>> theCUBE's live coverage is made possible by funding from Dell Technologies, creating technologies that drive human progress. (upbeat music) >> Hey everyone, guys and gals, good to see you. It's theCUBE live in Barcelona at MWC23. Lisa Martin here with Dave Vellante on day one of four days of wall to wall CUBE coverage. Dave, today is ecosystem day. We've had some great conversations about why the open ecosystem is so important and some of the key players in it. >> Well and I'm in search of disruptors, so I'm looking for, okay, who are the network operators that are going to actually lean into the future and drive it and challenge the existing incumbents. We'll talk about that today. >> And we're going to be talking about that next. We've got one of our alumni back with us. Satish Iyer is here, the Vice President of Emerging Services at Dell. Great to have you back on the program. >> Thank you. >> Richard Leitao is with us as well, the Vice President of National Development at DISH Network. Welcome. >> Pleasure to be here. >> So, lots of, this is day one, the theme is velocity. I feel like the day has gone by so quickly. But Dell and DISH have partnered together on a multi-year initiative to build your nationwide cloud-native 5G network that's going to cover a lot of the US. Talk a little bit about that partnership, we'll get both of your perspectives. Richard, we'll start with you. >> Sure. So thank you again for having me. So DISH had the opportunity of, of going through this experience, of innovating once more. For the ones that know DISH, DISH is a company that was founded in 1980 by an innovator, a disruptor. Of course, in the course of the next 40 years, we had the opportunities of even disrupting ourselves. We launched our first satellite TV service. We then launched the first streaming, video streaming platform, disrupting our own satellite business. And since 2008, we have been acquiring Spectrum and, you know, Spectrum, the most valuable asset of a wireless operator. We felt that this was the right opportunity, having 5G , having O-RAN, and we decided to go full in in a greenfield project building national network, 5G O-RAN cloud-based network, one of a kind network in in the US and, and most of all, using O-RAN, it's very important to us, what, what it can bring and it can bring to DISH but to the entire ecosystem of, of this sector in the US. >> Satish, talk a little bit about the partnership from Dell's perspective and some of the unique advantages that Dell is delivering to DISH. >> Oh absolutely. Again, like Richard was saying, I mean the telecom network is being desegregated as we speak. You know, companies like DISH and everybody else is looking at what are the best-in-class technologies we can bring to the table. I would like to say that, you know, the cloud is coming to the telco world, right? A lot of us have seen the tremendous transformation in the cloud world in the last few years. Now, you know, DISH is a big enterprise company. As you know, you know, we are pretty strong within the cloud space and enterprise space. So what we try to work with DISH is Dell, is to bring to DISH is, you know, that notion of cloud scale and the cloud ecosystem into telecom, right? By means best-in-class infrastructure products, best-in-class software products, to allow somebody like DISH to innovate and incre, you know, basically expand and build their O-RAN network. So it's absolutely important for us as we build and get into the telecom space to work with somebody like DISH who's also disrupting as a carrier in that space. >> So it's early days for Open RAN but you've decided, "okay, we're all in". >> Yeah. >> Right? So (chuckling) you burn the bridge, as they say, "go for it". (Lisa chuckles) So when you talk to most people, they say, "okay, it's, it's, it's, it's immature." It's got to be able to get to the levels of, of the, the the hardened stack reliability. But of course it brings the advantage of flexibility and speed. Are you optimizing for one or the other right now? How are you dealing with that balance? >> Well, it, it's, it's not mature in the sense that most of operators that think about it, they have a legacy network. And in order to go full in on the O-RAN side, they need to scrap a lot of things that they have and honestly, they don't want, and it doesn't make sense. So being a greenfield operator, give us that advantage. Give us the advantage and, and desegregation, it's all about chip sets, boxes and software and the chip sets part and what I like the most in desegregation is the time of innovation. The time that we can use new chip sets coming into the market, the size of the boxes that we are using. Obviously our footprint onsite is much smaller than traditional carriers or proprietary systems. So all of that Dell has been critical in supporting us. Supporting us having the best chip sets, having the smallest footprint and, you know, the software, the cycle of innovation is much faster than in proprietary systems. So ma-, it's maturing. I'm glad to say that probably two years ago here O-RAN was more like a, a pilot type of technology. It is not, we are live, we are live for more than 30 million customers in the US and, you know, the performance levels are very similar to traditional networks. >> So you don't just buy a nationwide cloud-native 5G network out of the box, you got to- >> No, you don't. >> You got to build it. So I'm curious as to what Dell's role is in that, in that build out. >> Right? >> How and how, I'm really curious how to, how you would grade Dell but we'll get there. >> Yeah, I mean, look, yes, you don't. So I think the, the, the first and foremost is again, as, as we, Dell, comes into the telco space, one of the things we have to look at is to understand what makes Dell better in the enterprise space, right? It is the best-in-class infrastructure. It is the software ties together. As you talk about desegregated networks, it's important to understand lot of these piece parts have to still be touched together, right? So I think the integration and integration aspects becomes really key which is really Dell is very good at. So one of the things we are working really closely with DISH Tech, you know Richard was alluding to, is bringing all, not just bringing all the software and hardware assets together, but how do you continuously innovate and keep fixing things faster, right? So in the old days, traditional ways, you have a software stack, it takes you 18 months, 20 months to actually get an upgrade done. Here we have continuously CI/CD pipelines where if you want to a change done within, within a week's or within a few days, where we can actually go and test and make sure these things work. So I think a lot of the best enterprise software practices, cloud practices, combined with whatever needs for telco, actually is what makes it very unique. >> I, I saw that this started out as an FCC compliance initiative that turned into a partnership, obviously a very successful one. Richard, talk about what DISH saw in Dell that really made it the right choice, knowing you have choices, you have options. >> You know, we saw the capability to execute, but we also saw the capability to innovate. From an execution level, at the end of the day, like we were talking, we started the project in the middle of COVID, and we had the first mandate to cover 20% of the US population by June, 2022. And now we have a second one, 70% of US population by June 2023. At the beginning of the project, it was all about availability of materials, logistics, how to distribute, how to transport material. So Dell has a world-class supply chain, we felt that working with Dell through all these challenges made things easier. So from an execution perspective, whenever you need to build a network and you, you are building thousands of sites, you need to have materials, you need to distribute them and you need to install them. Dell helped us across the board. Our expectations obviously will change. We have a network, we want to cooperate with Dell in many other areas. We want to, you know, leverage on Dell ability to reach the enterprise market, to have private 5G offers. So hopefully this collaboration will endure in time and, and, you know, will change and evolve in time. >> And it's a big bet. I mean, it's not like a single, it's not like a little transaction that you guys are doing. I feel like, you know Michael Dell and Eric Carlson had dinner and they said, "okay, we're going to, we're going to partner up and this is going to be a multi-decade partnership. You had to be transparent, "Hey, we're new at this, even though we're really good at enterprise tech and so you're going to, obviously if you take a chance on us, here's what we promise you." >> Absolutely. >> And vice versa, you guys had to say, "all right, hey, we're willing to roll the dice because we're trying to change the world." So what was that dynamic like? I mean, how did, I'm curious as to this has to be a lot of different levels, engineering, senior management, board level discussions. >> You know, we felt a huge buy-in from Dell on the Open RAN concept. >> Right. >> Yeah, okay. >> And, you know, edge computing and, and the ability to get us the best product and evolve the best product, Intel is is critical in all these offerings. Intel has a great relationship with Dell. Dell helped us. Dell sponsored the DISH program and some of these suppliers, So it was definitely good to have their support and the buy-in on the O-RAN concept. We felt it from day one and we felt secure on that. >> Yeah, I mean, I, to add to that, I mean, you know DISH was very instrumental in driving, dictating and executing to our roadmap, right? They're one of the key, I mean, since they are out there and they're really turning in a way, it's important that a customer who's actually at the out front of innovation, helps us drive our own roadmap. So to Richard's point, a lot of our product roadmaps, in terms of what have you built and all that, was based on what DISH thinks as going to be market-based requirements. They also helped us a lot in the integration aspects. Like I said, one of the things about open desegregation of these networks is there is a lot of integration because, you know, there is, it's not a one, one monolithic pipe smokestack anymore. You are picking up best-in-class pieces, bits and pieces and tying it together. And it's important to understand when you tie it together things will go wrong, right? So there is a lot of learnings from an integration standpoint. Supportability, deployment, one of the things Richard talked about was supply chain, you know. Other Dell's ability to, lot of these deployments, a lot of these configs in the factory, right, in the second part. So especially a lot of these partnerships started during COVID time and as you all know, you know what we went through two years ago. So we had to make sure that lot of these things are done in one place and a factory, and not done in the field because we couldn't do a lot of these things. So there's a lot of, lot of experimentation, lot of, lot, lot of innovation on that. >> So it's 2030, what's this look like? What's the vision if we can work backwards from there? Well, a, a great network coverage to the entire country, bringing new services to enterprises, to verticals, bringing value add to customers and, you know, technology cycles, they are lasting much less than they were. I cannot even say what will happen in three years. 2030, I mean, I know, I know somebody has a vision for 2030. That's another thing. (everyone laughs) >> A lot of it is "build it and they will come", right? >> Yeah. >> I mean it really is right? You put that network in place and then innovation happens on top. That's the best thing. >> Yeah. And look and and I think the biggest people think about Open RAN in terms of cost, which, you know, you, you have some things in cost that you appreciate in Open RAN. The footprint, the the possibility to diversify suppliers and and have more competition. But for me, Open RAN is about innovation and cycles of innovation. I used to work for Nokia, I used to work for Alcatel. I knew from the generation of an idea to an execution and having a feature delivered to a certain customer, it, it took months. We want innovation to take weeks. We are innovating at the speed, speed of the cloud. We are cooperating with new players, players on the cloud and, and we expect things to happen much faster than they traditionally happen on the telecom sector. >> Move fast and break things. >> Well, we also expect that speed- >> Break and fix. (everyone laughs) >> Yeah, thank you for that. >> But speaking of speed, your customers expect that, right? They expect the service to be up 24/7. They expect to be able to access whatever content they want, whenever they want from wherever they are. So comment, Richard, in our last few minutes here of, of how the, the Dell partnership is helping DISH to really deliver the excellent customer experience that your customers just expect that you're going to deliver. >> Well by setting up the system, number one, we are leveraging on a number of services. And I mentioned the supply chain, but in reality Dell made much more than that for our 20% milestone and is supporting our 70% milestone by installing, testing, verifying most of our data center equipment. We found that this offering from Dell was really addressing some of our needs because, you know, we, we believe they know a lot in this area and they, they can provide the best advice and the best speed to market in, in terms of having this equipment. Because we are working on a time clock, we need to have this done as soon as possible. You know for the future, I hope that they can help us in driving more services. I hope they can bring all the infrastructure that we need to offer to our customers. And, you know, we keep committed to O-RAN. O-RAN is really important. We are not compromising that. And I think the future is bright for both of us. >> Yeah, and Dell learns from the experience. >> Exactly. >> Absolutely. >> There's got to be a catalyst for expanding your roadmap and vision in telecom. >> Yeah, I mean, like you said, I mean, you asked a 2030 question and I think that, you know, know six, seven years from now I think people should look at what DISH and Dell and say they were the trailblazers of make, bringing Open RAN to the market and making 5G a reality. I mean, you talk about 5G, but every 5G is on a different stages. I do think that this combination, this partnership has the best chance to be the first ones to actually have a truly Open RAN network to be successful in commercial. >> Awesome guys. Trailblazers, Dell and DISH. Well, we look forward to watching this story unfold. Thank you- >> Thank you. >> for joining Dave and me on the program today talking about what you're doing together. We appreciate it. >> Thanks for having us. >> Our pleasure. >> Thank you, bye. >> For our guests and for Dave Vellante, I'm Lisa Martin. You're watching theCUBE live from Barcelona at MWC23. We'll be back after a short break, so we'll see you soon.

>>Good afternoon everyone, and welcome back to the Cube. I am Savannah Peterson here, coming to you from Detroit, Michigan. We're at Cuban Day three. Such a series of exciting interviews. We've done over 30, but this conversation is gonna be extra special, don't you think, John? >>Yeah, this is gonna be a good one. Griffon Labs is here with us. We're getting the conversation of what's going on in the industry management, watching the Kubernetes clusters. This is large scale conversations this week. It's gonna be a good one. >>Yeah. Yeah. I'm very excited. He's also got a fantastic Twitter handle, twitchy. H Please welcome Richie Hartman, who is the director of community here at Griffon. Richie, thank you so much for joining us. Thanks >>For having me. >>How's the show been for you? >>Busy. I, I mean, I, I, >>In >>A word, I have a ton of talks at at like maintain a thing and like the covering board searches at the TLC panel. I run forme day. So it's, it's been busy. It, yeah. Monday, I didn't have to run anything. That was quite nice. But there >>You, you have your hands in a lot. I'm not even gonna cover it. Looking at your bio, there's, there's so many different things that you're working on. I know that Grafana specifically had some announcements this week. Yeah, >>Yeah, yeah. We had quite a few, like the, the two largest ones is a, we now have a field Kubernetes integration on Grafana Cloud. So our, our approach is generally extremely open source first. So we try to push stuff into the exporters, like into the open source exporters, into mixes into things which are out there as open source for anyone to use. But that's little bit like a tool set, not a ready made solution. So when we talk integrations, we actually talk about things where you get this like one click experience, You log into your Grafana cloud, you click, I have a Kubernetes, which probably most of us have, and things just work like you in just the data. You have to write dashboards, you have to write alerts, you have to write everything to just get started with extremely opinionated dashboards, SLOs, alerts, again, all those things made by experts, so anyone can use them. And you don't have to reinvent the view for every single user. So that's the one. The other is, >>It's a big deal. >>Oh yeah, it is. Yeah. It is. It, we, we has, its heavily in integrations course. While, I mean, I don't have to convince anyone that perme is a DD factor standard in everything. Cloudnative. But again, it's, it's, it's sometimes a little bit hard to handle or a little bit not easy to get into. So, so smoothing this, this, this path onto onboarding yourself onto this stack and onto those types of solutions. Yes. Is what a lot of people need. Course, if you, if you look at the statistics from coupon, and we just heard this in the governing board session yesterday. Yeah. Like 60% of the people here are first time attendees. So there's a lot of people who just come into this thing and who need, like, this is your path. This is where you should be going. Or at least if you want to go, go there. This is how to get there. >>Here's your runway for takeoff. Yes. Yeah. I think that's a really good point. And I love that you, you had those numbers. I was curious. I, I had seen on Twitter, speaking of Twitter, I had seen, I had seen that, that there were a lot of people here coming for the first time. You're a community guy. Are we at an inflection point where this community is about to continue to scale? >>That's a very good question. Which I can't really answer. So I mean, >>Obviously I bet you're gonna try. >>I covid changed a few things. Yeah. Probably most people, >>A couple things. I mean, you know, casually, it's like such a gentle way of putting that, that was >>Beautiful. I'm gonna say yes, just to explode. All these new ERs are gonna learn Prometheus. They're gonna roll in with a open, open metrics, open telemetry. I love it, >>You know, But, but at the same time, like Cuban is, is ramping back up. But if you look at the, if you look at the registration numbers between Valencia Andro, it was more or less the same. Interesting. Which, so it didn't go onto this, onto this flu trajectory, which it was on like, up to, up to 2019. I expect this to take up again. But also with the economic situation, everything, I, I don't think >>It's, I think the jury's still out on hybrid. I think there's a lot, lot more hybrid. Let's see how the projects are gonna go. That's what I think it's gonna be the tell sign. How many people are in participating? How are the project's advancing? Some of the momentum, >>I mean, from the project level, Most of this is online anyway. Of course. That's how open source, right. I've been working for >>Ages. That's >>Cause you don't have any trouble budget or, or any office or, It's >>Always been that way. >>Yeah, precisely. So the projects are arguably spearheading this, this development and the, the online numbers. I I, I have some numbers in my head, but I'm, I'm not a hundred percent certain to, but they're higher for this time in Detroit than in volunteer as far somewhere. Cool. So that is growing and it's grown in parallel, which also is great. Cause it's much more accessible, much more inclusive. You don't have to have a budget of at least, let's say, I don't know, two to five k to, to fly over the pond and, and attend this thing. You can just do it from your home. So that is, that's a lot more inclusive. And I expect this to, to basically be a second more or less orthogonal growth, growth path. But the best thing about coupon is the hallway track. I'm just meeting people, talking to people and that kind of thing is not really possible with, >>It's, it's great to see people >>In person. No, and it makes such a difference. I mean, yeah. Even and interviewing people in person too. I mean, it does a, it's, it's, and, and this, this whole, I mean cncf, this whole community, every company here is community first. It's how these projects come to be. I think it's awesome. I feel like you got something you're saying to say, Johnny. >>Yeah. And I love some of the advancements. Rich Richie, we talked last time about, you know, open telemetry, open metrics. You're involved in dashboards. Yeah. One of the themes here is ease of use, simplicity, developer productivity. Where do you see the ease of use going from a project standpoint? For me, as you mentions everywhere, it's pretty much, it is, it's almost all corners of the world. Yep. And new people coming in. How, how are you making it easier? What's going on? Give us the update on that. >>So we also, funnily enough at precisely this topic in the TC panel just a few hours ago, about ease of use and about how to, how to make things easier to, to handle how developers currently, like if they just want to get into the cloud native seen, they have like, like we, we did some neck and math, like maybe 10 tools at least, which you have to be somewhat proficient in to just get started, which is honestly horrendous. Yeah. Course. Like with a server, I just had my survey install my thing and it runs, maybe I need a database, but that's roughly it. And this needs to change again. Like it's, it's nice that everything is, is un unraveled. And you have, you, you, you, you don't have those service boundaries which you had before. You can do all the horizontal scaling, you can do all the automatic scaling, all those things that they're super nice. But at the same time, this complexity, which used to be nicely compartmentalized, was deliberately broken up. And so it's becoming a lot harder to, to, like, we, we need to find new ways to compartmentalize this complexity back to, to human understandable levels again, in particular, as we keep onboarding new and new and new, new people, of course it's just not good use of anyone's time to, to just like learn the basics again and again and again. This is something which should be just compartmentalized and automated away. We're >>The three, We were talking to Matt Klein earlier and he was talking about as projects become mature and all over the place and have reach and and usage, you gotta work on the boring stuff. Yes. And when it's boring, that means you have success. Yes. But then you gotta work on the plumbing. What are some of the things that you guys are working on? Because people are relying on the product. >>Oh yeah. So for with my premises head on, the highlight feature is exponential or native or spars. Histograms. There's like three different names for one single concept. If you know Prometheus, you ha you currently have hard bucket boundaries where I say my latency is lower equal two seconds, one second, a hundred milliseconds, what have you. And I can put stuff into those histogram buckets accordingly to those predefined levels, which is extremely efficient, but like on the, on the code level. But it's not very nice for the humans course you need to understand your system before you're able to, to, to choose good cutoff points. And if you, if you, if you add new ones, that's completely fine. But if you want to actually change them, course you, you figured out that you made a fundamental mistake, you're going to have a break in the continue continuity of your observability data. And you cannot undo this in, into the past. So this is just gone native histograms. On the other hand, allow me to, to, okay, I'm not going to get get into the math, but basically you define a single formula, which there comes a good default. If you have good reasons, then you can change it. But if you don't, just don't talk, >>The people are in the math, Hit him up on Twitter. Twitter, h you'll get you that math. >>So the, >>The thing is people want the math, believe me. >>Oh >>Yeah. I mean we don't have time, but hit him up. Yeah. >>There's ProCon in two weeks in Munich and there will be whole talk about like the, the dirty details of all of the stuff. But the, the high level answer is it just does what people would expect it to do. And with very little overhead, you become, you get highly, highly or high resolution histograms, which is really important for a lot of use cases. But this is not just Prometheus with my open metrics head on the 2.0 feature, like the breaking highlight feature of Open Metrics 2.0 will be you guested precisely the same with my open telemetry head on. Low and behold the same underlying technology is being put or has been put into open telemetry. And we've worked for month and month and month and even longer between all different projects to, to assert that we have one single standard which is actually compatible with each other course. One of the worst things which you can have in the cloud ecosystem is if you have soly different things and they break in subtly wrong ways, like it's much better to just not work than to break in a way, which is just a little bit wrong. Of course you won't figure this out until it's too late. So we spent, like with all three hats, we spent insane amounts of time on making this happen and, and making this nice. >>Savannah, one of the things we have so much going on at Cube Con. I mean just you're unpacking like probably another day of cube. We can't go four days, but open time. >>I know, I know. I'm the same >>Open telemetry >>Challenge acceptance open. >>Sorry, we're gonna stay here. All the, They >>Shut the lights off on us last night. >>They literally gonna pull the plug on us. Yeah, yeah, yeah, yeah. They've done that before. It's not the first time we go until they kick us out. We love, love doing this. But Open telemetry is got a lot of news too. So that's, We haven't really talked much about that. >>We haven't at >>All. So there's a lot of stuff going on that, I won't call it boring. That's like code word's. That's cube talk for, for it's working. Yeah. So it's not bad, but there's a lot of stuff going on. Like open telemetry, open metrics, This is the stuff that matters cuz when you go in large scale, that's key. It's just what, missing all the, all the stuff. >>No, >>What are we missing? What are people missing? What's going on in the show that you think that's not actually being reported on? I mean it's a lot of high web assembly for instance got a lot >>Of high. Oh yeah, I was gonna say, I'm glad you're asking this because you, you've already mentioned about seven different hats that you wear. I can only imagine how many hats are actually in your hat cabinet. But you, you are someone with your, with your fingers in a lot of different things. So you can kind of give us a state of the union. Yeah. So go ahead. Let's talk about >>It. So I think you already hit a few good points. Ease of use is definitely one of them. And, and improving the developer experience and not having this like a value of pain. Yeah. That is one of the really big ones. It's going to be interesting cause it is boring. It is janitorial and it needs a different type of persona. A lot of, or maybe not most, but a large fraction of developers like the shiny stuff. And we could see this in Prometheus where like initially the people who contributed this the most where like those restless people who need to fix that one thing, this is impossible, are going to do it. Which changed over the years where the people who now contribute the most are off the janitorial. Like keep things boring, keep things running, still have substantial changes. But but not like more on the maintenance level. >>Yeah. The maintainers. I was just gonna bring that >>Up. Yeah. On the, on the keep things boring while still pushing 'em forward. Yeah. And the thing about ease of use is a lot of this is boring. A lot of this is strategy. A lot of this is toil. A lot of this takes lots of research also in areas where developers are not really good at, like UX for example, and ui like most software developers are really bad at those cause they just think differently from normal humans, I guess. >>So that's an interesting observation that you just made. I we could unpack that on a whole nother show as well. >>So the, the thing is this is going to be interesting for the open source scene course. This needs deliberate investment by companies who assign people to those projects and say, okay, fix that one thing or make it easier to use what have you. That is a lot easier with, with first party products and projects from companies cuz they can invest directly into the thing and they see much more of a value prop. It's, it's kind of normal by now to, to allow developers or even assigned developers onto open source projects. That's not so much the case for the tpms, for the architects, for the UX and your I people like for the documentation people that there's not as much awareness of that this is also driving value for everyone. Yes. And also there's not much as much. >>Yeah, that's a great point. This whole workflow production system of open source, which has grown and keeps growing and we'll keep growing. These be funded. And one of the things we were talking earlier in another session about is about the recession potentially we're hitting and the global issues, macroeconomics that might force some of these projects or companies not to get VC >>Funding. It's such a theme at the show. So, >>So to me, I said it's just not about VC funding. There's other funding mechanisms that's community oriented. There's companies participating, there's other meccas. Richie, if you could have your wishlist of how things could progress an open source, what would you want to see happen in terms of how it's, how things are funded, how things are executed. Cuz developers are going to run businesses. Cuz ultimately if you follow digital transformation to completion, it and developers aren't a department serving the business. They are the business. And that's coming fast. You know, what has to happen in your opinion, if you had the wish magic wand, what would you, what would you snap your fingers to make happen? >>If I had a magic wand that's very different from, from what is achievable. But let, let's >>Go with, Okay, go with the magic wand first. Cause we'll, we'll, we'll we'll riff on that. So >>I'm here for dreams. Yeah, yeah, >>Yeah. I mean I, I've been in open source for more than two, two decades, but now, and most of the open source is being driven forward by people who are not being paid for those. So for example, Gana is the first time I'm actually paid by a company to do my com community work. It's always been on the side. Of course I believe in it and I like doing it. I'm also not bad at it. And so I just kept doing it. But it was like at night on the weekends and everything. And to be honest, it's still at night and in the weekends, but the majority of it is during paid company time, which is awesome. Yeah. Most of the people who have driven this space forward are not in this position. They're doing it at night, they're doing it on the weekends. They're doing it out of dedication to a cause. Yeah. >>The commitment is insane. >>Yeah. At the same time you have companies mostly hyperscalers and either they have really big cloud offerings or they have really big advertisement business or both. And they're extracting a huge amount of value, which has been created in large part elsewhere. Like yes, they employ a ton of developers, but a lot of the technologies they built on and the shoulders of the giants they stand upon it are really poorly paid. And there are some efforts to like, I think the core foundation like which redistribute a little bit of money and such. But if I had my magic wand, everyone who is an open source and actually drives things forwards, get, I don't know, 20% of the value which they create just magically somehow. Yeah. >>Or, or other companies don't extract as much value and, and redistribute more like put more full-time engineers onto projects or whichever, like that would be the ideal state where the people who actually make the thing out of dedication are not more or less left on the sideline. Of course they're too dedicated to just say, Okay, I'm, I'm not doing this anymore. You figure this stuff out and let things tremble and falter. So I mean, it's like with nurses and such who, who just like, they, they know they have something which is important and they keep doing it. Of course they believe in it. >>I think this, I think this is an opportunity to start messaging this narrative because yeah, absolutely. Now we're at an inflection point where there's a big community, there is a shared responsibility in my opinion, to not spread the wealth, but make sure that it's equally balanced and, and the, and I think there's a way to do that. I don't know how yet, but I see that more than ever, it's not just come in, raid the kingdom, steal all the jewels, monetize it, and throw some token token money around. >>Well, in the burnout. Yeah, I mean I, the other thing that I'm thinking about too is it's, you know, it's, it's the, it's the financial aspect of this. It's the cognitive load. And I'm curious actually, when I ask you this question, how do you avoid burnout? You do a million different things and we're, you know, I'm sure the open source community that passion the >>Coach. Yeah. So it's just write code, >>It's, oh, my, my, my software engineering days are firmly over. I'm, I'm, I'm like, I'm the cat herer and the janitor and like this type of thing. I, I don't really write code anymore. >>It's how do you avoid burnout? >>So a i I didn't curse ahead burnout a few years ago. I was not nice, but that was still when I had like a full day job and that day job was super intense and on top I did all the things. Part of being honest, a lot of the people who do this are really dedicated and are really bad at setting boundaries between work >>And process. That's why I bring it up. Yeah. Literally why I bring it up. Yeah. >>I I I'm firmly in that area and I'm, I'm, I don't claim I have this fully figured out yet. It's also even more risky to some extent per like, it's, it's good if you're paid for this and you can do it during your work time. But on the other hand, if it's so nice and like if your hobby and your job are almost completely intersectional, it >>Becomes really, the lines are blurry. >>Yeah. And then yeah, like have work from home. You, you don't even commute anything or anymore. You just sit down at your computer and you just have fun doing your stuff and all of a sudden it's deep at night and you're still like, I want to keep going. >>Sounds like God, something cute. I >>Know. I was gonna say, I was like, passion is something we all have in common here on this. >>That's the key. That is the key point There is a, the, the passion project becomes the job. But now the contribution is interesting because now yeah, this ecosystem is, is has a commercial aspect. Again, this is the, this is the balance between commercialization and keeping that organic production system that's called open source. I mean, it's so fascinating and this is amazing. I want to continue that conversation. It's >>Awesome. Yeah. Yeah. This is, this is great. Richard, this entire conversation has been excellent. Thank you so much for joining us. How can people find you? I mean, I give em your Twitter handle, but if they wanna find out more about Grafana Prometheus and the 1700 things you do >>For grafana grafana.com, for Prometheus, promeus.io for my own stuff, GitHub slash richie age slash talks. Of course I track all my talks in there and like, I don't, I currently don't have a personal website cause I stop bothering, but my, like that repository is, is very, you find what I do over, like for example, the recording link will be uploaded to this GitHub. >>Yeah. Great. Follow. You also run a lot of events and a lot of community activity. Congratulations for you. Also, I talked about this last time, the largest IRC network on earth. You ran, built a data center from scratch. What happened? You done >>That? >>Haven't done a, he even built a cloud hyperscale compete with Amazon. That's the next one. Why don't you put that on the >>Plate? We'll be sure to feature whatever Richie does next year on the cube. >>I'm game. Yeah. >>Fantastic. On that note, Richie, again, thank you so much for being here, John, always a pleasure. Thank you. And thank you for tuning in to us here live from Detroit, Michigan on the cube. My name is Savannah Peterson and here's to hoping that you find balance in your life this weekend.

>>Hey everyone. Welcome back to the Cube's coverage of Ansible Fest 2022. We are live in Chicago. This is day two of Waldo Wall coverage on the cube. John Fhrer here with me. Lisa Martin. John, today's a big news day. Yeah, >>Big time. I mean, we got the chief architect on this segments to be great. We have the lead product management. All the new stuff coming out really is a game changer. It's very cool and relevant. Very key to be relevant. And then, and being a part of the future. This is a changeover you see in the NextGen Cloud developer environment. Open source all coming together. So Ansible we've been covering for many, many years. We've always said they're in the middle of all the action and you're starting to see the picture. Yes. For me. So we're looking forward to a great segment. >>Yes. We've got two alumni back with us to unpack the news and all the great stuff that's going on here. Richard Hensel joins us Senior manager, Ansible Product Management, and Matthew Jones here, fresh from the keynote stage, Chief architect of Ansible Automation. Guys, great to have you on the program. Thanks >>For having us. Good to be here. >>So this morning was all about event driven Ansible. Unpack that. Talk about the impact that this is gonna have, The excitement, the buzz that you've heard on the show floor today. >>Yeah. You know, it's, it's exciting. We've been working on this for a while. We've been really excited to show this off because it's something that feels like the natural evolution of the platform and where it's going. Really being able to connect the automation with the sources of data and the actions that we know people want to use. We, we came into this knowing everybody here at this conference, this is something that everybody will be able to use. >>Talk about the innovations strategy. Cause we've always had these great conversations with Ansible. Oh yeah. The, the practitioners, they're, they're building the product with you. You guys are very hardcore on that. No secret. This is different. This is like a whole nother level of opportunity that's gonna take the, the community to new heights in terms of what they do in their job and free them up to do more creative development. >>Yeah, you're exactly right. You know, we, we know that people need to bring that sort of reactive and active automation to it. We've, we've done a lot of work to bring automation to everybody, to the masses. Now we need to meet them at the place where they are, where the, the where, where they have to do the most work and, and act in the most strategic and specific ways. >>All right. So now before we get into some of the deep dive, cause a ton of questions. This is really exciting product. Take a minute to explain what was the key announcement? Why, what specifically does this mean for the audience, watching customers and future customers? What's the big deal? To take a minute to explain what was announced. >>So this is about the, the evolution and the maturity of the automation that our users are doing. So, you know, you think about provisioning servers, you know, configuring networks, all that sort of, the stuff that we've established and everybody's been doing for a number of years. And then you go, Well, I've invested in that. I've done the heavy lifting, I've done the things that cost me agility. I think that cost me time. Well now I need to go further. So what can I go further into? And you move further at the stacks. You move away from the infrastructure, please. You move away from infrastructure as code. You move towards through configures code, up to officer's code. And you start to get into, well, I've got, I've got road tasks, I've got repetitive actions that I'm doing. I've got investigations, I've got remediations, I've got responses. >>Well, there's work that I do on a daily basis that is toil. Right. It's not efficient work. Right. Actually, we doing valuable work in the operation space as much as you were doing in, in the build space. And how do we move them up into that space? And it's, this is all based off observation. You can do this today, but how do we make it easier? We've gonna make it easier for them to do that and get, it's all about success. It's about the outcomes we're gonna drive users towards. They need to be successful as quickly as possible. How do we make that >>Happen? And Matt, I remember we talked in 2019 with Ansible, the word platform where we say, Hey, you know, platforms are super important. It's not a tool, tools and platforms as distinctions. You mentioned platform. This is now platform. A lot of people put a lot of work in into this Yeah. Claim what went on behind the scenes. So >>You're exactly right. And we've spent the last couple of years really taking that disparate set of tools that, that we've invested a lot of time in building that platform. It's been exciting to see it come together. We always knew that we wanted to capture more of, more of where people find automation and find they need automation, not just out on the edge, on the end of the, of the, of the actions and tasks that they need to do. They've got a lot of things coming in, a lot of things that they need to take care of. And the community is really what drives this for us. People who have been doing this for years and they've been asking us, Meet me halfway. Give me something. Give me a part of this platform and a capability that enables me to do this. So I I feel like we've done that and you did >>It. Yeah, exactly. For step one. >>And that must feel pretty good too, to be able to deliver what, you know, the masses are looking for and why they're looking >>For it. Yeah. This was, there was no question that we knew this was gonna deliver the kind of real value that people were looking for. >>Take us through the building blocks real quick. I know on stage you went through it in detail. What should people know about the core building blocks of, of this particular event driven >>Piece? Yeah. You know, I think the most important thing to understand at the, at the outset is the sources of data and events that come in. It's really easy to get lost in the details. Like, what do you mean a source? But, you know, we've shown examples using Kafka, but it's not just Kafka, right? It's, it's, it's web hooks, it's CI systems, it's any, any place that you can imagine an evict coming from your monitoring platforms. You can bring those together under the same umbrella. We're not requiring you to pick one or choose or what's your favorite one. You can bring, you can use them all and and condense them down into the, into the same place. >>There's a lot of data events everywhere now. There's more events. Yeah. Is there a standard interface? Is what's the, is there any kind of hook in there? Is what's, what's gonna limit? Or is there any limits? >>I I don't think there is a limit. I, you know, it's, and we can't even imagine where events and data are gonna come from, but we know we need to get them into the system in a way that makes the most sense for the, the customers. And then that, that drives through into the rule books. Like, okay, we have the data now, but what do we do with that data? How do we translate that into, into the action? What are the rules that need to follow? It's giving the, the, the person who is automating, who understands the data that's coming in and understands the task that they need to take. The, the rules are where they map those into it. And then the last part, of course is the playbook, the automation itself, which they already know. They're already experts in the system. So we've, we've, we've built this like eight lane highway. They get some right end of those actions. >>Let's talk about Richard, let's unpack those actions and the really kind of double click on the business outcomes that this is actually gonna enable organizations and any industry to achieve. >>Yeah, so >>I mean, it's, it, like Matt said, it's really hard to encapsulate everything that we see as possible. But if you just think about what happens when a system goes down, right? At that point in time, I'm potentially not making money, right? I'd say it's costing me time, it's costing me, that's a business impact. If I can speed up how quick I can resolve that problem, if I can reduce time in there, that's customer improvement, that's custom satisfaction. That's bottom line money for businesses, right? But it's also, it's also satisfaction for the users. You know, they're not involved in having the stressful get online, get quickly, activate whatever accounts you need to do, go and start doing discovery. You can detect a lot of that information for the discovery use case that we see, respond to an event, scan the system for that same logic that you would normally do as a user, as a human. >>And that's why the rules are important to add into ed. It's like, how do I take that human, that brain part that I would say, well, if I see this bit, oh, I'll go and have a look in this other log file. If I see this piece, I'll go and do something different. How do we translate that into Ansible so that you've got that conditional logic just to be able to say, if this do that, or if I see these three things, it means a certain outcome has happened. And then again, that defined, that's what's gonna help people like choose where it becomes useful. And that's how we, that's how we take that process >>Forward. I'm sure people are gonna get excited by this. I'm not sure the community already knows that, but as it's gonna attract more potential customers, what's different about it? Can you share the differentiation? Like wait minute, I already have that already. Do they have it already? What's different? What makes this different? What's, what's in it for them? >>Yeah. When we step up into a customer situation, an enterprise, an organization, what's really important becomes the, the ability to control where you do some of that work. So the control and the trust, You know, would you trust an automatic system to go and start making changes to hundreds of thousands of devices? And the answer is often not, not straight away. So how do we put this sort of sep the same separation of duties we have between dev and ops and all the nice structures we've done over the last number of years, and actually apply that to that programmatic access of automation that other systems do. So let's say a AIML systems that are detecting what's going on, observability platforms are, are much more intru or intrusive is the wrong word. They're much more observable of what's going on in the systems, right? But at the same time you go, I wanna make sure that I know that any point in time I can decide what, what is there and what can be run and who can run it and when they can run it. And that becomes an important dimension. >>The versatility seems like a big deal too. They can, Yeah. Any team could get >>Involved. And, and that's the, the same flexibility and the same extensibility of Ansible exists in this use case, right? The, the, the ability to take any of those tasks you wanna do in action, string them together, but what the way that it works for you, not the way that it works that we see, but the way that you see and you convert your operational DNA into how you do that automation and how that gets triggered as you see fit. >>Talk about this both of you. I'd like to get your perspectives on event driven Ansible as part of the automation journey that businesses are on. Obviously you can look at different industries and different businesses are, are at different places along that journey, but where does this fit in and kind of plugin to accelerating that journey? That's, >>That's a good question. You know, sometimes this ends up being like that last mile of we've adopted this automation, we've learned how to write automation. We even understand the things that we would need to automate, but how do we carry it over that last topic and connect it to our, our knowledge systems, our data stores, our data lakes, and how do we combine the expertise of the systems that we're managing with this automation that we've learned? Like you, you mentioned the, the, the community and the, the coalescing of data and information, the, the definition of the event rules and, and the event driven architecture. It lives alongside the automation that you've developed in the exact same place where you can feel that trust and ubiquity that we keep talking about. Right? It's there, it's certified. And we've talked a lot about secure supply chain recently. This gives you the ability to sign and certify that the rules and actions that we're taking and the sources that we're communicating with works exactly the same way. Yeah. And >>There's something we didn't, we didn't correlate this when we first started doing the work. We were, we were, we observe teams doing self-healing and you know, extending Ansible. And then over the last 18 months, what we've also seen is this movement, this platform engineering movement, the SRE teams becoming much more prominent. And this just nicely sits in as a type of use case for that type of transformation. You know, we've gotta remember that Ansible at is heart is also a transformative tool. Is like, how do you teach this behavior to a bunch of people? How do you upscale a larger base of engineers with what you want to be able to do? And I think this is such an important part that we, we just one say we stumbled into it, but it was a very, very nice, >>It was a natural progression. >>Exactly. >>Yeah. Yeah. Tom, Tom, when we were talking about Tom yesterday, Tom Anderson and he said, You guys bring up the SRE to you guys when you come on the cube. This is exactly a culture shift that we're talking about. I mean, SRE is really his legacy with Google. We all know that. Everyone kind of knows that, but it's become like a job title. Well they kind of, what does that even mean now if you're not Google, it means you're running stuff. DevOps has become a title. Yeah. So what that means is that's a cultural shift, not so much semantics Yeah. On title. This is kind of what you guys are targeting here, enabling people to run platforms, engineer them. Yeah. Like an architect and enable more co composability coding. >>And, and it's, so that's, that distinction is so important because one of the, you know, we see many customers come from different places. Many users from, you know, all the legacy or heritage of tools that have existed. And so often those processes are defined by the way that tool worked. Right? You had no other way that, that, and the, and it's, it happened 10 years ago, somebody implemented it, that's how it now works. And then they come and try and take something new and you go, well, you can't let the tool define your process. Now your culture and your objective has to define the process. So this is really, you know, how do we make sure we match that ability by giving them a flexible tool that let's say, Well what are you trying to achieve? I wanna achieve this outcome. That's the way you can do it. I >>Mean, that's how we match basically means my mind to get your reaction. It means I'm running stuff at scale. Yep. Engineer, I'm engineering and infrastructure at scale to enable, >>I'm responsible for it. And it's, it's my, it's my baby. It's my responsibility to do that. And how do we, how do we allow people to do that better? And you know, it, it's about, it's about freeing people up to focus on things that are really important and transformative. We can be transformative. And we do that by taking away the complexity and making things work fast. >>And that's what people want. People in their daily jobs want to be able to deliver value to the organization. You wanna feel that. But something Richard that you were talking about that struck me a couple minutes ago is, was a venture of an Ansible. There's employee benefits, there's customer benefits, Those two are ex inextricably linked. But I liked how you were talking about what it facilitates for both Yes. And all the way to the customer satisfaction, brand reputation. That's an important Yeah. Element for any brand to >>Consider. And that, I mean, you know, think about what digital transformation was all about. I mean, as we evolve past all these initial terms that come about, you know, we actually start getting to the meat of what these things are. And that is it connecting what you do with actually what is the purpose of what your business is trying to achieve. And you can't, you can't almost put money on that. That's, that's the, that's the holy grail of what you're trying to get to. So how, you know, and again, it just comes back to how do we facilitate, how do we make it easy? If we don't make it easier, we're not doing it right. We've gotta make it easier. >>Right. Well, exciting news. I want to get your guys' reaction and if you don't mind sharing your opinion or your commentary on what's different now with Ansible this year than just a few years ago in terms of the scope of what's out there, what's been built, what you guys are doing for the, for the customer base and the community. What's changed? Obviously the people's roles looked that they're gonna expand and have more, I say more power, you know, more keys to the kingdom, however you wanna look at it. But things have changed. What's changed now from a few years >>Ago. It's, you know, it, it's funny because we've spent a lot of time over the last couple years setting up the capabilities that you're seeing us deliver right now. Right. We, we look back two or three years ago and we knew where we wanted to be. We wanted to build things like eda. We wanted to invest in systems like Project Wisdom and the, the types of content, the cloud journey that, that now we're on and we're enabling for folks. But we had to make some really big changes. And those changes take time and, and take investment. The move into last year, John, we talked about execution environments. Yeah. And separating the control plane from the execution plane. All of that work that we did and the investment into the platform and stability of the platform leads us now into what >>Cap. And that's architectural decision. That's the long game in mind. Exactly. Making things more cohesive, but decoupled, that's an operating system kind of thinking. >>It, it totally is. It's a systems engineering and system architecture thinking. And now we can start building on top of these things like what comes after ed, what does ED allow us to do within the platform? All of the dev tools that we focused on that we haven't spent a lot of time talking about that from the product side. But being, coming in with prescriptive and opinionated dev tools, now we can show you how to build it. We can show you how to use it and connect it to your systems. Where can we go next? I'm really excited. >>Yeah. Your customer base two has also been part of from the beginning and they solve their own problems and they rolled it up, grow with it, and now it's a full on platform. The question I then ask is, okay, you believe it's a platform, which it is, it's enabling. What do you guys see as that possible dots that could connect that might come on top of this from a creativity standpoint, from an ecosystem standpoint, from an Ansible standpoint, from maybe Red Hat. I mean, wisdom shows that you can go into the treasure trove of IBM's research, pull out some AI and some machine learning. Both that in or shim layered in whatever you do. >>I mean, what I'm starting to see much more, especially as I, the nice thing about being here is actually getting face to face with customers again and you know, actually hearing what they're talking about. But you know, we've moved away from a Ansible specific story where I'm talking about how I, I was always, I was looking to automate, I was looking to go to Ansible. Well now I've got the automation capability. Now we've enhanced the automation. Capabil wisdom enhances the automation capability further. What about all those, those broader set of management solutions that I've got that I would like to start connecting to each other. So we're starting to take the same like, you know, you mentioned as then software architecture, software design principles. We'll apply those same application design principles, apply them to your IT management because we've got data center with the pressures on there. We've got the expansion into cloud, we've got the expansion to the edge, right? Each adding a new layer of complexity and a new layer of, you know, more that you have to then look after. But there's still the same >>Number of people. So a thousand flower blooms kind of situation. >>Exactly. And so how do I, how do I constrain, how do I tame it, right? How do I sit there and go, I, I can control that now I can look after that. I contain that. I can, I can deal with what I wanna do. So I'm focusing on what's important and we are getting stuff done. >>We, we've been quoting Andy Grove on the cube lately. Let chaos, rain and then rain in the chaos. Yes. Right? I mean that's kind of every inflection point has complexity before it gets simpler. >>Yeah, that's right. >>Yeah. You can't, there's answer that one. That's >>Perfectly. >>Yeah. Yeah. What do you expect to see chief ar you gotta have the vision. What's gonna pop out? What's that low, low hanging fruit? What's gonna bloom first? What do you think's gonna come? >>I, you know, my overarching vision is that I just want to be able to automate more. Where, where can we bring back, So edge cloud, right? That's obvious, but what things run in the cloud and and on the edge, right? Devices, you heard Chad in the keynote this morning talk about programmable logic controllers, sensors, fans, motors, things like that. This is the, the sort of, this is the next frontier of automation is that connecting your data centers and your systems, your applications and needs all the way out to where your customers are. Gas stations, point of sale systems. >>It's instant. It's instant. It is what it is. It's like just add, Just >>Add faster and bigger. Yeah. >>But what happens if, I'll give you a tease. What I think is, is what happens if this happens? So I've got much more rich feature, rich diverse set of tools looking after my systems, observing what's going on. And they go through a whole filtering process and they say such and such has happened, right? Wisdom picks that up and decides from that natural language statement that comes outta the back of that system. That's the task I think is now appropriate to run. Where do you run that? You need a secure execution capability. Pass that to an support, that single task. And now we run inside the automation platform at any of those locations that you just mentioned, right? Stitching those things together and having that sequence of events all the way through where you, you predefine what's possible. You know, you start to bias the system towards what is your accepted standard and then let those clever systems do what you are investing in them for, which is to run your IT and make it >>Easier. Rich here was on earlier, I said, hey, about voice activated it. Provision the cluster. Yeah. >>Last question guys, before we run out of time for this. For customers who take advantage of this new frontier, how can they get started with the bench of an what's? >>That's a good question. You know, we, we've engaged our community because they trust us and we trust them to build really good products. ansible.com/events. Oh man, >>I did have the, I >>Had the cup, the landing page. >>Find somebody find that. >>Well it's on GitHub, right? GitHub It is. >>Yeah it >>Is. Absolutely ansible.com. It's probably a link somewhere if I on the front page. Exactly. On GitHub. The good code too. >>Right? Exactly. And so look at there, you can see where we're going on our roadmap, what we're capable of today. Examples, we're gonna be doing labs and blogs and demonstrations of it over the next day, week, month. Right. You'll be able to see this evolve. You get to be the, the sort of vanguard of support and actions on this and >>Cause we really want, we really want users to play with it, right? Of course. We've been doing this for a while. We've seen what we think is right. We want users to play with it. Tell us whether the syntax works, whether it makes sense, how does it run, how does it work? That's the exciting part. But at the same time, we want the partners, you know, we, we don't know all the technologies, right? We want the partners that we have that work with us already in the community to go and sort of, you know, do those integrations, do those triggers to their systems, define rules for their stuff cuz they'll talk to their customers about it as >>Well. Right? Right. It'll be exciting to see what unfolds over the next six to nine months or so with the partners getting involved, the community getting involved. Guys, congratulations on the big announcements. Sounds like a lot of work. I can tell. We can tell. Your excitement level is huge and job well done. Thank you so much for joining us on the Cube. Thank you very much. Thank you. Our pleasure. Just All right, for our guests and John Furrier, I'm Lisa Martin. You're watching The Cube Live from Chicago, Ansible Fest 22. John and I will be right back with our next guest of Stay tuned.

>>Kicking things off for Netscout's latest threat intelligence reports. I'm Lisa Martin with Richard Hummel manager of threat intelligence at NetScout. We're going to be talking about DDoSs for hire. It's a free for all Richard, welcome to the program. >>Thanks for having me. At least that's always a pleasure to do interviews with you here on acuity. >>Likewise. So, which are the dark web is a dangerous place. We know that we're adversaries own and operate DDoS for hire platforms and botnets to launch everything from free tests to high powered multi-vector attacks. What did you find? What kind of attacks are being launched on the dark web, >>Sadly, any and every type of attack you. And I think you put it eloquently that it's free a little while ago. I got a question come in from a media journalists that I was talking to and they asked me what is the average cost of a DDoS attack? And my gut reaction was mad, 10, 20 USD. I even asked another reporter later on, what do you think it costs? And he came out with two or 300 USD. And so that was kinda my expectations. Well, just because of that question, I broke up my lab and I said, you know what? I'm just going to kind of sleuth a little bit. And so I started logging in, I started looking at these underground platforms and I spend time on 19 of hundreds. There's a website out there that lists all with like three or 400 of these things, but I just chose the top 19. >>And when I started looking at these, every platform that I evaluated had some form of free attacks during launch. And these are the typical for your five attacks like NTP, cl doubt, DNS amplification. These are the, the rope or routine types of attacks we see in the DDoS threat landscape and it's free. And then it scales from there. You have $5 entry fees to do trials. You have a week trial, you can go all the way up to 6,500 USD. And the adversary reports to launch one terabit per second attack with that costs. There's another one that says, Hey, we have 150,000 button-up nodes. He has $2,500, and then you can launch it from this platform. And they also have customization. They have these little sliders on there. You can go in and say, you know what? I have five targets. I want to launch 10 attacks at once. I want it to last this many minutes. These are the vectors I want to use. And then it just tells you here's what you got to pay. Now, it used to be, you needed to have a crypto wallet to even launch a DDoS attack. Well, that's no longer the case. Second. It used to be crypto currency. Well, now they take PayPal. They take wire transfers. They do Western union transfers. And so yeah, this barrier to entry, it doesn't exist anymore. >>Wow. The evolution of data also attacks the low barrier to entry. The customization. You mentioned that you researched the top 19 validated DDoS for hire services. You guys captured the types of attacks, reported number of users and the costs to launch what you went through. What are some of the things that really stuck out to you that you found? >>I think the biggest thing, the biggest outlier that I saw with a lot of these things is that this, the sheer amount of attacks or tech types that they purport to launch that combined with one other metric that I'll, I'll tell you in just a minute. But when I started adding all of these out, I came out with a list of something like 450 different line items. This is taking the attack types from all 19 of these platforms and putting it into a spreadsheet. And then when I actually got rid of the duplicates and I started looking at each one of these to see, did they call it this? And then this one called it, this, there was still 200 different types of attacks. And these attacks are not just your typical volume metric things or your typical like botnet net related things. I mean, they're going after applications. >>They're going after capture pages. They're going after some website based anti DDoSs stuff. They're going after specific games, grand theft, auto Counter-Strike, all of these things. And they have specific attacks designed to overwhelm those layers. And you can actually see in some of the, the, the news or the update boxes they have on their platforms that they put rolling updates similar to like what you would see with Microsoft update. Here's what changed. And so they'll list, oh, we added this capture bypass, or we tweak this bypass, or guess what? We added a new server. And now you have this, this more power to launch bigger attacks. The other thing that really surprised me was the sheer number of users and attacks that they put for it to have and have launched. So across these 19 platforms, I counted over 1 million registered users. Now it could be that multiple users are registered across multiple platforms. >>And so maybe that's a little redundant, but a million or 19. And then the attacks, just whatever they showed in their platform. Now, I don't know what time segment that says it could be all time. It could be a certain snapshot, whatever, 19 of several hundred of these things, more than 10 million attacks. Now, if we look at 2020, we saw 10 million attacks on the whole year, 2021, we saw 9.7 million. So you can just see it. I mean, we're not seeing the whole breadth of the threat landscape. We see about a third probably of the world's internet traffic. And so if what they say is true, there's a lot more attacks out there than even. We talk about >>A lot more attacks than, than are even uncovered. That's shocking. The evolution of DDoSs is, is also quite shocking. One of the things I noticed in the first half 2021 threat intelligence report that NetScout published was some of the underground services offer blacklists or delisting services to prevent attacks. And I thought that sounds like a good thing, but what does that really mean? >>So actually, when we were writing the last chart report, a colleague of mine role in Dobbins had actually talked about this and he's like, Hey, I saw this thing where it's this quasi illegal organization. And they were talking about listing you as this. And they actually turn around and sell these lists. And so I started researching that a little bit. And what it turns out is these organizations, they report to be VPN services. Yeah. And they also say, you know what, we're offer these kinds of lists or block lists. We offer this VPN service, but we are also collecting your IP address. And so if you don't want us to basically resell that to somebody else, or if you want us to add that so that people can attack you based on what they're seeing on the VPN, then you can pay us money and you can do like different tiers of this. >>You can say, block me for a week or a block me for a lifetime and all of these different platforms. I wouldn't say all of them, probably four of the 19 that I looked at had this service. Now as a user, I'm not going to go to every single DDoS for hire platform. I'm not going to purchase the VPN from every single one of these. I'm not going to go and add myself to their denialist across all of these things. That's, that's kind of way too much work for one. And the cost is going to be in the thousands, if not tens of thousands, as you start to add all of these things together. And so they, they report to do something good and in turn, take your information and sell it. And what's worse is they actually assign your username or your handle or your gamer tag to that IP address. >>And so now you have this full list of IPS with gamer tags. And so an adversary Alto that has no qualms or scruples about launching DDoS attacks can then purchase that list. And guess what, Hey, this, this gamer over here who has this gamer tag, he always tells me I don't, I don't want to face them anymore. So anytime I see him in a match, I'm going to go over here to this DDoS for hire platform. And I'm going to just launch attack against him, try to knock them off of them. And so that's the kind of shady business practices that we're seeing here in the underground forums. >>Well, I knew that wasn't a good, I knew that you would actually give me the skinny on what that was. So another thing that I was wondering if it was a good, you know, despite this, you talked about the incredible diversity of these platforms, the majority of attack types that you sign are recognized and mitigated by standard defensive practices. Is that another good, bad disguise as good? >>No, in this case, it is very much good. So I, as far as I've seen, there's not a single DDoS attack type from a Google stressor service to date that you can't mitigate using preparation and your, your typical DDoSs platforms, mitigation protection systems. And even, even the bandwidth, the throughput, what some people call the size or the speed of attacks. We don't really see anything in the terabit per second range from these services. Now they'll, they'll boast about having the capability to do X number of packets per second, or this size of an attack. And so some of them will even say that, Hey, you pay us this money and we're going to give you a one terabit per second attack to date in the four years that I've been here on NetScout. And even some of my colleagues who've been around the space for decades. >>They have yet to see an attack source from one of these details for higher platforms that exceed one terabit per second in bandwidth or volume. And so they might talk a big game. They might boast about these things, but oftentimes it's, it's smoke and mirrors. It's a way to get people into their platforms to purchase things. If I had to pick kind of an average volume or size of attacks for these beer stressors on the high-end, I would say around the 150 to 200 gigabit per second. Now they're a small organization that might seem huge, but to a service provider, that's, that's probably a drop in the bucket and they can easily saturate that across their network, or observe, absorb that even without the top of the line mitigation services. So just being able to have something in place, understand how adversaries are launching these attacks, what attack vectors they are, you know, do some research. >>We have this portal called ominous threat horizon, where you can actually go in there and into your industry segment and your country. And you can just look to see, are there attacks against people like me in my country? And so, but understanding if you are the target of attacks, which it's not, if it's a win, then you can understand, okay, I need to probably have provisions in place for up to this threshold and ensure there's a tax that will exceed that. But at least you're doing due diligence to have some measure of protection, understanding that these are the typical kinds of attacks that you can expect. >>Yeah. That due diligence is key. Richard, thanks for joining me talking about DDoSs for hire a lot of interesting things there that was uncovered in a moment. Richard and I are going to be back to talk about the rise of server class bot net armies.

>>All right. Let's kick things off. I'm Lisa Martin with Richard Hummel manager of threat intelligence at NetScout. We're going to be talking about the vertical industries where attackers really zeroed in for DDoSs attacks. Richard. This is some interesting findings in the second half of 20 21, 20 21. >>It is in it's unfortunate because I never liked to see individuals or organizations specifically targeted by DDoS attacks and often this kind of individualistic targeting isn't so individual. And what I mean by that is DDoS attacks. Almost always have some form of ripple effects. It collateral damage that extends far beyond who the adversary is going after. We've got an example of this. There's there's been a lot of reports recently about, uh, various void providers, um, starting in Eastern Europe and expanding even to north America and various other parts of the world that have reported this DDoS extortion campaign or crew or whoever it might be copycatting as our eval, which is a notable ransomware group that all those publicly no, no that they were successful. Well, these guys are, are copycatting that unfortunately they've been very successful in some of these attacks and some of the companies have gone on record saying that, look, this didn't just impact us. >>They didn't just take our services offline. None of our customers could make calls. They could not do the reputation damage alone. How many of you users or subscribers did they lose as a result of them not being able to meet phone calls, how much revenue loss during that time period that they're losing out on. I go back all the way back to last year, and we saw something similar with another DDoSs extortion campaign against the New Zealand stock exchange. It was down for almost four days. Just think about the sheer amount of revenue loss and just all of the things that domino effect from there, right? It's not just the exchange commission that had problems. It's not just them. It's all of the stockholders and anybody that couldn't make a trade. And so yes, adversaries absolutely single out organizations, but the damage that it causes to those around them can be astronomical. >>Right? The downstream effects are just go, as you said, the ripple effect just goes on and on. And on. One of the things that I found interesting in the second half of 2021 threat intelligence report was that telecommunications verticals, which are usually a popular target for attackers actually saw fewer attacks in second half. Why is that? What are your thoughts there? >>So I think a lot of this goes back to why we saw a decrease in the second half of the year. Yeah. That decrease is almost exclusively attributed to a decrease in DNS amplification in CLD, DNS being like the predominant, uh, the us attack factor for many, many years, uh, TCP attacks, these direct path attacks that we talked about in our last segment, where they are direct from button ads or they're source from high powered, we're seeing a rebalancing, the scales here. So we're seeing about equal parts of both of these kinds of attacks now versus the reflection amplification that the amplification stuff being predominant. Um, and so that's one of the reasons why we saw that decrease. And when we look at the telecommunications and wired it and wireless, um, these are your consumers. These are your gamers. These are just individuals sitting at home, minding their own business that are getting DDoS attack. >>Then we've talked about it on previous interviews that we've done, that gamers are predominantly the targets of DDoS attacks. And so if we're seeing a decrease in like the preferred method for these attacks to occur, naturally, we're going to see a decrease in some of the attacks against these consumers. But what's notable here in, in telecommunication is considered like this big umbrella, right? You have wired, you have wireless, you have mobile, you have satellite, you have all other telecommunications, which is where your work providers fall. Um, so most of them we saw decreases, but in wireless and all other telecommunications now wireless, remember this 5g advent, and then the other telecommunications with this digital extortion stuff against the void providers. Those are two areas where we saw increases wireless, saw 32% increase and all other telecommunications think void saw at 93% increase. And so we are seeing some increases here, but the higher kind of frequency or attack counts in the wired, um, in a mobile, those saw decreases. >>Let's talk about 5g where, you know, everybody is so excited about it. The adoption is coming. What's going to be the amplification implication of 5g in terms of feeling increased attacks, >>Just the sheer volume. I mean, when we start to introduce 5g, now we're talking about every single device that we have potentially having its own space on the internet. You may have high bandwidth, high throughput capacity. And so we're not talking about just in the home, right. 5g is going to be everywhere. So now just take all of your IOT devices that maybe either be isolated to your home network are now going to be across the entire globe, outside the home on 5g networks that have the capability to launch really fast, really, really potent attacks. And so just the, the footprint really of what we've got to think about from a security perspective and from a defense perspective, it's going to flip things on its head quite a bit, because you're going from here's everything that I'm going to secure inside. My let's just use the castle representation again, everything's inside the castle. >>I put my boundaries in place. I've got my firewalls. I've got my IDs is I've got my access control lists. So anything outside of my sphere or my domain is irrelevant because I don't care about it. Well, 5g is going to blast that away because not only do you not have it on prem anymore, everything starts to get its own direct connection to the internet. How do you secure 5g? Does your organization have that in practice? I mean, ISP is, are still rolling 5g out and are still trying to figure things out as they go, how much more do enterprises and others that are gonna be consumers of this need to figure out how we're going to secure against these. And so, yeah, it's gonna introduce a whole new realm of how we need to think about security, >>A whole new realm, lots to consider there. Another thing besides the wireless telecommunications that that report uncovered was that closely related related software and computer and manufacturing verticals also saw massive increases in attacks. Why talk to us about that? >>You know, I think it's a logical progression of attacks. Um, the last report we put out, we talked about the conduct of the supply chain and what we meant by that was how do we communicate? How do we talk to each other? How do we get into our work, uh, assets? We use a VPN, we use DNS servers. We use internet exchanges to resolve our websites, adversaries increase the tax against those. And that was kind of like the connectivity piece. Well, let's, let's take a step back. What do you need to be able to get online? You need a computer, you need software and you need the ability to store some of this data on your computer. So what we saw 606% increase in attacks against software publishers, 260 and 253% increases against computer manufacturing, computer storage manufacturing together. To me, these are the digital supply chain. >>These are the things that allow us to do what we need to do. And so it's almost like a natural progression. And we see this a lot with DDoS extortion. So take the Lazarus Paramatta guys. We talked about last time, you know, they've initially started against financial organizations going after banks. Then they moved to the stock markets and they moved to insurance brokerages accounts. They moved to travel exchanges, currency exchanges, and they started this domino effect that, you know what, let's go where the money is. Maybe we'll get a payday that didn't work so slowly. They started to expand. Eventually LBA started targeting anybody and everybody in every single industry in vertical. And so what we see here is kind of like a logical progression of, you know, what our, to the supply chain attacks didn't work. And there's a good reason for them because these devices that they're going after are usually very, very secure. And so DDoS attacks, they can absorb them. They can mitigate them that they just bounce off. So can we succeed by going a little bit more upstream or downstream? However you want to look at this by targeting the actual manufacturers themselves, the people who create the software, we need to be able to conduct our business. And so that's kind of the logical progression of what we're seeing here. >>So Richard, how can companies prepare, defend against the attacks against the digital supply chain? That's pretty critical >>Preparation. Preparation is the key. And if we follow best current or best industry practices, um, there's this 80 20 rule that a colleague of mine likes to use. If you do 80% of the recommended things, the best current practices, it solves 80% of your problem and not just for the DDoS problem, but also for things like ransomware, various other, it's really that 20% in there that you have to worry about. And that's going to be being aware, knowing the adversaries are actually going after software publishers who would have funk it. Right. Who would think that they're actually going after the manufacturer of the applications that I'm using to talk to you right now, Lisa, right. Yeah. And so these are the kinds of things that people just aren't always aware of. And so making sure that we're cognizant of the actual targets of these attacks, and then from there, figuring out is there is our business involved in any kind of, of the software publishing. >>Should we be concerned about that? And if not, what about where we're getting our software from? Do they have to worry about this? Is there a risk for them not being able to deliver something to us because they're under bombardment by detail sometimes. And so it's just being aware and taking steps to be able to handle prepare. And I will say it again. You must have some sort of DDoS protections in place. It's not when, or it's not, if it's when you're going to get attacked and everybody, even if you are not the direct target, there's collateral damage as we talked about in the last segment. >>Yep. It's a matter of, if not, when, and that's something that businesses of any size in any industry have to be prepared for, as you said, preparation is really number one. Richard, thank you for sharing some of the really interesting findings and the verticals that have saw massive increases in the second half of 2021. And we look forward to what you're going to uncover next. >>Absolutely. Thanks again for having me. It's been a pleasure. >>Likewise. We want to thank you for watching the program today. Remember all these videos are available@thecubedotnetandyoucancheckoutthenewsfromtodayonsiliconangledotcomandofcoursenetscout.com many thanks to NetScout for making this program possible and sponsoring the cube. This is Lisa Martin signing off. Thanks for watching and bye for now.

>>Kicking things off I'm Lisa Martin with Richard Hummel manager of threat intelligence at NetScout in this segment, we're going to be talking about the rise of server class bot net armies. Richard. Good to see you >>Again, Lisa, as always >>Likewise, so botnet armies, it sounds a bit ominous, especially given the current global climate. Now the first botnets came in the early 1990s. Those were comprised of servers followed over the years by PCs and then it botnets. But recently in the second half of 2021, what have you seen with respect to botnets and the armies? >>Yeah, so I think it's important for us to look at the history of where did we come from? How did we get here? What kind of kicked off this phenomena of botnets specifically DDoSs related botnets and bonnets have existed for a long time. Lisa, you mentioned it in the nineties, and then we move into kind of the two thousands and talking about IOT devices entering the scene. And then 2013, you start to see, hear more about these IOT botnets and in their surge, but then it wasn't until 2016, when the Mariah code was publicly released. And we all heard about the dine attacks at the time, which were record-breaking oh man, we launched this 600 gigabit per second attack using an IOT button and the world's is on fire and everything's going to burn down. And that was kind of the feeling at the time. >>Uh, little did we know that IOT based botnets typically have limits? And the reason for that as an IOT device itself, doesn't have a whole lot of processing capability. Often they're sitting in home networks, home networks that maybe don't have high bandwidth high throughput. Now that is changing, right? The world is adopting this 5g. And even for jeez, you're using mobile hotspots and now IOT devices being directly connected to 5g networks, you're talking about much more bandwidth throughput capabilities. However, they're still limited to what that device is capable of doing. And so an IOT device itself probably can't generate a whole lot of throughput or bandwidth, but what happens if you're able to compromise really high powered devices, such as routers or even server grade routers or even servers themselves sitting in data centers. So inter kind of what we're seeing the second half of the year, I think a lot of us heard about some of the recent attacks with the nearest bottleneck taking down notable websites and Maris is a little bit different because it uses what's called HTTP pipeline. >>And essentially what that does is the bot itself will take all of its butted nodes. And in today is sitting on Microtech routers using a old vulnerability from 2018 managed to be able to compromise these things. And it will generate a bunch of these HTTP requests and then it will release the gate. And so all of these requests essentially flood a web server and the web server just can't handle it. So maybe the first few thousand it can process, but eventually it starts to slow, slow down before it completely chokes off. And so that's kind of how that attack works. Now, the Maris button itself leveraging these Microtech routers. And again, like I said, a vulnerability from 2018 that a lot of these used to compromise these routers on, but what was notable about that vulnerability is that you could force the router itself to give you the username and password, and even patching those routers in, unless you explicitly change the usernames and passwords and those persistent the patch. >>And so inter a new button that called the Venice that also takes advantage of this same existing vulnerability, but leveraging these credentials that then are able to compromise. So now you have two botnets operating on these Microtech riders that often sit in high bandwidth, high throughput networks, being able to launch these really fast potent attacks. Now into the third one here, getting a ride. This is a version of Mariah that has been forked and now uses your vulnerability or an exploit against get servers and where to compromise server grade hardware. So if it wasn't bad enough that you have these high powered routers. Now you're talking about a server that maybe it has a TIG 10 gig interface. What happens if you get a hundred or even a thousand of these things launching a really fast attack? And so, yes, it's the rise of a server class button at army and army I think is very apt here. >>Um, often we think about button ads and we used to use the term zombies or zombie network and ever really heard that too much lately because zombie is basically these things exist. They're kind of out there. They don't really get initiated until they're used, but in the DDoSs world, these botnets are typically always active. So I don't really consider them zombies, um, because they're always brute forcing, and they're always trying to propagate and they're doing this automatically. And so a lot of times when we see these connections coming into like things like our honeypot, these are Muray or Satoria Lucifer GAF kit XR DDoSs I could go on, right? There's a lot of these different IOT botnets out there, but more and more they're turning towards these more high powered hardware in these servers in order to up the potency of their attacks. >>Let's talk about speed for a second. You mentioned the new server class, Mariah botnets. One of the things that the report uncovered was that online criminals were able to really quickly employ them to launch attacks that were details had talks that were pretty vicious. Why were they able to do that so quickly? >>The ecosystem and the criminal underground is so fast. It's so rapid. They have no red tape. You know, let's look at it from a defensive standpoint, there's a new hardware software that rolls out. There's a new patch that rolls out. What do we have to do? We have to go through this process of validating, testing it against our network, figuring out is it going to tip anything over? Maybe we deploy a first to a staging environment. Then we have to get executive bless off and approval. It has to evaluate this. We have to go to industry standards, okay, is it meeting these benchmarks? And we have this whole process, right? And sometimes even for critical patches, it can take us months to be able to roll these out for deployment. Adversaries have none of that. They have no, they have no oversight. A new vulnerability comes out. New capability comes out new exploits, come out the very next day, we're seeing this in metal split modules. A couple of days later, we're seeing it in Mariah and various other IOT flavors of Mauer. And so these guys have super fast, rapid adoption of new things that are coming out with zero overhead. And so they can implement this in practice very, very quickly, not just in bots, but even in DDoS for hire platforms. They're starting to use these kinds of novel attack vectors very, very quickly after they'd been uncovered or reveal >>No overhead, no red table. That must be like another thing that I noticed in the report in the second half of 2021 was that NetScout saw the first known terabit class direct path DDoSs attack terabit class. What's the significance of that. >>And so the significance here is, like I said, with IOT, achieving those kinds of levels is very, very difficult because IOT devices cannot gen up to that amount of bandwidth. But with these botnets existing on segments of the internet that have one gig or even 10 gig of capacity and the power by which to generate enough traffic to achieve those volumes. So it's, it's something we've never seen before, even going all the way back to the diner tacks with the IOT and marae, we were talking to hundreds of thousands of devices here contributing to that 600 gigabit per second range. That was a lot by those standards, right. And I would say that we probably have more button that's existing today, but the more fragmented, right? So you might have 30,000 over here. You might have 50,000 over here. Maybe you have a hundred thousand over here. Um, and so a lot of these botnets are a little bit smaller, but now if we can do 10,000 routers with one particular button ad that has the capacity to do one gig each, I mean, we're talking massive amounts of traffic here. And so that's really, it, that's the evolution that we're seeing. And I think that the, the advent and introduction of 5g more and more across the world is going to make this exponentially worse in terms of what botnets are capable of launching. >>Let's dig into that in about a minute or so. The significance of 5g, you know, we were talking about that as so much opportunity that that's going to unlock, but is that potentially going to be a bad thing? >>It could be in the DDoSs world. Um, we have some statistics actually, where we're already starting to see more attacks against the wireless. And so wireless is in, uh, it used to be Latin time would have a lot of wireless and mobile type stuff because a lot of gamers over there use mobile hotspots, but we're seeing them move over to the lad time. And in fact, globally, we saw 32% increase in wireless attacks. And I believe firmly that a lot of that is attributed to this rollout of 5g across the world. >>Interesting. We'll have to keep our eye on that. Well, I'm sure not Scott. Well, another thing, if we think about one of the things that we've been through the last couple of years in the pandemic, the adoption and the embracing of this hybrid work model, that we're many of us still in, what does NetScout expect to see with respect to expansion of botnets into our homes, into our residences. >>That is the key question there, because what, what happened when COVID kicked off, everybody took their corporate machines. We took all of our devices that were sitting inside a corporate office. We went home, we went home behind routers that have no firewall that had no IDs to have no IPS. In fact, most of us probably don't even know how to log into our routers to change things. And so they're using your default usernames and passwords, or maybe you haven't patched it, or there's no auto patching setup. So you are taking all of your essential vital components for working in you're leaving the castle. And now you are out in an open field and adversaries have free reign to do whatever they want. Couple that with the fact that a lot of us don't even care about the security of our IOT devices, uh, I always like to use this example of Christmas day. >>You get these cool new gadgets and tech devices. And for me, that's pretty much all I get because I love tech. And if you see this now I've got four monitors, plus my laptop and all kinds of stuff here on my desktop. But when I get a new device on Christmas morning, it's not my first instinct or gut reaction to get online and change my default using passwords, or to make sure it's patched or to update it. Now, sometimes those are being forced now, which is awesome. We need to do more of that, but it's not your first reaction, but we know that as soon as an IOT device goes online, you have about five minutes at most before you start getting inundated with, through forcing attempts. And so, yeah, the, the global work from home has really changed how we need to think about security and how organizations and enterprises really should consider how they secure those at-home devices versus being inside the enterprise. >>A lot to think about Richard. And if you're not thinking about it first on Christmas day, then I certainly am not thinking about it. Thanks so much for talking to us about what you guys uncovered with respect to that armies. A lot of interesting evolution there, and the fact that there's no red tape. Wow. What an environment in a moment, Richard and I are going to be back to talk about the vertical industries where attackers zeroed in for DDoSs attacks. You're watching the cube, the leader in tech enterprise coverage.

>>Hello from Las Vegas. It's the cube live at AWS reinvent 2021, Lisa Martin and Dave Nicholson here. We're in our fourth day, Dave, we have two live sets of the kid. There's a dueling set right across from us, kind of like dueling pianos, only a little bit louder. We have had about a hundred guests on the program at AWS reinvent this year. And we're pleased to welcome back. One of our alumni, Richard Potter joins us the CEO of peak. Richard. Welcome back to the cube. >>Great to be here. Talk to >>Us. So we haven't seen you in a couple of years. Talk to us about what's going on at pink. I know there's some news. >>Yeah, yeah. Loads of things going on at peak. I mean, we've been growing really quick. So since the last time you saw us, which was yeah, in London a few years ago, uh, we've grown to be the, sort of essentially the global leader in decision intelligence systems. Um, us as an AI company, we specialize in putting artificial intelligence right into the heart of how companies run their businesses and make their day-to-day decisions, which is why we call it decision intelligence. We think it's the biggest thing in software and, uh, probably the biggest new category of software. Um, we will see this decade. So it's super exciting to be in that position and great to be back chatting to you guys on the cube. When were you based founded? We were founded in 2016. Uh, and, uh, yeah. And you can probably tell by my accent English company headquartered in Manchester, but we're global. Now we have operations in India. We have a couple of development centers in India. We have a growing customer base in Asia and a growing customer base in the U S as well. Uh, so yeah, we're kind of international, but born out of, uh, Northern English roots. >>I like it. Talk to me about back in 2016, what were some of the gaps in the market that you saw from a, because you know, as, as here we are in almost 20, 22, every company is a data company. They have to be being able to extract intelligence timely hard. What gaps did you see back in 2016 >>Back then a read on the market was really simple, which was the companies that are going to harness data to run themselves well, we'll win, but the most companies were struggling to make that change to be data-driven. So our rich was, you know, as founders, there's three of us who started the business was trying to explore that problem. Like what, what, what stops companies running on data? And there's loads of reasons, right? Tech ones, uh, skills, ones, even just like business people using data in their day-to-day decision-making rather than say their gut-feel, which I think is also a data-driven decision. They just don't understand that necessarily. Uh, so we really honed in on that problem and we grew quite quickly to be the leading business in that sort of applied data space in the UK, you know, a market leader in, uh, helping companies perform better with data. And over time that has taken us on this journey to be the sort of global leader in decision intelligence, which is really cool. But the itch we were scratching was that, Hey, you know, there's something in this, we think companies that do this and do it well are gonna win, but no one's doing it. So why is that? And then, and then we've built software that effectively responds to that opportunity. >>You mentioned harnessing data. Yeah. How do you balance the harnessing of data successfully with being harnessed by data? Because, because if you're talking about the concept of Dai yeah. Who's making the decision. If the machine is making the decision, I better trust it. Why should I trust it? So how do you, how do you strike that balance to get people to trust what you're doing? The work you're doing for them behind the scenes? Yeah, >>I think it's, it's really important that humans trust the machines that they're working alongside. And I think that's the big change we're seeing, right? So this is a new industrial revolution, the intelligence era that we're in, but all previous industrial revolutions have all amplified human potential. They've amplified like a physical potential, whether it was, you know, machinery, steam, power and so on, or computers have amplified our cognitive capability, but humans have always controlled those machines. If you think about it now in the intelligence era, our machines can think with us, they can think alongside us. So we have to learn how to, as people, how to co-exist with those machines and then let those machines amplify us and essentially make us superhuman and what we do. And that's a part of the challenge we face at peak as to how do we make, how do we humanize that? >>How do we make it such that everyone trusts the machine? Uh, and we always have that human in the loop is the way we think about it. Uh, decision intelligence empowers us to be awesome at our jobs, make the great decisions all the time. If we trust the machine so much that we just want it to make the decision for us, we can let it, but we're always in control and we're in control of how it thinks and what it does. And it's our job as a software company to build software that lets you understand why that recommendation or that decision is being suggested to you. So I think, I think the coexistence of our machines alongside people in a new way that a human to machine interface is going to completely change with artificial intelligence and decision intelligence and, and us as people we're going to have to relearn how we, how we work with our technology. >>You just mentioned a couple of really good words in terms of, of the people, part of people, process and technologies, amplify and empower. Those are two things that stuck out at me is that's what you're giving people in any, whether they're an operations or finance or marketing, it's the amplification to do their jobs, empowering them to do their jobs with data that will help make them more skilled and better able to make decisions that benefit themselves, the company. >>That's exactly right. Yeah, because if you, if you redact doing business to its basics, it's, it's actually just making decisions, right. Companies are make great decisions. They win and those decisions could be anything, you know, they could be product decisions, they could be pricing decisions, operational supply chain decisions, but it's a sequence of decisions that creates value for my company. And so that's why I believe this technology is so empowering because as people we're, we're actually great at making those decisions. What we're not great at is making those decisions 24 by seven really, really quickly, very consistently. So, you know, humans are awesome at forecasting. They're awesome at choosing pricing that would appeal to other people, but alongside this technology, we can have machines that do a lot of that thinking for us, speed us up and help us make more, um, quick, great consistently awesome decisions. And then that just makes us great at our jobs. If you're a marketeer or in finance or in supply chain, you, you become awesome. And I think that that, that empowerment is key to the sort of humanization of AI in business. And actually that's what it means in practice. It isn't AI coming for peoples' jobs or replacing jobs. It's it's AI helping us all be gray. And our companies grow faster with wider profit margins when we do that, which creates more jobs for people, which is really cool. >>So, um, we talk about people trusting machines to do things for them. Uh, it's, it's not necessarily a new concept. We just sort of take some of those things for granted. Um, I trust my refrigerator at home to measure the internal temperature and make adjustments as necessary. Turn the compressor on, turn the compressor off. And I'm sorry, I you're from England refrigerators, this thing, it's a box. We use it to refrigerate our beer, which I took to make it >>Cold, which I know. >>So it's kind of a, you know, got to love those cliches, but so can you give us an example of a situation where a customer is trusting something that it's gotten from DEI from peak, where if you, as the CEO heard that anecdotal story, you would be absolutely delighted. >>Well, I think the earth is loads of great examples of that. So, um, the reason we call it decision intelligence decision intelligence is because it's the, it's applying AI into the active decision making, right? Uh, artificial intelligence or machine learning is making a prediction or a categorization over a huge data set. Right? But that on its own is kind of useless. You need to take that prediction that forward looking view and then effectively infuse it with business logic constraints and like knowledge of how your company works to give you a recommendation. Right? So let's just say I'm a marketeer and I'm trying to work out who I should send a particular offer to on black Friday over email, or even not even over email over any channel. When, if I, if I was CEO and I heard one of my teams say, Hey, what I've done is I've used the decision intelligence platform to tell me who buy, who are my customers that are in market for X type of products at why kind of price and what channels do they like to be communicated to over? >>Uh, I would think that's awesome. And then that market here, we're typically infuse that message with the sort of language and content that would appeal to that customer. But they're using the artificial intelligence to be super targeted and really like deliver the message to that person in the way they want to consume it, which creates a really enjoyable experience as a customer. You don't feel spammed or you don't feel like it's effectively used. You feel like you're having a direct one-to-one personal communication with the brand or retailer. That's talking to you, which in itself creates loyalty and like increases the lifetime value of that relationship, which is great for the retailer. But I think using AI for those kinds of decisions is essentially like a great example of like amplifying the human potential of a marketing team for this. >>Absolutely. Because what we expect as consumers, regardless of what the product or service is, is that we want brands to know who we are, what we want. Don't if I just bought a tent on Amazon, don't show me more tests, show me other things that go with it. I want you to know that. And so we have this expectation that brands when whatever industry they're in, no, oh, Richard bought this. >>Exactly, exactly. So, and I think that it starts to really jar. Now you've got some retailers and brands doing this really well, and you get really enjoyable, uh, communications at the frequency you want with the offers and the promotions that were irrelevant to you. When you just start to get trapped, you know, effectively stalked around the internet for something you've already bought, it becomes really jarring and frustrating. And then that actually creates a negative brand effect for that particular brand. So it's super important that these retailers, CPG com everyone really moves to this way of thinking and tries to have a direct. And that's the beauty of AI and decision intelligence. I think for retail, if we get into retail specifically, it allows us to treat every individual customer individually because we can use the machine to make decisions on a per customer basis. And then our marketing can be amplified by that. Whereas in the past, we bucketed customers into groups and just treated them all the same, which does create a rather impersonal experience. >>Yeah. Which can be a negative for a brand, as you mentioned, but give them the ability to treat people individually, but at scale, and in real time, one of the things we learned in the pandemic is that real-time data access isn't no is not a nice to have. It's an essential one of the themes too, that Dave and I have been talking about the last few days is that we're hearing at re-invent is every company has to be a data company. Yep. Talk to me about with that in mind, are you talking to more chief data officers, chief digital officers, where are your customer conversations as we've we're in this explosion of data? >>It's a great question though. So if every company has to be a data company and a company that's powered by AI, that means you have to be talking to everyone really. So your chief data, chief chief information officers, chief data officers, CEO, CFOs, and every sort of head of business, head of line of business, it's really important. So what we do at peak is as a decision intelligence platform, peak itself, unifies everything you need in one cloud platform, into a single software product that gives you all the infrastructure for your technical teams to process data for your data scientists to create the intelligence, but then it gives you a place to work for your business teams. So unifies your whole business around a platform. And then that means our conversations. As you know, as the provider of that technology are with technical teams, they're with business teams, they're with business leaders because it has to permeate everything. So I think it's, I think that's the future companies will have to effectively run alongside they'll create their own intelligence, basically on a dedicated platform like peek. And that intelligence will then be distributed across the whole business, um, with w w you know, in the way we do it. So I think it's really cool and exciting. Yeah. >>Let let's say hypothetically, now this is something that would never happen, but just hypothetically say I'm an American goes to England to take over coaching, a British soccer, soccer, or football. Okay. I sounds crazy, but how would I, how would I use peak and Dai and BI to help improve my winning percentage if I cared about winning? Because it's possible that I would, I I'm really only interested in the personal development of my, of my team as individuals, but, but, but what would in athletics? Is that something that is a, >>I think possible? Yeah, for sure. I mean, you're seeing an explosion of data science and analytics and AI techniques being used in sport. Right. I mean, peak we're very much focused on the commercial application of AI with our platform. So we, we work with, uh, commercial businesses and so on, but in that space, yeah, absolutely. I mean, there's, if you think about it, what do you need to create that intelligence? You need data and you can see it on the back of every players share. They've got the little devices that are gathering data in training in matches, constantly monitored. Those data points, feed algorithms. Those algorithms can show us if a player is fatigued, you know, where they are, or they can even show us, uh, deep learning techniques can help us see patterns of play and understand like how should we better set our teams up? How should we get players to interact in for, you know, on a soccer field? Um, and yeah, and you're seeing premier league clubs use those sort of techniques all the time. We don't do that at peak, but yeah, I mean, I think, uh, I think those sort of things are readily available now for, uh, those kinds of clubs to do that kind of stuff. >>I think Dave is angling to be a consultant on Ted last. So I think what I'm hearing last question for you, you guys are from an AWS relationship perspective. Richard, you guys were announced just yesterday, you're named by AWS as an ISB partner, APN partner of the year for 2021 for UK. And I, congratulations. Talk to us a little bit about that. >>Yeah, it was really, I kind of, yeah, it's super exciting for us. It's a great recognition. Obviously they give one of those awards out every year, uh, as a global company, it's nice to have that sort of stamp of approval that AWS sees us as their independent software vendor partner of the year. It's a, it's a great recognition for us because we come from a heritage of, uh, starting peak as a consulting company, actually just to do whatever it took to help our customers be successful. And in doing that, we had an idea for a software platform. Uh, we got some venture funding to do that, and we've turned into a, you know, we became a software company a couple of years after we founded, uh, and to get to this point now a few years later where AWS are recognizing us as their software vendor partner of the year is, um, a huge team. Fantastic. It's a huge Testament to, uh, to our engineering teams and the, and the, and the technical teams at peak that we've built something so impactful. Yeah, >>Absolutely. That validation is really, really critical. And last question in our last 30 seconds or so what are some of the things on the roadmap that you're excited for for, for peak for 20 22, 22 >>Is going to be a huge year for us. Cause I think it's the year that, uh, our platform goes out there into the wild, into the mainstream. So we made a couple of big announcements in the last few weeks. Uh, we've launched some new products on the pig platform. So there's three big platform, product sets. Now, one very much geared around creating your AI ready data set. That's called doc, uh, one that's very much geared around creating your intelligence, which is factory. And then an area where our business like the business teams of our customers go to work, which is called work actually. So those three big feature sets are going to be available from January. And the platform is being totally opened up as a self-serve platform for anyone anywhere to build upon. So I think it's a huge moment for decision intelligence. Garner is saying decision intelligence is the big tech trend of next year. And we feel as the market leader, we've got the platform that can help everyone get on, get on that trend really. So I think we're really looking forward to 2022 and what it brings. And, um, we think that our platform and our company is in a great shape to help more and more businesses take that leap into being powered by decision Intel. >>It sounds exciting, Richard, so we'll have to follow up with you next year and see what's going on. We appreciate you joining us on the cube, talking about peep, what you're doing, your relationship with AWS and how impactful decision intelligence can be for everybody. We appreciate it. Thanks for Dave Nicholson. I'm Lisa Martin. You're watching the cube, the global leader in live tech coverage.

welcome everybody to this cube conversation my name is dave vellante and we're joined today by richard goodwin who's the group director of i.t at ultraleap and abhishek kumar who manages dell's power store product line just directs that product line along with several other lines for the company gentlemen welcome to the cube hey dave hi that's me so richard ultra leap very cool company tracks hand movements and so forth tell us about the company and the technology are really interested in how it's used yeah we have many uh product lines uh obviously we're very innovative uh innovative um and the organization was spun up from phd a number of phd students who were the co-founders for ultra leap and initially with mid-air haptics as many people may have seen but also hand tracking mid-air touch uh sense and feel uh so yeah it's it's it's quite impressive um what we have produced and the number of sectors and markets that we are in um and obviously to to push us to where we are we have relied upon lots of the dell technology both software and hardware and what's your role at the company i'm the group i t director and i'm responsible for the it and business platforms um all infrastructure network hardware software um and also the transition of those platforms to ensure that we're scalable and we are able to develop our software and hardware um as rapidly as possible awesome yeah a lot of data behind that too i bet um okay avashek you direct a number of products at dell across the portfolio unity extreme io the sc series and of course power vault it's quite the portfolio that you look after so let's get into the case study if we can a bit uh richard maybe you could paint a picture of of your environment uh some of the key applications that you're supporting and maybe what your infrastructure looks like give us a high level view sure uh so um pre uh powerschool we had um quite a a disparate uh architecture so um a fairly significant split and siding on the side of uh cloud uh not as hybrid as we would like and not uh not as much as on-prem as we would have liked and hey that has changed quite significantly um so we now have a number of servers and storage and storage arrays that we have on on-premise um and then we host ourselves so we are moving quite rapidly you know as a startup and then moving to a scale-up we needed that that scalability and that versatility and also the whole op-ex versus capex and also not being driven by lots of um sas products and architecture and infrastructure where we needed to be in control because of our development cycles and our products product development so wait okay so so too much cloud i'm hearing you run a little bit a dose of on-prem explain that a little bit more the cloud wasn't doing it for you in terms of your development cycle your control can you double click on that yeah some of the some of the control and you know there's always a balance because there's certain elements of uh our development cycles and our engineering uh software engineering where we need a very high parallelism uh for some of the work that we're doing which then you know the capex investment makes things very very challenging and not commercially the right thing to do however uh there are some of our information some of our ip um some of the secure things that we do we also do not want upgrades as an example or any outages or certain types of server and spec that we need to be quite bespoke and unique and that needs to be within our control got it okay thank you for that abhishek we're going to talk about powerstor today so set it up please tell us about powerstor what it is you know why it's important to this conversation sure so power store is a product that we launched may of 2020 roughly a little bit more than a year now and it's a brand new architecture that dell technologies released and at the end of the day i'll talk about a few unique aspects of the product but at the end of the day the where we start with it's a storage platform right so uh where we see similar to what richard is saying here uh uh in terms of being able to consolidate the customer's environment whether it is block file v-balls physical virtual environments uh and and it's as i said it's a brand new architecture where we leveraged pieces of existing products where it made sense uh and it's a it's we are using all the latest and greatest technologies delivering the best performance based data reduction uh and and where we see a lot of traction is the options that it brings to the table for our customers in terms of flexibility whether they want to add capacity compute uh whether in fact uh we have a apps on dev deployment model where customers can consolidate their compute as well on the storage platform if needed so a lot of innovation from a platform perspective itself and it's not just about the platform itself but what comes along with it right so we referred it as an ecosystem part of it where we work with ansible playbook csi plug-in you name it right and it's the storage platform by itself doesn't that doesn't stand by itself in a customer's environment there are other aspects of the infrastructure that it needs to integrate with as well right so if they're using ansible playbooks we want to make sure the integration is there got it and last perhaps uh not the least is uh the intelligence built into the platform right so as we are building these capabilities into the product uh there is intelligence built into the product as well as outside the product where things like cloud iq things like uh technologies built into power store itself makes it that much easier for the pro for the customers to manage the infrastructure and go from there thank you for that so richard what was the workload so actually you started with sort of a green field on-prem if i understand it correctly what was the workload that you were sort of building around or workloads sorry we had a um a number of different applications some of which we cannot really talk about too much um and then we engaged them regarding um the storage uh issue that we had and we engaged the our account lead accounting exec and a number of solution architects were working with us to ensure that we had the optimal solution dell were selected over the competitors there's a many reasons you know the new technology the deduplication the compression the data overall data reduction um and the guarantee uh that also came uh came with that the four to one data reduction guarantee which was significant to us because of the amount of data that we hold and we have you know as i mentioned we're pulling further further data of ours back um into our hosted environments which will end up on the power store especially with the deduplication that we're now getting we've now actually hit nine to one which is you know significant we were expecting four to one maybe five to one with some of the data types and what was excellent dell where that confident that they did not even review our data types prior and they were willing to stand by that guarantee of four to one and we've excelled that you know we've got significant different data types on on that array and we've hit nine to one and that's gradually grown over the last nine months you know we were kind of at six and we moved to seven and now we're hitting nine to one ratios that's great so you get a little free storage that's interesting what you're saying richard because i just assumed that a company that's guarantees four to one is going to say okay let us let us inspect your workload first and then and then we'll do the deal uh so avashek what's the tech behind that data reduction that you're able to with such confidence not have to and pre-inspect the workload in this case anyway yes sir so it goes back to the technologies that goes behind the product right so so we stand behind the technology and we want to make it simpler for our customers as well where again we don't want to spend weeks looking at all the data scanning all the data before giving the guarantee so we stand behind the technology where we understand that as the data is coming in we are always going to duplicate it we are always going to compress it there is technology within the product where we are offloading some of that to the uh outside the cpu so it is not impacting the performance that the applications are going to see so data reduction by itself is not going good enough performance by itself is not good enough both of them have to be together right so and that's what powerstroke brings to the table yeah thank you so richard i'm interested i mean i remember the power store announcement uh i sort of saw it leading up to it and one of the big thrusts from dell the way i phrase it is essentially trying to create a cloud-like experience on-prem so really focus on simplicity so my question to you is let's start with just the deployment you know how complicated was it to install what was that process like you know how many clicks not that you have to tell me how many clicks but you know what i'm asking is is how difficult was it to get from zero to you know up and running well we actually stepped down a very difficult challenge um we were in quite a difficult situation where we'd pretty much gone off of a cliff in terms of our iops performance um so the rfp was quite rapid and then we needed to get which whoever which vendor was successful we need to get that deployed rather rapidly and on the floor in our data center and server rooms uh which we did um and it was very very simplistic within three weeks of placing the order we had that array in our server rack and we had begun the migration it was very simple to set up um and the management of that array has been we we've seen a i think 40 reduction in terms of effort to be able to manage our storage because it is very self-contained um you know even from a reporting perspective the deployment the migration was all very very very simplistic and you know we we've done some works recently where we had to also um do some work on the array and some other migrations that we were doing and the resilience came came to came to the forefront of where you know the the dual architecture and no single point of failure enabled us to do some things that we needed to do quite rapidly because of the the dual nodes and the resilience within within the unit within the power store itself was considerable where we kept performance up it will also prioritize any disk rebuilds keeps the incoming ingest rates uh high and prioritizes the you know the workloads which is you know really impressive especially when we are moving so quickly with our technology we don't really have much time to you know micromanage the estate can you can you just repeat what you said on the percent reduction i think i heard you you cut out there a little bit a potent reduction on on management on on on the labor side yeah so our uh our lead storage engineer is estimated around 40 less management wow okay so that's that's good so actually i love this conversation because uh you know in the early days of automation people like ah that's my job provisioning luns i'm really good at it but i think people are realizing that it's actually you know not something that you want to be really good at it's something that you want to eliminate so now maybe it's a he that storage engineer got his or her nights and weekends back uh but but what do they do now when they get that extra time what do you what do you put them on you know more strategic initiatives or you know other other things in the to-do list what's that like the last thing uh you know any of my team whether it's the the storage leads or some of the infrastructure team that are also involved and engaged because you know the organization we have to be quite versatile as a team in our skill sets we don't want to be doing those bau uh mundane tasks even the storage engineer does not want to be you know allocating luns and allocating storage to physical servers vms etc we want all of that to be automated and that you know those engineers are now working on you know some of the cutting edge things that we're trying to do with machine learning is as an example um which is much more interesting it's what they want to be doing um you know that aids the obvious things like retention interest and personal development we don't want to be you know that base i.t infrastructure management is is not not where you know any of the engineers want to be in terms of the decision to go with dell power store i'm definitely hearing there was a relationship there was an existing relationship with dell i'm sure that played into it um there were many things so you know the relationship wasn't really part of this even though i mentioned the end user compute you know in any sector or anything that we're procuring we want best of breed and you know a best of set and that was done on you know cost is definitely a driver the technology you know is of interest to us we're a tech company new technology to us is also fascinating not only our own uh but also the storage guarantee the simplicity um the resilience with it within the uh unit also the ability which was key to us because of what we're trying to do with our hybrid model and bring bring back and repatriate some of the data as it were from the cloud we needed that ability to with ease to be able to scale up and scale out and the uh power stall gave us that when you say cost uh i want to dig into that price or you know the the the price tag or the the cost i mean when you do the business case and i wonder if we could add a little color to that yeah there's two elements to this so they're not either the cost and the price tag uh but then also cost of ownership and the comparisons that we were running against the other vendors but also the comparisons that we were running from a capex investment against opex and what we have in the cloud and also the performance you know the performance that we get from um the cloud and our cloud storage and the resilience within that and then also the initial price tag and then comparing the capex investment to the opex were all elements that were key to us making our decision and you know that there has to be some credit taken by the dow account team and that their relationship towards the final throws of that rfp you know were key initially not all we were just looking for the best possible storage uh solution for ultralite and to to determine that on your end was that like a feature because it's sometimes fuzzy what the business impact is going to be like that 40 you mentioned or the data reduction at nine to one when there's a promise of four to one did you what did you do did you kind of do a feature function analysis and sort of line that up and and say okay i'm gonna map that to our business pro our processes our i.t processes and try to predict what the impact would be is that how you did it or did you take a different approach we did so we did that obviously between vendors as you'd expect in an rfp but then also mapping to how that would impact the business and that that is not an easy and easy process to go through and we've seen more games even comparing one vendor to another some of that because of the the technology the terminology is very very different and sometimes you have to bring that upper level and also gain a much more detailed understanding which at times can be challenging but we did a very like for like comparison um and also lots of research but you're quite right the the the business analysis to what we needed um we had quite a good forecast uh and from some of our historical information and data and also our engineering and business and strategic roadmap we were able to map those two together not the easiest of experiences not one that i want to repeat but we got yeah a little bit of art and science involved avishak maybe you could talk about power store what you know give us the commercial what makes it different from other products in the market uh things like cloud iq uh maybe you could talk about that a little bit sure so uh so again from uh it's music to my ears when richard talks about the ease of deployment and the management because there is a lot of focus on that but even as i said earlier from a technology perspective a lot of goodness built in in terms of being able to consolidate uh customers environment into onto the platform so that's more from a storage point of view give the best performance give the best data reduction storage efficiencies uh the second part of course the the flexibility the options that power store gives to the customers in terms of sort of disaggregating the storage and the compute aspects of it so if as a customer i want to start with different points in terms of what our customer requirements are today but going forward as your requirements change from a compute capacity perspective you can use the scale up and scale out capabilities um and and then the intelligence built in right so as you scale out your cluster being able to move storage around right as needed uh being able to do that non-disruptively so instead of saying that mr customer your uh your storage is going to you're at 90 capacity being able to say that based on your historical trending uh we expect you run out of capacity in six months some small things like that right and of course uh if the uh the dial home the support assist capabilities are enabled cloud iq brings a lot of intelligence to the table as well in addition to that as i mentioned earlier there is apps on capability that gives another level of flexibility to the customers to integrate your storage infrastructure into a virtual environment if the customer chooses to do that and last but not the least it's not just about the product right so it's about the the programs that we have put around it anytime upgrade is a big differentiator for us where it's an investment protection program for customers where if they want to have the peace of mind in terms of three months nine months three years down the line if we come out with new technologies being able to be upgrade to that non-destructively is a big part of it as well so it's a peace of mind for the customers that yes i'm getting into the power store architecture today but going forward i am i'm protected from that point of view so anytime upgrade it's a new business program that we put around leveraging the architectural benefits of power store uh whether your computer requirement your storage requirements change your your you're covered from that point of view so again a very quick overview of uh of what power store is why it is different and again that's where that comes from thank you for that richard are you are you actively using cloud iq do you get what kind of value do you get from it not currently um however we have we have had plans to to do that the um uptake and how basically our our internal work node is not allowed us to to do that but one of the other key reasons for selecting powersupport was the the non-disruptive element you know with other sas products other providers and other issues that we have experienced that was one that was a a key decision for us from a um a power store perspective one of the other you know i i to go back to the conversation slightly with in terms of performance you know we are getting getting now you know there's a 400 percent speed of improvement of publishing uh we've got 80 percent faster code coverage and our firmware built 1 300 quicker than they were previously and the time savings of the storage engineer and you know as a director of it i often ask for certain reports from from the storage array when we're working out for um storage forecasts performance forecasts and you know when we're coming close to product releases and code drops um that we're trying to manage the the reporting on the power store is is impressive whereas previously my storage engineer would not be the uh the most happiest of people when i would be trying to pull you know month-end quarterly reports etc uh whereas now it's it's ease and we have live dashboards running we can easily extract that information i love that uh because you know so often we talk about the 40 reduction in it labor uh which okay that that's cool but then your cfo's gonna say yeah but it's not like we're getting rid of people we you know we're still spending that money and okay they're getting you're now into soft dollars but when you talk about 400 percent 18 1300 percent you're talking about business impact and that's telephone numbers to a cfo so i i love those metrics thank you for sharing yeah but when they obviously some of our dashboards when they're visualized that they are very hard-hitting you know the impact you know you're quite right to see if it does chase down you know the availability and the resource profile however we're on a huge upward trajectory so having the right resilience and infrastructure in places is exactly what we need and as i mentioned before those engineers are all reallocated to much more interesting work and you know the areas that will actually drive our business forward speaking of resilience are you doing any replication uh not currently however there uh we've actually got a meeting regarding this today with some of the dell's enterprise and some of their storage specialists in a couple of hours time actually because that is very high on the agenda for us to be able to replicate and have a high availability um cluster and another uh potentially power stone made because so i was going to ask you kind of where you want to take this thing i'm hearing you you're looking at cloud iq really try to exploit that so you got some headroom here in terms of the value that you can get out of this platform uh to to do replication faster recovery etc maybe protect against you know events guys thanks so much for your time really appreciate your insights and thank you for watching this cube conversation this is dave vellante and we'll see you next time you

>> Welcome everybody to this cube conversation. My name is Dave Vellante and we're joined today by Richard Goodwin, who's the group director of IT at Ultraleap and Avishek Kumar, who manages Dell's Power Store, product line, he directs that product line along with several other lines for the company. Gentlemen, welcome to the cube. >> (Avishek) Hi Dave. >> (Richard) Hi >> (Dave) So Richard, Ultraleap, very cool company tracks hand movements, and so forth. Tell us about the company and the technology I'm really interested in how it's used. >> Yeah, we've had many product lines, obviously. We're very innovative, and the organization was spun up from a PhD, a number of PhD students who were the co-founders for Ultraleap, and initially with mid-air haptics, as you, as many people may have seen, but also hand tracking, mid-air touch, sense and feel. So, yeah, it's, it's, it's quite impressive what we have produced and the number of sectors and markets that we were in. And obviously to, to push us to where we are, we have relied upon lots of the Dao technology, both software and hardware. >> (Dave) And what's your role at the company? >> I'm the group IT director, I'm responsible for the IT and business platforms, all infrastructure, network, hardware, software, and also the transition of those platforms to ensure that we're scalable. And we are able to develop our software and hardware as rapidly as possible. >> (Dave) Awesome. Yeah, a lot of data behind that too I bet. Okay Avishek, you direct a number of products at Dell across the portfolio, Unity, Extreme IO, the SC series, and of course power vault. It's quite the portfolio that you look after. So let's get into the case study, if we can, a bit, Richard, maybe you could paint a picture of, of your environment, some of the key applications that you're supporting and maybe what your infrastructure looks like. Give us a high level view. >> Sure. So, pre Power Store, we had quite a disparate architecture, so a fairly significant split and siding on the side of the cloud, not as hybrid as we would like, and not, not as much as on-prem, as we would have liked, and hey, but that's changed quite significantly. So we now have a number of servers and storage and storage arrays that we have on, on-premise, and then we host ourselves. So we are moving quite rapidly, you know as a startup and then moving to a scale-up, we needed that, that scalability and that versatility, and also the whole OPEX versus CAPEX, and also not being driven by lots of SaaS products and architecture and infrastructure, where we needed to be in control because of our development cycles and our products, product development. >> (Dave) So wait, Okay, So, so, too much cloud. I'm hearing you wanted a little bit a dose of on-prem, explain that a little bit more, the cloud wasn't doing it for you in terms of your development cycle, your control. Can you double click on that? >> Yeah. Some of the, some of the control and you know, there's always a balance because there's certain elements of our development cycles and our engineering, software engineering, where we need a very high parallelism for some of the work that we're doing, which then, you know, the CAPEX investment makes things very, very challenging, not commercially the right thing to do. However, there are some of our information, some of IP, some of the secure things that we do, we also do not want upgrades as an example, or any advantages or certain types of server and spec that we need to be quite and unique and that needs to be within our control. >> (Dave) Got it, Okay. Thank you for that. Avishek, we're going to talk about Power Store today. So set it up, please, tell us about Power Store, what it is, you know, why it's important to this conversation. >> Sure. So Power Store is a product that we launched may of 2020, roughly a little bit more than a year now. And it's a brand new architecture that Dell technologies released. And at the end of the day, I'll talk about a few unique aspects of the product, but at the end of the day, where we start with, it's a storage platform, right? So where we see similar to what Richard is saying here, in terms of being able to consolidate the customer's environment, whether it is blog, file, WeVaults, physical, virtual environments, and, and it's, as I said, it's a brand new architecture where we leveraged pieces of existing products, where it made sense, we are using all the latest and greatest technologies delivering the best performance based data reduction. And where we see a lot of traction is the options that it brings to the table for our customers in terms of flexibility, whether they want to add capacity, compute, whether in fact, we have apps on the deployment model where customers can consolidate their compute as well on the static storage platform with needed. So a lot of innovation from a platform perspective itself, and it's not just about the platform itself, but what comes along with it, right? So we refer to it as an ecosystem, part of it, where we work with Ansible playbooks, CSI plugin, you name it, right. And it's the storage platform by itself, doesn't stand by itself in a customer's environment, there are other aspects of the infrastructure that it needs to integrate with as well. Right? So if they are using Ansible playbooks, we want to make sure the integration is there. >> (Dave) Got it. >> And last, but perhaps not the least is the intelligence built into the platform, right? So as we are building these capabilities into the product, there is intelligence built into the product, as well as outside the product where things like Cloud IQ, things like technologies built into power suit itself makes it that much easier for the customers to manage the infrastructure and go from there. >> (Dave) Thank you for that, So, Richard, what was the workload? So it actually, you started with the sort of a Greenfield on-prem. If I understand it correctly, what was the workload that you were sort of building around or workloads? >> So, we had a, a number of different applications. Some of which we cannot really talk about too much, but we had, we had a VxRail, we had a a smaller doubt array and we have lots of what we class as runners, Kubernetes cluster that we run and quite a few different VMs that run on our, on-prem server infrastructure and storage arrays and the issues that we began to hit because of the high IO, from some of our workloads, that we were hitting very high latency, which rapidly stopped, began to cause us issues, especially with some of our software engineering teams. And that is when we embarked upon a competitive RFP for Dell Power Store, Dell were already engaged from an end-user compute where they'd been selected as the end-user compute provider from a previous competitive RFP. And then we engaged them regarding the storage issue that we had and we engaged the, our account lead and count exec, and a number of solution architects were working with us to ensure that we have the optimal solution. Dell were selected over the competitors because of many reasons, you know, the new technology, the de-duplication, the compression, the data, overall data reduction, and the guarantee that also came, came with that, the four-to-one data reduction guarantee, which was significant to us because of their amounts of data that we hold. And we have, you know, as I've mentioned, we're pulling further, further data of ours back into our hosted environments, which will end up on the Power Store, especially with the de-duplication that we're now getting. We've actually hit nine-to-one, which is significant. We were expecting four-to-one, maybe five-to-one with some of the data types. And what was excellent that we were that confident that they did not even review our data types prior, and they were willing to stand by that guarantee of four-to-one. And we've excelled that, we've got significant different data types on, on that array, and we've hit nine-to-one and that's gradually grown over the last nine months, you know, we were kind of at the six then we moved to seven and now we're hitting nine-to-one ratio. >> (Dave) That's great. So you get a little free storage. That's interesting what you're saying, Richard, cause I just assumed that a company that guaranteed four-to-one is going to say okay, let us, let us inspect your workload first and then we'll do the deal. So Avishek, what's the tech behind that data reduction that you're able to, with such confidence, not have to pre inspect the workload in this case anyway. >> Yeah. So, it goes back to the technologies that goes behind the product, right? So, so we, we stand behind the technology and we want to make it simpler for our customers as well where, again we don't want to spend weeks looking at all the data, scanning all the data before giving the guarantee. So we stand behind the technology where we understand that as the data is coming in, we are always going to be de-duplicate it. We are always going to compress it. There is technology within the product where we are offloading some of that to the outside the CPU, so it is not impacting the performance that the applications are going to see. So a data reduction by itself is not good enough, performance by itself is not good enough. Both of them have to be together, right? So, and that's what Power Store brings to the table. >> (Dave) Thank you. So Richard, I'm interested. I mean, I remember the Power Store announcement of, sort of, saw it leading up to it. And one of the big thrusts from Dell was the way I phrase it is essentially trying to create a cloud like experience on-prem. So really focused on simplicity. So my question to you is, let's start with just the deployment. You know, how complicated was it to install? What was that process like? How many clicks, I mean, not that you have to tell me how many clicks, but you know, what I'm asking is, is how difficult was it to get from zero to, you know, up and running? >> Well, we actually stepped our very difficult challenge. We were in quite a difficult situation where we'd pretty much gone off the cliff in terms of our IOPS performance. So the RFP was quite rapid, and then we needed to get whoever which vendor was successful, we needed to get that deployed rather rapidly and on the floor in our data center and server rooms, which we did. And it was very very simplistic, within three weeks of placing the order, we had that array in our server rack and we'd begun the migration, it was very simple to set up. And the management of that array has been, we've seen say 40% reduction in terms of effort to be able to manage our storage because it is very self-contained, you know, even from a reporting perspective, the deployment, the migration was all very, very, very simplistic, and you know, we we've done some work recently where we had to also do some work on the array and some other migrations that we were doing and the resilience came, came to, came to the forefront of where the Juul architecture and no single point of failure enabled us to do some things that we needed to do quite rapidly because of the, the Juul norms and the resilience within, within the unit and within the Power Store itself was considerable where we, we kept performance up, it also prioritize any discreet rebuilds, keeps the incoming ingest rates high, and prioritizes the, you know, the workloads, which is really impressive, especially when we are moving so quickly with our technology. We don't really have much time to, you know, micromanage the estate. >> (Dave) Can you, can you just repeat what you said on the percent reduction? I think I heard you cut out there a little bit, a percent reduction on, on, on management, on, on, on the labor side. >> So our lead storage engineer is estimated around 40% less management. >> (Dave) Wow. Okay. So that's, that's good. So actually, I love this conversation because, you know, in the early days of automation, people like, ah, that's my job, provisioning LUNs. I'm really good at it, but I think people are realizing that it's actually not something that you want to be really good at. It's something that you want to eliminate. So, it now maybe it's that storage engineer got his or her nights and weekends back, but, but what do they do now when they get that extra time, what do you, what do you put them on? You know, no more strategic initiatives or, you know, other, other tech things on the to-do list. What's that like?. >> The last thing that, you know, any of my team, whether it's the storage leads or some of the infrastructure team that were also involved in engaged, cause you know, the organization, we have to be quite versatile as a team in our skillsets. We don't want to be doing those BAU mundane tasks. Even the storage engineer does not want to be allocating LUNs and allocating storage to physical servers, Vms, etc. We want all of that to be automated. And, you know, those engineers, they're working on some of the cutting edge things that we're trying to do with machine learning as an example, which is much more interesting. It's what they want to be doing. You know, that aides, the obvious things like retention, interest and personal development, we don't want to be, you know, that base IT infrastructure management, is not where any of the engineers wants to be. >> (Dave) In terms of the decision to go with Dell Power Store. I'm definitely hearing there was a relationship. There was an existing relationship with Dell. I'm sure that played into it. >> There were many things. So the relationship wasn't really part of this, even though I've mentioned the end-user compute in any sets or anything that we're procuring, we want best of breed, you know, best of sets. And that was done on, the cost is definitely a driver. The technology, you know, is a big trust to us, We're a tech company, new technology to us is also fascinating, not only our own, but also the storage guarantee, the simplicity, the resilience within, within the unit. Also the ability, which was key to us because of what we're trying to do with our hybrid model and bring, bring back repatriate some of the data as it were from the client. We needed that ability to, with ease, to be able to scale up and scale high, and the Power Store gave us that. >> (Dave) When you say cost, I want to dig into that price or you know, the price tag or the, the cost, I mean, when you do the business case. And I wonder if we could add a little color to that. >> (Richard) There's two elements to this, so they're not only the cost of the price tag, but then also cost of ownership and the comparisons that we were running against the other vendors, but also the comparisons that we were running from a CAPEX investment against OPEX and what we have in the cloud, and also the performance, performance that we get from the cloud and our cloud storage and the resilience within that. And then also the initial price tag, and then comparing the CapEx investments to the OPEX where all elements that were key to us making our decision. And I know that there has to be some credit taken by the Dell account team and that their relationship towards the final phrase of that RFP, you know, were key initially, not all, we were just looking for the best possible storage solution for Ultraleap. >> (Dave) And to determine that on your end, was that like a feature, because it's sometimes fuzzy what the business impact is going to be like that 40% you mentioned, or the data reduction at nine to one, when there's a promise of four to one, did you, what did you do? Did you kind of do a feature function analysis and sort of line that up and, and say, okay, I'm going to map that to our business processes our IT processes and try to predict what the impact would be. Is that how you did it? or did you take a different approach? >> (Richard) We did. So we did that, obviously between vendors usually expected an RFP, but then also mapping to how that would impact the business. And that is not an easy process to go through. And we've seen more gains even comparing one vendor to another, some of that because of the technology, the terminology is very very different and sometimes you have to bring that upper level and also gain a much more detailed understanding, which at times can be challenging, but we did a very like-for-like comparison and, and also lots of research, but you're quite right. The business analysis to what we needed. We had quite a good forecast and from summarized stock information data, and also our engineering and business and strategic roadmap, we were able to map those two together, not the easiest of experiences, not one that I want to repeat, but we, we got it. (Dave laughing) >> (Dave)Yeah, a little bit of art and science involved. Avishek, maybe you could talk about Power Store, what, you know, give us the commercial. What makes it different from other products in the market of things like cloud IQ? Maybe you could talk about that a little bit. >> Sure. So, so again, from a, it's music to my ears, when Richard talks about the ease of deployment and the management, because there is a lot of focus on that. But even as I said earlier, from a man technology perspective, a lot of goodness built-in, in terms of being able to consolidate a customer's environment, onto the platform. So that's more from a storage point of view that give the best performance, give the best data reduction, storage efficiencies. The second part, of course, the flexibility, the options that Power Store gives to the customers in terms of sort of desegregating the storage and the compute aspects of it. So if, as a customer, I want to start with different points in terms of what our customer requirements are today, but going forward as the requirements change from a compute capacity perspective, you can use a scale up and scale out capabilities, and then the intelligence built in, right? So, as you scale out your cluster, being able to move storage around right, as needed being able to do that non-disruptively. So instead of saying that Mr. Customer, your, your storage is going to you're at 90% capacity, being able to say that based on your historical trending, we expect you run out of capacity in six months, some small things like that, right? And of course, if the, the dial home, the support assist capabilities that enabled, cloud IQ brings a lot of intelligence to the table as well. In addition to that, as they mentioned earlier, there is apps on capability that gives another level of flexibility to the customers to integrate your storage infrastructure into a virtual environment, if the customer chooses to do that. And last but not the least, it's not just about the product, right? So it's about the programs that we have put around it, anytime upgrade is a big differentiator for us, where it's an investment protection program for customers, where if they want to have the peace of mind, in terms of three months, nine months, three years down the line, if we come out with new technologies, being able to be upgrade to that non-disruptively is a big part of it as well. It's a peace of mind for the customers that, yes I'm getting into the Power Store architecture today, but going forward, I'm protected from that point of view. So anytime upgrade, it's a new business program that we put around leveraging the architectural benefits of Power Store, whether your compute requirement, your storage requirements change, you're covered from that point of view. So again, a very quick overview of, of what Power Store is, why it is different. And again, that's where that comes from. >> (Dave) Thank you for that. Richard, are you actively using cloud IQ? Do you get the, what kind of value do you get from it? >> Not currently. However, we have, we have had plans to do that. The uptake and BCR, our internal Workload is not allowed us, to do that. But one of the other key reasons for selecting Power Store was the non-disruptive element, you know, with other SaaS products, other providers, and other issues that we have experienced. That was one, that was a key decision for us from a Power Store perspective. One of the other, you know, to go back to the conversation slightly, in terms of performance, we are getting, getting there. You know, there's a 400% speed of improvement of publishing. We've got an 80% faster code coverage. Our firmware builds a 1300% quicker than they were previously. and the time savings of the storage engineer and, you know, as a director of IT, I often asked for certain reports from, from the storage array, we're working at, for storage forecast, performance forecast, you know, when we're coming close to product releases, code drops that we're trying to manage, the reporting or the Power Store is impressive. Whereas previously my storage engineer would not be the, the most happiest of people when I would be trying to pull, you know, monthly and quarterly reports, et cetera. Whereas now it's, it's ease and we have live dashboards running and we can easily extract that information. >> (Dave) I love that because, you know, so often we talk about the 40% reduction in IT labor, which okay, that's cool. But then your CFO's going to say, yeah, but it's not like we're getting rid of people. We, you know, we're still spending that money and you're like, okay. You're now into soft dollars, but when you talk about 400%, 80%, 1300% of what you're talking about business impact and that's telephone numbers to a CFO. So I love those metrics. Thank you for sharing. >> Yeah. But what would, they obviously, it's sort of like dashboards when they visualize that they are very hard hitting, you know, the impact. You're quite right the CFO does chase down you know, the availability and the resource profile, however, we're on a huge upward trajectory. So having the right resilience and infrastructure in places is exactly what we need. And as I mentioned before, those engineers are all reallocated to much more interesting work and, you know, the areas that will actually drive our business forward. >> (Dave) Speaking of resilience, are you doing any replication? >> Not currently. However, we've actually got a meeting regarding this today with some of the enterprise and some of their storage specialists, in a couple of hours time, actually, because that is a very high on the agenda for us to be able to replicate and have a high availability cluster and another potentially Power Store need. >> (Dave) Okay. So I was going to ask you where you want to take this thing. I'm hearing, you're looking at cloud IQ, really try to exploit that. So you got some headroom here in terms of the value that you can get out of this platform to do replication, faster recovery, et cetera, maybe protect against, you know, events. Guys, Thanks so much for your time. Really appreciate your insights. >> (Richard) No problem. >> (Avishek) Thank you. >> And thank you for watching this cube conversation. This is Dave Vellante and we'll see you next time.

(upbeat music) >> Welcome to AnsibleFest, 2021, the virtual version. This is The Cube and my name is Dave Volante. We're going to dig into automation and its continuing evolution. Tom Anderson is here. He's the vice president of Red Hat Ansible, the automation platform. And Richard Henshall is also here, Senior Manager of Ansible Product Management, of course, at Red Hat. Guys, welcome to the cube. Good to see you. >> Thanks for having us. >> Thank you for having us Dave. You're welcome, so Rich with this latest release of the Ansible Automation Platform, AAP, we'll get the acronyms out of the way. The focus seems to be an expanding the reach of automation and its potential use cases. I mean, I'll say automation everywhere, not to be confused with the RPA vendor, but the point is, you're trying to make it easier to automate things like provisioning, configuration management, application deployment, throw in orchestration and all these other IT processes. Now, you've talked about this theme in previous releases of AAP. So what's new in this release? What can customers do now that they couldn't do before? >> Yeah, it's a good question thank you. So, we look at this in two dimensions. So, the first dimension we have is like where automation can happen, right? So, you know, we always have traditional data center, clouds being been very prevalent for us for the last, you know, sort of five, 10 years in most people's view. But now we have the Edge, right? So now we have Edge computing, which is sometimes a lot more of the same, but also it comes with a different dynamic of how it has to be sort of used and utilized by different use cases, different industry segments. But then, while you expand the use cases to make sure that people can do automation where they need to do it and make sure if we don't close to the Edge or close to the data center, based on where the technology needs to be run, you also have to think about who's now using automation. So, the second dimension is making sure that different users can take access. You mentioned like application deployment, or infrastructure, or network configuration. We expand the number of different users we have that are starting to take advantage of Ansible. So how do we get more developers? How do we get into the developer workflow, into the development workflow, for how Ansible is created, as well as how we help with the operational, the posts deployment stage that people do operating automation, as well as then the running of Ansible Automation Platform itself. >> Excellent, okay. So, in thinking about some of those various roles or personas, I mean, I think about product leads. I would see developers, obviously you're going to be in there. Managers I would think want that view. You know the thrust seems to be, you're trying to continue to enhance the experience, for these personas and others, I suppose, with new tooling. Maybe you could add some color to that and what's happening in the market Tom if you take this and Rich chime in, what's happening in the market that makes this so important? Who are the key roles and personas that you're targeting? >> Yeah. So, there's a couple of things happening here. I mean, traditionally the people that had been using Ansible to automate their subsystems were the domain expert for that subsystem, right? I'm the storage operations team. I'm the network operations team. I'm using this tool to automate the tasks that I do day to day to operate my piece of the sub system. Now, what they're being asked to do is to expose that subsystem to other constituencies in the organization, right? So they had not, they're not waiting for a call to come in to say, can I have a network segment? Can I have this storage allocated to me? Can I deploy these servers so I can start testing or building or deploying my application. Those subsystems need to be exposed to those different audiences. And so the type of automation that is required is different. Now, we need to expose those subsystems in a way that makes those domain owners comfortable. So they're okay with another audience having access to their subsystem. But at the same time, they're able to ensure the governance and compliance around that, and then give that third-party that developer, that QE person, that man, that business, that line of business manager, whoever it might be, that's accessing that resource, a interface that is friendly and easy enough for them to do. It's kind of the democratization. I know it's a cliche, but the democratization of automated automation within organizations, giving them roles, specific experiences, of how they can access these different subsystems and speed their access to these systems and deploy applications. >> So if we could stay on that for a second, cause that's a complicated situation. You're now opening this up. You Richard mentioned the Edge. So you got to make sure that the person that's getting access has access, but then you also have to make sure that that individual can't screw it up, do things that you don't want that individual to do. And it's probably a whole other set of compliance issues and policy things that you have to bake in. Is that, am I getting that right? >> Yeah. And then that's the aspect of it. When you start to think, you know, Tom listed off there, you know, 10, you can just keep adding different sort of personas that individuals that work in roles, identify with as themselves. I'm a network person, I'm a storage person. To us they're all just Ansible users, right? There may be using a slightly different way, maybe using it slightly different places, but they're just an Ansible user, right? And so as you have, like those people that just like become organically, you've now got thousands potentially of Ansible users inside a large enterprise organization, or if you know, a couple of hundred if your smaller. But you're then go, well, what do I do with Ansible, right? And so at that point, you then start to say, now we try to look at it as what's their use of Ansible itself, because it's not just a command line tool. It's got a management interface, it's got analytics, we've got content management, we've got operational runtime, we've got responsiveness to, you know, disaster recovery scenarios for when, you know, when you need to be able to do certain actions, you may use it in different ways at different places. So we start, try and break out, what is the person doing with Ansible Automation Platform at this part of their workflow? Are they creating content, right? Are they consuming content, or are they operating that automation content for those other constituent users that Tom referred to. >> Yeah, that's really helpful because there's context, there are different roles, different personas need different contexts, you know, trying to do different things. Sometimes somebody just wants to see the analytics to make sure it's, you know, hey, everything's green, Oh, we got a yellow, versus, hey actually want to make some changes and I'm authorized to do so. Let's shift gears a little bit and talk about containers. I want to understand how containers are driving change for customers. Maybe what new tools you're providing to support this space? What about the Edge? Yeah, how real is that in terms of tangible pockets or patterns that you can identify that require new types of capabilities that you're delivering? Maybe you can help us unpack that a little bit. >> Okay so, I think there's two ways to look at containers, right? So the first is how are we utilizing the container technology itself, right? So containers are a package, right? So the amount of work we've been doing as Ansible's become more successful in the last couple of years, separating content out with Ansible collections. The ability to bring back manage, control a containerized runtime of Ansible so that you can lifecycle it, you can deploy it, it becomes portable. Edge is important there. How do I make sure I have the same automation running in the data center as the same automation running out on the Edge, if I'm looking at something that needs to be identical. The portability that the packaging of the container gives us, is a fantastic advantage, given you need to bring together just that automation you want. Smaller footprint, more refined footprint, lifecycle manage footprint. But at the same time, containers are also a very useful way of scaling the operation, right? And so as red hat puts things like Open Shift out in all these different locations, how can we leverage those platforms, to push the runtime of Ansible, the execution component, the execution plane of Ansible. How into anywhere that's hospitable for it to run? And as you move out towards Edge, as you move further away from the data center, you need a more ubiquitous sort of like run-time plane that you can put these things on. So they can just spin up when as, and when you need to. Potentially even at the end, actually being on the device, because at the same time with Edge, you also have different limits around how Edge works. It's not just about, hey I'm wifi points in an NFL stadium, actually, you're talking about I'm at the end of a 2000 mile, you know, piece of cable on an oil pipeline or potentially I'm a refinery out in the Gulf of Mexico. You know, you've got a very different dynamic to how you interact with that end point, than you do when it's a nice big controlled network, you know, powered location, which is well-governed and well-orchestrated. >> That's good. Thank you Rich. So Tom, think about automation, you know, back in the day, seems like a long time ago, but it really wasn't, automation used to scare some IT folks, because you know, sometimes it created unintended consequences or maybe it was a cultural thing and that you didn't want to automate themselves out of a job, but regardless. The cloud has changed that mindset, you know, showing us what's possible. You guys obviously had a big role in that, and the pandemic and digital initiatives, they really have made I call it the automation mandate. It was like the fourth March to digital, at least that's how I see it. I wonder if you could talk about, how you see your users approaching automation in as it relates to their business goals. Do you think automation is still being treated sometimes with trepidation or as a side project for some organizations or is it really continuing to evolve as a mainstream business imperative? >> Yes, so Dave we see it continuing to evolve as a strategic imperative for our customers. I mean, you'll, hear some of the keynote folks that are speaking here today. I've done an interview or doing an interview with Joe Mills from Discover, talking about extreme automation throughout Discovers organization. You'll hear representatives from JPMC talk about 22,000 JPMC employees contributing automation content in their environment, across 20 or 22 countries. I mean, just think about that scale, and the number of people that are involved in automation now and their tasks. So I think it's, I think we are, we have moved beyond or are moving beyond that idea that automation is just there to replace people's jobs. And it's much more about automation replacing the mundane, increasing consistency, increasing security, increasing agility, and giving people an opportunity to do more and more interesting stuff. So that's what we hear from our customers, this idea of them building. And it's not just the technology piece, but it's the cultural piece inside organizations where they're building these guilds or communities of practice, bringing people together to share best practices and experience with automation, so that they can feel comfortable learning from others and sharing with others and driving the organization forward. So we see a lot of that, and you'll hear a lot of that, at some of the Ansible Fest sessions this week. >> Well, I mean though I think that's a really important point. The last point you made about the skills, because I think you're right. I think we have moved beyond it's just job replacement. I don't know anybody who loves provisioning LUNs and say, oh, I'm the best in the world at that. It's just kind of something that was maybe important 10, 15, 20 years ago, but today, he should let the machines do that. So that's the whole skills transformation, is obviously a big part of digital transformation. Isn't it? >> It absolutely is. And frankly, we still hear, it's an impediment, that skills shortages are still an impediment to our customer success. They are still skilling up. I mean, honestly, that's one of the differentiators, for Ansible, as a language, a human readable language, that is easy to learn, easy to use, easy to share across an organization. So that's why you see job boards, and whatnot with so many opportunities that require or, or ask for Ansible skills out there. It's just a, it's become sort of a ubiquitous automation language in organizations, because it can be shared across lots of different roles. You don't have to be a Ruby software developer or a Python software developer to create automation with Ansible. You can be Tom Anderson or Rich Henshall. You don't have to, you don't have to be the, you know, the, the sharpest software developer in the world to take advantage of it. So anyway, that's one of the things that kind of overcoming some of the skills apprehension and bringing people into this, into the kind of new environment, of thinking about automation as code, not software code, but thinking of it like code. >> Got it. Guys we've got to leave it there, but Rich, how about you bring us home. We'll give you the last word. >> I mean, I think, you know what Tom just said there I think, about the skills side of things, is I think that the part that made it resonates the most. I mean I was a customer before I joined Red Hat, and trying to get large numbers of people, onto a same path, to try and achieve that outbound objective, that an organization has. The objective of an organization is not to automate, it's to achieve what is needed by what the automation facilitates. So how do we get those different groups to go from, Hey, this is about me, to this is actually about what we're trying to achieve as a business what we're trying to facilitate as a business, and how do we get those people easier access, a reduced barrier of entry to the skills they need to help make that successful, that compliments what they do, in their primary role, with a really strong secondary skill set that helps them do all the bits and pieces they need to do to make that job work. >> That's great, I mean you guys have done a great job, I mean it wasn't clear, you know, decade ago, or maybe half a decade ago, who was going to win this battle. Ansible clearly has market momentum and has become the leader. So guys congratulations on that and good job. Keep it going. I really appreciate your time. >> Thank you. >> Thank you. Thanks. >> Okay. This is the cubes, continuous coverage of Ansible Fest, 2021. Keep it right there for more content that educates and inspires. Thanks for watching. (upbeat music)

(happy techno music) >> Welcome everybody to this cube conversation. My name is Dave Vellante and we're joined today by Richard Goodwin. Who's the group director of IT at Ultra Leap and Avishek Kumar who manages Dell's power store product line and directs that product line along with several other lines for the company, gentlemen, welcome to the cube. >> Hi Dave >> Hi >> So Richard ultra leap, very cool company tracks, hand movements, and so forth. Tell us about the company and the technology, I'm really interested in how it's used. >> Yeah, we've had many product lines, obviously. We're at very innovative, um and the organization was spun up from PhD, a number of PhD students who were the co-founders for ultra leap. um And initially with mid-air haptics, um as you, as many people may have seen, but also hand tracking, mid-air had such a sense and feel. So, yeah, it's, it's, it's quite impressive what we have produced and the number of sectors and markets that we're in. Um And obviously to push us to, to where we are, we have relied upon lots of the Dell technology, both software and hardware. >> And what's your role at the company. >> Uh, I'm the group IT director, uh, I'm responsible for the it and business platforms or infrastructure network hardware software, and also the transparency of those platforms to ensure that we're scalable. And we are able to develop our software and hardware as rapidly as possible. >> Awesome. Yeah, a lot of data behind that too. I bet. Um okay Avishek, you direct a number of products at Dell across the portfolio, unity, extreme IO, the SC series, and of course, power vault. It's, it's quite the portfolio that you look after. So let's get into the case study. If we can, a bit, Richard, maybe you could paint a picture of, of your environment, some of the key applications that you're supporting and maybe what your infrastructure looks like. Give us a high level view. >> Sure. So pretty power store. We had quite a disparate architecture, so a fairly significant split and siding on the side of cloud, not as hybrid as we would like, and not, not as much as our on-prem as we would have liked and Hey, that, that has changed quite significantly. So we now have a number of servers and storage and storage arrays that we have on, on premise. And then we host ourselves. So we are moving quite rapidly, you know, as a, as a startup and then moving to a scale-up we needed that, that scalability and that versatility, and also the whole OPEX versus CapEx and, um, and also not being driven by lots of SaaS products and architecture and infrastructure where we needed to be in control because of our development cycles and our products, product development. >> So wait, oh okay. So, so too much cloud, you wanted to run a little bit of a dose of on-prem explain that a little bit more the cloud wasn't doing it for you in terms of your development cycle, your control, can you double click on that? >> Yeah. Some of the, some of the control and, you know, there's always a balance because there are certain elements of our development cycles and our engineering software engineering, where we need a very high parallelism for some of the work that we're doing, which then, you know, the CapEx investment makes things very, very challenging, not commercially that the right thing to do. However, there are some of our information, some of IP, some of the secure things that we do, we also do not want upgrades as an example, or any outages or certain types of server and spec that we need to be quite bespoke and unique, and that needs to be within our control. >> Got it, okay. Thank you for that. Avishek, we're going to talk about power store today. So set it up, please tell us about power store, what it is, you know, why it's important to this conversation. >> Sure, so power store store is a product that we launched may of 2020, roughly a little bit more than a year now. And it's a brand new architecture that Dell technologies released. And at the end of the day, I'll talk about a few unique aspects of the product, but at the end of the day, the, where we start with it's a storage platform, right? So where we see similar to what Richard is saying here, in terms of being able to consolidate the customer's environment, whether it is blog file, weevils, physical virtual environments, and, and it's, as I said, it's a brand new architecture where we leveraged pieces of existing products, where it makes sense and it's, we are using all the latest and greatest technologies delivering the best performance based data reduction and, and where we see a lot of traction is the options that it brings to the table for our customers in terms of flexibility, whether they want to add capacity compute, whether in fact, we have apps on the current model where customers can consolidate their compute as well on the static storage platform if needed. So a lot of innovation from a platform perspective itself, and it's not just about the platform itself, but what comes along with it, right? So we refer to it as an ecosystem, part of it, where we work with Ansible playbooks, CSI plugin, you name it, right. And it's, the storage platform by itself. Doesn't that, doesn't stand by itself in a customer's environment there are other aspects of the infrastructure that it needs to integrate with as well. Right? So if they're using Ansible playbooks, we want to make sure the integration is there. >> Got it. >> And last but not the least is the intelligence built into the platform, right? So as we are building these capabilities into the product, there is intelligence built into the product, as well as outside the product where things like cloud IQ, things like uh, um, technologies built into power suit itself makes it that much easier for the customers to manage the infrastructure and go from there. >> Thank you for that, so, Richard, what was the workload? So it actually, you started with sort of a Greenfield on prem. If I understand it correctly, what was the workload that you were sort of building around or workloads? >> Sorry, we had a, a number of different applications. Some of which we cannot really talk about too much, but we had, we had a VxRail, we had a, a smaller Dell array, and we have lots of what we classes, runners, cubeanetics cluster that we that we run and quite a few different VMs that run on our, on-prem server infrastructure and storage rates and the issues that we began to hit because of the high IO, from some of our, um, workloads that we were hitting very high latency, which rapidly stopped, began to cause us issues, especially with some of our software engineering teams. And that is when we embarked upon a competitive RFP for uh, Dell power store. Dell were already engaged from an end-user compute where they'd been selected as the end-user compute provider from a previous competitive RFP. And then we engaged them regarding the storage issue that we had, and we engaged the, our account leading count exec, and a number of solution architects were working with us to ensure that we have the optimal solution. Dell were selected over the competitors because of many reasons, you know, the, the, the new technology, the DG plication, the compression, that data overall data reduction, and the guarantee that also came, uh, came with that, with the four to one data reduction guarantee, which was significant to us because of the amount of data that we hold. Um, And we have, you know, as I mentioned, we're pulling further, further data of ours back into our hosted environments, which will end up on the power store, especially with the duplication that we're now getting. We've actually hit nine to one, which is significant. We were expecting four to one, maybe five to one with some of the data types. And what was excellent Dale were that confident that they did not even review our data types prior. And they were willing to stand by that guarantee of four to one and we've excelled that we've got different data types on, on that array, and we've hit nine to one and that's gradually grown over the last nine months. You know, we were kind of six them we moved to seven and now we're hitting nine to one ratios. >> That's great. So you get a little free storage. That's interesting what you're saying, Richard, cause I just assumed that a company that's guaranteed four to one is going to say, okay, let us, let us inspect your workload first and then we'll do the deal. So Avishek, what's the tech behind that data reduction that you're able to with such confidence, not have to pre inspect the workload in this case anyway. >> Yeah. So, so it goes back to the technologies that goes behind the product, right? So, so we, we stand behind the technology and we want to make it simpler for our customers as well. Where again, we don't want to spend weeks looking at all the data, scanning all the data before giving the guarantee. So we stand behind the technology where we understand that as the data is coming in, we are always going to be duplicated. We are always going to compress it. There is technology within the product where we are offloading some of that to the outside the CPU. So it is not impacting the performance that the applications are going to see. So a data reduction by itself is not going to get enough performance by itself is not good enough. Both of them have to be together. Right. So, and that's what powers to brings to the table. >> Yeah. Thank you. So Richard, I'm interested. I mean, I remember the power store announcement, sort of saw it leading up to it. And one of the big thrusts from Dell was the way I phrase it is essentially trying to create a cloud-like experience on-prem. So really focused on simplicity. So my question to you is, let's start with just the deployment. You know, how complicated was it to install? What was that process like? How many clicks, I mean, not that you have to tell me how many clicks, but you know, what I'm asking is, is how difficult was it to get from zero to, you know, up and running? >> Well, we actually sat down with a very difficult challenge. We were in quite a difficult situation where we'd pretty much got off of a cliff in terms of IOPS performance. So the RFP was quite rapid. And then we needed to get which, whoever, which vendor was successful, we need to get that deployed rather rapidly and on the floor in our data center and server rooms, which we did. And it was very, very simplistic within three weeks of placing the order. We had that array in our server rack and we'd begun the migration that it was very simple to set up. And the management of that array has been, we we've seen say 40% reduction in terms of effort it took to be able to manage our storage because it is very self-contained, you know, even from a reporting perspective, the deployment, the migration was all very, very, very simplistic. And, you know, we we've done some work recently where we had to also do some work on the array and some other migrations that we were doing and the resilience came, came to, came to the forefront of where the whole architecture and no single point of failure enabled us to do some things that we needed to do quite rapidly because of the, the jole notes and the resilience within, within the unit and within the power store itself was considerable where we, we kept performance up. People also prioritize any discreet rebuilds, keeps the incoming ingest rates high and prioritizes that, you know, the workloads, which is really impressive, especially when we are moving so quickly with our technology. We don't really have much time to, you know, micromanage the estate. >> Can you, can you just repeat what you said on the percent reduction? I think I heard you cut out there a little bit, a percent reduction on, on, on management, on, on, on the labor side. >> So our lead storage engineer is estimated around 40% less management. >> Wow. Okay. So that's, that's good. So actually, I, I love this conversation because, you know, in the early the days of automation, people are like, ah, that's my job provisioning, LUNs. I'm really good at it. But I think people are realizing that it's actually not something that you want to be really good at. It's something that you want to eliminate. So it now maybe it's a, that, storage engineer got his or her nights and weekends back, uh, but, but what do they do now when they get that extra time, what do you, what do you put them on? You know, no more strategic initiatives or, you know, other, other tech things in the to-do list, what's that like? >> You know, any of my team, whether it's the storage leads or some of the infrastructure team that are also involved in engaged, cause you know, the organization, we have to be quite versatile as a team in our skillsets. We don't want to be doing those BAU mundane tasks. Even the storage engineer does not want to be, you know, allocating Luns and allocating storage to physical servers, VMs, et cetera. We want all of that to be automated. And the, you know, those engineers, are they working on some of the cutting edge things that we're trying to do with machine learning as a, as an example, which is much more interesting, it's what they want to be doing. Um, you know, that aides, the obvious things like retention interest and personal development, we don't want to be, you know, that base IT infrastructure management is, is, is not, not where any of the engineers wants to be. >> In terms of the decision to go with Dell power store. I, I, I'm definitely hearing there was a relationship. There was an existing relationship with Dell. I'm sure that played into it. And you, you mentioned a couple of times that RFP, so, so you kind of lined up various various vendors. What can you tell us about that in, in addition to the relationship, what was it that led you to power store? >> Uh, there were many things saying, you know, the relationship wasn't really part of this, even though I've mentioned the end user compute in any sets or anything that we're procuring, we want best of breed and best of set, but, and there were four vendors that were engaged in the RFP and it was down selected to, two, and that was done on the cost is definitely a driver. The technology, you know, is a big trust to us. We're a tech company. New technology to us is also fascinating, not only our own but also the, the storage guarantee, the simplicity, the resilience within, within the unit. Also the, the ability which was key to us because of what we're trying to do with our hybrid model and bring, bring back and repatreize some of the data as it were um, from the client, we needed that ability to, with ease, to be able to scale up and scale out, and the power store gave us that. >> When you say cost of, I want to dig into that price or, you know, the, the, the, the price tag or the, the cost. I mean, when you do the business case, and I wonder if we could add a little color to that. >> Yeah, the, the, there there's two elements to this, so there's not even the cost of the price tag, but then also cost of ownership and the comparisons that we were running against the other vendors, but also the comparisons that we were running from a CapEx investment against OPEX and what we have in the cloud, and also the performance and performance that we get from the cloud and our cloud storage and a resilience within that, and then also the initial price tag, and then comparing the CapEx investments to the OPEX were all elements that were, were key to us making our decision. And you know that there has to be some credit taken by the Dell account team and their relationship towards the final phrase of that RFP, you know, were key, initially, not at all, we were just looking for the best possible storage solution for ultra-leap. >> And to, to determine that on your end, was that like a feature, because it's sometimes fuzzy what the business impact is going to be like that 40% you mentioned, or the data reduction at nine to one, when there's a promise of four to one, did you, what did you do? Did you kind of do a feature function analysis and sort of line that up and, and say, okay, I'm going to map that to our business, our processes, our IT processes, and try to predict what the impact would be. Is that how you did it, or did you take a different approach? >> We did. So we did that, obviously between vendors as you'd expected in RFP, but then also mapping to how that would impact the business. And that that is not an easy process to go through. We've seen more gains, even comparing one vendor to another, some of that because of the technology, the terminology is very, very different and sometimes you have to bring that up a level and also gain a much more detailed understanding, which at times can be challenging, but we did a very like-for-like comparison and, and also lots of research, but you're quite right. The, the, the business analysis to what we needed. We had quite a good forecast and from my supplier stock and information data, and also our engineering and business and strategic roadmap, we were able to map those two together, not the easiest of experiences, not one that I want to repeat, but we got through it. >> Yeah, a little bit of art and science involved. Avishek, maybe you could talk about power store, what, you know, give us the commercial. What makes it different from other products in the market? Things like cloud IQ, maybe you could talk about that a little bit. >> Sure, so, so again, from a, a it's music to my ears, when Richard talks about the ease of deployment and the management, because there is a lot of focus on that. But even as I said earlier, from a manned technology perspective, a lot of goodness built in, in terms of being able to consolidate a customer's environment into, onto the platform. So that's more from a storage point of view that will give the best performance, give the best data reduction, storage efficiencies. Um, the second part, of course, the flexibility, the options that power store it gives to the customers in terms of sort of desegregating the storage and the compute aspects of it. So if, as a customer, I want to start with different points in terms of what our customer requirements are today, but going forward as requirements changed from a compute capacity perspective, you can use a scale up and scale out capabilities, and then the intelligence built in, right? So as you scale out your cluster, being able to move storage around right, as needed being able to do that non-disruptively. So instead of saying that Mr. Customer you're, you're storage is going to, you're at 90% capacity, being able to say that based on your historical trending, we expect you run out of capacity in six months, some small things like that. Right. And of course, if the, the dial home, the support assist capabilities that are enabled, cloud IQ brings a lot of intelligence to the table as well. In addition to that, as they mentioned earlier, there is apps on capability that gives another level of flexibility to the customers to integrate your storage infrastructure into a virtual environment. If the customer chooses to do that. And last but not the least, it's not just about the product right? So it's about the programs that we have put around it. Any anytime I'll create is a big differentiator for us, where it's an investment protection program for customers, where if they want to have the peace of mind, in terms of three months, nine months, three years down the line, if we come out with new technologies, being able to be upgrade to that non-disruptively is a big part of it as well. It's a peace of mind for the customers that, yes, I'm getting into the power store architecture today, but going forward, I am I'm protected from that point. So anytime I upgrade, it's a new business program that we put around leveraging the architectural benefits of power stool, whether your compute requirements, your storage requirements change you're, you're, you're covered from that point of view. So again, very quick a overview of, of what power store is, why it is different, and again, that's where that comes from. >> Thank you for that. Richard, are you, are you actively using cloud IQ? Do you get, what kind of value do you get from it? >> Not currently. However, we have, we have had plans to do that. The uptake and BCR, our internal workload has not allowed us to do that, but one of the other key reasons for selecting power source was the, the non-disruptive element, you know, with other SaaS products, other providers, and other issues that we have experienced. That was one, that was a, a key decision for us from a, a power store perspective. One of the other, you know, I would like to go back to the conversation slightly, in terms of performance, we are getting, getting now, you know, there's a 400% speed of improvement of publishing. We've got an 80% faster code coverage. So our firmware builds a 1300% quicker than they were previously and, and the time savings of the storage engineer and, you know, as a, as director of IT, I often asked for certain reports from, from the storage array, when we're working out for, um, storage forecast, performance forecast. And, you know, when we're coming close to product releases, code drops that we're trying to manage, the reporting or the power stories is impressive. Whereas previously my storage engineer would not be the, the most happiest of people when I would be trying to pull, you know, monthly and quarterly reports, et cetera. Whereas now it's, it's easy and we have live dashboards running, and we can easily extract that information. >> I love that, because, you know, so often we talk about the 40% reduction in IT, labor, uh, which, which, okay, that's cool. But then your CFO's going to say, yeah, but it's not like we're getting rid of people. We, you know, we're still spending that money and you, okay. They're getting you're now into soft dollars, but when you talk about 400%, 18%, 1300% of what you're talking about, business impact and that's telephone numbers to a CFO. So I love those metrics. Thank you for sharing. >> Yeah. But what would, they, obviously, in some of our dashboards when they visualize that they are very hard hitting, you know, the impact that you're quite right that the CFO does chase down, you know, the availability and the resource profile, however, we're on a huge upward trajectory. So having the right resilience and infrastructure in places is exactly what we need. And as I mentioned before, those engineers are all reallocated to much more interesting work. And, you know, the, the areas that will actually drive our business forward. >> Speaking of resilience, are you doing any replication? >> Not currently. However, there, uh, we've actually got a meeting regarding this today with some of that was a surprise that some of their storage specialists in a couple of hours time, actually, because that is a very high on the agenda for us to be able to replicate and have a high availability cluster and another potentially power store name. >> So I was going to ask you kind of where you want to take this thing. I'm hearing you, you're looking at cloud IQ, really try to exploit that. So you've got some headroom here in terms of the value that you can get out of this platform to, to do replication, faster recovery, et cetera, maybe protect against, you know, events. Any other things that you would identify as things you would either want from Dell or things that you'd like to see this platform direction you'd like to see it take in the future? >> Uh, yeah. We, we actually had some discussions recently and we are actively involved in some of the power store roadmap, which is, which is really good for us because we get visibility. And we also get to feed back to Dell on some of the features that we would like to see. So one of the things that we're discussing is a virtual kind of power store is what we would like to see. So some of that resilience would be really useful for us to be able to fail over quite rapidly and have live access to you are sick of data rather than potentially having hole sites. And we're looking at some of the Dell service offerings, which are quite impressive and is currently ticking. You know, we're very early in the, in the stages of the discovery, but there's quite a few boxes being ticked. Currently. >> Guys, we got to leave it there. I love this example of where you've got infrastructure, really connecting directly to a fast growth company, helping it scale, guys, thanks so much for your time. Really appreciate your insights. >> Thank you >> And thank you And thank you for watching this cube conversation. This is Dave Volante, and we'll see you next time. (upbeat music)

(melodic music) >> Welcome to this CUBE conversation, I'm Lisa Martin, Richard Hammel joins me next, manager of threat intelligence at NetScout. Richard, welcome back to theCUBE. >> Thanks Lisa it's nice to be back. Thank you for having me. >> We have a lot to talk about in the next 15 to 20 minutes. We're going to be talking about the NetScout threat intelligence report. The report covers the first half of 2021, January one to June 30th. Unprecedented events of 2020 Richard, spilling into 2021. How have the events of 2020 impacted the threat landscape? What are you seeing? >> I would say that it's significantly impacted it. The COVID pandemic and all that happened with remote work and education moving to remote, all of that had a hand in exponentially increasing the threat landscape that adversaries have at their disposal to compromise unknowing victims, to launch attacks. There's so much more that adversaries are able to really hook into. Just in the first half of 2021, we saw almost 5.4 million DDoS attacks. And if you go back to last year, we broke a record at 10 million, just over 10 million, and we're well on track to hit 11 million at the end of this year. So you can see how it's impacted. And even as much as some things are starting to tail off or taper off a little bit, as things start to get back to normal, we start to resume travel, we resume going to the office. There's still that tail end, we're still seeing this kind of heightened attack landscape, and there's lots of different phenomenon that's happening as a result, which we'll talk about throughout this interview. >> Yeah, we'll dissect that you said on pace for a record breaking 11 million DDoS attacks it by the end of 2021. One of the things I want to talk about is speed. I noticed in the report that seven attack vectors in seven months, which means that threat actors exploited, or weaponized seven, at least seven of the new DDoS specters in just seven months time. Why is that significant? >> You know, I'll even raise the ante a little bit just after the throw report. There's an eight factor. And so this is the nature that we're in. This is, the, really the age of innovation. And we've been in kind of an innovative space in the crime world for a couple of years now, where we continue to see this domino effect for lack of a better way of describing it, where it's just one after the next step to the next. And then you add in this compounding thing where you have more devices than ever before connected to the internet. And I have all that much more exposure for these things to take advantage of you. And so we see adversaries innovating. And one of the ways in which we see that is, they operate like a business enterprise. They have functional components for different things. And as you kind of fragments that business structure in the crime world, you get specialized areas for certain things. And so you have adversaries that are niche in a certain area, whether it's distribution of malware or it's launching a DDoS attack, or maybe it's just finding a reflectors amplifiers to launch those DDoS attacks, you have all of these kind of niche areas and the more you can consolidate or collapsed those different skillsets into different components, you're going to find it, it iterates a much more rapidly. It's the same thing that happens as entrepreneurs in the business enterprise. Do you outsource what you're not the expert at? And you outsource it to somebody who is an expert and we see the same phenomenon happening in the cyber-crime world. >> So the rate of discovery to weaponization is getting shorter. >> Super fast. And we've seen things weaponized, a short as one to two days from the time of proof of concept comes online to when an adversary adopts this into their tools or their toolkits. And so on most often, the way we see this adopted is maybe a bot picks it up. So you have like your Mariah's, your satory's, your dash, all these different IOT related bots out there that have capabilities, but then you also have these platforms called booter stressors. And adversaries, just continue to add vectors there. There's no reason to remove them because they're still effective. And so we see this continual add of new ways to compromise and new ways to attack somebody that just always goes up into the right. >> Up into the right, in some cases can be good, in this case, it's obviously it's a sign of distress. One of the things the report showed Richard, was the development of adaptive DDoS. Just the name adaptive leads me to think of evasive tactics, you know, that threat actors are employing, talk to us about adaptive DDoS and what the report showed for the first half of 2021. >> Sure. So the biggest thing we saw with adaptive DDoS and I have to preface this by one of the changes that we saw over the first half of 2021. Going into the first half of the year, DNS reflection amplification was kind of the predominant preferred method by adversaries. There's so many DNS servers out there. So it's something they're able to do. Well, we saw a different type of attack called TCP act floods actually surpassed that. And TCP act floods are a little bit different because it uses a different internet protocol. Now what's significant about TCP based connections is it's connection oriented. So requires what we would call a three-way handshake. So there's packets going to the target, they're coming back to the adversary, they're going to the target. And in most cases they're spoofing of IP addresses. So it never really goes to the actual adversary, but somebody else, right? And so it's much more process intensive or network intensive. And so you can basically launch these TCP floods, these scent attacks, these act floods, whatever they might be. And you're creating a bunch of different connections on that targeted entity and you're spoofing the source. So in other words, let's just say, I am victim one and there's an adversary out there that wants to target me. So they're going to actually spoof my IP address and they're going to send a bunch of these syn flood or a sin, you know, acts or TCPI floods or whatever they might be, to all these DNS servers around the world. And so they're all going to reply to their suppose source of those packets, which in fact, a spoofed, right? And so now you're getting all this flood attacks. And so what we're seeing here is a switch. We're moving from kind of the just connection list, the UDP based stuff the DNS reflection amplification to a more niche things such as TCP act floods. And it's the first time we've ever seen TCP act floods take first place. And what's notable about that is that there are certain types of DDoS mitigation that is susceptible to this kind of attack. And so what we see adversaries do is they'll watch that attack and the monitor did the, did my victim go down? If they didn't go down, they'll pivot, they'll try something else. Maybe they'll try typical volumetric attack. If that succeeds what, okay. We took one layer of the defense down. So is there anything else preventing us from taking our target offline? Well, maybe there's a second layer of defense. So now let's try this other thing and see if that works. And so we actually saw this successful against a commercial banks and payment card processors, where they used TCP act floods to bypass one layer. Then they use volumetric bypass the second, and then on a completely different target, we saw it in reverse. And so we see adversaries adapting to how we're putting our security posture is in place. What we're doing to defend our organizations and networks and adversaries are very quickly iterating and pivoting to follow what we're doing and overcome that. >> And when you say quickly, how quickly are we talking? Is this a matter of days? >> Well, in the case of the attacks that we're talking about, we're talking about seconds or minutes because they're actually launching the attack and they're sitting there watching to see if that goes down and if it doesn't go down, they can pivot really, really quickly and launch a secondary attack. And so in these cases it's really, really rapid and really fast. >> Wow. Another thing that I read in the report and that you sort of intimated a minute ago was the amount of collateral damage seems to also be expanding with what you're seeing in the threat landscape. Talk to us about the risks there and the collateral damage and get us some examples of that actually happening. >> So I think that the biggest example of this and this isn't actually DDoS related, but if you look at like the colonial pipeline incident that happened, right? So they didn't actually go after colonial pipeline. They went after a vendor that provides some sort of service to them. And that resulted in Colonial saying, "we got to shut down our pipeline "because now we can't build our customers." So that's like one aspect of collateral damage. Well, let's translate that to the DDoS world. What happens when a DNS server goes offline, that services 1000 different websites. Now you have all of these other websites that can't be accessed. Well, what happens if an adversary goes after a VPN for a prominent enterprise, they successfully take down that VPN concentrator, and now all of their remote workforce can no longer access those sources. In fact, there's something we're calling connectivity supply chain, which is what adversaries are moving to both in the corporate world, as well as commercial. VPNs increasingly used by gamers, for instance, to mask their IPS because DDoS attacks predominantly target gamers, 80, 85% of all attacks are against gamers. And so they're using VPNs to mask their source. Well, an adversary says, well, hey, I can't go after the individual because I don't know their IP, but I know what your VPN are using. So maybe if I target all the VPN nodes that are publicly available for that VPN concentrator or VPN service provider, now I can take them offline. But it as a consequence, you're not just taking off your individual target. You're taking off every single person that's using that VPN. >> Right. >> This is the collateral damage impact we're talking about. It can be very, very far reaching. >> You mentioned the conductivity supply chain. Let's go ahead and dissect that. Cause that was something else that the report showed was that there was vital components of what NetScout calls the conductivity supply chain, which you'll helped define, are under increasing attack, define the connectivity supply chain and tell us what the report is showing. >> So supply chain comes in many forms and fashion. You have your physical supply chain, you have your vendors that provide software. You have actual movers like such as semis and trains, and you have pipelines to get crude oil to places. All of these things are supply chain, but what's the underlying foundation behind these? How do all of these operate? And more and more in today's day and age, you rely on internet connectivity. You rely on that backbone to be able to operate your systems across a remote space, whether that's internationally, or if it's different countries, if it's just different states, you have to have some way of connecting all those things. And we're not often doing things physically in person there, right? We do this by remote access. We do this by having certain websites or controllers. And all of these things rely on a few critical things that if you were to take them offline, it would prevent you from doing this kind of management. So DNS servers, VPNs, I already talked about whether it's commercial or corporate to access your company's assets. And then you have internet exchanges. If any, one of these things went down from a DDoS attack, you're talking about massive collateral damage. And so what we're calling the conductivity supply chain is really just that, what connects all of us together? That's that's the internet and what makes the internet tick? And here at NetScout, we call ourselves guardians of the connected world. And though that might seem a little bit weird to say it that way. It's absolutely true because our primary goal, here at NetScout, is to make sure that organizations maintain that connection that allows them to really just live, breathe, survive, do their business, without that, you can't conduct business. >> Right? And we saw that the rapid pivot last year, and so many businesses and any, every industry had to rapidly pivot and shift to digital, but the risks as the innovation of technology, for use for good, continues do does it's innovation and use for adversarial things. Another thing that report showed, triple extortion. Talk about that. What you saw, what does that mean for businesses? >> So the triple extortion is three pronged attack. And, everybody here is going to know exactly what I'm talking about when I say ransomware, because ransomware is the biggest threat to the cyber world, really not even just the cyber world, just anybody that has a computer or device or anything, right? Whether it's a business, it's a user, it's a school, hospitals. Everybody is at risk for this and adversaries see the success that ransomware is having and more and more operators get involved in this. Well, what we're seeing here is that they are not satisfied with just encrypting your files and getting a one-time payment. No, they've got to take it a step further. And in fact, the double extortion has been ongoing since, as far back as 2013. When a popular, "Gameover Zeus" variant was distributing CryptoLocker ransomware. And so you have like your initial compromise and data theft and wire transfers of bank stuff followed by ransomware. I already stole your money from your bank. And now you're going to pay me a ransomware to decrypt your files. Well, let's move forward to today's day and age. And over the past year, one of the things we've seen is that adversaries are now adding a third tactics to this the DDoS. And so they will encrypt your files. They'll demand. Hey, you're going to pay us this amount of Bitcoin in order to decrypt your files. But you know, we're already in your system. So, you know, let's just steal your data. And then after you pay us for the decryption, we're going to hold your data hostage until you pay us again. Or maybe we're going to use that data as a lever to get you to pay that initial ransomware. Well, that's still not enough because more and more security researchers, like myself say don't pay. And I'm saying that right here, in plain English, do not pay the ransomware because it has detrimental effects. They, you don't even know if they're going to decrypt your files and you don't know if they're going to come back. Maybe you pay them. They never send you a decryption key. You pay them. And lo and behold, they're part of some terrorist organization. So now you're actually complicit in funding these guys, and the more success that these ransom operators have, the more they're going to do it. And so it has a lot of really negative consequences. Well, let's add another lever. Let's add DDoS to this. So it's not enough. We encrypted your files. It's not enough. We stole your data. Let's knock your network offline. So now you have no recourse whatsoever, except to pay us in order to resume services. And we're seeing at least four or five different ransomware groups of gangs actually use this triple extortion to go after their victims. And so it's something that we expect to see down the road and more and more operators continue to kind of adopt this. >> Lisa: Yeah. The report showed that there was a ransomware group that in the first half of 2021 alone, that vetted a hundred million dollars. So ransomware as a service, this is a big business. You say, don't pay, what can organizations do to defend themselves against triple extortion, even single or double? >> Yeah. So I mean, the thing is, preparation is key for a lot of this and not just for the ransomware piece and triple extortion, but DDoS in general preparation goes a long way to mitigating this potential threat. And one of the things we'd like to say here is that 80% of the things you can do to defend against ransomware also works for defending against DDoS. And the key word here is preparation. Making sure that you've done your, initial observations of your network. You understand what is in your network, every device, not just like the core critical systems, because there could be that IOT device sitting there on their fringe somewhere that has, for whatever reason, access to a system that if encrypted would cause detrimental harm to your company. So not only do you want to inventory your system, you also want to figure out, are they pastorally up to date? Do we allow on an authenticated logins? Are there using default usernames and passwords? In fact, the vast majority of ransomware today, the initial infection vector is either going to be some sort of spam messaging or brute forcing RDP, SSH, and Telnet, the tried and true methods that they've been using for five, six, seven years. They are still successful using to get into organizations. And so making sure that you're sufficiently locking those down. Specifically on the ransomware side, if you want to prevent those, not only are you going to do this preparation, but you're going to make sure that you isolate your critical systems. You shouldn't have everything connected to one spot. If somebody compromises one device, they should not be able to encrypt your entire network. They absolutely should never be able to encrypt your backup files and have backup files, right? So there's a lot of different things you can do here. And by practicing a lot of this preparation, this isolation, the segmenting of your networks, you're also helping in the DDoS space because if they go after one network asset, you'll have all this to fall back on. There was one significant difference between ransomware and DDoS. Ransomware, after you've been infected, unless you have backups or you pay the ransomware, your files are pretty much gone. Unless there's some decrypted that can be had, or the government has some sort of campaign that gets you the caption keys and they helped you with the decryption. So in those cases, if you get encrypted, there's often not a whole lot of recourse, unless you have prepared ahead of time. With DDoS, however, the vast majority, 99% of all DDoS attacks can be prevented if you have a mitigation and protection solution in place. And even if you get DDoS, oftentimes they're, short-lived in fact, the vast majority of DDoS attacks last less than 15 minutes. And so it's not like your stuff is going to be encrypted for days on end or weeks on end. You're going to get hits, you might go down for a period of time, but you can recover services. And during that recovery period, you can go and you can seek mitigation protection services. And so there's a big difference between DDoS and ransomware in that regard. >> That's a great way of describing that. And we've talked a lot about ransomware is it's been on the increase the last year and a half. We've talked about how it's not a matter of if we get attacked, it's a matter of when. But your distinction between ransomware and DDoS attacks show that both with preparation and the right tools, are preventable and recoverable provided organizations have put the proper tools and mechanisms in place to do that. And given how quickly we're seeing the adaptation of the threat actors, organizations, if they're not already on that preparation train, need to catch up. >> Absolutely. They need to get busy right away. There's there's really no delay. Like I said, like you said, it's not if, it's when. And so every single person, every organization, I would take a step further, not even organizations, every single individual that has a computer or some sort of internet connection at home needs to realize that they absolutely can be and are the target of these attacks. We've said it now for the past year and a half, that within five minutes of an IOT device going online, you're getting brute force attempts and that's any IOT device. That's something you connect that maybe you never even realize you can log into and change your password. Well, if it's online, then chances are somebody is trying to brute force that to access it and use it in the varies ways. >> And, and as we all sort of anticipate, we're going to be in this hybrid work environment, work from anywhere environment for quite a while longer. One last question want to ask you, when you talk about all the proliferation of IOT devices, and we're still on this work from anywhere situation, botnets? What are some of the things that the report showed and how can organizations protect all in a, you know, growing number of vulnerable IOT devices from botnets? >> So I think the biggest thing to protect against a IOT compromise is just simply patching up that your passwords Mariah has been out there for a long time, 2016. You know, we saw the dine attacks, but it's still using the same usernames and passwords. Sure, they add more to the list, but the predominant ones that are successful in compromised devices have been around for many years, but they're still successful at compromising these IOT devices. In fact, in the report, one of the things we wanted to show is actually, where are these botnets? How are they being used and specifically in a DDoS nature? And so we actually took all of the IP addresses that we're seeing from bots that are either coming back into our honeypot or things that we scan for. You know, and what we've determined. And that is that roughly 200 to 208,000 of the IP addresses. IP addresses that both we collected as well as a new partner of ours called Gray Noise. They've agreed to partner with us on this short report and you'll see that in the, in the report, if you actually read it. We took these lists of nodes and we compare that to what we're seeing in the DDoS attack landscape. And it turns out that approximately 200,000 of these contributed to more than 2.8 million DDoS attacks in the first half of 2021. Now there was 5.4 million tax total. So more than half of those had some form of DDoS botnet IOT representation. And so that should tell you that these botnets are huge and they're everywhere and they're active. And so the report actually walks you through where these are at, where the density zones are in clusters of these botnets, as well as what botnets in those high density zones are using to compromise other IOT devices. And so it's definitely a very informative read. And I think that you'll, you'll figure out that this isn't, something we talk about in the abstract, right? This is a botnet in my backyard, and I should absolutely be concerned of any IOT device in my home. >> Right. And the, the NetScout threat intelligence report, which Richard has just walked us through is not only available online. It's interactive. It's a great report. I've looked at the PDF, but Richard work in folks go to actually interact with the document and actually glean even more information about how they can prepare and defend. >> Yeah. So netscout.com/starreport. And as Lisa said, it is interactive. So you will need to sign up for the site and you can do both. You can either view the interactive webpage, or you can download the PDF, whatever your reading preference is. But I do encourage the interactive portion because for instance, like this botnet density map that I show, or that I that talked about, you can actually page through month over month to see where those density clusters are. And it is very souther animations. There's other maps in there so there's definitely a lot more value to perusing the interactive nature. >> A lot of granularity. Richard, thank you so much for joining me today, talking about what the first half of 2021 showed. And I can't wait to talk to you next year when we're going to be looking at the second half of the year where we are, with respect to that record, breaking 11 million DDoS attacks. Thank you for taking your time to explain the top trends in the report and for showing folks where they can go to interact with it. >> Well, thank you, Lisa. And thank you to theCUBE for hosting the interview. Definitely appreciate it. >> Our pleasure. For Richard Hammel, I am Lisa Martin, you're watching a CUBE conversation. (melodic music)

(upbeat music) (air whooshing) >> Hi everybody. John Walls here continuing our Cube Conversations here focusing on NETSCOUT today and the drawing problem of ransomware. Obviously very much in the news these days for the couple of high profile cases. It is certainly an increasing challenge, but by no means a new phenomenon at all. With us to talk about this is Roland Dobbins who is the principal engineer of NETSCOUT's A-CERT team. And Ronald and good to see you today, sir. Thanks for joining us. >> Good to see you as well. And Richard Hummel who's Threat Intelligence research lead for the A-CERT Team. And Richard, thank you for being with us as well here on the Cube. >> Absolutely John, thanks for having us. >> Yeah, let's just jump right in here. Ransomware, obviously we're all well aware of a couple of high profile cases, as I alluded to. Let's talk about first, the magnitude and scale of the problem, as it currently exists. And Roland, I'm going to let you just set the table for us here. Let's talk about ransomware, where it was maybe four or five years ago, and then the challenge has become today? >> Actually, John, if you don't mind I'd really like to hand that one to my colleague, Richard because >> By all means, so Richard- he's really has an in-depth background there if that's okay. >> Richard, jump in on that. >> Absolutely. Yeah. And so (clears throat) I'll handle all the ransomware stuff, namely because I've been doing this for going on seven years now of looking specifically at ransomware. I started this right around the time I joined Eyesight Partners, you know leading premier provider of threat intelligence who was acquired by FireEye and now Mandiat, and now even a conglomerate that just acquired Mandia. So there's been a series of acquisitions here but the reality is this threat intelligence has been pervasive across all of these. And you can see that over time that value hasn't diminished. And you can see that by all of these acquisitions. that are like that's a really good example to show how valuable this is because everybody wants it. And the reality is back then I started tracking ransomware specifically looking at a lot of the CryptoLocker variance, things like CryptoWall, and TorrentLocker, and TeslaCrypt. And there's any number I could go on and on and on about all these different variations, and how ransomware came to be, and what you know, adversaries were using it for. But the reality is ransomware has been around for a long, long time and probably three or four years ago. There was this lull in time where people are like, hey we've got these initiatives like no ransomware.org. We've got the, you know, local law enforcement backing in a bunch of different countries. There's this big huge international effort to basically get rid of ransomware. And it's going to% be a thing of the past. And we very clearly see that is not the case. And now with ransomware, you have an evolution over time. It used to be you would have different flavors of ransomware where sometimes it would encrypt your files first and then it would reach back to the command control. Sometimes it would reach back first to get keys and then it would encrypt. Sometimes the encryptions were breakable, sometimes the keys were stored locally, but a lot of them more recent variants of ransomware are very well done. They're very sophisticated. They will encrypt your files and the keys themselves are held by the adversary. And so there's no way to just decrypt it. You can't create a decryptor like a lot of these security companies do you would actually have to get that key from the adversary or you would have to restore your systems from a backup. And so the history of ransomware is very long and varied. And you know one of the core topics we want to discuss today is ransomware isn't by itself anymore. It used to be like ransomware was the name that incited fear but these guys have evolved over time. And now ransomware operators are doing kind of this triple extortion. Where they will encrypt your files, they've already gained access to that system. So then they will exfiltrate sensitive data and they will have that as kind of a hostage and say, look you're going to pay us for this ransomware to decrypt your files, to get those back. But I'll guess what? We also have your sensitive data that we're going to post online and sell and on underground forms unless you pay us additional money. But now we even have a third stage here. And this is kind of where Roland's going to come in and talk about this is we have DDoS extortion. That is surging In fact, we did a survey of enterprise internet service providers. And when we asked them what was their biggest concerns in 2020 and going into 2021 about threats, and obviously ransomware was number one but DDoS extortion was number two. And so you have this one, two bang the adversaries are using to be able to extort payment from victims. And this has been going on for a number of years with this kind of double extortion. And now this triple extortion, in fact going all the way back to the CryptoLocker days you would have banking malware, like Gameover Zeus where they would get on your system, they would do wire transfers from your bank accounts. There was steal files. And then as a last hurrah they would deploy ransomware and encrypt all your files. And so not only did they steal all your money from the bank. Now, they're going to say, you got to pay us to actually do decrypt your files. So this idea of kind of a double tap has been going on for a long time. And more recently around September of last year we started to see this DDoS aspect part of these operations. And so, yeah, that's kind of the history of what we're dealing with here. >> And so, and DDoS distributed denial service, Ronald let you pick up the ball at this point then. Now this evolution you will the triple threat, you know first you were talking about in encryption, in public exposure. And now this DDoS stage, this pillar of the malfeasance, if you will what kind of headaches is this causing in terms of from an engineering perspective from your side of the fence when you're looking at what your clients are dealing with when all of a sudden they have this entirely new plethora of challenges that are confronting them. >> Sure. So DDoS goes back a long ways. So it actually goes back to the late 80s and the early ARPANET. And then we started to see non-monetary DDoS extortion in the early 1990s. And we started to see monetary DDoS extortion that kicked off around 1997. So with any, criminals are very, very adaptive. And so when new technologies come online and new ways that they can potentially exploit it for their gain, they will do so in many cases using old modalities just simply transliterated into the new technology space. And that's what we see with (indistinct) extortion. DDOS attacks are attacks against availability. So the idea is to disrupt the access, (indistinct) access to applications, services, servers, data content, infrastructure, those different types of things. And DDoS attacks can be motivated by pretty much any motivation you can think of. But there is a hard core of DDoS extortionists that we've seen over the years. And this Richard indicated what we started to see is a convergence between these sets of criminal specialties. And so a few years ago, we actually were disassembling a piece of ransomware and it turned out that it had some very basic DDoS attack capabilities coded into it. It was obviously a prototype, it hadn't been finished, but this showed that these criminals in the ransomware space were thinking about getting into DDoS. And now they've developed this methodology where like Richard said, they, number one, they encrypt the files. Number two, they'll threaten to leak information. And then they will DDoS the public facing infrastructure of the organizations to try and put additional pressure on them to pay. And especially now during the pandemic with this wholesale shift to remote work. The attackers for the first time have the ability not only to disrupt the online operations which is bad enough, but they can actually interfere with the ordinary work day activities of the first-line workforce of organizations. And so this really makes it even more potent. And the ransomware itself is interesting as well because it uses exploits, social engineering, along with technological exploits to exploit the confidentiality and the integrity of data, and to restrict that stuff which actually turns into an attack against availability. So it's kind of really a different form of DDoS attack and coupled out with a real DDoS attack, and it can be very, very challenging. But one thing John that we've seen is that organizations if they have prepared to deal with a DDoS attack in form an architectural perspective, from an operational perspective. If they have done the things they need to do, to be able to maintain availability, even in the face of attack. There are about 80% of where they need to be to be to able to withstand a ransomware attack. Conversely, if organizations have been doing a good job and ensuring that their systems are secured and if they do get hit somehow with ransomware that they have the ability to maintain operations and communications and recover, they're about 80% of where they need to be to be able to successfully withstand DDoS attacks. And so it turns out that even though these threats are major threats and they are something that organizations need to be aware of, the good news is that a lot of the planning, and resources, and organizational changes that need to be made to face these threats are in fact very similar. >> Yeah, but (indistinct) mean the challenge is, it's hard work, right? It, there's an enormous amount of preparations got to go into this, and pre-planning, pre-thought, and that's what NETSCOUT is all about obviously is trying to get people onto that journey and getting into this examination of their services, and their networks, and... The fact that this can happen on multiple layers, right? It could be application, be protocols, transport, network, whatever, you know just multiple ways that these DDoS attacks can occur. What kind of I'd say well, challenges again does that present in the fact that it is, there are many doors, right? That these attacks can happen from or where these attacks can come from. So how do you then talk to your client base about approaching this kind of examination and these prophylactic measures that you're suggesting that have to be done in order to minimize the damage? >> It's really about business continuity. Now business continuity planning, we used to be called "disaster recovery planning", right? Is something that organizations are very familiar with. It often has executive sponsorship and a lot of planning has gone into it. The thing is DDoS attacks, which were attacks against availability are in fact a manmade disaster, right? And they interrupt the continuity of business. Same thing with the ransomware, and so from an architectural standpoint, from the standpoint of rolling out new products and services, resiliency and to attack, and the ability to maintain availability and continue with operations in the face of attack is really really key for any organization today which has any kind of significant online presence. And that's really just about all of them. And so from a planning standpoint, it's imperative from an architectural standpoint whether we're talking about things like network infrastructure, or DNS, or software applications. It's important from an operational standpoint. So one of the things that we see for example is that many organizations don't really have a good communications plan. They don't have a good internal communications plan nor do they have a good external communications plan for communicating during an event. And they don't even have really a plan for dealing with an event that is disruptive to business continuity and operations. And so that is really key. Technology is important, but the most important aspect of this is the human factor, understanding the business, understanding the types of risks to the business's ability to execute on its mission and then doing the things from a technological perspective, from an operational perspective, and from a communications perspective to maintain operations, and communications throughout an event and to be able to emerge on the other side of that agenda successfully. >> So Richard you're in threat intelligence, right? Risk assessments. And as you said, you've been around this block for quite some time now. In terms of, I guess getting people's attention that has been accomplished now with obviously some, with some of these high profile cases. But what about that kind of work that you're doing in terms of trying to communicate these very threats to your client base or to prospective clients in terms of identifying their real vulnerabilities within their networks and then having them seriously address these. I mean, what's the difference maybe in the mindset now, as opposed to where maybe that conversation was being had a few years ago? >> I think the biggest difference here is a matter of when and not if. It used to be, you could say, "Oh I'm never going to get hit by ransomware or I'm never going to get DDoS attacked." But that is no longer the case. Roland made a really good point that just about every single business in the world now relies on internet connectivity in order to operate their business. If they don't have that then they're not going to be able to connect with their consumers, their shoppers, if they're a retail, right? If you're a bank, then you have to communicate with your individuals having accounts. And I mean, I have not gone to a physical bank in probably six years. And so that just underscores how important it is to have this internet connectivity. Now, with that comes risk. Not only do you risk the DDoS attacks because you're publicly exposed in an adversary where you can actually find your internet space by doing some forensics, such as network scanning, being able to walk that back like a passive DNS but their historical records use things like showdown to figure out what kind of devices you're running. So there's any number of ways that you can do that. But at the same time you're also exposing yourself to these ransomware operators and really any kind of crime ware operator out there, because they're going to exploit you over the internet. We actually did a case study probably two years ago. Looking at brute forcing on networks and looking at exploitation attempts to figure out like what is the Delta? If you have an online internet presence are you going to get attacked? And the answer was very shocking to us. Yes, you're going to get attacked. And also it's going to be in less than five minutes, from the time a brand new IOT device goes online to the time it starts getting brute force attacked. And within 24 hours you're going to get exploitation attempts from known vulnerabilities or devices that haven't been patched and things like that. And so the reality is not if you're going to get attacked, it's when? And so understanding that is the nature of the threat landscape right now and having this kind of security awareness. Actually another good point that Roland just brought up was that human element. The human element is kind of the linchpin for any security organization. And as part of my master's I had wrote a dissertation about, and I named it as such my professor didn't really care for this, but I said, "The humans are the weakest link." Because in the security posture, that is essentially true. If you don't have the expertise on a team you're not going to be able to get things configured properly. If you don't have the expertise you're not going to be able to respond properly. If you have individuals that aren't concerned about security, now you're going to have a bunch of gaps. Not only that, social engineering is still the number one method that adversaries use to get into organizations and that manipulates the human element. And so having the security awareness in what we do here, on this cube interview, the threat reports, we publish, the blogs that we do, all the threads summaries, all of that goes hand-in-hand with educating the general public and having security awareness pushed out as much as possible to every single person we can. And that's really the key, this preparation, this awareness of what adversaries are doing in order to defend against them. >> So Roland in your mind and you've already walked us through a little bit of this about certain steps and measures. Do you think that could be taken safeguards basically, that everybody should have in the place? What is the optimal scenario from an engineering perspective in terms of trying to prevent these kinds of intrusions, these kinds of attacks in terms of what are those basic pieces, these fundamental pieces as you see it now, understanding as Richard just told us that it's matter of not if, but when? >> Right. So availability, redundancy these have to be core architectural principles whether we're talking about network infrastructure, whether we're talking about important ancillary supporting services like DNS in terms of personnel, in terms of remote access. All of these different elements and many many more have to be designed from the out. All the services in the applications whether they're used internally, whether they are part of service delivery that an organization is doing across the internet, publicly there has to be redundancy and resiliency. There has to be a defense plan in order to defend these assets in these organizations against attack. Whether it's DDoS attack or whether it's a containment plan to deal with a ransomware that potentially gets let loose inside the enterprise network, there has to be a plan to contain it, and deal with it, and restore from backup. These plans have to be continuously updated because IT is not static. There are always noose and nance and changes this organizations provision new services offer new products, move into new markets and new new sub-specializations. And so the plans have to be consistently updated and they have to be rehearsed. You can't have a plan that just exists as pixels on a phosphorous somewhere. The plan has to be executed because you're going to find that there's some scenario, some service, or application, or operational process that needs to be updated or that needs to be included in the plan. And this has to be done regularly. Another key point is that you have to have people who are very skilled and who have both depth and breadth of understanding. And either you bring those people into your organization or you reach out and get that expertise from organizations who do in fact have that kind of expertise on tap and available. >> Well, is, you both certainly exhibit the depth and the breadth to fight this issue(chuckles) I certainly appreciate the time, the insights, and the warning is quite clear. Be prepared, do the hard work upfront. It could save you a lot of headache on the backside. And it is a matter of when and not if, these days. Richard Roland, thanks for being with us here on the Cube >> Thank you so much. >> Thank you so much. It's a pleasure. >> All right, talking about the triple threat of extortion, cyber extortion these days, and DDoS, the distributed denial of service in the growing problem. It is, but there is a way that you can combat it. And you just learned about that (indistinct) NETSCOUT here on the Cube. (upbeat music)

(upbeat music) >> Hey, welcome to this Cube conversation with NetScout. I'm Lisa Martin. Excited to talk to you. Richard Hummel, the manager of threat research for Arbor Networks, the security division of NetScout. Richard, welcome to theCube. >> Thanks for having me, Lisa, it's a pleasure to be here. >> We're going to unpack the sixth NetScout Threat Intelligence Report, which is going to be very interesting. But something I wanted to start with is we know that and yes, you're going to tell us, COVID and the pandemic has had a massive impact on DDoS attacks, ransomware. But before we dig into the report, I'd like to just kind of get some stories from you as we saw last year about this time rapid pivot to work from home, rapid pivot to distance learning. Talk to us about some of the attacks that you saw in particular that literally hit close to home. >> Sure and there's one really good prime example that comes to mind because it impacted a lot of people. There was a lot of media sensation around this but if you go and look, just Google it, Miami Dade County and DDoS, you'll see the first articles that pop up is the entire district school network going down because the students did not want to go to school and launched a DDoS attack. There was something upwards of 190,000 individuals that could no longer connect to the school's platform, whether that's a teacher, a student or parents. And so it had a very significant impact. And when you think about this in terms of the digital world, that impacted very severely, a large number of people and you can't really translate that to what would happen in a physical environment because it just doesn't compute. There's two totally different scenarios to talk about here. >> Amazing that a child can decide, "I don't want to go to school today." And as a result of a pandemic take that out for nearly 200,000 folks. So let's dig into, I said this is the sixth NetScout Threat Intelligence Report. One of the global trends and themes that is seen as evidence in what happened last year is up and to the right. Oftentimes when we're talking about technology, you know, with analyst reports up and to the right is a good thing. Not so in this case. We saw huge increases in threat vectors, more vectors weaponized per attack sophistication, expansion of threats and IOT devices. Walk us through the overall key findings from 2020 that this report discovered. >> Absolutely. And if yo glance at your screen there you'll see the key findings here where we talk about record breaking numbers. And just in 2020, we saw over 10 million attacks, which, I mean, this is a 20% increase over 2019. And what's significant about that number is COVID had a huge impact. In fact, if we go all the way back to the beginning, right around mid March, that's when the pandemic was announced, attacks skyrocketed and they didn't stop. They just kept going up and to the right. And that is true through 2021. So far in the first quarter, typically January, February is the down month that we observe in DDoS attacks. Whether this is, you know, kids going back to school from Christmas break, you have their Christmas routines and e-commerce is slowing down. January, February is typically a slow month. That was not true in 2021. In fact, we hit record numbers on a month by month in both January and February. And so not only do we see 2.9 million attacks in the first quarter of 2021, which, I mean, let's do the math here, right? We've got four quarters, you know, we're on track to hit 12 million attacks potentially, if not more. And then you have this normal where we said 800,000 approximately month over month since the pandemic started, we started 2021 at 950,000 plus. That's up and to the right and it's not slowing down. >> It's not slowing down. It's a trend that it shows, you know, significant impact across every industry. And we're going to talk about that but what are some of the new threat vectors that you saw weaponized in the last year? I mean, you talked about the example of the Miami-Dade school district but what were some of those new vectors that were really weaponized and used to help this up and to the right trend? >> So there's four in particular that we were tracking in 2020 and these nets aren't necessarily new vectors. Typically what happens when an adversary starts using this is there's a proof of concept code out there. In fact, a good example of this would be the RDP over UDP. So, I mean, we're all remotely connected, right? We're doing this over a Zoom call. If I want to connect to my organization I'm going to use some sort of remote capability whether that's a VPN or tunneling in, whatever it might be, right? And so remote desktop is something that everybody's using. And we saw actors start to kind of play around with this in mid 2020. And in right around September, November timeframe we saw a sudden spike. And typically when we see spikes in this kind of activity it's because adversaries are taking proof of concept code, that maybe has been around for a period of time, and they're incorporating those into DDoS for hire services. And so any person that wants to launch a DDoS attack can go into underground forums in marketplaces and they can purchase, maybe it's $10 in Bitcoin, and they can purchase an attack. That leverage is a bunch of different DDoS vectors. And so adversaries have no reason to remove a vector as new ones get discovered. They only have the motivation to add more, right? Because somebody comes into their platform and says, "I want to launch an attack that's going to take out my opponent." It's probably going to look a lot better if there's a lot of attack options in there where I can just go through and start clicking buttons left and right. And so all of a sudden now I've got this complex multi-vector attack that I don't have to pay anything extra for. Adversary already did all the work for me and now I can launch an attack. And so we saw four different vectors that were weaponized in 2020. One of those are notably the Jenkins that you see listed on the screen in the key findings. That one isn't necessarily a DDoS vector. It started out as one, it does amplify, but what happens is Jenkins servers are very vulnerable and when you actually initiate this attack, it tips over the Jenkins server. So it kind of operates as like a DoS event versus DDoS but it still has the same effect of availability, it takes a server offline. And then now just in the first part of 2021 we're tracking multiple other vectors that are starting to be weaponized. And when we see this, we go from a few, you know, incidents or alerts to thousands month over month. And so we're seeing even more vectors added and that's only going to continue to go up into the right. You know that theme that we talked about at the beginning here. >> As more vectors get added, and what did you see last year in terms of industries that may have been more vulnerable? As we talked about the work from home, everyone was dependent, really here we are on Zoom, dependent on Zoom, dependent on Netflix. Streaming media was kind of a lifeline for a lot of us but it also was healthcare and education. Did you see any verticals in particular that really started to see an increase in the exploitation and in the risk? >> Yeah, so let's start, let's separate this into two parts. The last part of the key findings that we had was talking about a group we, or a campaign we call Lazarus Borough Model. So this is a global DDoS extortion campaign. We're going to cover that a little bit more when we talk about kind of extorted events and how that operates but these guys, they started where the money is. And so when they first started targeting industries and this kind of coincides with COVID, so it started several months after the pandemic was announced, they started targeting a financial organizations, commercial banking. They went after stock exchange. Many of you would hear about the New Zealand Stock Exchange that went offline. That's this LBA campaign and these guys taking it off. So they started where the money is. They moved to a financial agation targeting insurance companies. They targeted currency exchange places. And then slowly from there, they started to expand. And in so much as our Arbor Cloud folks actually saw them targeting organizations that are part of vaccine development. And so these guys, they don't care who they hurt. They don't care who they're going after. They're going out there for a payday. And so that's one aspect of the industry targeting that we've seen. The other aspect is you'll see, on the next slide here, we actually saw a bunch of different verticals that we really haven't seen in the top 10 before. In fact, if you actually look at this you'll see the number one, two and three are pretty common for us. We almost always are going to see these kinds of telecommunications, wireless, satellite, broadband, these are always going to be in the top. And the reason for that is because gamers and DDoS attacks associated with gaming is kind of the predominant thing that we see in this landscape. And let's face it, gamers are on broadband operating systems. If you're in Asian communities, often they'll use mobile hotspots. So now you start to have wireless come in there. And so that makes sense seeing them. But what doesn't make sense is this internet publishing and broadcasting and you might say, "Well, what is that?" Well, that's things like Zoom and WebEx and Netflix and these other streaming services. And so we're seeing adversaries going after that because those have become critical to people's way of life. Their entertainment, what they're using to communicate for work and school. So they realized if we can go after this it's going to disrupt something and hopefully we can get some recognition. Maybe we can show this as a demonstration to get more customers on our platform or maybe we can get a payday. In a lot of the DDoS attacks that we see, in fact most of them, are all monetary focused. And so they're looking for a payday. They're going to go after something that's going to likely, you know, send out that payment. And then just walk down the line. You can see COVID through this whole thing. Electronic shopping is number five, right? Everybody turned to e-commerce because we're not going to in-person stores anymore. Electronic computer manufacturing, how many more people have to get computers at home now because they're no longer in a corporate environment? And so you can see how the pandemic has really influenced this industry target. >> Significant influencer and I also wonder too, you know, Zoom became a household name for every generation. You know, we're talking to five generations and maybe the generations that aren't as familiar with computer technology might be even more exploitable because it's easy to click on a phishing email when they don't understand how to look for the link. Let's now unpack the different types of DDoS attacks and what is on the rise. You talked about in the report the triple threat and we often think of that in entertainment. That's a good thing, but again, not here. Explain that triple threat. >> Yeah, so what we're seeing here is we have adversaries out there that are looking to take advantage of every possible angle to be able to get that payment. And everybody knows ransomware is a household name at this point, right? And so ransomware and DDoS have a lot in common because they both attack the availability of network resources, where computers or devices or whatever they might be. And so there's a lot of parallels to draw between the two of these. Now ransomware is a denial of service event, right? You're not going to have tens of thousands of computers hitting a single computer to take it down. You're going to have one exploitation of events. Somebody clicked on a link, there was a brute force attempt that managed to compromise a little boxes, credentials, whatever it might be, ransomware gets put on a system, it encrypts all your files. Well, all of a sudden, you've got this ransom note that says "If you want your files decrypted you're going to send us this amount of human Bitcoin." Well, what adversaries are doing now is they're capitalizing on the access that they already gained. So they already have access to the computer. Well, why not steal all the data first then let's encrypt whatever's there. And so now I can ask for a ransom payment to decrypt the files and I can ask for an extortion to prevent me from posting your data publicly. Maybe there's sensitive corporate information there. Maybe you're a local school system and you have all of your students' data on there. You're a hospital that has sensitive PI on it, whatever it might be, right? So now they're going to extort you to prevent them from posting that publicly. Well, why not add DDoS to this entire picture? Now you're already encrypted, we've already got your files, and I'm going to DDoS your system so you can't even access them if you wanted to. And I'm going to tell you, you have to pay me in order to stop this DDoS attack. And so this is that triple threat and we're seeing multiple different ransomware families. In fact, if you look at one of the slides here, you'll see that there's SunCrypt, there's Ragnar Cryptor, and then Maze did this initially back in September and then more recently, even the DarkSide stuff. I mean, who hasn't heard about DarkSide now with the Colonial Pipeline event, right? So they came out and said, "Hey we didn't intend for this collateral damage but it happened." Well, April 24th, they actually started offering DDoS as part of their tool kits. And so you can see how this has evolved over time. And adversaries are learning from each other and are incorporating this kind of methodology. And here we have triple extortion event. >> It almost seems like triple extortion event as a service with the opportunities, the number of vectors there. And you're right, everyone has heard of the Colonial Pipeline and that's where things like ransomware become a household term, just as much as Zoom and video conferencing and streaming media. Let's talk now about the effects that the threat report saw and uncovered region by region. Were there any regions in particular that were, that really stood out as most impacted? >> So not particularly. So one of the phenomena that we actually saw in the threat report, which, you know, we probably could have talked about it before now but it makes sense to talk about it regionally because we didn't see any one particular region, one particular vertical, a specific organization, specific country, none was more heavily targeted than another. In fact what we saw is organizations that we've never seen targeted before. We've seen industries that have never been targeted before all of a sudden are now getting DDoS attacks because we went from a local on-prem, I don't need to be connected to the internet, I don't need to have my employees remote access. And now all of a sudden you're dependent on the internet which is really, let's face it, that's critical infrastructure these days. And so now you have all of these additional people with a footprint connected to the internet then adversary can figure out and they can poke at it. And so what we saw here is just overall, all industries, all regions saw these upticks. The exception would be in China. We actually, in the Asia Pacific region specifically, but predominantly in China. But that often has to do with visibility rather than a decrease in attacks because they have their own kind of infrastructure in China. Brazil's the same way. They have their own kind of ecosystems. And so often you don't see what happens a lot outside the borders. And so from our perspective, we might see a decrease in attacks but, for all we know, they actually saw an increase in the attacks that is internal to their country against their country. And so across the board, just increases everywhere you look. >> Wow. So let's talk about what organizations can do in light of this. As we are here, we are still doing this program by video conferencing and things are opening up a little bit more, at least in the states anyway, and we're talking about more businesses going back to some degree but there's going to still be some mix, some hybrid of working from home and maybe even distance learning. So what can enterprises do to prepare for this when it happens? Because it sounds to me like with the sophistication, the up and to the right, it's not, if we get attacked, it's when. >> It's when, exactly. And that's just it. I mean, it's no longer something that you can put off. You can't just assume that I've never been DDoS attacked, I'm never going to be DDoS attacked anymore. You really need to consider this as part of your core security platform. I like to talk about defense in depth or a layer defense approach where you want to have a layered approach. So, you know, maybe they target your first layer and they don't get through. Or they do get through and now your second layer has to stop it. Well, if you have no layers or if you have one layer, it's not that hard for an adversary to figure out a way around that. And so preparation is key. Making sure that you have something in place and I'm going to give you an operational example here. One of the things we saw with the LBA campaigns is they actually started doing network of conasense for their targets. And what they would do is they would take the IP addresses belonging to your organization. They would look up the domains associated with that and they would figure out like, "Hey, this is bpn.organization.com or VPN two." And all of a sudden they've found your VPN concentrator and so that's where they're going to focus their attack. So something as simple as changing the way that you name your VPN concentrators might be sufficient to prevent them from hitting that weak link or right sizing the DDoS protection services for your company. Did you need something as big as like OnPrem Solutions? We need hardware. Do you instead want to do a managed service? Or do you want to go and talk to a cloud provider because there's right solutions and right sizes for all types of organizations. And the key here is preparation. In fact, all of the customers that we've worked with for the LBA extortion campaigns, if they were properly prepared they experienced almost no downtime or impact to their business. It's the people like the New Zealand Stock Exchange or their service provider that wasn't prepared to handle the attacks that were sent out them that were crippled. And so preparation is key. The other part is awareness. And that's part of what we do with this threat report because we want to make sure you're aware what adversaries are doing, when new attack vectors are coming out, how they're leveraging these, what industries they're targeting because that's really going to help you to figure out what your posture is, what your risk acceptance is for your organization. And in fact, there's a couple of resources that that we have here on the next slide. And you can go to both both of these. One of them is the threat report. You can view all of the details. And we only scratched the surface here in this Cube interview. So definitely recommend going there but the other one is called Horizon And netscout.com/horizon is a free resource you can register but you can actually see near real-time attacks based on industry and based on region. So if your organization out there and you're figuring, "Well I'm never attacked." Well go look up your industry. Go look up the country where you belong and see is there actually attacks against us? And I think you'll be quite surprised that there's quite a few attacks against you. And so definitely recommend checking these out >> Great resources netscout.com/horizon, netscout.com/threatreport. I do want to ask you one final question. That's in terms of timing. We saw the massive acceleration in digital transformation last year. We've already talked about this a number of times on this program. The dependence that businesses and consumers, like globally in every industry, in every country, have on streaming on communications right now. In terms of timing, though, for an organization to go from being aware to understanding what adversaries are doing, to being prepared, how quickly can an organization get up to speed and help themselves start reducing their risks? >> So I think that with DDoS, as opposed to things like ransomware, the ramp up time for that is much, much faster. There is a finite period of time with DDoS attacks that is actually going to impact you. And so maybe you're a smaller organization and you get DDoS attacked. There's a, probably a pretty high chance that that DDoS attack isn't going to last for multiple days. So maybe it's like an hour, maybe it's two hours, and then you recover. Your network resources are available again. That's not the same for something like ransomware. You get hit with ransomware, unless you pay or you have backups, you have to do the rigorous process of getting all your stuff back online. DDoS is more about as soon as the attack stops, the saturation goes away and you can start to get back online again. So it might not be as like immediate critical that you have to have something but there's also solutions, like a cloud solution, where it's as simple as signing up for the service and having your traffic redirected to their scrubbing center, their detection center. And then you may not have to do anything on-prem yourself, right? It's a matter of going out to an organization, finding a good contract, and then signing up, signing on the dotted line. And so I think that the ramp up time for mitigation services and DDoS protection can be a lot faster than many other security platforms and solutions. >> That's good to know cause with the up and to the right trend that you already said, the first quarter is usually slow. It's obviously not that way as what you've seen in 2021. And we can only expect what way, when we talk to you next year, that the up and to the right trend may continue. So hopefully organizations take advantage of these resources, Richard, that you talked about to be prepared to mediate and protect their you know, their customers, their employees, et cetera. Richard, we thank you for stopping by theCube. Talking to us about the sixth NetScout Threat Intelligence Report. Really interesting information. >> Absolutely; definitely a pleasure to have me here. Lisa, anytime you guys want to do it again, you know where I live? >> Yes. It's one of my favorite topics that you got and I got to point out the last thing, your Guardians of the Galaxy background, one of my favorite movies and it should be noted that on the NetScout website they are considered the Guardians of the Connected World. I just thought that connection was, as Richard told me before we went live, not planned, but I thought that was a great coincidence. Again, Richard, it's been a pleasure talking to you. Thank you for your time. >> Thank you so much. >> Richard Hummel, I'm Lisa Martin. You're watching this Cube conversation. (relaxing music)

(upbeat music) (air whooshing) >> Hi everybody. John Walls here continuing our Cube Conversations here focusing on NETSCOUT today and the drawing problem of ransomware. Obviously very much in the news these days for the couple of high profile cases. It is certainly an increasing challenge, but by no means a new phenomenon at all. With us to talk about this is Roland Dobbins who is the principal engineer of NETSCOUT's A-CERT team. And Ronald and good to see you today, sir. Thanks for joining us. >> Good to see you as well. And Richard Hummel who's Threat Intelligence research lead for the A-CERT Team. And Richard, thank you for being with us as well here on the Cube. >> Absolutely John, thanks for having us. >> Yeah, let's just jump right in here. Ransomware, obviously we're all well aware of a couple of high profile cases, as I alluded to. Let's talk about first, the magnitude and scale of the problem, as it currently exists. And Roland, I'm going to let you just set the table for us here. Let's talk about ransomware, where it was maybe four or five years ago, and then the challenge has become today? >> Actually, John, if you don't mind I'd really like to hand that one to my colleague, Richard because >> By all means, so Richard- he's really has an in-depth background there if that's okay. >> Richard, jump in on that. >> Absolutely. Yeah. And so (clears throat) I'll handle all the ransomware stuff, namely because I've been doing this for going on seven years now of looking specifically at ransomware. I started this right around the time I joined Eyesight Partners, you know leading premier provider of threat intelligence who was acquired by FireEye and now Mandiat, and now even a conglomerate that just acquired Mandia. So there's been a series of acquisitions here but the reality is this threat intelligence has been pervasive across all of these. And you can see that over time that value hasn't diminished. And you can see that by all of these acquisitions. that are like that's a really good example to show how valuable this is because everybody wants it. And the reality is back then I started tracking ransomware specifically looking at a lot of the CryptoLocker variance, things like CryptoWall, and TorrentLocker, and TeslaCrypt. And there's any number I could go on and on and on about all these different variations, and how ransomware came to be, and what you know, adversaries were using it for. But the reality is ransomware has been around for a long, long time and probably three or four years ago. There was this lull in time where people are like, hey we've got these initiatives like no ransomware.org. We've got the, you know, local law enforcement backing in a bunch of different countries. There's this big huge international effort to basically get rid of ransomware. And it's going to% be a thing of the past. And we very clearly see that is not the case. And now with ransomware, you have an evolution over time. It used to be you would have different flavors of ransomware where sometimes it would encrypt your files first and then it would reach back to the command control. Sometimes it would reach back first to get keys and then it would encrypt. Sometimes the encryptions were breakable, sometimes the keys were stored locally, but a lot of them more recent variants of ransomware are very well done. They're very sophisticated. They will encrypt your files and the keys themselves are held by the adversary. And so there's no way to just decrypt it. You can't create a decryptor like a lot of these security companies do you would actually have to get that key from the adversary or you would have to restore your systems from a backup. And so the history of ransomware is very long and varied. And you know one of the core topics we want to discuss today is ransomware isn't by itself anymore. It used to be like ransomware was the name that incited fear but these guys have evolved over time. And now ransomware operators are doing kind of this triple extortion. Where they will encrypt your files, they've already gained access to that system. So then they will exfiltrate sensitive data and they will have that as kind of a hostage and say, look you're going to pay us for this ransomware to decrypt your files, to get those back. But I'll guess what? We also have your sensitive data that we're going to post online and sell and on underground forms unless you pay us additional money. But now we even have a third stage here. And this is kind of where Roland's going to come in and talk about this is we have DDoS extortion. That is surging In fact, we did a survey of enterprise internet service providers. And when we asked them what was their biggest concerns in 2020 and going into 2021 about threats, and obviously ransomware was number one but DDoS extortion was number two. And so you have this one, two bang the adversaries are using to be able to extort payment from victims. And this has been going on for a number of years with this kind of double extortion. And now this triple extortion, in fact going all the way back to the CryptoLocker days you would have banking malware, like Gameover Zeus where they would get on your system, they would do wire transfers from your bank accounts. There was steal files. And then as a last hurrah they would deploy ransomware and encrypt all your files. And so not only did they steal all your money from the bank. Now, they're going to say, you got to pay us to actually do decrypt your files. So this idea of kind of a double tap has been going on for a long time. And more recently around September of last year we started to see this DDoS aspect part of these operations. And so, yeah, that's kind of the history of what we're dealing with here. >> And so, and DDoS distributed denial service, Ronald let you pick up the ball at this point then. Now this evolution you will the triple threat, you know first you were talking about in encryption, in public exposure. And now this DDoS stage, this pillar of the malfeasance, if you will what kind of headaches is this causing in terms of from an engineering perspective from your side of the fence when you're looking at what your clients are dealing with when all of a sudden they have this entirely new plethora of challenges that are confronting them. >> Sure. So DDoS goes back a long ways. So it actually goes back to the late 80s and the early ARPANET. And then we started to see non-monetary DDoS extortion in the early 1990s. And we started to see monetary DDoS extortion that kicked off around 1997. So with any, criminals are very, very adaptive. And so when new technologies come online and new ways that they can potentially exploit it for their gain, they will do so in many cases using old modalities just simply transliterated into the new technology space. And that's what we see with (indistinct) extortion. DDOS attacks are attacks against availability. So the idea is to disrupt the access, (indistinct) access to applications, services, servers, data content, infrastructure, those different types of things. And DDoS attacks can be motivated by pretty much any motivation you can think of. But there is a hard core of DDoS extortionists that we've seen over the years. And this Richard indicated what we started to see is a convergence between these sets of criminal specialties. And so a few years ago, we actually were disassembling a piece of ransomware and it turned out that it had some very basic DDoS attack capabilities coded into it. It was obviously a prototype, it hadn't been finished, but this showed that these criminals in the ransomware space were thinking about getting into DDoS. And now they've developed this methodology where like Richard said, they, number one, they encrypt the files. Number two, they'll threatened to leak information. And then they will DDoS the public facing infrastructure of the organizations to try and put additional pressure on them to pay. And especially now during the pandemic with this wholesale shift to remote work. The attackers for the first time have the ability not only to disrupt the online operations which is bad enough, but they can actually interfere with the ordinary work day activities of the first-line workforce of organizations. And so this really makes it even more potent. And the ransomware itself is interesting as well because it uses exploits (indistinct), social engineering, along with technological exploits to exploit the confidentiality and the integrity of data, and to restrict that stuff which actually turns into an attack against availability. So it's kind of really a different form of DDoS attack and coupled out with a real DDoS attack, and it can be very, very challenging. But one thing John that we've seen is that organizations if they have prepared to deal with a DDoS attack in form an architectural perspective, from an operational perspective. If they have done the things they need to do, to be able to maintain availability, even in the face of attack. There are about 80% of where they need to be to be to able to withstand a ransomware attack. Conversely, if organizations have been doing a good job and ensuring that their systems are secured and if they do get hit somehow with ransomware that they have the ability to maintain operations and communications and recover, they're about 80% of where they need to be to be able to successfully withstand DDoS attacks. And so it turns out that even though these threats are major threats and they are something that organizations need to be aware of, the good news is that a lot of the planning, and resources, and organizational changes that need to be made to face these threats are in fact very similar. >> Yeah, but (indistinct) mean the challenge is, it's hard work, right? It, there's an enormous amount of preparations got to go into this, and pre-planning, pre-thought, and that's what NETSCOUT is all about obviously is trying to get people onto that journey and getting into this examination of their services, and their networks, and... The fact that this can happen on multiple layers, right? It could be application, be protocols, transport, network, whatever, you know just multiple ways that these DDoS attacks can occur. What kind of I'd say well, challenges again does that present in the fact that it is, there are many doors, right? That these attacks can happen from or where these attacks can come from. So how do you then talk to your client base about approaching this kind of examination and these prophylactic measures that you're suggesting that have to be done in order to minimize the damage? >> It's really about business continuity. Now business continuity planning, we used to be called "disaster recovery planning", right? Is something that organizations are very familiar with. It often has executive sponsorship and a lot of planning has gone into it. The thing is DDoS attacks, which were attacks against availability are in fact a manmade disaster, right? And they interrupt the continuity of business. Same thing with the ransomware, and so from an architectural standpoint, from the standpoint of rolling out new products and services, resiliency and to attack, and the ability to maintain availability and continue with operations in the face of attack is really really key for any organization today which has any kind of significant online presence. And that's really just about all of them. And so from a planning standpoint, it's imperative from an architectural standpoint whether we're talking about things like network infrastructure, or DNS, or software applications. It's important from an operational standpoint. So one of the things that we see for example is that many organizations don't really have a good communications plan. They don't have a good internal communications plan nor do they have a good external communications plan for communicating during an event. And they don't even have really a plan for dealing with an event that is disruptive to business continuity and operations. And so that is really key. Technology is important, but the most important aspect of this is the human factor, understanding the business, understanding the types of risks to the business's ability to execute on its mission and then doing the things from a technological perspective, from an operational perspective, and from a communications perspective to maintain operations, and communications throughout an event and to be able to emerge on the other side of that agenda successfully. >> So Richard you're in threat intelligence, right? Risk assessments. And as you said, you've been around this block for quite some time now. In terms of, I guess getting people's attention that has been accomplished now with obviously some, with some of these high profile cases. But what about that kind of work that you're doing in terms of trying to communicate these very threats to your client base or to prospective clients in terms of identifying their real vulnerabilities within their networks and then having them seriously address these. I mean, what's the difference maybe in the mindset now, as opposed to where maybe that conversation was being had a few years ago? >> I think the biggest difference here is a matter of when and not if. It used to be, you could say, "Oh I'm never going to get hit by ransomware or I'm never going to get DDoS attacked." But that is no longer the case. Roland made a really good point that just about every single business in the world now relies on internet connectivity in order to operate their business. If they don't have that then they're not going to be able to connect with their consumers, their shoppers, if they're a retail, right? If you're a bank, then you have to communicate with your individuals having accounts. And I mean, I have not gone to a physical bank in probably six years. And so that just underscores how important it is to have this internet connectivity. Now, with that comes risk. Not only do you risk the DDoS attacks because you're publicly exposed in an adversary where you can actually find your internet space by doing some forensics, such as network scanning, being able to walk that back like a passive DNS but their historical records use things like showdown to figure out what kind of devices you're running. So there's any number of ways that you can do that. But at the same time you're also exposing yourself to these ransomware operators and really any kind of crime ware operator out there, because they're going to exploit you over the internet. We actually did a case study probably two years ago. Looking at brute forcing on networks and looking at exploitation attempts to figure out like what is the Delta? If you have an online internet presence are you going to get attacked? And the answer was very shocking to us. Yes, you're going to get attacked. And also it's going to be in less than five minutes, from the time a brand new IOT device goes online to the time it starts getting brute force attacked. And within 24 hours you're going to get exploitation attempts from known vulnerabilities or devices that haven't been patched and things like that. And so the reality is not if you're going to get attacked, it's when? And so understanding that is the nature of the threat landscape right now and having this kind of security awareness. Actually another good point that Roland just brought up was that human element. The human element is kind of the linchpin for any security organization. And as part of my master's I had wrote a dissertation about, and I named it as such my professor didn't really care for this, but I said, "The humans are the weakest link." Because in the security posture, that is essentially true. If you don't have the expertise on a team you're not going to be able to get things configured properly. If you don't have the expertise you're not going to be able to respond properly. If you have individuals that aren't concerned about security, now you're going to have a bunch of gaps. Not only that, social engineering is still the number one method that adversaries use to get into organizations and that manipulates the human element. And so having the security awareness in what we do here, on this cube interview, the threat reports, we publish, the blogs that we do, all the threads summaries, all of that goes hand-in-hand with educating the general public and having security awareness pushed out as much as possible to every single person we can. And that's really the key, this preparation, this awareness of what adversaries are doing in order to defend against them. >> So Roland in your mind and you've already walked us through a little bit of this about certain steps and measures. Do you think that could be taken safeguards basically, that everybody should have in the place? What is the optimal scenario from an engineering perspective in terms of trying to prevent these kinds of intrusions, these kinds of attacks in terms of what are those basic pieces, these fundamental pieces as you see it now, understanding as Richard just told us that it's matter of not if, but when? >> Right. So availability, redundancy these have to be core architectural principles whether we're talking about network infrastructure, whether we're talking about important ancillary supporting services like DNS in terms of personnel, in terms of remote access. All of these different elements and many many more have to be designed from the out. All the services in the applications whether they're used internally, whether they are part of service delivery that an organization is doing across the internet, publicly there has to be redundancy and resiliency. There has to be a defense plan in order to defend these assets in these organizations against attack. Whether it's DDoS attack or whether it's a containment plan to deal with a ransomware that potentially gets let loose inside the enterprise network, there has to be a plan to contain it, and deal with it, and restore from backup. These plans have to be continuously updated because IT is not static. There are always noose and nance and changes this organizations provision new services offer new products, move into new markets and new new sub-specializations. And so the plans have to be consistently updated and they have to be rehearsed. You can't have a plan that just exists as pixels on a phosphorous somewhere. The plan has to be executed because you're going to find that there's some scenario, some service, or application, or operational process that needs to be updated or that needs to be included in the plan. And this has to be done regularly. Another key point is that you have to have people who are very skilled and who have both depth and breadth of understanding. And either you bring those people into your organization or you reach out and get that expertise from organizations who do in fact have that kind of expertise on tap and available. >> Well, is, you both certainly exhibit the depth and the breadth to fight this issue(chuckles) I certainly appreciate the time, the insights, and the warning is quite clear. Be prepared, do the hard work upfront. It could save you a lot of headache on the backside. And it is a matter of when and not if, these days. Richard Roland, thanks for being with us here on the Cube >> Thank you so much. >> Thank you so much. It's a pleasure. >> All right, talking about the triple threat of extortion, cyber extortion these days, and DDoS, the distributed denial of service in the growing problem. It is, but there is a way that you can combat it. And you just learned about that (indistinct) NETSCOUT here on the Cube. (upbeat music)