, if you will, so that's really driving lot of our technology development and understanding the market and really built that into our data platform, build that into our monitoring capabilities, and build that into the new technologies. How, you know, it's all about streaming, it's not about just somebody sending you information. It's about, in a hybrid world, how do you do it in a way that you, we have a term called the distributed data fabric search, because data is never going to be in one place, or even sort of in one cloud. How do we enable that access so you can get value? From a security perspective, how do we integrate with companies and solutions that's so native into the cloud, so you have the visibility not and the Bodong, but from the very beginning. >> So you're saying that cloud is not magic for a software company, it's commitment and it's a cultural mindset. >> Absolutely. >> Guys, thanks so much for comin' on, great to see you, we'll see you at Dot Conf, the Cube will be there this year again, I think for the seventh straight year. Oliver, congratulations on your product success, and mention as part of the AWS security hub presentation. >> Thank you. >> Good stuff from Splunk. Splunk is inside the Cube, explaining, extracting the signal from the noise, from one of the market-leading companies in the data business, now cyber security, I'm with (mumbles), we'll be back with more Cube coverage after this short break. (techno music)