(rousing music) >> Hello everyone. Welcome back to "theCUBE's" day one coverage of Cloud Native Security Con 23. This is going to be an exciting panel. I've got three great guests. I'm Lisa Martin, you know our esteemed analysts, John Furrier, and Dave Vellante well. And we're excited to welcome to "theCUBE" for the first time, Yves Sandfort, the CEO of Comdivision Group, who's coming to us from Germany. As you know, Cloud Native Security Con is a global event. Everyone welcome Yves, great to have you in particular. Welcome to "theCUBE." >> Great to be here. >> Thank you for inviting me. >> Yves, tell us a little bit, before we dig into really wanting to understand your perspectives on the event and get Dave and John's feedback as well, tell us a little bit about you. >> So yeah, talking about me, or talking about Comdivision real quick. We are in the business for over 27 years already. We started as a SaaS company, then became more like an architecture and, and Cloud Native company over the last few years. But what's interesting is, and I think that's, that's, that's really interesting when we look at our industry. It hasn't really, the requirements haven't really changed over the years. It's still security. We still have to figure out how we deal with security. We still have to figure out how we deal with compliance and everything else. And I think therefore, it's more and more important that we take these items more seriously. Also, based on the fact that when we look at it, how development and other things happen nowadays, it's, it's, everybody says it's like open source. It's great because everybody can look into the code. We, I think the last few years have shown us enough example that that's not necessarily solving all the issues, but it's also code and development has changed rapidly when we look at the Cloud Native approach, where it's far more about gluing the pieces together, versus the development pieces. When I was actually doing software development 25 years ago, and had to basically build my code because I didn't have that much internet access for it. So it has evolved, but even back then we had to deal with security and everything. >> Right. The focus on security is, is incredibly important, and the focus keeps growing as you mentioned. This is, guys, and I want to get your perspectives on this. We're going to start with John. This is the first time Cloud Native Security Con is its own event being extracted from, and amplified from KubeCon. John, I want to understand from your perspective, break down the event, what you see, what you've heard, and Cloud Native Security in general. What does this mean to companies? What does it mean to customers? Is this a reality? >> Well, I think that's the topic we want to discuss, and I think Yves background, you see the VMware certification, I love that. Because what VMware did with virtualization, was abstract that from server virtualization, kind of really changed the game on things, and you start to see Cloud Native kind of go that next level of how companies will be operating their business, not just digital transformation, as digital transformation goes to completion, it's total business transformation where IT is everywhere. And so you're starting to see the trends where, "Okay, that's happening." Now you're starting to see, that's Cloud Native Con, or KubeCon, AWS re:Invent, or whatever show, or whatever way you want to look at it. But in, in the past decade, past five years, security has always been front and center as almost a separate thing, and, in and of itself, but the same thing. So you're starting to see the breakout of security conversations around how to make things work. So a lot of operational conversations around what used to be DevOps makes infrastructure as code, and that was great, that fueled that. Then DevSecOps came. So the Cloud Native next level, is more application development at scale, developers driving the standards with developer first thinking, shifting left, I get all that. But down in the lower ends of the stack, you got real operational issues. DNS we've heard in the keynote, we heard about the Colonel, the Lennox Colonel. Things that need to be managed and taken care of at a security level. These are like, seem like in the weeds, but you're starting to see that happen. And the other thing that I think's real about Cloud Native Security Con that's going to be interesting to watch, is Amazon has pretty much canceled all their re:Invent like shows except for two; Re:Invent, which is their annual conference, and Re:Inforce, which is dedicated to securities. So Cloud Native, Linux, the Linux Foundation has now breaking out Cloud Native Con and KubeCon, and now Cloud Native Security Con. They can't call it KubeCon because it's not Kubernetes, but it's like security focus. I think this is the beginning of starting to see this new developer driving, developers driving the standards, and it has it implications, what used to be called IT ops, and that's like the VMwares of the world. You saw all the stuff that was not at developer focus, but more ops, becoming much more in the application. So I think, I think it's real. The question is where does it go? How fast does it develop? So to me, I think it's a real trend, and it's worthy of a breakout, but it's not yet clear of where the landing zone is for people to start doing it, how they get started, what are the best practices. Machine learning's going to be a big part of this. So to me it's totally cool, but I'm not yet seeing the beachhead. So that's kind of my take. >> Dave, our inventor and host of breaking analysis, what's your take? >> So when you, I think when you zoom out, there's some, there's a big macro change that's been going on. I think when you look back, let's say 10, 12 years ago, the, the need for speed far trumped the, the, the security aspect, the governance, the data privacy. It was like, "Yeah, the risks, they're not that great compared to our opportunity." That has completely changed because the risks are now so much higher. And so what's happening, I think there's a, there's a major effort amongst CIOs and CISOs to try to make security not a blocker because it use to be, it still is. "Okay, I got this great initiative." Eh, give it to the SecOps pros, and let them take it for a while before we can go to market. And so a huge challenge now is to simplify, automate, AI comes in, the whole supply chain security, so the, so the companies can not be facing so much friction. And that is non-trivial. I don't think we're anywhere close there, but I think the goal is by, within the next several years, we're going to be in a position, that security, we heard today, is, wasn't designed in to the initial internet protocols. It was bolted on. And so increasingly, the fundamental architecture of the internet, the Cloud, et cetera, is, is seeing designed in security, and, and that is an imperative, or else business is going to come to a grinding halt. >> Right. It's no longer, the bolt no longer works. Yves, what's your perspective on Cloud Native Security, where it stands today? What's in it for customers, whether we're talking about banks, or hospitals, or retailers, what do you think? >> I think when we, when we look at security in the, in the modern world, is we need to as, as Dave mentioned, we need to rethink how we apply it. Very often, security in the past has been always bolted on in the end. If we continue to do that, it'll become more and more difficult, because as companies evolve, and as companies want to bring products and software to market in a much faster and faster way, it's getting more and more difficult if we bolt on the security process at the end. It's like, developers build something and then someone checks security. That's not going to work any longer. Especially if we also consider now the changes in the industry. We had Stack Overflow over the last 10 years. If I would've had Stack Overflow 15, 20, what, 25 years ago when I was a developer, it would've changed a hell lot. Looking at it now, and looking at it what we had in the last few weeks, it's like where nearly all of my team members say is like finally I don't need any script kiddies anymore because I can't go to (indistinct) who writes the code for me. Which is on one end great, because it enables us to solve certain problems in a much higher pace. But the challenge with that is, if the people who just copy and past that code, don't understand the implications of that code, we have a much higher risk continuously. And what people thought was, is challenging with Stack Overflow. Imagine that something in one of these AI engines, is actually going ballistic, and it creates holes in nearly every one of these applications. And trust me, there will be enough developers who are going to use these tools to develop codes, the same as students in university are going to take this to write their essays and everything else. And so it's really important that every developer team basically has a security person within their team, and not a security at the end. So we build something, we check it, go through QA, and then it goes to security. Security needs to be at the forefront. And I think that's where we see Cloud Native Security Con, where we see AWS. I saw it during re:Invent already where they said is like, we have reinforced next year. I think this becomes more and more of a topic, and I think companies, as much as it is become a norm that you have a firewall and everything else, it needs to become a norm that when you are doing software development, and every development team needs to have a security person on that needs to be trained. >> I love that chat comment Dave, 'cause you and I were talking about this. And I think that is going to be the issue. Do we need security chat for the chat bot? And there's like a, like a recursive model there. The biases are built in. I think, and I think our interview with the Palo Alto Network's co-founder, Dave, when he talked about zero trust as a structured way to start things, but he was referencing that with Cloud, there's a chance to rethink or do a do-over in security. So, I think this is kind of to me, where this is all going. And I think you asked Pat Gelsinger what, year 2013, 2014, can, is security a do over? I think we're in that do over time. >> He said yes. >> He said yes. (laughing) He was right. But yeah, eight years later... But this is, how do you, zero trust gives you some structure, but how do you organize and redo security? Because to me, I think that's what's happening here. >> And John you heard, Zuk at Palo Alto Network said, "Yeah, the, the words security and architecture, they don't go together historically." And so it is a total, total retake. >> Well is that because there's too many tools out there and- >> Yeah. For sure. >> Yeah, well, first of all, a lot of hardware. And then yeah, a lot of tools. You even see IIOT and industry 40, you see IOT security coming up as another stove pipe, and that's not the right approach. And, and so- >> Well let me, let me ask you a question Dave, and Yves, if you don't mind. 'Cause I was just riffing on this yesterday about this. In the ML space, you're seeing the ML models, you're seeing proprietary models versus open source. Is security going to go down this proprietary security methods and open source? Because that's interesting, because the CNCF is run by the the Linux Foundation. So you can almost maybe see a model where there's more proprietary security methods than open source. Or is it, is that a non-issue? >> I would, I would, let me, if I, if I jump in here first, I think the last, especially last five or 10 years have clearly shown the, the whole and, and I invested early on in the, in the end 90s in several open source startups in the Bay area. So, I'm well behind the whole open source idea and, and mid (indistinct) and others back then several times. But the point is, I think what we have seen is open source is not in general, more secure or less secure, because code is too complex nowadays. You have millions of lines of code, and it's not that either one way or the other is going to solve it. The ways I think we are going to look at it is more is what's the role to market, because only because something is open source doesn't necessarily mean it's going to be available for everyone. And the same for proprietary source from that perspective, even though everybody mixes licensing and payments and all that all the time, but it doesn't necessarily have anything to do with it. But I think as we are going through it, and when we also look at the industry, security industry over the last 10 plus years has been primarily hardware focused. And a lot of these vendors have done a good business out of selling hardware boxes, putting software on top of it. Whereas in reality, those were still X86 standard boxes in the end. So it was not that we had specific security ethics or anything like that in there anymore. And so overall, the question of the market is going to change. And as we are looking into Cloud Native, think about someone like an AWS, do you really envision them to have a hardware box of every supplier in their data center, and that in every availability zone in every region? Same for Microsoft, same for Google, etc? So we need to have new ways on how we can apply security. And that applies both on the backend services, but also on the front end side. >> And if I, and if I could chime in, I think the, the good, I think the answer is, is, is no and yes. And what I mean by that is if you take, antivirus and known malware, I mean pretty much anybody today can, can solve that problem, it's the unknown malware. So I think the yes part of the answer is yes, it's, it's going to be proprietary, but in the sense we're going to use open source tooling, and then apply that in a proprietary way with, with specific algorithms and unique architectures that are going to solve problems. For example, XDR with, with unknown malware. So, and that's the, that's the hard part. As somebody said, I think this morning at the keynote, it's, it's all the stuff that, that the SecOps team couldn't find. That's the really hard part. >> (laughs) Well the question will be will, is the new IP, the ability to feed ChatGPT some magical spelled insertion query string that does the job, that's unique, that might be the new IP, the the question to ask. >> Well, that's what the hackers are going to do. And I, they're on offense. (John laughs) And the offense knows what play is coming. So, they're going to start. >> So guys, let's take this conversation up a level. I want to get your perspectives on what's in this for me as a customer? We know security is a board level conversation. We talk about this all the time. We also know that they're based on, I think David, was the conversations that you and I had, with Palo Alto Networks at Ignite in December. There's a, there's a lack of alignment between the executives and the board from a security perspective. When we talk about Cloud Native Security, we all talked about the value in that, what's in it for customers? I want to get your perspectives on should this be a board level conversation, and if so, how do you advise organizations, whether it is a hospital, or a bank, or an organization that is really affected by things like ransomware? How should they be thinking about this from an organizational perspective? >> Well, I'll start first, because we had this conversation during our Super Cloud event last month, and this comes up a lot. And this is, the CEO board level. Yes it is a board level conversation for security, as is application development as in terms of transforming their business to be competitive, not to be on the wrong side of history with this wave coming. So I think that's more of a management. But the issue is, they tell their people, "Go do it." And they're like, 'cause they get sold on the idea of, "Hey, won't you transform your business, and everything's going to be data driven, and machine learning's going to power your apps, get new customers, be profitable." "Oh, sign me up for that." When you have to implement this, it's really hard. And I think the core issue is, where are companies in their life cycle of the ability to execute and architect this thing properly as Dave said, Nick Zuk said, "You can't have architecture and security, you need platforms." So, I think the re-platforming, and the re-factoring of business is a big factor, and that's got to get down into the, the organizational shifts and the people to do it. So are there skills? Do I do a managed service? How do I architect it? Are there more services? Are there developers doing applications that are going to be more agile? So, this is not an easy thing. And to move a business from IT operations that is proven, to be positioned for this enablement, is just really difficult. And it's expensive. And if you screw it up, you could be, could be on the wrong side of things. So, to me, that's the big issue is, you sell the dream and then you got to implement it. And that's really difficult. >> Yves, give us your perspective on, based on John's comments, how do organizations shift so dramatically? There's a cultural element there as well, but there's also organizations that are, have competitive competitors in the rear view mirror, and there's time to waste. What are your thoughts on that? >> I think that's exactly the point. It's like, as an organization, you need to take the decision between the time, the risk, and all the other elements we have into this game. Because you can try to achieve 100% security, but that's exactly the same as trying to, to protect gold or anything else 100%. It's most likely not going to be from a risk perspective anyway sensible. And that's the same from a corporational perspective. When you look at building new internet services, or IOT services, or any kind of new shopping experience or whatever else, you need to balance out between the risks and the advantages out of it. And you also need to be accepting that you potentially on the way make mistakes, but then it's more important than ever that you are able to quickly fix any mistakes, and to adjust to anything what's happening in the market. Because as we are building all these new Cloud Native applications, and build up all these skill sets, one of the big scenarios is we are far more depending on individual building blocks. These building blocks come out of open source communities, which have a much different way. When we look back in software development, back then we had application servers from Oracle, Web Logic, whatsoever, they had a release cycles of every three to six months. As now we have to deal with open source, where sometimes release cycles are on a four week schedule, in between security patches. So you need to be much faster in adopting that, checking that, implementing that, getting things to work. So there is a security stretch from that perspective. There is a speech stretch on the other thing companies have to deal with, and on the other side it's always a measurement between the risk, and the security you can afford. Because reality is, you will not be 100% protected no matter what you do. So, you need to balance out what you as an organization can actually build on. But I think, coming back also to the point, it's on the bot level nowadays. It's like nearly every discussion we have with companies nowadays as they move into the Cloud, especially also here in Europe where for the last five years, it was always, it's like "It's data privacy." Data privacy is no longer, I mean, yes, for certain people, it's still the point, but for many more people it's like, "How protected is my data?" "What do we do in case of ransomware attack?" "What do we do in case of a denial of service?" All of these things become more vulnerable, where in the past you were discussing these things with a becking page, or, or like a stock exchange. They were, it's like, "What the hell is going to happen if we have a denial of service?" Now all of the sudden, this now affects nearly everyone in their storefronts and everything else, because everything is depending on it. >> Yeah, I think you're right on. You think about how cultural change occurs, it's bottom ups or, bottom up, top down or middle out. And what, what's happened with security is the people in the security team cared about it, they were the, everybody said, "Oh, it's their problem." And then it just did an end run to the board, kind of mid, early last decade. And then the board sort of pushed that down. And the line of business is realizing, "Holy cow. My business, my EBIT can be dramatically affected by this, so I care." Now it's this whole house, cultural team sport. I know it's sort of a, a cliche, but it, it's true. Everybody actually is beginning to care about security because the risks are now so high, and it's going to affect not only the bottom line of the company, the bottom line of the business, their job, it's, it's, it's virtually everywhere. It's a huge cultural shift that we're seeing. >> And that's a big challenge for organizations in any industry. And Yves, you talked about ransomware service. Every industry across the globe is vulnerable to this. But how can, maybe John, we'll start with you. How can Cloud Native Security help organizations if they're able to embrace it, operationally, culturally, dial down some of the vulnerabilities that just seem to keep growing? >> Well, I mean that's the big question. The breaches are, are critical. The governances also could be a way that anchors down growth. So I think the balance between the governance compliance piece of it is key, but making the developers faster and more productive is the key to me. And I think having the security paradigm where they're not blockers, as Dave said, is critical. So I love the whole shift left, but now that we have more data focused initiatives around how that, you can use data to understand the security issues, I think data and security are together, and I think there's a going to be a data operating system model emerging, where data and security will be almost one thing. And that will be set up by the security teams, and the data teams together. And that will feed guardrails into the developer environment. So the developer should feel no pain at all in doing this. So I think the best practice will end up being what we're seeing with supply chain, security, with making sure code's verified. And you're going to see the container, security side completely address has been, and KubeCon, we just, I asked Scott Johnson, the CEO of Docker, and I asked him directly, "Are you guys all tight on container security?" He said, yes, but other people are suggesting that's not true. There's a lot of issues with the container security. So, there's all kinds of areas where there's holes. So Cloud Native is cool on one hand, and very relevant, but if it's not shored up, it's going to be a problem. But I, so I think that's where the action will be, at the developer pipeline, in the containers, and the data. So, that will be very relevant, and if companies nail that, they'll be faster, they'll have better apps, and that'll be the differentiator. And again, if they don't on this next wave, they're going to be driftwood. >> Dave, how do they prevent becoming driftwood? >> Well, I think Cloud has had a huge impact. And a Cloud's by no means a panacea, but let's face it, it's dramatically improved a lot of companies security posture. Now there's still that shared responsibility. Even though an S3 bucket is encrypted, it's still your responsibility to make sure that it doesn't get decrypted by somebody who has access to it. So there are things like that, but to Yve's earlier point, that can be, that's done through software now, it's done through best practices. Those best practices can be shared. So the way you, you don't become driftwood, is you start to, you step back, rethink that security architecture as we were talking about earlier, take advantage of the Cloud, take advantage of Cloud Native, and all the, the rapid pace of innovation that's occurring there, and you don't use, it's called before, The audit is the last line of defense. That's no longer a check box item. "Oh yeah, we're in compliance." It's, this is a business imperative, and because we're going to reduce our expected loss and reduce our business risk. That's part of the business case today. >> Yeah. >> It's a huge, critically important part of the business case. Yves, question for you. If you're in an elevator with a CEO, a CFO, and a CISO, and they're talking about security and Cloud Native Security, what's your value proposition to them on a, on a say a 32nd elevator ride? >> Difficult story. I think at the moment, the most important part is, we need to get people to work together, and we need to train people to work more much better together. I think that's the overall most important part for all of these solutions, because in the end, security is always a person issue. If, we can have the best tools in the industry, as long as we don't get all of these teams to work together, then we have a problem. If the security team is always seen as the end of the solution to fix everything, that's not going to work because they always are the bad guys in the game. And so we need to bring the teams together. And once we have the teams work together, I think we have a far better track on, on maintaining security. >> John and Dave, I want to get your perspectives on what Yves just said. In all the experience that the two of you have as industry analysts here on "theCUBE," Wikibon, Siliconangle Media. How do you advise organizations to get those teams together? As Eve said, that alignment is critical, but John, we'll start with you, then Dave go to you. What's your advice for organizations that need to align those teams and really don't have a lot of time to wait to do it? >> (chuckling) That's a great question. I think, I think that's everyone pays hundreds of thousands of millions of dollars to get that advice from these consultants, organizations out there doing the transformations. But I think it comes down to personnel and commitment. I think if there's a C-level commitment to the effort, you'll see the institutional structure change. So you can see really getting behind it with their, with their wallet and their, and their support of either getting more personnel to support and assist, or manage services, or giving the power to the teams to execute and doing it in a way that, that's, that's well known and best practices. Start small, build out the pilots, build the platform, and then start getting it right. And I think that's the key. Not the magic wand, the old model of rolling out stuff in, in six month cycles. It's really, get the proof points, double down and change the culture, but also execute and have real metrics. And changing the architecture, like having more penetration tests as a service. Doing pen tests is like a joke now. So that doesn't make any sense. You got to have that built in almost every day, and every minute. So, these kinds of new techniques have to be implemented and have to be tried. So that's why these communities are growing. That's why I like what open source has been doing, and I like the open source as the place to have these conversations, because that's where the action will be for new stuff. And I think people will implement open source like they did before, but with different ways, better testing, better supply chain on the software side, verifying code. So, I see open source actually getting a tailwind from this, not a headwind. So, I'm bullish on the open source piece here on, on all levels, machine learning- >> Lisa, my answer is intramural sports. And it's 'cause I think it's cultural. And what I mean by that, is you take your your best and brightest security, and this is what frankly, a lot of CISOs do, an examples is Lena Smart, MongoDB. Take your best and brightest security pros, make them captains of the intramural teams, and pair them up with pods of individuals across the organization, which is most people who don't know anything about security, and put them together, so that they can, they, so that the folks that understand security can, can realize how little people know, what, what, what, how, what the worst practices that are out there in the reverse, how they can cross pollinate. And they do that on a regular basis, I know at Mongo and other companies. And that kind of cultural assimilation is a starting point for how you get security awareness up to your question around making it a team sport. >> Absolutely critical. Yves, I want to kind of wrap things with you. We've got a couple of minutes left. When you're really looking at the Cloud Native community, the growth of it, we talked about earlier in the program, Cloud Native Security Con being now extracted and elevated out of KubeCon, what are your thoughts on the groundswell that this community is generating around Cloud Native Security, the benefits that organizations will achieve from it? >> I think overall, when we have these securities conferences, or these security arms a bit spread out and separated out of the main conference, it helps to a certain degree, because especially in the security space, when you look at at other like black hat or white hat conferences and things like that in the past, although they were not focused on Cloud Native, a lot of these security folks didn't feel well taken care of in any of the other conferences because they were always these, it's like they are always blocking us, they're always making us problems, and all these kinds of things. Now that we really take the Cloud Native piece and the security piece together, or like AWS does it with re:Inforce, I think we will see more and more that people understand is that security is a permanent topic we need to cover, but we need to bring different people together, because security also has compliance and a lot of other components in there. So we will see at these conferences moving forward, also a different audience. It's not going to be only the Cloud Native developers. And if I see some of these security audiences, I can't really imagine them to really be at KubeCon because there is too much other things going on. And you couldn't really see much of that at re:Invent because re:Invent by itself has become a complete monster of a conference. It covers too many topics. And so having this very, very important security piece separated, also gives the opportunity, I think, that we can bring in the security people, but also have the type of board level discussions potentially, between the leaders of the industry, to also discuss on how we can evolve, how we can make things better, and how, how we can actually, yeah, evolve our industry for it. Because let's face it, that threat is not going to go away. It's, it's a business. And one of the last security conferences I was on, on the ransomware part, it was one of the topics someone said is like, "Look, currently on average, it takes a hacker group roughly around they said 15 to 20 K to break into a company, and they on average make 100K. It's a business, let's face it. And it's a business we don't like. And ethically, it's no discussion that this is not good, but that's something which is happening. People are making money with it. And as long as that's going to go on, and we have enough countries where these people can hide, it's going to stay and survive. And so, with that being said, it's important for us to really build an industry around this. But I also think it's good that we have separate conferences. In the past we had more the RSA conference, which tried to cover all of these areas. But that is not really fitting Cloud Native and everything else. So I think it's good that we have these new opportunities, the Cloud Native one, but also what AWS brings up for someone. >> Yves, you just nailed it. It just comes down to simple math. It's a fraction. Revenue over cost. And if you could increase the hacker's cost, increase the denominator, their ROI will go down. And that is the game. >> Great point, Dave. What I'm hearing guys, and we can talk about technology for days and days. I know all of you. But there's, there's a big component that, that the elevation of Cloud Native Security, on its own as standalone is critical, as is the people component. You guys all talked about that. We talked about the cultural change necessary for that. Hopefully what we're seeing with Cloud Native Security Con 23, this first event is going to give us more insight over the next couple of days, and the next months or so, as to how this elevation, and how the people can come together to really help organizations from a math perspective as, as Dave talked about, really dial down the risks there, understand more of the vulnerabilities so that ransomware as a service is not as lucrative as it is today. Guys, so much appreciate your time, really breaking down Cloud Native Security, the value in it from different perspectives, and what your thoughts are on where it's going. Thanks so much for your time. >> All right. Thanks. >> Thanks, Lisa. >> Thank you. >> Thanks, Yves. >> All right. For my guests, I'm Lisa Martin. You're watching theCUBE's day one coverage of Cloud Native Security Con 23. Thanks for watching. (rousing music)

>>From the Cube Studios in Palo Alto in Boston, bringing you data-driven insights from the cube and E T R. This is breaking analysis with Dave Valante. >>Making technology predictions in 2022 was tricky business, especially if you were projecting the performance of markets or identifying I P O prospects and making binary forecast on data AI and the macro spending climate and other related topics in enterprise tech 2022, of course was characterized by a seesaw economy where central banks were restructuring their balance sheets. The war on Ukraine fueled inflation supply chains were a mess. And the unintended consequences of of forced march to digital and the acceleration still being sorted out. Hello and welcome to this week's weekly on Cube Insights powered by E T R. In this breaking analysis, we continue our annual tradition of transparently grading last year's enterprise tech predictions. And you may or may not agree with our self grading system, but look, we're gonna give you the data and you can draw your own conclusions and tell you what, tell us what you think. >>All right, let's get right to it. So our first prediction was tech spending increases by 8% in 2022. And as we exited 2021 CIOs, they were optimistic about their digital transformation plans. You know, they rushed to make changes to their business and were eager to sharpen their focus and continue to iterate on their digital business models and plug the holes that they, the, in the learnings that they had. And so we predicted that 8% rise in enterprise tech spending, which looked pretty good until Ukraine and the Fed decided that, you know, had to rush and make up for lost time. We kind of nailed the momentum in the energy sector, but we can't give ourselves too much credit for that layup. And as of October, Gartner had it spending growing at just over 5%. I think it was 5.1%. So we're gonna take a C plus on this one and, and move on. >>Our next prediction was basically kind of a slow ground ball. The second base, if I have to be honest, but we felt it was important to highlight that security would remain front and center as the number one priority for organizations in 2022. As is our tradition, you know, we try to up the degree of difficulty by specifically identifying companies that are gonna benefit from these trends. So we highlighted some possible I P O candidates, which of course didn't pan out. S NQ was on our radar. The company had just had to do another raise and they recently took a valuation hit and it was a down round. They raised 196 million. So good chunk of cash, but, but not the i p O that we had predicted Aqua Securities focus on containers and cloud native. That was a trendy call and we thought maybe an M SS P or multiple managed security service providers like Arctic Wolf would I p o, but no way that was happening in the crummy market. >>Nonetheless, we think these types of companies, they're still faring well as the talent shortage in security remains really acute, particularly in the sort of mid-size and small businesses that often don't have a sock Lacework laid off 20% of its workforce in 2022. And CO C e o Dave Hatfield left the company. So that I p o didn't, didn't happen. It was probably too early for Lacework. Anyway, meanwhile you got Netscope, which we've cited as strong in the E T R data as particularly in the emerging technology survey. And then, you know, I lumia holding its own, you know, we never liked that 7 billion price tag that Okta paid for auth zero, but we loved the TAM expansion strategy to target developers beyond sort of Okta's enterprise strength. But we gotta take some points off of the failure thus far of, of Okta to really nail the integration and the go to market model with azero and build, you know, bring that into the, the, the core Okta. >>So the focus on endpoint security that was a winner in 2022 is CrowdStrike led that charge with others holding their own, not the least of which was Palo Alto Networks as it continued to expand beyond its core network security and firewall business, you know, through acquisition. So overall we're gonna give ourselves an A minus for this relatively easy call, but again, we had some specifics associated with it to make it a little tougher. And of course we're watching ve very closely this this coming year in 2023. The vendor consolidation trend. You know, according to a recent Palo Alto network survey with 1300 SecOps pros on average organizations have more than 30 tools to manage security tools. So this is a logical way to optimize cost consolidating vendors and consolidating redundant vendors. The E T R data shows that's clearly a trend that's on the upswing. >>Now moving on, a big theme of 2020 and 2021 of course was remote work and hybrid work and new ways to work and return to work. So we predicted in 2022 that hybrid work models would become the dominant protocol, which clearly is the case. We predicted that about 33% of the workforce would come back to the office in 2022 in September. The E T R data showed that figure was at 29%, but organizations expected that 32% would be in the office, you know, pretty much full-time by year end. That hasn't quite happened, but we were pretty close with the projection, so we're gonna take an A minus on this one. Now, supply chain disruption was another big theme that we felt would carry through 2022. And sure that sounds like another easy one, but as is our tradition, again we try to put some binary metrics around our predictions to put some meat in the bone, so to speak, and and allow us than you to say, okay, did it come true or not? >>So we had some data that we presented last year and supply chain issues impacting hardware spend. We said at the time, you can see this on the left hand side of this chart, the PC laptop demand would remain above pre covid levels, which would reverse a decade of year on year declines, which I think started in around 2011, 2012. Now, while demand is down this year pretty substantially relative to 2021, I D C has worldwide unit shipments for PCs at just over 300 million for 22. If you go back to 2019 and you're looking at around let's say 260 million units shipped globally, you know, roughly, so, you know, pretty good call there. Definitely much higher than pre covid levels. But so what you might be asking why the B, well, we projected that 30% of customers would replace security appliances with cloud-based services and that more than a third would replace their internal data center server and storage hardware with cloud services like 30 and 40% respectively. >>And we don't have explicit survey data on exactly these metrics, but anecdotally we see this happening in earnest. And we do have some data that we're showing here on cloud adoption from ET R'S October survey where the midpoint of workloads running in the cloud is around 34% and forecast, as you can see, to grow steadily over the next three years. So this, well look, this is not, we understand it's not a one-to-one correlation with our prediction, but it's a pretty good bet that we were right, but we gotta take some points off, we think for the lack of unequivocal proof. Cause again, we always strive to make our predictions in ways that can be measured as accurate or not. Is it binary? Did it happen, did it not? Kind of like an O K R and you know, we strive to provide data as proof and in this case it's a bit fuzzy. >>We have to admit that although we're pretty comfortable that the prediction was accurate. And look, when you make an hard forecast, sometimes you gotta pay the price. All right, next, we said in 2022 that the big four cloud players would generate 167 billion in IS and PaaS revenue combining for 38% market growth. And our current forecasts are shown here with a comparison to our January, 2022 figures. So coming into this year now where we are today, so currently we expect 162 billion in total revenue and a 33% growth rate. Still very healthy, but not on our mark. So we think a w s is gonna miss our predictions by about a billion dollars, not, you know, not bad for an 80 billion company. So they're not gonna hit that expectation though of getting really close to a hundred billion run rate. We thought they'd exit the year, you know, closer to, you know, 25 billion a quarter and we don't think they're gonna get there. >>Look, we pretty much nailed Azure even though our prediction W was was correct about g Google Cloud platform surpassing Alibaba, Alibaba, we way overestimated the performance of both of those companies. So we're gonna give ourselves a C plus here and we think, yeah, you might think it's a little bit harsh, we could argue for a B minus to the professor, but the misses on GCP and Alibaba we think warrant a a self penalty on this one. All right, let's move on to our prediction about Supercloud. We said it becomes a thing in 2022 and we think by many accounts it has, despite the naysayers, we're seeing clear evidence that the concept of a layer of value add that sits above and across clouds is taking shape. And on this slide we showed just some of the pickup in the industry. I mean one of the most interesting is CloudFlare, the biggest supercloud antagonist. >>Charles Fitzgerald even predicted that no vendor would ever use the term in their marketing. And that would be proof if that happened that Supercloud was a thing and he said it would never happen. Well CloudFlare has, and they launched their version of Supercloud at their developer week. Chris Miller of the register put out a Supercloud block diagram, something else that Charles Fitzgerald was, it was was pushing us for, which is rightly so, it was a good call on his part. And Chris Miller actually came up with one that's pretty good at David Linthicum also has produced a a a A block diagram, kind of similar, David uses the term metacloud and he uses the term supercloud kind of interchangeably to describe that trend. And so we we're aligned on that front. Brian Gracely has covered the concept on the popular cloud podcast. Berkeley launched the Sky computing initiative. >>You read through that white paper and many of the concepts highlighted in the Supercloud 3.0 community developed definition align with that. Walmart launched a platform with many of the supercloud salient attributes. So did Goldman Sachs, so did Capital One, so did nasdaq. So you know, sorry you can hate the term, but very clearly the evidence is gathering for the super cloud storm. We're gonna take an a plus on this one. Sorry, haters. Alright, let's talk about data mesh in our 21 predictions posts. We said that in the 2020s, 75% of large organizations are gonna re-architect their big data platforms. So kind of a decade long prediction. We don't like to do that always, but sometimes it's warranted. And because it was a longer term prediction, we, at the time in, in coming into 22 when we were evaluating our 21 predictions, we took a grade of incomplete because the sort of decade long or majority of the decade better part of the decade prediction. >>So last year, earlier this year, we said our number seven prediction was data mesh gains momentum in 22. But it's largely confined and narrow data problems with limited scope as you can see here with some of the key bullets. So there's a lot of discussion in the data community about data mesh and while there are an increasing number of examples, JP Morgan Chase, Intuit, H S P C, HelloFresh, and others that are completely rearchitecting parts of their data platform completely rearchitecting entire data platforms is non-trivial. There are organizational challenges, there're data, data ownership, debates, technical considerations, and in particular two of the four fundamental data mesh principles that the, the need for a self-service infrastructure and federated computational governance are challenging. Look, democratizing data and facilitating data sharing creates conflicts with regulatory requirements around data privacy. As such many organizations are being really selective with their data mesh implementations and hence our prediction of narrowing the scope of data mesh initiatives. >>I think that was right on J P M C is a good example of this, where you got a single group within a, within a division narrowly implementing the data mesh architecture. They're using a w s, they're using data lakes, they're using Amazon Glue, creating a catalog and a variety of other techniques to meet their objectives. They kind of automating data quality and it was pretty well thought out and interesting approach and I think it's gonna be made easier by some of the announcements that Amazon made at the recent, you know, reinvent, particularly trying to eliminate ET t l, better connections between Aurora and Redshift and, and, and better data sharing the data clean room. So a lot of that is gonna help. Of course, snowflake has been on this for a while now. Many other companies are facing, you know, limitations as we said here and this slide with their Hadoop data platforms. They need to do new, some new thinking around that to scale. HelloFresh is a really good example of this. Look, the bottom line is that organizations want to get more value from data and having a centralized, highly specialized teams that own the data problem, it's been a barrier and a blocker to success. The data mesh starts with organizational considerations as described in great detail by Ash Nair of Warner Brothers. So take a listen to this clip. >>Yeah, so when people think of Warner Brothers, you always think of like the movie studio, but we're more than that, right? I mean, you think of H B O, you think of t n t, you think of C N N. We have 30 plus brands in our portfolio and each have their own needs. So the, the idea of a data mesh really helps us because what we can do is we can federate access across the company so that, you know, CNN can work at their own pace. You know, when there's election season, they can ingest their own data and they don't have to, you know, bump up against, as an example, HBO if Game of Thrones is going on. >>So it's often the case that data mesh is in the eyes of the implementer. And while a company's implementation may not strictly adhere to Jamma Dani's vision of data mesh, and that's okay, the goal is to use data more effectively. And despite Gartner's attempts to deposition data mesh in favor of the somewhat confusing or frankly far more confusing data fabric concept that they stole from NetApp data mesh is taking hold in organizations globally today. So we're gonna take a B on this one. The prediction is shaping up the way we envision, but as we previously reported, it's gonna take some time. The better part of a decade in our view, new standards have to emerge to make this vision become reality and they'll come in the form of both open and de facto approaches. Okay, our eighth prediction last year focused on the face off between Snowflake and Databricks. >>And we realized this popular topic, and maybe one that's getting a little overplayed, but these are two companies that initially, you know, looked like they were shaping up as partners and they, by the way, they are still partnering in the field. But you go back a couple years ago, the idea of using an AW w s infrastructure, Databricks machine intelligence and applying that on top of Snowflake as a facile data warehouse, still very viable. But both of these companies, they have much larger ambitions. They got big total available markets to chase and large valuations that they have to justify. So what's happening is, as we've previously reported, each of these companies is moving toward the other firm's core domain and they're building out an ecosystem that'll be critical for their future. So as part of that effort, we said each is gonna become aggressive investors and maybe start doing some m and a and they have in various companies. >>And on this chart that we produced last year, we studied some of the companies that were targets and we've added some recent investments of both Snowflake and Databricks. As you can see, they've both, for example, invested in elation snowflake's, put money into Lacework, the Secur security firm, ThoughtSpot, which is trying to democratize data with ai. Collibra is a governance platform and you can see Databricks investments in data transformation with D B T labs, Matillion doing simplified business intelligence hunters. So that's, you know, they're security investment and so forth. So other than our thought that we'd see Databricks I p o last year, this prediction been pretty spot on. So we'll give ourselves an A on that one. Now observability has been a hot topic and we've been covering it for a while with our friends at E T R, particularly Eric Bradley. Our number nine prediction last year was basically that if you're not cloud native and observability, you are gonna be in big trouble. >>So everything guys gotta go cloud native. And that's clearly been the case. Splunk, the big player in the space has been transitioning to the cloud, hasn't always been pretty, as we reported, Datadog real momentum, the elk stack, that's open source model. You got new entrants that we've cited before, like observe, honeycomb, chaos search and others that we've, we've reported on, they're all born in the cloud. So we're gonna take another a on this one, admittedly, yeah, it's a re reasonably easy call, but you gotta have a few of those in the mix. Okay, our last prediction, our number 10 was around events. Something the cube knows a little bit about. We said that a new category of events would emerge as hybrid and that for the most part is happened. So that's gonna be the mainstay is what we said. That pure play virtual events are gonna give way to hi hybrid. >>And the narrative is that virtual only events are, you know, they're good for quick hits, but lousy replacements for in-person events. And you know that said, organizations of all shapes and sizes, they learn how to create better virtual content and support remote audiences during the pandemic. So when we set at pure play is gonna give way to hybrid, we said we, we i we implied or specific or specified that the physical event that v i p experience is going defined. That overall experience and those v i p events would create a little fomo, fear of, of missing out in a virtual component would overlay that serves an audience 10 x the size of the physical. We saw that really two really good examples. Red Hat Summit in Boston, small event, couple thousand people served tens of thousands, you know, online. Second was Google Cloud next v i p event in, in New York City. >>Everything else was, was, was, was virtual. You know, even examples of our prediction of metaverse like immersion have popped up and, and and, and you know, other companies are doing roadshow as we predicted like a lot of companies are doing it. You're seeing that as a major trend where organizations are going with their sales teams out into the regions and doing a little belly to belly action as opposed to the big giant event. That's a definitely a, a trend that we're seeing. So in reviewing this prediction, the grade we gave ourselves is, you know, maybe a bit unfair, it should be, you could argue for a higher grade, but the, but the organization still haven't figured it out. They have hybrid experiences but they generally do a really poor job of leveraging the afterglow and of event of an event. It still tends to be one and done, let's move on to the next event or the next city. >>Let the sales team pick up the pieces if they were paying attention. So because of that, we're only taking a B plus on this one. Okay, so that's the review of last year's predictions. You know, overall if you average out our grade on the 10 predictions that come out to a b plus, I dunno why we can't seem to get that elusive a, but we're gonna keep trying our friends at E T R and we are starting to look at the data for 2023 from the surveys and all the work that we've done on the cube and our, our analysis and we're gonna put together our predictions. We've had literally hundreds of inbounds from PR pros pitching us. We've got this huge thick folder that we've started to review with our yellow highlighter. And our plan is to review it this month, take a look at all the data, get some ideas from the inbounds and then the e t R of January surveys in the field. >>It's probably got a little over a thousand responses right now. You know, they'll get up to, you know, 1400 or so. And once we've digested all that, we're gonna go back and publish our predictions for 2023 sometime in January. So stay tuned for that. All right, we're gonna leave it there for today. You wanna thank Alex Myerson who's on production and he manages the podcast, Ken Schiffman as well out of our, our Boston studio. I gotta really heartfelt thank you to Kristen Martin and Cheryl Knight and their team. They helped get the word out on social and in our newsletters. Rob Ho is our editor in chief over at Silicon Angle who does some great editing for us. Thank you all. Remember all these podcasts are available or all these episodes are available is podcasts. Wherever you listen, just all you do Search Breaking analysis podcast, really getting some great traction there. Appreciate you guys subscribing. I published each week on wikibon.com, silicon angle.com or you can email me directly at david dot valante silicon angle.com or dm me Dante, or you can comment on my LinkedIn post. And please check out ETR AI for the very best survey data in the enterprise tech business. Some awesome stuff in there. This is Dante for the Cube Insights powered by etr. Thanks for watching and we'll see you next time on breaking analysis.

>>The cube presents Ignite 22, brought to you by Palo Alto Networks. >>Good morning. Live from the MGM Grand. It's the cube at Palo Alto Networks Ignite 2022. Lisa Martin here with Dave Valante, day two, Dave of our coverage, or last live day of the year, which I can't believe, lots of good news coming out from Palo Alto Networks. We're gonna sit down with its Chief product officer next and dissect all of that. >>Yeah. You know, oftentimes in, in events like this, day two is product day. And look, it's all about products and sales. Yeah, I mean those, that's the, the, the golden rule. Get the product right, get the sales right, and everything else will take care of itself. So let's talk product. >>Yeah, let's talk product. Lee Claridge joins us, the Chief Product Officer at Palo Alto Networks. Welcome Lee. Great to have >>You. Thank you so much. >>So we didn't get to see your keynote yesterday, but we heard one of the things, you know, we've been talking about the threat landscape, the challenges. We had Unit 42, Wendy on yesterday. We had Nash on and near talking about the massive challenges in the threat landscape. But we understand, despite that you are optimistic. I am. Talk about your optimism given the massive challenges that every organization is facing today. >>Look, cybersecurity's hard and often in cybersecurity in the industry, a lot of people get sort of really focused on what the threat actors are doing, why they're successful. We investigate breaches and we think of it, it just starts to feel somewhat overwhelming for a lot of folks. And I just happen to think a little bit differently. I, I look at it and I think it's actually a solvable problem. >>Talk about cyber resilience. How does Palo Alto Networks define that and how does it help customers achieve that? Cuz that's the, that's the holy grail these days. >>Yes. Look, the, the way I think about cyber resilience is basically in two pieces. One, it's all about how do we prevent the threat actors from actually being successful in the first place. Second, we also have to be prepared for what happens if they happen to find a way to get through, and how do we make sure that that happens? The blast radius is, is as narrowly contained as possible. And so the, the way that we approach this is, you know, I, I kind of think in terms of like threes three core principles. Number one, we have to have amazing technology and we have to constantly be, keep keeping up with and ideally ahead of what attackers are doing. It's a big part of my job as the chief product officer, right? Second is we, you know, one of the, the big transformations that's happened is the advent of, of AI and the opportunity, as long as we can do it, a great job of collecting great data, we can drive AI and machine learning models that can start to be used for our advantage as defenders, and then further use that to drive automation. >>So we take the human out of the response as much as possible. What that allows us to do is actually to start using AI and automation to disrupt attackers as it's happening. The third piece then becomes natively integrating these capabilities into a platform. And when we do that, what allows us to do is to make sure that we are consistently delivering cybersecurity everywhere that it needs to happen. That we don't have gaps. Yeah. So great tech AI and automation deliver natively integrated through platforms. This is how we achieve cyber resilience. >>So I like the positivity. In fact, Steven Schmidt, who's now the CSO of, of Amazon, you know, Steven, and it was the CSO at AWS at the time, the first reinforced, he stood up on stage and said, listen, this narrative that's all gloom and doom is not the right approach. We actually are doing a good job and we have the capability. So I was like, yeah, you know, okay. I'm, I'm down with that. Now when I, my question is around the, the portfolio. I, I was looking at, you know, some of your alternatives and options and the website. I mean, you got network security, cloud security, you got sassy, you got capp, you got endpoint, pretty much everything. You got cider security, which you just recently acquired for, you know, this whole shift left stuff, you know, nothing in there on identity yet. That's good. You partner for that, but, so could you describe sort of how you think about the portfolio from a product standpoint? How you continue to evolve it and what's the direction? Yes. >>So the, the, the cybersecurity industry has long had this, I'm gonna call it a major flaw. And the major flaw of the cybersecurity industry has been that every time there is a problem to be solved, there's another 10 or 20 startups that get funded to solve that problem. And so pretty soon what you have is you're, if you're a customer of this is you have 50, a hundred, the, the record is over 400 different cybersecurity products that as a customer you're trying to operationalize. >>It's not a good record to have. >>No, it's not a good record. No. This is, this is the opposite of Yes. Not a good personal best. So the, so the reason I start there in answering your question is the, the way that, so that's one end of the extreme, the other end of the extreme view to say, is there such a thing as a single platform that does everything? No, there's not. That would be nice. That was, that sounds nice. But the reality is that cybersecurity has to be much broader than any one single thing can do. And so the, the way that we approach this is, is three fundamental areas that, that we, Palo Alto Networks are going to be the best at. One is network security within network security. This includes hardware, NextGen, firewalls, software NextGen, firewalls, sassy, all the different security services that tie into that. All of that makes up our network security platforms. >>So everything to do with network security is integrated in that one place. Second is around cloud security. The shift to the cloud is happening is very real. That's where Prisma Cloud takes center stage. C a P is the industry acronym. If if five letters thrown together can be called an acronym. The, so cloud native application protection platform, right? So this is where we bring all of the different cloud security capabilities integrated together, delivered through one platform. And then security, security operations is the third for us. This is Cortex. And this is where we bring together endpoint security, edr, ndr, attack, surface management automation, all of this. And what we had, what we announced earlier this year is x Im, which is a Cortex product for actually integrating all of that together into one SOC transformation platform. So those are the three platforms, and that's how we deliver much, much, much greater levels of native integration of capabilities, but in a logical way where we're not trying to overdo it. >>And cider will fit into two or three >>Into Prisma cloud into the second cloud to two. Yeah. As part of the shift left strategy of how we secure makes sense applications in the cloud >>When you're in customer conversations. You mentioned the record of 400 different product. That's crazy. Nash was saying yesterday between 30 and 50 and we talked with him and near about what's realistic in terms of getting organizations to, to be able to consolidate. I'd love to understand what does cybersecurity transformation look like for the average organization that's running 30 to 50 point >>Solutions? Yeah, look, 30 to 50 is probably, maybe normal. A hundred is not unusual. Obviously 400 is the extreme example. But all of those are, those numbers are too big right now. I think, I think realistic is high. Single digits, low double digits is probably somewhat realistic for most organizations, the most complex organizations that might go a bit above that if we're really doing a good job. That's, that's what I think. Now second, I do really want to point out on, on the product guy. So, so maybe this is just my way of thinking, consolidation is an outcome of having more tightly and natively integrated capabilities. Got you. And the reason I flip that around is if I just went to you and say, Hey, would you like to consolidate? That just means maybe fewer vendors that that helps the procurement person. Yes. You know, have to negotiate with fewer companies. Yeah. Integration is actually a technology statement. It's delivering better outcomes because we've designed multiple capabilities to work together natively ourselves as the developers so that the customer doesn't have to figure out how to do it. It just happens that by, by doing that, the customer gets all this wonderful technical benefit. And then there's this outcome sitting there called, you've just consolidated your complexity. How >>Specialized is the customer? I think a data pipelines, and I think I have a data engineer, have a data scientists, a data analyst, but hyper specialized roles. If, if, let's say I have, you know, 30 or 40, and one of 'em is an SD wan, you know, security product. Yeah. I'm best of breed an SD wan. Okay, great. Palo Alto comes in as you, you pointed out, I'm gonna help you with your procurement side. Are there hyper specialized individuals that are aligned to that? And how that's kind of part A and B, how, assuming that's the case, how does that integration, you know, carry through to the business case? So >>Obviously there are specializations, this is the, and, and cybersecurity is really important. And so there, this is why there had, there's this tendency in the past to head toward, well I have this problem, so who's the best at solving this one problem? And if you only had one problem to solve, you would go find the specialist. The, the, the, the challenge becomes, well, what do you have a hundred problems to solve? I is the right answer, a hundred specialized solutions for your a hundred problems. And what what I think is missing in this approach is, is understanding that almost every problem that needs to be solved is interconnected with other problems to be solved. It's that interconnectedness of the problems where all of a sudden, so, so you mentioned SD wan. Okay, great. I have Estee wan, I need it. Well what are you connecting SD WAN to? >>Well, ideally our view is you would connect SD WAN and branch to the cloud. Well, would you run in the cloud? Well, in our case, we can take our SD wan, connect it to Prisma access, which is our cloud security solution, and we can natively integrate those two things together such that when you use 'em together, way easier. Right? All of a sudden we took what seemed like two separate problems. We said, no, actually these problems are related and we can deliver a solution where those, those things are actually brought together. And that's just one simple example, but you could, you could extend that across a lot of these other areas. And so that's the difference. And that's how the, the, the mindset shift that is happening. And, and I I was gonna say needs to happen, but it's starting to happen. I'm talking to customers where they're telling me this as opposed to me telling them. >>So when you walk around the floor here, there's a visual, it's called a day in the life of a fuel member. And basically what it has, it's got like, I dunno, six or seven different roles or personas, you know, one is management, one is a network engineer, one's a coder, and it gives you an X and an O. And it says, okay, put the X on things that you spend your time doing, put the o on things that you wanna spend your time doing a across all different sort of activities that a SecOps pro would do. There's Xs and O's in every one of 'em. You know, to your point, there's so much overlap going on. This was really difficult to discern, you know, any kind of consistent pattern because it, it, it, unlike the hyper specialization and data pipelines that I just described, it, it's, it's not, it, it, there's way more overlap between those, those specialization roles. >>And there's a, there's a second challenge that, that I've observed and that we are, we've, we've been trying to solve this and now I'd say we've become, started to become a lot more purposeful in, in, in trying to solve this, which is, I believe cybersecurity, in order for cyber security vendors to become partners, we actually have to start to become more opinionated. We actually have to start, guys >>Are pretty opinionated. >>Well, yes, but, but the industry large. So yes, we're opinionated. We build these products, but that have, that have our, I'll call our opinions built into it, and then we, we sell the, the product and then, and then what happens? Customer says, great, thank you for the product. I'm going to deploy it however I want to, which is fine. Obviously it's their choice at the end of the day, but we actually should start to exert an opinion to say, well, here's what we would recommend, here's why we would recommend that. Here's how we envisioned it providing the most value to you. And actually starting to build that into the products themselves so that they start to guide the customer toward these outcomes as opposed to just saying, here's a product, good luck. >>What's, what's the customer lifecycle, not lifecycle, but really kind of that, that collaboration, like it's one thing to, to have products that you're saying that have opinions to be able to inform customers how to deploy, how to use, but where is their feedback in this cycle of product development? >>Oh, look, my, this, this is, this is my life. I'm, this is, this is why I'm here. This is like, you know, all day long I'm meeting with customers and, and I share what we're doing. But, but it's, it's a, it's a 50 50, I'm half the time I'm listening as well to understand what they're trying to do, what they're trying to accomplish, and how, what they need us to do better in order to help them solve the problem. So the, the, and, and so my entire organization is oriented around not just telling customers, here's what we did, but listening and understanding and bringing that feedback in and constantly making the products better. That's, that's the, the main way in which we do this. Now there's a second way, which is we also allow our products to be customized. You know, I can say, here's our best practices, we see it, but then allowing our customer to, to customize that and tailor it to their environment, because there are going to be uniquenesses for different customers in parti, we need more complex environments. Explain >>Why fire firewalls won't go away >>From your perspective. Oh, Nikesh actually did a great job of explaining this yesterday, and although he gave me credit for it, so this is like a, a circular kind of reference here. But if you think about the firewalls slightly more abstract, and you basically say a NextGen firewalls job is to inspect every connection in order to make sure the connection should be allowed. And then if it is allowed to make sure that it's secure, >>Which that is the definition of an NextGen firewall, by the way, exactly what I just said. Now what you noticed is, I didn't describe it as a hardware device, right? It can be delivered in hardware because there are environments where you need super high throughput, low latency, guess what? Hardware is the best way of delivering that functionality. There's other use cases cloud where you can't, you, you can't ship hardware to a cloud provider and say, can you install this hardware in front of my cloud? No, no, no. You deployed in a software. So you take that same functionality, you instantly in a software, then you have other use cases, branch offices, remote workforce, et cetera, where you say, actually, I just want it delivered from the cloud. This is what sassy is. So when I, when I look at and say, the firewall's not going away, what, what, what I see is the functionality needed is not only not going away, it's actually expanding. But how we deliver it is going to be across these three form factors. And then the customer's going to decide how they need to intermix these form factors for their environment. >>We put forth this notion of super cloud a while about a year ago. And the idea being you're gonna leverage the hyperscale infrastructure and you're gonna build a, a, you're gonna solve a common problem across clouds and even on-prem, super cloud above the cloud. Not Superman, but super as in Latin. But it turned into this sort of, you know, superlative, which is fun. But the, my, my question to you is, is, is, is Palo Alto essentially building a common cross-cloud on-prem, presumably out to the edge consistent experience that we would call a super cloud? >>Yeah, I don't know that we've ever used the term surfer cloud to describe it. Oh, you don't have to, but yeah. But yes, based on how you describe it, absolutely. And it has three main benefits that I describe to customers all the time. The first is the end user experience. So imagine your employee, and you might work from the office, you might work from home, you might work while from, from traveling and hotels and conferences. And, and by the way, in one day you might actually work from all of those places. So, so the first part is the end user experience becomes way better when it doesn't matter where they're working from. They always get the same experience, huge benefit from productivity perspective, no second benefit security operations. You think about the, the people who are actually administering these policies and analyzing the security events. >>Imagine how much better it is for them when it's all common and consistent across everywhere that has to happen. Cloud, on-prem branch, remote workforce, et cetera. So there's a operational benefit that is super valuable. Third, security benefit. Imagine if in this, this platform-based approach, if we come out with some new amazing innovation that is able to detect and block, you know, new types of attacks, guess what, we can deliver that across hardware, software, and sassi uniformly and keep it all up to date. So from a security perspective, way better than trying to figure out, okay, there's some new technology, you know, does my hardware provider have that technology or not? Does my soft provider? So it's bringing that in to one place. >>From a developer perspective, is there a, a, a PAs layer, forgive me super PAs, that a allows the developers to have a common experience across irrespective of physical location with the explicit purpose of serving the objective of your platform. >>So normally when I think of the context of developers, I'm thinking of the context of, of the people who are building the applications that are being deployed. And those applications may be deployed in a data center, increasing the data centers, depending private clouds might be deployed into, into public cloud. It might even be hybrid in nature. And so if you think about what the developer wants, the developer actually wants to not have to think about security, quite frankly. Yeah. They want to think about how do I develop the functionality I need as quickly as possible with the highest quality >>Possible, but they are being forced to think about it more and more. Well, but anyway, I didn't mean to >>Interrupt you. No, it's a, it is a good, it's a, it's, it's a great point. The >>Well we're trying to do is we're trying to enable our security capabilities to work in a way that actually enables what the developer wants that actually allows them to develop faster that actually allows them to focus on the things they want to focus. And, and the way we do that is by actually surfacing the security information that they need to know in the tools that they use as opposed to trying to bring them to our tools. So you think about this, so our customer is a security customer. Yet in the application development lifecycle, the developer is often the user. So we, we we're selling, we're so providing a solution to security and then we're enabling them to surface it in the developer tools. And by, by doing this, we actually make life easier for the developers such that they're not actually thinking about security so much as they're just saying, oh, I pulled down the wrong open source package, it's outdated, it has vulnerabilities. I was notified the second I did it, and I was told which one I should pull down. So I pulled down the right one. Now, if you're a developer, do you think that's security getting your way? Not at all. No. If you're a developer, you're thinking, thank god, thank you, thank, thank you. Yeah. You told me at a point where it was easy as opposed to waiting a week or two and then telling me where it's gonna be really hard to fix it. Yeah. Nothing >>More than, so maybe be talking to Terraform or some other hash corp, you know, environment. I got it. Okay. >>Absolutely. >>We're 30 seconds. We're almost out of time. Sure. But I'd love to get your snapshot. Here we are at the end of calendar 2022. What are you, we know you're optimistic in this threat landscape, which we're gonna see obviously more dynamics next year. What kind of nuggets can you drop about what we might hear and see in 23? >>You're gonna see across everything. We do a lot more focus on the use of AI and machine learning to drive automated outcomes for our customers. And you're gonna see us across everything we do. And that's going to be the big transformation. It'll be a multi-year transformation, but you're gonna see significant progress in the next 12 months. All >>Right, well >>What will be the sign of that progress? If I had to make a prediction, which >>I'm better security with less effort. >>Okay, great. I feel like that's, we can measure that. I >>Feel, I feel like that's a mic drop moment. Lee, it's been great having you on the program. Thank you for walking us through such great detail. What's going on in the organization, what you're doing for customers, where you're meeting, how you're meeting the developers, where they are. We'll have to have you back. There's just, just too much to unpack. Thank you both so much. Actually, our pleasure for Lee Cler and Dave Valante. I'm Lisa Martin. You're watching The Cube Live from Palo Alto Networks Ignite 22, the Cube, the leader in live, emerging and enterprise tech coverage.

>> Announcer: TheCUBE presents Ignite '22, brought to you by Palo Alto Networks. >> Welcome back to Las Vegas. It's theCUBE covering Palo Alto Networks '22, from the MGM Grand, Lisa Martin with Dave Vellante. Dave, we are going to unpack in the next few minutes what we heard and saw at day one of Palo Alto Networks, Ignite. A lot of great conversations, some great guests on the program today. >> Yeah last event, CUBE event of the year. Probably last major tech event of the year. It's kind of an interesting choice of timing, two weeks after reInvent. But you know, this crowd is it's a lot of like network engineers, SecOps pros. There's not a lot of suits here. I think they were here yesterday, all the partners. >> Yeah. >> We talked to Carl Sunderland about, Hey, these, these guys want to know how do I grow my business? You know, so it was a lot of C level executives talking about their business, and how they partner with Palo Alto to grow. The crowd today is really, you know hardcore security professionals. >> Yeah. >> So we're hearing a story of consolidation. >> Yes. >> No surprise. We've talked about that and reported on it, you know, quite extensively. The one big takeaway, and I want, I came in, as you know, wanting to understand, okay, can you through m and a maintain, you know, build a suite of great, big portfolio and at the same time maintain best of breed? And the answer was consistent. We heard it from Nikesh, we heard it from Nir Zuk. The answer was you can't be best of breed without having that large portfolio, single data lake, you know? Single version of the truth, of there is such a thing. That was interesting, that in security, you have to have that visibility. I would imagine, that's true for a lot of things. Data, see what Snowflake and Databricks are both trying to do, now AWS. So to join, we heard that last week, so that was one of the big takeaways. What were your, some of your thoughts? >> Just impressed with the level of threat intelligence that Unit 42 has done. I mean, we had Wendy Whitmer on, and she was one of the alumni, great guest. The landscape has changed so dramatically. Every business, in any industry, nobody's safe. They have such great intelligence on what's going on with malware, with ransomware, with Smishing, that they're able to get, help organizations on their way to becoming cyber resilient. You know, we've been talking a lot about cyber resiliency lately. I always want to understand, well what does it mean? How do different organizations and customers define it? Can they actually really get there? And Wendy talked about yes, it is a journey, but organizations can achieve cyber resiliency. But they need to partner with Palo Alto Networks to be able to understand the landscape and ensure that they've got security established across their organization, as it's now growingly Multicloud. >> Yeah, she's a blonde-haired Wonder Woman, superhero. I always ask security pros that question. But you know, when you talk to people like Wendy Whitmore, Kevin Mandy is somebody else. And the people at AWS, or the big cloud companies, who are on the inside, looking at the threat intelligence. They have so much data, and they have so much knowledge. They can, they analyze, they could identify the fingerprints of nation states, different, you know, criminal organizations. And the the one thing, I think it was Wendy who said, maybe it was somebody else, I think it was Wendy, that they're they're tearing down and reforming, right? >> Yes. >> After they're discovered. Okay, they pack up and leave. They're like, you know, Oceans 11. >> Yep. >> Okay. And then they recruit them and bring them back in. So that was really fascinating. Nir Zuk, we'd never had him on theCUBE before. He was tremendous founder and and CTO of Palo Alto Networks, very opinionated. You know, very clear thinker, basically saying, look you're SOC is going to be run by AI >> Yeah. >> within the next five years. And machines are going to do things that humans can't do at scale, is really what he was saying. And then they're going to get better at that, and they're going to do other things that you have done well that they haven't done well, and then they're going to do well. And so, this is an interesting discussion about you know, I remember, you know we had an event with MIT. Eric Brynjolfsson and Andy McAfee, they wrote the book "Second Machine Age." And they made the point, machines have always replaced humans. This is the first time ever that machines are replacing humans in cognitive functions. So what does that mean? That means that humans have to rely on, you know, creativity. There's got to be new training, new thinking. So it's not like you're going to be out of a job, you're just going to be doing a different job. >> Right. I thought Nir Zuk did a great job of explaining that. We often hear people that are concerned with machines taking jobs. He did a great job of, and you did a great recap, of articulating the value that both bring, and the opportunities to the humans that the machines actually deliver as well. >> Yeah so, you know, we didn't, we didn't get deep into the products today. Tomorrow we're going to have a little bit more deep dive on products. We did, we had some partners on, AWS came on, talked about their ecosystem. BJ Jenkins so, you know, BJ Jenkins again I mean super senior executive. And if I were Nikesh, he's doing exactly what I would do. Putting him on a plane and saying, go meet with customers, go make rain, right? And that's what he's doing is, he's an individual who really knows how to interact with the C-suite, has driven value, you know, over the years. So they've got that angle goin', they're driving go to market. They've got the technology piece and they've, they got to build out the ecosystem. That I think is the big opportunity for them. You know, if they're going to double as a company, this ecosystem has to quadruple. >> Yeah, yeah. >> In my opinion. And I, we saw the same thing at CrowdStrike. We said the same thing about Service Now in 2013. And so, what's happened is the GSIs, the global system integrators start to get involved. They start to partner with them and then they get to get that flywheel effect. And then there's a supercloud, I think that, you know I think Nir Zuk said, Hey, we are basically building out that, he didn't use the term supercloud. But, we're building out that cross cloud capability. You don't need another stove pipe for the edge. You know, so they got on-prem, they got AWS, Azure, you said you have to, absolutely have to run on Microsoft. 'Cause I don't believe today, right? Today they run on, I heard somebody say they run on AWS and Google. >> Yeah. >> I haven't heard much about Microsoft. >> Right. >> Both AWS and Google are here. Microsoft, the bigger competitor in security, but Nir Zuk was unequivocal. Yes, of course you have to run, you got to run it on an Alibaba cloud. He didn't say that, but if you want to secure the China cloud, you got to run on Alibaba. >> Absolutely. >> And Oracle he said. Didn't mention IBM, but no reason they can't run on IBM's cloud. But unless IBM doesn't want 'em to. >> Well they're very customer focused and customer first. So it'll be interesting to see if customers take them in that direction. >> Well it's a good point, right? If customers say, Hey we want you running in this cloud, they will. And, but he did call out Oracle, which I thought was interesting. And so, Oracle's all about mission critical data, mission critical apps. So, you know, that's a good sign. You know, I mean there's so much opportunity in cyber, but so much confusion. You know, sneak had a raise today. It was a down round, no surprise there. But you know, these companies are going to start getting tight on cash, and you've seen layoffs, right? And so, I dunno who said it, I think it was Carl at the end said in a downturn, the strongest companies come out stronger. And that's generally, generally been the case. That kind of rich get richer. We see that in the last downturn? Yes and no, to a certain extent. It's still all about execution. I mean I think about EMC coming out of the last downturn. They did come out stronger and then they started to rocket, but then look what happened. They couldn't remain independent. They were just using m and a as a technique to hide the warts. You know so, what Nir Zuk said that was most interesting to me is when we acquire, we acquire with the intent of integrating. ServiceNow has a similar philosophy. I think that's why they've been somewhat successful. And Oracle, for sure, has had a similar philosophy. So, and that idea of shifting labor into vendor R and D has always been a winning formula. >> I think we heard that today. Excited for day two tomorrow. We've got some great conversations. We're going to be able to talk with some customers, the chief product officer is on. So we have more great content coming from our last live show over the year. Dave, it's been great co-hosting day one with you. Look forward to doing it tomorrow. >> Yeah, thanks for doing this. >> All right. >> All right. For Dave Vellante, I'm Lisa Martin. You've been watching theCUBE, the leader in live enterprise and emerging tech coverage. See you tomorrow. (gentle music fades)

(bright music) >> Hello everyone and welcome back to AWS re:Invent, here in wonderful Las Vegas, Nevada. We're theCUBE. I am Savannah Peterson. Joined with my co-host, Dave Vellante. Day four, you look great. Your voice has come back somehow. >> Yeah, a little bit. I don't know how. I took last night off. You guys, I know, were out partying all night, but - >> I don't know what you're talking about. (Dave laughing) >> Well, you were celebrating John's birthday. John Furrier's birthday today. >> Yes, happy birthday John! >> He's on his way to England. >> Yeah. >> To attend his nephew's wedding. Awesome family. And so good luck, John. I hope you feel better, he's got a little cold. >> I know, good luck to the newlyweds. I love this. I know we're both really excited for our next guest, so I'm going to bring out, Lena Smart from MongoDB. Thank you so much for being here. >> Thank you for having me. >> How's the show going for you? >> Good. It's been a long week. And I just, not much voice left, so. >> We'll be gentle on you. >> I'll give you what's left of it. >> All right, we'll take that. >> Okay. >> You had a fireside chat, at the show? >> Lena: I did. >> Can you tell us a little bit about that? >> So we were talking about the Rise, The developer is a platform. In this massive theater. I thought it would be like an intimate, you know, fireside chat. I keep believing them when they say to me come and do these talks, it'll be intimate. And you turn up and there's a stage and a theater and it's like, oh my god. But it was really interesting. It was well attended. Got some really good questions at the end as well. Lots of follow up, which was interesting. And it was really just about, you know, how we've brought together this developer platform that's got our integrated services. It's just what developers want, it gives them time to innovate and disrupt, rather than worry about the minutia of management. >> Savannah: Do the cool stuff. >> Exactly. >> Yeah, so you know Lena, it's funny that you're saying that oh wow, the lights came on and it was this big thing. When when we were at re:Inforced, Lena was on stage and it was so funny, Lena, you were self deprecating like making jokes about the audience. >> Savannah: (indistinct) >> It was hilarious. And so, but it was really endearing to the audience and so we were like - >> Lena: It was terrifying. >> You got huge props for that, I'll tell you. >> Absolutely terrifying. Because they told me I wouldn't see anyone. Because we did the rehearsal the day before, and they were like, it's just going to be like - >> Sometimes it just looks like blackness out there. >> Yeah, yeah. It wasn't, they lied. I could see eyeballs. It was terrifying. >> Would you rather know that going in though? Or is it better to be, is ignorance bliss in that moment? >> Ignorance is bliss. >> Yeah, yeah yeah. >> Good call Savannah, right? Yeah, just go. >> The older I get, the more I'm just, I'm on the ignorance is bliss train. I just, I don't need to know anything that's going to hurt my soul. >> Exactly. >> One of the things that you mentioned, and this has actually been a really frequent theme here on the show this week, is you said that this has been a transformative year for developers. >> Lena: Yeah. >> What did you mean by that? >> So I think developers are starting to come to the fore, if you like, the fore. And I'm not in any way being deprecating about developers 'cause I love them. >> Savannah: I think everyone here does. >> I was married to one, I live with one now. It's like, they follow me everywhere. They don't. But, I think they, this is my opinion obviously but I think that we're seeing more and more the value that developers bring to the table. They're not just code geeks anymore. They're not just code monkeys, you know, churning out lines and lines of code. Some of the most interesting discussions I've had this week have been with developers. And that's why I'm so pleased that our developer data platform is going to give these folks back time, so that they can go and innovate. And do super interesting things and do the next big thing. It was interesting, I was talking to Mary, our comms person earlier and she had said that Dave I guess, my boss, was on your show - >> Dave: Yeah, he was over here last night. >> Yeah. And he was saying that two thirds of the companies that had been mentioned so far, within the whole gamut of this conference use MongoDB. And so take that, extrapolate that, of all the developers >> Wow. >> who are there. I know, isn't that awesome? >> That's awesome. Congrats on that, that's like - >> Did I hear that right now? >> I know, I just had that moment. >> I know she just told me, I'm like, really? That's - >> That's so cool. >> 'Cause the first thing I thought of was then, oh my god, how many developers are we reaching then? 'Cause they're the ones. I mean, it's kind of interesting. So my job has kind of grown from, over the years, being the security geek in the back room that nobody talks to, to avoiding me in the lift, to I've got a seat at the table now. We meet with the board. And I think that I can see that that's where the developer mindset is moving towards. It's like, give us the right tools and we'll change your world. >> And let the human capital go back to doing the fun stuff and not just the maintenance stuff. >> And, but then you say that, you can't have everything automated. I get that automation is also the buzzword of the week. And I get that, trust me. Someone has to write the code to do the automation. >> Savannah: Right. >> So, so yeah, definitely give these people back time, so that they can work on ML, AI, choose your buzzword. You know, by giving people things like queriable encryption for example, you're going to free up a whole bunch of head space. They don't have to worry about their data being, you know harvested from memory or harvested while at rest or in motion. And it's like, okay, I don't have to worry about that now, let me go do something fun. >> How about the role of the developer as it relates to SecOps, right? They're being asked to do a lot. You and I talked about this at re:Inforce. You seem to have a pretty good handle on it. Like a lot of companies I think are struggling with it. I mean, the other thing you said said to me is you don't have a lack of talent at Mongo, right? 'Cause you're Mongo. But a lot of companies do. But a lot of the developers, you know we were just talking about this earlier with Capgemini, the developer metrics or the application development team's metrics might not be aligned with the CSO's metrics. How, what are you seeing there? What, how do you deal with it within Mongo? What do you advise your customers? >> So in terms of internal, I work very closely with our development group. So I work with Tara Hernandez, who's our new VP of developer productivity. And she and her team are very much interested in making developers more productive. That's her job. And so we get together because sometimes security can definitely be seen as a blocker. You know, funnily enough, I actually had a Slack that I had to respond to three seconds before I come on here. And it was like, help, we need some help getting this application through procurement, because blah, blah, blah. And it's weird the kind of change, the shift in mindset. Whereas before they might have gone to procurement or HR or someone to ask for this. Now they're coming to the CSO. 'Cause they know if I say yes, it'll go through. >> Talk about social engineering. >> Exactly. >> You were talking about - >> But turn it around though. If I say no, you know, I don't like to say no. I prefer to be the CSO that says yes, but. And so that's what we've done. We've definitely got that culture of ask, we'll tell you the risks, and then you can go away and be innovative and do what you need to do. And we basically do the same with our customers. Here's what you can do. Our application is secure out of the box. Here's how we can help you make it even more, you know, streamlined or bespoke to what you need. >> So mobile was a big inflection point, you know, I dunno, it seems like forever ago. >> 2007. >> 2007. Yeah, iPhone came out in 2007. >> You remember your first iPhone? >> Dave: Yeah. >> Yeah? Same. >> Yeah. It was pretty awesome, actually. >> Yeah, I do too. >> Yeah, I was on the train to Boston going up to see some friends at MIT on the consortium that I worked with. And I had, it was the wee one, 'member? But you thought it was massive. >> Oh, it felt - >> It felt big. And I remember I was sitting on the train to Boston it was like the Estella and there was these people, these two women sitting beside me. And they were all like glam, like you and unlike me. >> Dave: That's awesome. >> And they, you could see them like nudging each other. And I'm being like, I'm just sitting like this. >> You're chilling. >> Like please look at my phone, come on just look at it. Ask me about it. And eventually I'm like - >> You're baiting them. >> nonchalantly laid it on the table. And you know, I'm like, and they're like, is that an iPhone? And I'm like, yeah, you want to see it? >> I thought you'd never ask. >> I know. And I really played with it. And I showed them all the cool stuff, and they're like, oh we're going to buy iPhones. And so I should have probably worked for Apple, but I didn't. >> I was going to say, where was your referral kickback on that? Especially - >> It was a little like Tesla, right? When you first, we first saw Tesla, it was Ray Wong, you know, Ray? From Pasadena? >> It really was a moment and going from the Blackberry keyboard to that - >> He's like want to see my car? And I'm like oh yeah sure, what's the big deal? >> Yeah, then you see it and you're like, ooh. >> Yeah, that really was such a pivotal moment. >> Anyway, so we lost a track, 2007. >> Yeah, what were we talking about? 2007 mobile. >> Mobile. >> Key inflection point, is where you got us here. Thank you. >> I gotchu Dave, I gotchu. >> Bring us back here. My mind needs help right now. Day four. Okay, so - >> We're all getting here on day four, we're - >> I'm socially engineering you to end this, so I can go to bed and die quietly. That's what me and Mary are, we're counting down the minutes. >> Holy. >> That's so sick. >> You're breaking my heart right now. I love it. I'm with you, sis, I'm with you. >> So I dunno where I was, really where I was going with this, but, okay, there's - >> 2007. Three things happened. >> Another inflection point. Okay yeah, tell us what happened. But no, tell us that, but then - >> AWS, clones, 2006. >> Well 2006, 2007. Right, okay. >> 2007, the iPhone, the world blew up. So you've already got this platform ready to take all this data. >> Dave: Right. >> You've got this little slab of gorgeousness called the iPhone, ready to give you all that data. And then MongoDB pops up, it's like, woo-hoo. But what we could offer was, I mean back then was awesome, but it was, we knew that we would have to iterate and grow and grow and grow. So that was kind of the three things that came together in 2007. >> Yeah, and then Cloud came in big time, and now you've got this platform. So what's the next inflection point do you think? >> Oh... >> Good question, Dave. >> Don't even ask me that. >> I mean, is it Edge? Is it IOT? Is there another disruptor out there? >> I think it's going to be artificial intelligence. >> Dave: Is it AI? >> I mean I don't know enough about it to talk about it, to any level, so don't ask me any questions about it. >> This is like one of those ignorance is bliss moments. It feels right. >> Yeah. >> Well, does it scare you, from a security perspective? Or? >> Great question, Dave. >> Yeah, it scares me more from a humanity standpoint. Like - >> More than social scared you? 'Cause social was so benign when it started. >> Oh it was - >> You're like, oh - I remember, >> It was like a yearbook. I was on the Estella and we were - >> Shout out to Amtrak there. >> I was with, we were starting basically a wikibond, it was an open source. >> Yeah, yeah. >> Kind of, you know, technology community. And we saw these and we were like enamored of Facebook. And there were these two young kids on the train, and we were at 'em, we were picking the brain. Do you like Facebook? "I love Facebook." They're like "oh, Facebook's unbelievable." Now, kids today, "I hate Facebook," right? So, but social at the beginning it was kind of, like I say, benign and now everybody's like - >> Savannah: We didn't know what we were getting into. >> Right. >> I know. >> Exactly. >> Can you imagine if you could have seen into the future 20 years ago? Well first of all, we'd have all bought Facebook and Apple stock. >> Savannah: Right. >> And Tesla stock. But apart from, but yeah apart from that. >> Okay, so what about Quantum? Does that scare you at all? >> I think the only thing that scares me about Quantum is we have all this security in place today. And I'm not an expert in Quantum, but we have all this security in place that's securing what we have today. And my worry is, in 10 years, is it still going to be secure? 'Cause we're still going to be using that data in some way, shape, or form. And my question is to the quantum geniuses out there, what do we do in 10 years like to retrofit the stuff? >> Dave: Like a Y2K moment? >> Kind of. Although I think Y2K is coming in 2038, isn't it? When the Linux date flips. I'll be off the grid by then, I'll be living in Scotland. >> Somebody else's problem. >> Somebody else's problem. I'll be with the sheep in Glasgow, in Scotland. >> Y2K was a boondoggle for tech, right? >> What a farce. I mean, that whole - >> I worked in the power industry in Y2K. That was a nightmare. >> Dave: Oh I bet. >> Savannah: Oh my God. >> Yeah, 'cause we just assumed that the world was going to stop and there been no power, and we had nuclear power plants. And it's like holy moly. Yeah. >> More than moly. >> I was going to say, you did a good job holding that other word in. >> I think I was going to, in case my mom hears this. >> I grew up near Diablo Canyon in, in California. So you were, I mean we were legitimately worried that that exactly was going to happen. And what about the waste? And yeah it was chaos. We've covered a lot. >> Well, what does worry you? Like, it is culture? Is it - >> Why are you trying to freak her out? >> No, no, because it's a CSO, trying to get inside the CSO's head. >> You don't think I have enough to worry about? You want to keep piling on? >> Well if it's not Quantum, you know? Maybe it's spiders or like - >> Oh but I like spiders, well spiders are okay. I don't like bridges, that's my biggest fear. Bridges. >> Seriously? >> And I had to drive over the Tappan Zee bridge, which is one of the longest, for 17 years, every day, twice. The last time I drove over it, I was crying my heart out, and happy as anything. >> Stay out of Oakland. >> I've never driven over it since. Stay out of where? >> Stay out of Oakland. >> I'm staying out of anywhere that's got lots of water. 'Cause it'll have bridges. >> Savannah: Well it's good we're here in the desert. >> Exactly. So what scares me? Bridges, there you go. >> Yeah, right. What? >> Well wait a minute. So if I'm bridging technology, is that the scary stuff? >> Oh God, that was not - >> Was it really bad? >> It was really bad. >> Wow. Wow, the puns. >> There's a lot of seems in those bridges. >> It is lit on theCUBE A floor, we are all struggling. I'm curious because I've seen, your team is all over the place here on the show, of course. Your booth has been packed the whole time. >> Lena: Yes. >> The fingerprint. Talk to me about your shirt. >> So, this was designed by my team in house. It is the most wanted swag in the company, because only my security people wear it. So, we make it like, yeah, you could maybe have one, if this turns out well. >> I feel like we're on the right track. >> Dave: If it turns out well. >> Yeah, I just love it. It's so, it's just brilliant. I mean, it's the leaf, it's a fingerprint. It's just brilliant. >> That's why I wanted to call it out. You know, you see a lot of shirts, a lot of swag shirts. Some are really unfortunately sad, or not funny, >> They are. >> or they're just trying too hard. Now there's like, with this one, I thought oh I bet that's clever. >> Lena: It is very cool. Yes, I love it. >> I saw a good one yesterday. >> Yeah? >> We fix shit, 'member? >> Oh yeah, yeah. >> That was pretty good. >> I like when they're >> That's a pretty good one. >> just straightforward, like that, yeah yeah. >> But the only thing with this is when you're say in front of a green screen, you look as though you've got no tummy. >> A portal through your body. >> And so, when we did our first - >> That's a really good point, actually. >> Yeah, it's like the black hole to nothingless. And I'm like wow, that's my soul. >> I was just going to say, I don't want to see my soul like that. I don't want to know. >> But we had to do like, it was just when the pandemic first started, so we had to do our big presentation live announcement from home. And so they shipped us all this camera equipment for home and thank God my partner knows how that works, so he set it all up. And then he had me test with a green screen, and he's like, you have no tummy. I'm like, what the hell are you talking about? He's like, come and see. It's like this, I dunno what it was. So I had to actually go upstairs and felt tip with a magic marker and make it black. >> Wow. >> So that was why I did for two hours on a Friday, yeah. >> Couldn't think of another alternative, huh? >> Well no, 'cause I'm myopic when it comes to marketing and I knew I had to keep the tshirt on, and I just did that. >> Yeah. >> In hindsight, yes I could have worn an "I Fix Shit" tshirt, but I don't think my husband would've been very happy. I secure shit? >> There you go, yeah. >> There you go. >> Over to you, Savannah. >> I was going to say, I got acquainted, I don't know if I can say this, but I'm going to say it 'cause we're here right now. I got acquainted with theCUBE, wearing a shirt that said "Unfuck Kubernetes," 'cause it was a marketing campaign that I was running for one of my clients at Kim Con last year. >> That's so good. >> Yeah, so - >> Oh my God. I'll give you one of these if you get me one of those. >> I can, we can do a swapskee. We can absolutely. >> We need a few edits on this film, on the file. >> Lena: Okay, this is nothing - >> We're fallin' off the wheel. Okay, on that note, I'm going to bring us to our challenge that we discussed, before we got started on this really diverse discussion that we have had in the last 15 minutes. We've covered everything from felt tip markers to nuclear power plants. >> To the darkness of my soul. >> To the darkness of all of our souls. >> All of our souls, yes. >> Which is perhaps a little too accurate, especially at this stage in the conference. You've obviously seen a lot Lena, and you've been rockin' it, I know John was in your suite up here, at at at the Venetian. What's your 30 second hot take? Most important story, coming out of the show or for you all at Mongo this year? >> Genuinely, it was when I learned that two-thirds of the customers that had been mentioned, here, are MongoDB customers. And that just exploded in my head. 'Cause now I'm thinking of all the numbers and the metrics and how we can use that. And I just think it's amazing, so. >> Yeah, congratulations on that. That's awesome. >> Yeah, I thought it was amazing. >> And it makes sense actually, 'cause Mongo so easy to use. We were talking about Tengen. >> We knew you when, I feel that's our like, we - >> Yeah, but it's true. And so, Mongo was just really easy to use. And people are like, ah, it doesn't scale. It's like, turns out it actually does scale. >> Lena: Turns out, it scales pretty well. >> Well Lena, without question, this is my favorite conversation of the show so far. >> Thank you. >> Thank you so much for joining us. >> Thank you very much for having me. >> Dave: Great to see you. >> It's always a pleasure. >> Dave: Thanks Lena. >> Thank you. >> And thank you all, tuning in live, for tolerating wherever we take these conversations. >> Dave: Whatever that was. >> I bet you weren't ready for this one, folks. We're at AWS re:Invent in Las Vegas, Nevada. With Dave Vellante, I'm Savannah Peterson. You're washing theCUBE, the leader for high tech coverage.

(bright upbeat music) >> Hello, wonderful Cloud community and welcome back to our wall-to-wall coverage of AWS re:Invent here in Las Vegas, Nevada. I'm Savannah Peterson, joined by the brilliant John Furrier. John, how you doing this afternoon? >> Doing great, feeling good. We've got day three here, another day tomorrow. Wall-to-wall coverage we're already over a hundred something videos, live getting up. >> You're holding up well. >> And then Cloud show is just popping. It's back to pre-pandemic levels. The audience is here, what recession? But there is one coming but apparently doesn't seem to be an unnoticed with the Cloud community. >> I think, we'll be talking a little bit about that in our next interview in the state of the union. Not just our union, but the the general global economy and the climate there with some fabulous guests from Software One. Please welcome Neil and Bernd, welcome to the show, guys. How you doing? >> Great, thank you. >> Really good. >> Yeah, like you said, just getting over the jet lag. >> Yeah, yeah. Pretty good today, yeah, (laughing loudly) glad we did it today. >> I love that Neil, set your smiling and I can feel your energy. Tell us a little bit about Software One and what you all do. >> Yeah, so Software One we're a software and Cloud solutions provider. We're in 90 countries. We have 65,000 customers. >> Savannah: Just a few. >> Yeah, and we really focus on being close to the customers and helping customers through their software and Cloud journey. So we transact, we sell software in Cloud, 10,000 different ISVs. And then on top of that we a lot of services around the spend optimization FinOps we'll talk about as well, and lots of other areas. But yeah, we're really a large scale partner in this space. >> That's awesome. FinOps, cost optimization, pretty much all we've been talking about here on the give. It's very much a hot topic. I'm actually excited about this and Bernd I'm going to throw this one to you first. We haven't actually done a proper definition of what FinOps is at the show yet. What is FinOps? >> Well, largely speaking it's Cloud cost optimization but for us it's a lot more than for others. That's our superpower. We do it all. We do the technology side but we also do the licensing side. So, we have a differentiated offering. If you would look at the six Rs of application migration we do it all, not even an Accenture as it all. And that is our differentiation. >> You know, yesterday Adams left was on the Keynote. He's like waving his hands around. It's like, "Hey, we got if you want to tighten your belt, come to the Cloud." I'm like, wait a minute. In 2008 when the last recession, Amazon wasn't a factor. They were small. Now they're massive, they're huge. They're a big part of the economic equation. What does belt tightening mean? Like what does that mean? Like do customers just go to the marketplace? Do they go, do you guys, so a lot of moving parts now on how they're buying software and they're fine tuning their Cloud too. It's not just eliminate budget, it's fine tune the machine if you will... >> 'make a smarter Cloud. >> Explain this phenomenon, how people are tackling this cost optimization, Cloud optimization. 'Cause they're not going to stop building. >> No. >> This is right sizing and tuning and cutting. >> Yeah, we see, of course with so many customers in so many countries, we have a lot of different views on maturity and we see customers taking the FinOps journey at different paces. But fundamentally what we see is that it's more of an afterthought and coming in at a panic stage rather than building it and engaging with it from the beginning and doing it continuously. And really that's the huge opportunity and AWS is a big believer in this of continued optimization of the Cloud is a confident Cloud. A confident Cloud means you'll do more with it. If you lose confidence in that bill in what how much it's costing you, you're going to retract. And so it's really about making sure all customers know exactly what's in there, how it's optimized, restocking, reformatting applications, getting more out of the microservices and getting more value out the Cloud and that will help them tighten that belt. >> So the euphoric enthusiasm of previous years of building water just fallen the pipes leaving the lights on when you go to bed. I mean that's kind of the mentality. People were not literally I won't say they weren't not paying attention but there was some just keep going we're all good now it's like whoa, whoa. We turn that service off and no one's using it or do automation. So there's a lot more of that mindset emerging. We're hearing that for the first time price performance being mindful of what's on and off common sense basically. >> Yeah, but it's not just that the lights are on and the faucets are open it's also the air condition is running. So the FinOps foundation is estimating that about a third of Cloud spend is waste and that's where FinOps comes in. We can help customers be more efficient in the Cloud and lower their Cloud spend while doing the same or more. >> So, let's dig in a little bit there. How do you apply FinOps when migrating to the Cloud? >> Well, you start with the business case and you're not just looking at infrastructure costs like most people do you ought look at software licensing costs. For example, if you run SQL on-premise you have an enterprise agreement. But if you move it to the Cloud you may actually take a different more favorable licensing agreement and save a lot of money. And these things are hidden. They're not to be seen but they need to be part of the business case. >> When you look at the modernization trend we had an analyst on our session with David Vellante and Zs (indistinct) from ZK Consulting. He had an interesting comment. He said, "Spend more in Cloud to save more." Which is a mindset that doesn't come across right. Wait a minute, spend more, save more. You can do bet right now with the Clouds kind of the the thesis of FinOps, you don't have to cut. Just kind of cut the waste out but still spend and build if you're smart, there's a lot more of that going on. What does that mean? >> I mean, yeah I've got a good example of this is, we're the largest Microsoft provider in the world. And when of course when you move Microsoft workloads to the Cloud, you don't... Maybe you don't want a server, you can go serverless, right? So you may not win a server. Bernd said SQL, right? So, it's not just about putting applications in the Cloud and workloads in the Cloud. It's about modernizing them and then really taking advantage of what you can really do in the Cloud. And I think that's where the customers are still pretty immature. They're still on that journey of throwing stuff in there and then realizing actually they can take way more advantage of what services are in there to reduce the amount and get even more in there. >> Yeah, and so the... You want to say, something? >> How much, just building on the stereotypical image of Cloud customer is the marketing person with a credit card, right? And there are many of them and they all buy their own Cloud and companies have a hard time consolidating the spend pulling it together, even within a country. But across countries across the globe, it's really, really hard. If you pull it all together, you get a better discount. You spend more to save more. >> Yeah, and also there's a human piece. We had an intern two summers ago playing with our Cloud. We're on a Cloud with our media plus stack left a service was playing around doing some tinkering and like, where's this bill? What is this extra $20,000 came from. It just, we left a service on... >> It's a really good point actually. It's something that we see almost every day right now which is customers also not understanding what they've put in the Cloud and what the implications of spikes are. And also therefore having really robust monitoring and processes and having a partner that can look after that for them. Otherwise we've got customers where they've been really shocked about not doing things the right way because they've empowered the business but also not with the maturity that the business needs to have that responsibility. >> And that's a great point. New people coming in and or people being platooned through new jobs are getting used to the Cloud. That's a great point. I got that brings up my security question 'cause this comes up a lot. So that's what's a lot of spend of people dialing up more security. Obviously people try everything with security, every tool, every platform, and throw everything at the problem. How does that impact the FinOps equation? 'Cause Dev SecOps is now part of everything. Okay, moving security at the CICD pipeline, that's cool. Check Cloud native applications, microservices event-based services check. But now you've got more security. How does that factor into the cost side? What you guys look at that can you share your thoughts on how your customers are managing their security posture without getting kind of over the barrel, if you will? >> Since we are at AWS re:Invent, right? We can talk about the well architected framework of AWS and there's six components to it. And there's reliability, there's security cost, performance quality, operational quality and sustainability. And so when we think about migrating apps to the Cloud or modernizing them in the Cloud security is always a table stakes. >> And it has to be, yeah, go ahead. >> I really like what AWS is doing with us on that. We partner very closely on that area. And to give you a parallel example of Microsoft I don't feel very good about that at the moment. We see a lot of customers right now that get hacked and normally it's... >> 'yeah that's such a topic. >> You mean on Azure? >> Yeah, and what happens is that they normally it's a crypto mining script that the customer comes in they come in as the customer get hacked and then they... We saw an incident the other day where we had 2,100 security incidents in a minute where it all like exploded on the customer side. And so that's also really important is that the customer's understanding that security element also who they're letting in and out of their organization and also the responsibility they have if things go bad. And that's also not aware, like when they get hacked, are they responsible for that? Are they not responsible? Is the provider... >> 'shared responsibility? >> Yeah. >> 'well that security data lake the open cybersecurity schema framework. That's going to be very interesting to see how that plays out to your point. >> Absolutely, absolutely. >> Yeah, it is fascinating and it does require a lot of collaboration. What other trends, what other big challenges are you seeing? You're obviously working with customers at incredible scale. What are some of the other problems you're helping them tackle? >> I think we work with customers from SMB all the way up to enterprise and public sector. But what we see is more in the enterprise space. So we see a lot of customers willing to commit a lot to the Cloud based on all the themes that we've set but not commit financially for all the PNLs that they run in all the business units of all the different companies that they may own in different countries. So it's like, how can I commit but not be responsible on the hook for the bill that comes in. And we see this all the time right now and we are working closely with AWS on this. And we see the ability for customers to commit centrally but decentralized billing, decentralized optimization and decentralized FinOps. So that's that educational layer within the business units who owns the PNL where they get that fitness and they own what they're spending but the company is alone can commit to AWS. And I think that's a big trend that we are seeing is centralized commitment but decentralized ownership in that model. >> And that's where the marketplaces kind of fit in as well. >> Absolutely. >> Yeah, yeah. Do you want to add some more on that? >> I mean the marketplace, if you're going to cut your bill you go to the marketplace right there you want single dashboard or your marketplace what's the customer going to do when they're going to tighten their belts? What do they do? What's their workflow, marketplace? What's the process? >> Well, on marketplaces, the larger companies will have a private marketplace with dedicated pricing managed service they can call off. But that's for the software of the shelf. They still have the data centers they still have all the legacy and they need to do the which ones are we going to keep which ones are we going to retire, we repurchase, we license, rehouse, relocate, all of those things. >> That's your wheelhouse. >> It's a three, yes is our wheelhouse. It's a three to five year process for most companies. >> This could be a tailwind for you guys. This is like a good time. >> I mean FinOps is super cool and super hot right now. >> Not that you're biased? (all laughing loudly) >> But look, it's great to see it because well we are the magic quadrant leader in software asset management, which is a pedigree of ours. But we always had to convince customers to do that because they're always worried, oh what you're going to find do I have an audit? Do I have to give Oracles some more money or SAP some more money? So there's always like, you know... >> 'don't, (indistinct). >> How compliant do I really want? >> Is anyone paying attention to this? >> Well FinOps it's all upside. Like it's all upside. And so it's completely flipped. And now we speak to most customers that are building FinOps internally and then they're like, hold on a minute I'm a bank. Why do I have hundred people doing FinOps? And so that's the trend that we've seen because they just get more and more value out of it all the time. >> Well also the key mindset is that the consumption based model of Cloud you mentioned Oracle 'cause they're stuck in that whoa, whoa, whoa, how many servers license and they're stuck in that extortion. And now they got Cloud once you're on a variable, what's the downside? >> Exactly and then you can look at all the applications, see where you can go serverless see where you can go native services all that sort of stuff is all upside. >> And for the major workloads like SAP and Oracle and Microsoft defined that customers save in the millions. >> Well just on that point, those VMware, SAP, these workloads they're being rolled and encapsulated into containers and Kubernetes run times moved into the Cloud, they're being refactored. So that's a whole nother ballgame. >> Yes. Lift and shift usually doesn't save you any money. So that's relocation with containers may save you money but in some cases you have to... >> 'it's more in the Cloud now than ever before. >> Yeah >> Yeah, yeah. >> Before we take him to the challenge portion we have a little quiz for you, or not a quiz, but a little prop for you in a second. I want to talk about your role. You have a very important role at the FinOps Foundation and why don't you tell me more about that? You, why don't you go. >> All right, so yeah I mean we are a founding member of the Finops organization. You can tell I'm super passionate about it as well. >> I wanted to keep that club like a poster boy for FinOps right now. It's great, I love the energy. >> You have some VA down that is going to go up on the table and dance, (all laughing loudly) >> We're ready for it. We're waiting for that performance here on theCUBE this week. I promise I would keep everyone up an alert... >> 'and it's on the post. And our value to the foundation is first of all the feedback we get from all our customers, right? We can bring that back as an organization to that also as one of the founding members. We're one of the only ones that really deliver services and platforms. So we'll work with Cloud health, Cloud ability our own platform as well, and we'll do that. And we have over 200 practitioners completely dedicated to FinOps as well. So, it's a great foundation, they're doing an amazing job and we're super proud to be part of that. >> Yeah, I love that you're contributing to the community as well as supporting it, looking after your customers. All right, so our new tradition here on theCUBE at re:Invent 'cause we're looking for your 32nd Instagram reel hot take sizzle of thought leadership on the number one takeaway most important theme of the show this year Bernd do you want to go first? >> Of the re:Invent show or whatever? >> You can interpret that however you want. We've gotten some unique interpretations throughout the week, so we're probing. >> Everybody's looking for the superpower to do more with less in the Cloud. That will be the theme of 2023. >> Perfect, I love that. 10 seconds, your mic very efficient. You're clearly providing an efficient solution based on that answer. >> I won't that much. That's... (laughing loudly) >> It's the quiz. And what about you Neil? Give us your, (indistinct) >> I'm going to steal your comment. It's exactly what I was thinking earlier. Tech is super resilient and tech is there for customers when they want to invest and modernize and do fun stuff and they're also there for when they want to save money. So we are always like a constant and you see that here. It's like this is... It's always happening here, always happening. >> It is always happening. It really can feel the energy. I hope that the show is just as energetic and fun for you guys. As the last few minutes here on theCUBE has been thank you both for joining us. >> Thanks. >> Thank you very much. >> And thank you all so much for tuning in. I hope you enjoyed this conversation about FinOps, Cloud confidence and all things AWS re:Invent. We're here in Las Vegas, Nevada with John Furrier, my name is Savannah Peterson. You're watching theCUBE, the leader in high tech coverage. (bright upbeat music)

>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for, eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now, that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers, which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges, and I'm not saying that SecOps pros are now talented. They are. There just aren't enough of them to go around, and the adversary is also talented and very creative, and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically, we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante, and I'm your host now. Previously, we looked at what trusted infrastructure means >>And the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that devs SEC op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies, and after that we're gonna bring on Mahesh Naar oim, who was a consultant in the networking product management area at Dell. And finally, we're closed with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program.

>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges. And I'm not saying that SecOps pros are not talented. They are. There just aren't enough of them to go around and the adversary is also talented and very creative and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante and I'm your host now. Previously we looked at what trusted infrastructure means and the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. >>Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that dev sec op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies. And after that we're gonna bring on Mahesh Nagar oim, who was consultant in the networking product management area at Dell. And finally, we're close with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program. Deepak Arage shoes powered security product manager at Dell Technologies. Deepak, great to have you on the program. Thank you. >>Thank you for having me. >>So we're going through the infrastructure stack and in part one of this series we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection in, in security in a manner that both secures infrastructure and minimizes organizational friction. We also hit on the storage part of the portfolio. So now we want to dig into servers. So my first question is, what are the critical aspects of securing server infrastructure that our audience should be aware of? >>Sure. So if you look at compute in general, right, it has rapidly evolved over the past couple of years, especially with trends toward software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds, public cloud locations, remote offices, and also remote workers. So on top of this, there's also an increase in the complexity of the supply chain itself, right? There are companies who are dealing with hundreds of suppliers as part of their supply chain. So all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked, and attacks are becoming more frequent, more severe and more sophisticated. And this has also triggered around in the regulatory and mandates around the security needs. >>And these regulations are not just in the government sector, right? So it extends to critical infrastructure and eventually it also get into the private sector. In addition to this, organizations are also looking at their own internal compliance mandates. And this could be based on the industry in which they're operating in, or it could be their own security postures. And this is the landscape in which servers they're operating today. And given that servers are the foundational blocks of the data center, it becomes extremely important to protect them. And given how complex the modern server platforms are, it's also extremely difficult and it takes a lot of effort. And this means protecting everything from the supply chain to the manufacturing and then eventually the assuring the hardware and software integrity of the platforms and also the operations. And there are very few companies that go to the lens that Dell does in order to secure the server. We truly believe in the notion and the security mentality that, you know, security should enable our customers to go focus on their business and proactively innovate on their business and it should not be a burden to them. And we heavily invest to make that possible for our customers. >>So this is really important because the premise that I set up at the beginning of this was really that I, as of security pro, I'm not a security pro, but if I were, I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I gotta deal with. I want a company like Dell who has the resources to build that security in to deal with the supply chain to ensure the providence, et cetera. So I'm glad you you, you hit on that, but so given what you just said, what does cybersecurity resilience mean from a server perspective? For example, are there specific principles that Dell adheres to that are non-negotiable? Let's say, how does Dell ensure that its customers can trust your server infrastructure? >>Yeah, like when, when it comes to security at Dell, right? It's ingrained in our product, so that's the best way to put it. And security is nonnegotiable, right? It's never an afterthought where we come up with a design and then later on figure out how to go make it secure, right? Our security development life cycle, the products are being designed to counter these threats right from the big. And in addition to that, we are also testing and evaluating these products continuously to identify vulnerabilities. We also have external third party audits which supplement this process. And in addition to this, Dell makes the commitment that we will rapidly respond to any mitigations and vulnerability, any vulnerabilities and exposures found out in the field and provide mitigations and patches for in attacking manner. So this security principle is also built into our server life cycle, right? Every phase of it. >>So we want our products to provide cutting edge capabilities when it comes to security. So as part of that, we are constantly evaluating what our security model is done. We are building on it and continuously improving it. So till a few years ago, our model was primarily based on the N framework of protect, detect and rigor. And it's still aligns really well to that framework, but over the past couple of years we have seen how computers evolved, how the threads have evolved, and we have also seen the regulatory trends and we recognize the fact that the best security strategy for the modern world is a zero trust approach. And so now when we are building our infrastructure and tools and offerings for customers, first and foremost, they're cyber resilient, right? What we mean by that is they're capable of anticipating threats, withstanding attacks and rapidly recurring from attacks and also adapting to the adverse conditions in which they're deployed. The process of designing these capabilities and identifying these capabilities however, is done through the zero press framework. And that's very important because now we are also anticipating how our customers will end up using these capabilities at there and to enable their own zero trust IT environments and IT zero trusts deployments. We have completely adapted our security approach to make it easier for customers to work with us no matter where they are in their journey towards zero trust option. >>So thank you for that. You mentioned the, this framework, you talked about zero trust. When I think about n I think as well about layered approaches. And when I think about zero trust, I think about if you, if you don't have access to it, you're not getting access, you've gotta earn that, that access and you've got layers and then you still assume that bad guys are gonna get in. So you've gotta detect that and you've gotta response. So server infrastructure security is so fundamental. So my question is, what is Dell providing specifically to, for example, detect anomalies and breaches from unauthorized activity? How do you enable fast and easy or facile recovery from malicious incidents? >>Right? What is that is exactly right, right? Breachers are bound to happen. And given how complex our current environment is, it's extremely distributed and extremely connected, right? Data and users are no longer contained with an offices where we can set up a perimeter firewall and say, Yeah, everything within that is good. We can trust everything within it. That's no longer true. The best approach to protect data and infrastructure in the current world is to use a zero trust approach, which uses the principles. Nothing is ever trusted, right? Nothing is trusted implicitly. You're constantly verifying every single user, every single device, and every single access in your system at every single level of your ID environment. And this is the principles that we use on power Edge, right? But with an increased focus on providing granular controls and checks based on the principles of these privileged access. >>So the idea is that service first and foremost need to make sure that the threats never enter and they're rejected at the point of entry. But we recognize breaches are going to occur and if they do, they need to be minimized such that the sphere of damage cost by attacker is minimized. So they're not able to move from one part of the network to something else laterally or escalate their privileges and cause more damage, right? So the impact radius for instance, has to be radius. And this is done through features like automated detection capabilities and automation, automated remediation capabilities. So some examples are as part of our end to end boot resilience process, we have what they call a system lockdown, right? We can lock down the configuration of the system and lock on the form versions and all changes to the system. And we have capabilities which automatically detect any drift from that lockdown configuration and we can figure out if the drift was caused to authorized changes or unauthorized changes. >>And if it is an unauthorize change can log it, generate security alerts, and we even have capabilities to automatically roll the firm where, and always versions back to a known good version and also the configurations, right? And this becomes extremely important because as part of zero trust, we need to respond to these things at machine speed and we cannot do it at a human speed. And having these automated capabilities is a big deal when achieving that zero trust strategy. And in addition to this, we also have chassis inclusion detection where if the chassis, the box, the several box is opened up, it logs alerts, and you can figure out even later if there's an AC power cycle, you can go look at the logs to see that the box is opened up and figure out if there was a, like a known authorized access or some malicious actor opening and chain something in your system. >>Great, thank you for that lot. Lot of detail and and appreciate that. I want to go somewhere else now cuz Dell has a renowned supply chain reputation. So what about securing the, the supply chain and the server bill of materials? What does Dell specifically do to track the providence of components it uses in its systems so that when the systems arrive, a customer can be a hundred percent certain that that system hasn't been compromised, >>Right? And we've talked about how complex the modern supply chain is, right? And that's no different for service. We have hundreds of confidence on the server and a lot of these form where in order to be configured and run and this former competence could be coming from third parties suppliers. So now the complexity that we are dealing with like was the end to end approach. And that's where Dell pays a lot of attention into assuring the security approach approaching. And it starts all the way from sourcing competence, right? And then through the design and then even the manufacturing process where we are wetting the personnel leather factories and wetting the factories itself. And the factories also have physical controls, physical security controls built into them and even shipping, right? We have GPS tagging of packages. So all of this is built to ensure supply chain security. >>But a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any tapper. And we have a feature called the secure component verification, which is capable of doing this. What the feature does this, when the system gets built in a factory, it generates an inventory of all the competence in the system and it creates a cryptographic certificate based on the signatures presented to this by the competence. And this certificate is stored separately and sent to the customers separately from the system itself. So once the customers receive the system at their end, they can run out to, it generates an inventory of the competence on the system at their end and then compare it to the golden certificate to make sure nothing was changed. And if any changes are detected, we can figure out if there's an authorized change or unauthorize change. >>Again, authorized changes could be like, you know, upgrades to the drives or memory and ized changes could be any sort of temper. So that's the supply chain aspect of it. And bill of metal use is also an important aspect to galing security, right? And we provide a software bill of materials, which is basically a list of ingredients of all the software pieces in the platform. So what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulner, which have been discovered out in the wild affected platform. So that's a quick way of figuring out if the platform has any known vulnerabilities and it has not been patched. >>Excellent. That's really good. My last question is, I wonder if you, you know, give us the sort of summary from your perspective, what are the key strengths of Dell server portfolio from a security standpoint? I'm really interested in, you know, the uniqueness and the strong suit that Dell brings to the table, >>Right? Yeah. We have talked enough about the complexity of the environment and how zero risk is necessary for the modern ID environment, right? And this is integral to Dell powered service. And as part of that like you know, security starts with the supply chain. We already talked about the second component verification, which is a beneath feature that Dell platforms have. And on top of it we also have a silicon place platform mode of trust. So this is a key which is programmed into the silicon on the black service during manufacturing and can never be changed after. And this immutable key is what forms the anchor for creating the chain of trust that is used to verify everything in the platform from the hardware and software integrity to the boot, all pieces of it, right? In addition to that, we also have a host of data protection features. >>Whether it is protecting data at risk in news or inflight, we have self encrypting drives, which provides scalable and flexible encryption options. And this couple with external key management provides really good protection for your data address. External key management is important because you know, somebody could physically steam the server, walk away, but then the keys are not stored on the server, it stood separately. So that provides your action layer of security. And we also have dual layer encryption where you can compliment the hardware encryption on the secure encrypted drives with software level encryption. Inion to this we have identity and access management features like multifactor authentication, single sign on roles, scope and time based access controls, all of which are critical to enable that granular control and checks for zero trust approach. So I would say like, you know, if you look at the Dell feature set, it's pretty comprehensive and we also have the flexibility built in to meet the needs of all customers no matter where they fall in the spectrum of, you know, risk tolerance and security sensitivity. And we also have the capabilities to meet all the regulatory requirements and compliance requirements. So in a nutshell, I would say that, you know, Dell Power Service cyber resident infrastructure helps accelerate zero tested option for customers. >>Got it. So you've really thought this through all the various things that that you would do to sort of make sure that your server infrastructure is secure, not compromised, that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about, which are numerous. Thanks Deepak, appreciate you coming on the cube and participating in the program. >>Thank you for having >>You're welcome. In a moment I'll be back to dig into the networking portion of the infrastructure. Stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies on the cube. Your leader in enterprise and emerging tech coverage.

>>We're back with Jerome West, product management security lead at for HCI at Dell Technologies Hyper-converged infrastructure. Jerome, welcome. >>Thank you, David. >>Hey, Jerome, In this series, A blueprint for trusted infrastructure, we've been digging into the different parts of the infrastructure stack, including storage, servers and networking, and now we want to cover hyperconverged infrastructure. So my first question is, what's unique about HCI that presents specific security challenges? What do we need to know? >>So what's unique about Hyperconverge infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system, so like a server or a storage system or a virtualization piece of software. I mean, HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft, and internal partners like the Dell Power Edge team, the Dell storage team, the Dell networking team, and on and on. These partnerships, in these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past, we're seeing growing scope and sophistication in supply chain attacks. This mean an attacker is going to attack your software supply chain upstream so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short term solutions and we need long term solutions as well. >>So for the short term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio. We build our software on VMware, so we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily, VX Rail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle so that VMware will produce a patch and within 14 days we will integrate our own code. With the VMware release, we will have tested and validated the update and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, Vxl had over 40 releases of software updates last year for a longer term solution. We're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest, including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co engineer with effective collaborations with our, with our partners. >>Great, Thank you for that. That description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, and to me my takeaway was you gotta have a short term instant patch solution and then you gotta do an integration in a very short time, you know, two weeks to then have that integration done. And then longer term you have to have a software bill of materials so that you can ensure the providence of all the components help us. Is that a right way to think about cybersecurity resilience? Do you have, you know, a additives to that definition? >>I do. I really think that site cybersecurity and resilience for hci, because like I said, it has sort of unprecedented breadth across our portfolio. It's not a single thing, it's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me, let me give you an example. So hci, it's a, basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtual virtualizing hardware functionality, like say a storage controller, you could implement it in a hardware, but for hci, for example, in our VX rail portfolio, we, or our vxl product, we integrate it into a product called vsan, which is provided by our partner VMware. So that portfolio strength is still, you know, through our, through our partnerships. >>So what we do, we integrate these, these security functionality and features in into our product. So our partnership grows to our ecosystem through products like VMware, products like nsx, Verizon, Carbon Black and Bsphere. All of them integrate seamlessly with VMware. And we also leverage VMware's software, par software partnerships on top of that. So for example, VX supports multifactor authentication through bsphere integration with something called Active Directory Federation services for adfs. So there is a lot of providers that support adfs, including Microsoft Azure. So now we can support a wide array of identity providers such as Off Zero or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my my answer, we consume all of the security advantages of our partners, but we also expand on that to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >>Great. I mean that's super helpful. You've mentioned nsx, Horizon, Carbon Black, all the, you know, the VMware component OTH zero, which the developers are gonna love. You got Azure identity, so it's really an ecosystem. So you may have actually answered my next question, but I'm gonna ask it anyway cuz you've got this software defined environment and you're managing servers and networking and storage with this software led approach, how do you ensure that the entire system is secure end to end? >>That's a really great question. So the, the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example, the xra is the market's only co engineered solution with VMware, other vendors sell VMware as a hyperconverged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code and their process dovetails with ours because we have a secure development life cycle, which other products might talk about in their discussions with you that we integrate into our engineering life cycle. So because we follow the same framework, all of the, all of the codes should interoperate from a security standpoint. And so when we do our final validation testing when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >>That's great. All right, let's, let's close pitch me, what would you say is the strong suit summarize the, the strengths of the Dell hyperconverged infrastructure and converged infrastructure portfolio specifically from a security perspective? Jerome? >>So I talked about how hyper hyper-converged infrastructure simplifies security management because basically you're gonna take all of these features that are abstracted in in hardware, they're now abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be, say, you know, in for VX rail would be b be center, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the, the key to making it to hci. Now, what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co engineered, it's not bolted on. So I gave the example of, I gave the example of how we, we modify our software release process with VMware to make it very responsive. >>A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell that's not done through a partnership. So we digitally sign our software updates so you, the user can be sure that the, the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for, for example, the benefit to the customer is you don't have to create a complicated security framework that's hard for your users to use and it's hard for your system administrators to manage. It all comes in a package. So it, it can be all managed through vCenter, for example, or, and then the specific hyper, hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few pains of glass that the, the administrator or user ever has to worry about. It's all self contained and manageable. >>That makes a lot of sense. So you got your own infrastructure, you're applying your best practices to that, like the digital signatures, you've got your ecosystem, you're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason Jerome, this is so important is because SecOps teams, you know, they gotta deal with cloud security, they gotta deal with multiple clouds. Now they have their shared responsibility model going across multiple, They got all this other stuff that they have to worry, they gotta secure containers and the run time and, and, and, and, and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the, the securities is gonna get worse. So what my takeaway is, you're removing that infrastructure piece and saying, Okay guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners to, and your own teams to really nail that. Is that a fair summary? >>I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define, to define and develop a new security feature, the thing I keep foremost in mind is, will this be something our users want to use in our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user friendly and practical. And this is a challenge sometimes because we are, our products operate in highly regulated environments and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I, I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and, and other highly regulated environments, and we're very successful >>There. Excellent. Okay, Jerome, thanks. We're gonna leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry and so would appreciate that. >>I would look forward to it. Thank you very much, Dave. >>You're really welcome. In a moment I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. I wanna thank our guests for their contributions and helping us understand how investments by a company like Dell can both reduce the need for dev sec up teams to worry about some of the more fundamental security issues around infrastructure and have greater confidence in the quality providence and data protection designed in to core infrastructure like servers, storage, networking, and hyper-converged systems. You know, at the end of the day, whether your workloads are in the cloud, OnPrem or at the edge, you are responsible for your own security. But vendor r and d and vendor process must play an important role in easing the burden faced by security devs and operation teams. And on behalf of the cube production content and social teams as well as Dell Technologies, we want to thank you for watching a blueprint for trusted infrastructure. Remember part one of this series as well as all the videos associated with this program, and of course, today's program are available on demand@thecube.net with additional coverage@siliconangle.com. And you can go to dell.com/security solutions dell.com/security solutions to learn more about Dell's approach to securing infrastructure. And there's tons of additional resources that can help you on your journey. This is Dave Valante for the Cube, your leader in enterprise and emerging tech coverage. We'll see you next time.

>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges. And I'm not saying that SecOps pros are not talented, They are. There just aren't enough of them to go around and the adversary is also talented and very creative, and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante and I'm your host now. Previously we looked at what trusted infrastructure means and the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. >>Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that dev sec op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies. And after that we're gonna bring on Mahesh Nagar oim, who was consultant in the networking product management area at Dell. And finally, we're close with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program. Deepak Arage shoes powered security product manager at Dell Technologies. Deepak, great to have you on the program. Thank you. >>Thank you for having me. >>So we're going through the infrastructure stack and in part one of this series we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection in, in security in a manner that both secures infrastructure and minimizes organizational friction. We also hit on the storage part of the portfolio. So now we want to dig into servers. So my first question is, what are the critical aspects of securing server infrastructure that our audience should be aware of? >>Sure. So if you look at compute in general, right, it has rapidly evolved over the past couple of years, especially with trends toward software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds, public cloud locations, remote offices, and also remote workers. So on top of this, there's also an increase in the complexity of the supply chain itself, right? There are companies who are dealing with hundreds of suppliers as part of their supply chain. So all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked, and attacks are becoming more frequent, more severe and more sophisticated. And this has also triggered around in the regulatory and mandates around the security needs. >>And these regulations are not just in the government sector, right? So it extends to critical infrastructure and eventually it also get into the private sector. In addition to this, organizations are also looking at their own internal compliance mandates. And this could be based on the industry in which they're operating in, or it could be their own security postures. And this is the landscape in which servers they're operating today. And given that servers are the foundational blocks of the data center, it becomes extremely important to protect them. And given how complex the modern server platforms are, it's also extremely difficult and it takes a lot of effort. And this means protecting everything from the supply chain to the manufacturing and then eventually the assuring the hardware and software integrity of the platforms and also the operations. And there are very few companies that go to the lens that Dell does in order to secure the server. We truly believe in the notion and the security mentality that, you know, security should enable our customers to go focus on their business and proactively innovate on their business and it should not be a burden to them. And we heavily invest to make that possible for our customers. >>So this is really important because the premise that I set up at the beginning of this was really that I, as of security pro, I'm not a security pro, but if I were, I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I gotta deal with. I want a company like Dell who has the resources to build that security in to deal with the supply chain to ensure the providence, et cetera. So I'm glad you you, you hit on that, but so given what you just said, what does cybersecurity resilience mean from a server perspective? For example, are there specific principles that Dell adheres to that are non-negotiable? Let's say, how does Dell ensure that its customers can trust your server infrastructure? >>Yeah, like when, when it comes to security at Dell, right? It's ingrained in our product, so that's the best way to put it. And security is nonnegotiable, right? It's never an afterthought where we come up with a design and then later on figure out how to go make it secure, right? Our security development life cycle, the products are being designed to counter these threats right from the big. And in addition to that, we are also testing and evaluating these products continuously to identify vulnerabilities. We also have external third party audits which supplement this process. And in addition to this, Dell makes the commitment that we will rapidly respond to any mitigations and vulnerability, any vulnerabilities and exposures found out in the field and provide mitigations and patches for in attacking manner. So this security principle is also built into our server life cycle, right? Every phase of it. >>So we want our products to provide cutting edge capabilities when it comes to security. So as part of that, we are constantly evaluating what our security model is done. We are building on it and continuously improving it. So till a few years ago, our model was primarily based on the N framework of protect, detect and rigor. And it's still aligns really well to that framework, but over the past couple of years, we have seen how computers evolved, how the threads have evolved, and we have also seen the regulatory trends and we recognize the fact that the best security strategy for the modern world is a zero trust approach. And so now when we are building our infrastructure and tools and offerings for customers, first and foremost, they're cyber resilient, right? What we mean by that is they're capable of anticipating threats, withstanding attacks and rapidly recurring from attacks and also adapting to the adverse conditions in which they're deployed. The process of designing these capabilities and identifying these capabilities however, is done through the zero press framework. And that's very important because now we are also anticipating how our customers will end up using these capabilities at there and to enable their own zero trust IT environments and IT zero trusts deployments. We have completely adapted our security approach to make it easier for customers to work with us no matter where they are in their journey towards zero trust option. >>So thank you for that. You mentioned the, this framework, you talked about zero trust. When I think about n I think as well about layered approaches. And when I think about zero trust, I think about if you, if you don't have access to it, you're not getting access, you've gotta earn that, that access and you've got layers and then you still assume that bad guys are gonna get in. So you've gotta detect that and you've gotta response. So server infrastructure security is so fundamental. So my question is, what is Dell providing specifically to, for example, detect anomalies and breaches from unauthorized activity? How do you enable fast and easy or facile recovery from malicious incidents, >>Right? What is that is exactly right, right? Breachers are bound to happen and given how complex our current environment is, it's extremely distributed and extremely connected, right? Data and users are no longer contained with an offices where we can set up a perimeter firewall and say, Yeah, everything within that is good. We can trust everything within it. That's no longer true. The best approach to protect data and infrastructure in the current world is to use a zero trust approach, which uses the principles. Nothing is ever trusted, right? Nothing is trusted implicitly. You're constantly verifying every single user, every single device, and every single access in your system at every single level of your ID environment. And this is the principles that we use on power Edge, right? But with an increased focus on providing granular controls and checks based on the principles of these privileged access. >>So the idea is that service first and foremost need to make sure that the threats never enter and they're rejected at the point of entry, but we recognize breaches are going to occur and if they do, they need to be minimized such that the sphere of damage cost by attacker is minimized so they're not able to move from one part of the network to something else laterally or escalate their privileges and cause more damage, right? So the impact radius for instance, has to be radius. And this is done through features like automated detection capabilities and automation, automated remediation capabilities. So some examples are as part of our end to end boot resilience process, we have what they call a system lockdown, right? We can lock down the configuration of the system and lock on the form versions and all changes to the system. And we have capabilities which automatically detect any drift from that lockdown configuration and we can figure out if the drift was caused to authorized changes or unauthorized changes. >>And if it is an unauthorize change can log it, generate security alerts, and we even have capabilities to automatically roll the firm where, and always versions back to a known good version and also the configurations, right? And this becomes extremely important because as part of zero trust, we need to respond to these things at machine speed and we cannot do it at a human speed. And having these automated capabilities is a big deal when achieving that zero trust strategy. And in addition to this, we also have chassis inclusion detection where if the chassis, the box, the several box is opened up, it logs alerts, and you can figure out even later if there's an AC power cycle, you can go look at the logs to see that the box is opened up and figure out if there was a, like a known authorized access or some malicious actor opening and chain something in your system. >>Great, thank you for that lot. Lot of detail and and appreciate that. I want to go somewhere else now cuz Dell has a renowned supply chain reputation. So what about securing the, the supply chain and the server bill of materials? What does Dell specifically do to track the providence of components it uses in its systems so that when the systems arrive, a customer can be a hundred percent certain that that system hasn't been compromised, >>Right? And we've talked about how complex the modern supply chain is, right? And that's no different for service. We have hundreds of confidence on the server and a lot of these form where in order to be configured and run and this former competence could be coming from third parties suppliers. So now the complexity that we are dealing with like was the end to end approach and that's where Dell pays a lot of attention into assuring the security approach approaching and it starts all the way from sourcing competence, right? And then through the design and then even the manufacturing process where we are wetting the personnel leather factories and wetting the factories itself. And the factories also have physical controls, physical security controls built into them and even shipping, right? We have GPS tagging of packages. So all of this is built to ensure supply chain security. >>But a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any tapper. And we have a feature called the secure component verification, which is capable of doing this. What the feature does this, when the system gets built in a factory, it generates an inventory of all the competence in the system and it creates a cryptographic certificate based on the signatures presented to this by the competence. And this certificate is stored separately and sent to the customers separately from the system itself. So once the customers receive the system at their end, they can run out to, it generates an inventory of the competence on the system at their end and then compare it to the golden certificate to make sure nothing was changed. And if any changes are detected, we can figure out if there's an authorized change or unauthorize change. >>Again, authorized changes could be like, you know, upgrades to the drives or memory and ized changes could be any sort of temper. So that's the supply chain aspect of it and bill of metal use is also an important aspect to galing security, right? And we provide a software bill of materials, which is basically a list of ingredients of all the software pieces in the platform. So what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulner which have been discovered out in the wild affected platform. So that's a quick way of figuring out if the platform has any known vulnerabilities and it has not been patched. >>Excellent. That's really good. My last question is, I wonder if you, you know, give us the sort of summary from your perspective, what are the key strengths of Dell server portfolio from a security standpoint? I'm really interested in, you know, the uniqueness and the strong suit that Dell brings to the table, >>Right? Yeah. We have talked enough about the complexity of the environment and how zero risk is necessary for the modern ID environment, right? And this is integral to Dell powered service. And as part of that like you know, security starts with the supply chain. We already talked about the second component verification, which is a beneath feature that Dell platforms have. And on top of it we also have a silicon place platform mode of trust. So this is a key which is programmed into the silicon on the black service during manufacturing and can never be changed after. And this immutable key is what forms the anchor for creating the chain of trust that is used to verify everything in the platform from the hardware and software integrity to the boot, all pieces of it, right? In addition to that, we also have a host of data protection features. >>Whether it is protecting data at risk in news or inflight, we have self encrypting drives which provides scalable and flexible encryption options. And this couple with external key management provides really good protection for your data address. External key management is important because you know, somebody could physically steam the server walk away, but then the keys are not stored on the server, it stood separately. So that provides your action layer of security. And we also have dual layer encryption where you can compliment the hardware encryption on the secure encrypted drives with software level encryption. Inion to this we have identity and access management features like multifactor authentication, single sign on roles, scope and time based access controls, all of which are critical to enable that granular control and checks for zero trust approach. So I would say like, you know, if you look at the Dell feature set, it's pretty comprehensive and we also have the flexibility built in to meet the needs of all customers no matter where they fall in the spectrum of, you know, risk tolerance and security sensitivity. And we also have the capabilities to meet all the regulatory requirements and compliance requirements. So in a nutshell, I would say that you know, Dell Power Service cyber resident infrastructure helps accelerate zero tested option for customers. >>Got it. So you've really thought this through all the various things that that you would do to sort of make sure that your server infrastructure is secure, not compromised, that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about, which are numerous. Thanks Deepak, appreciate you coming on the cube and participating in the program. >>Thank you for having >>You're welcome. In a moment I'll be back to dig into the networking portion of the infrastructure. Stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies on the cube, your leader in enterprise and emerging tech coverage. We're back with a blueprint for trusted infrastructure and partnership with Dell Technologies in the cube. And we're here with Mahesh Nager, who is a consultant in the area of networking product management at Dell Technologies. Mahesh, welcome, good to see you. >>Hey, good morning Dell's, nice to meet, meet to you as well. >>Hey, so we've been digging into all the parts of the infrastructure stack and now we're gonna look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective, what's unique and challenging about securing network infrastructure that we should know about? >>Yeah, so few years ago IT security and an enterprise was primarily putting a wrapper around data center out because it was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a rapid around it like a parameter or a firewall was a sufficient response because you could basically control the environment and data small enough control today with the distributed data, intelligent software, different systems, multi-cloud environment and asset service delivery, you know, the infrastructure for the modern era changes the way to secure the network infrastructure In today's, you know, data driven world, it operates everywhere and data has created and accessed everywhere so far from, you know, the centralized monolithic data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent with automation enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >>Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed. There is no perimeter anymore, so you can't just, as you say, put a rapper around it. I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >>So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic, they need to be integrated, scalable, one that span the entire enterprise and with a co and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application, whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles, right? You know, in order to prevent the threat actors from accessing changing best destroy or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective, it's the ability to protect from and withstand attacks on the networking systems as we continue to evolve. This will also include the ability to adapt and recover from these attacks, which is what cyber resilience aspect is all about. So cybersecurity best practices, as you know, is continuously changing the landscape primarily because the cyber threats also continue to evolve. >>Yeah, got it. So I like that. So it's gotta be integrated, it's gotta be scalable, it's gotta be comprehensive, comprehensive and adaptable. You're saying it can't be static, >>Right? Right. So I think, you know, you had a second part of a question, you know, that says what do we, you know, what are the basic principles? You know, when you think about securing network infrastructure, when you're looking at securing the network infrastructure, it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control, it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to based on their user level. Now accessing a network platform like a switch or a rotor for example, is typically used for say, configuration and management of the networking switch. So user access is based on say roles for that matter in a role based access control, whether you are a security admin or a network admin or a storage admin. >>And it's imperative that logging is enable because any of the change to the configuration is actually logged and monitored as that. Talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And, and you know, this is important because it could actually, you know, get hold of the system and you know, you could get UND desire results in terms of say validation of the images. It's, it needs to be done through say digital signature. So, so it's important that when you're talking about say, software integrity, a, you are ensuring that the platform is not compromised, you know, is not compromised and be that any upgrades, you know, that happens to the platform is happening through say validated signature. >>Okay. And now, now you've now, so there's access control, software integrity, and I think you, you've got a third element which is i I think response, but please continue. >>Yeah, so you know, the third one is about civil notability. So we follow the same process that's been followed by the rest of the products within the Dell product family. That's to report or identify, you know, any kind of a vulnerability that's being addressed by the Dell product security incident response team. So the networking portfolio is no different, you know, it follows the same process for identification for tri and for resolution of these vulnerabilities. And these are addressed either through patches or through new reasons via networking software. >>Yeah, got it. Okay. So I mean, you didn't say zero trust, but when you were talking about access control, you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but, but you I think gave it, you know, some clarity there. Software integrity, it's about assurance validation, your digital signature you mentioned and, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description, thank you for that. But then the next question is, how does Dell networking fit into the construct of what we've been talking about Dell trusted infrastructure? >>Okay, so networking is the key element in the Dell trusted infrastructure. It provides the interconnect between the service and the storage world. And you know, it's part of any data center configuration for a trusted infrastructure. The network needs to have access control in place where only the authorized nels are able to make change to the network configuration and logging off any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between say the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network and now you have things like segmentation isolated segments and via VRF or, or some micro segmentation via partners, this allows various level of security for each of those segments. So it's important you know, that, that the network infrastructure has the ability, you know, to provide all this, this services from a Dell networking security perspective, right? >>You know, there are multiple layer of defense, you know, both at the edge and in the network in this hardware and in the software and essentially, you know, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality, and accessibility of the network assets. So each network security layer, it implements policies and controls as I said, you know, including send network segmentation. We do have capabilities sources, centralized management automation and capability and scalability for that matter. Now you add all of these things, you know, with the open networking standards or software, different principles and you essentially, you know, reach to the point where you know, you're looking at zero trust network access, which is essentially sort of a building block for increased cloud adoption. If you look at say that you know the different pillars of a zero trust architecture, you know, if you look at the device aspect, you know, we do have support for security for example, we do have say trust platform in a trusted platform models tpms on certain offer products and you know, the physical security know plain, simple old one love port enable from a user trust perspective, we know it's all done via access control days via role based access control and say capability in order to provide say remote authentication or things like say sticky Mac or Mac learning limit and so on. >>If you look at say a transport and decision trust layer, these are essentially, you know, how do you access, you know, this switch, you know, is it by plain hotel net or is it like secure ssh, right? And you know, when a host communicates, you know, to the switch, we do have things like self-signed or is certificate authority based certification. And one of the important aspect is, you know, in terms of, you know, the routing protocol, the routing protocol, say for example BGP for example, we do have the capability to support MD five authentication between the b g peers so that there is no, you know, manages attack, you know, to the network where the routing table is compromised. And the other aspect is about second control plane is here, you know, you know, it's, it's typical that if you don't have a control plane here, you know, it could be flooded and you know, you know, the switch could be compromised by city denial service attacks. >>From an application test perspective, as I mentioned, you know, we do have, you know, the application specific security rules where you could actually define, you know, the specific security rules based on the specific applications, you know, that are running within the system. And I did talk about, say the digital signature and the cryptographic check that we do for authentication and for, I mean rather for the authenticity and the validation of, you know, of the image and the BS and so on and so forth. Finally, you know, the data trust, we are looking at, you know, the network separation, you know, the network separation could happen or VRF plain old wheel Ls, you know, which can bring about sales multi 10 aspects. We talk about some microsegmentation as it applies to nsx for example. The other aspect is, you know, we do have, with our own smart fabric services that's enabled in a fabric, we have a concept of c cluster security. So all of this, you know, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >>Yeah. So thank you for that. There's a, there's a lot to unpack there. You know, one of the premise, the premise really of this, this, this, this segment that we're setting up in this series is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team. And, and the premise that we're putting forth is that because security teams are so stretched thin, you, you gotta shift the vendor community. Dell specifically is shifting a lot of those tasks to their own r and d and taking care of a lot of that. So, cuz scop teams got a lot of other stuff to, to worry about. So my question relates to things like automation, which can help and scalability, what about those topics as it relates to networking infrastructure? >>Okay, our >>Portfolio, it enables state of the automation software, you know, that enables simplifying of the design. So for example, we do have, you know, you know the fabric design center, you know, a tool that automates the design of the fabric and you know, from a deployment and you know, the management of the network infrastructure that are simplicities, you know, using like Ansible s for Sonic for example are, you know, for a better sit and tell story. You know, we do have smart fabric services that can automate the entire fabric, you know, for a storage solution or for, you know, for one of the workloads for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, you know, we have those capabilities using Sonic or Smart Traffic services. If you look at Sonic for example, right? >>It delivers automated intent based secure containerized network and it has the ability to provide some network visibility and Avan has and, and all of these things are actually valid, you know, for a modern networking infrastructure. So now if you look at Sonic, you know, it's, you know, the usage of those tools, you know, that are available, you know, within the Sonic no is not restricted, you know, just to the data center infrastructure is, it's a unified no, you know, that's well applicable beyond the data center, you know, right up to the edge. Now if you look at our north from a smart traffic OS 10 perspective, you know, as I mentioned, we do have smart traffic services which essentially, you know, simplifies the deployment day zero, I mean rather day one, day two deployment expansion plans and the lifecycle management of our conversion infrastructure and hyper and hyper conversion infrastructure solutions. And finally, in order to enable say, zero touch deployment, we do have, you know, a VP solution with our SD van capability. So these are, you know, ways by which we bring down the complexity by, you know, enhancing the automation capability using, you know, a singular loss that can expand from a data center now right to the edge. >>Great, thank you for that. Last question real quick, just pitch me, what can you summarize from your point of view, what's the strength of the Dell networking portfolio? >>Okay, so from a Dell networking portfolio, we support capabilities at multiple layers. As I mentioned, we're talking about the physical security for examples, say disabling of the unused interface. Sticky Mac and trusted platform modules are the things that to go after. And when you're talking about say secure boot for example, it delivers the authenticity and the integrity of the OS 10 images at the startup. And Secure Boot also protects the startup configuration so that, you know, the startup configuration file is not compromised. And Secure port also enables the workload of prediction, for example, that is at another aspect of software image integrity validation, you know, wherein the image is data for the digital signature, you know, prior to any upgrade process. And if you are looking at secure access control, we do have things like role based access control, SSH to the switches, control plane access control that pre do tags and say access control from multifactor authentication. >>We do have various tech ads for entry control to the network and things like CSE and PRV support, you know, from a federal perspective we do have say logging wherein, you know, any event, any auditing capabilities can be possible by say looking at the clog service, you know, which are pretty much in our transmitter from the devices overts for example, and last we talked about say network segment, you know, say network separation and you know, these, you know, separation, you know, ensures that are, that is, you know, a contained say segment, you know, for a specific purpose or for the specific zone and, you know, just can be implemented by a, a micro segmentation, you know, just a plain old wheel or using virtual route of framework VR for example. >>A lot there. I mean I think frankly, you know, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for, for coming on the cube and explaining that in in quite some depth. Really appreciate it. >>Thank you indeed. >>Oh, you're very welcome. Okay, in a moment I'll be back to dig into the hyper-converged infrastructure part of the portfolio and look at how when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you could be sure that your infrastructure is trusted and secure. You're watching a blueprint for trusted infrastructure made possible by Dell Technologies and collaboration with the cube, your leader in enterprise and emerging tech coverage, your own west product management security lead at for HCI at Dell Technologies hyper-converged infrastructure. Jerome, welcome. >>Thank you Dave. >>Hey Jerome, in this series of blueprint for trusted infrastructure, we've been digging into the different parts of the infrastructure stack, including storage servers and networking, and now we want to cover hyperconverged infrastructure. So my first question is, what's unique about HCI that presents specific security challenges? What do we need to know? >>So what's unique about hyper-converge infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system. So like a server or storage system or a virtualization piece of software, software. I mean HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft, and internal partners like the Dell Power Edge team, the Dell storage team, the Dell networking team, and on and on. These partnerships in these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past we're seeing growing scope and sophistication in supply chain attacks. This mean an attacker is going to attack your software supply chain upstream so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short term solutions and we need long term solutions as well. >>So for the short term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio. We build our software on VMware, so we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily VX rail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle so that VMware would produce a patch and within 14 days we will integrate our own code with the VMware release we will have tested and validated the update and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, VHA had over 40 releases of software updates last year for a longer term solution. We're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest, including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co engineer with effective collaborations with our, with our partners. >>Great, thank you for that. That description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, and to me my takeaway was you gotta have a short term instant patch solution and then you gotta do an integration in a very short time, you know, two weeks to then have that integration done. And then longer term you have to have a software bill of materials so that you can ensure the providence of all the components help us. Is that a right way to think about cybersecurity resilience? Do you have, you know, a additives to that definition? >>I do. I really think that's site cybersecurity and resilience for hci because like I said, it has sort of unprecedented breadth across our portfolio. It's not a single thing, it's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me, let me give you an example. So hci, it's a, basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtual virtualizing hardware functionality, like say a storage controller, you could implement it in hardware, but for hci, for example, in our VX rail portfolio, we, our Vxl product, we integrated it into a product called vsan, which is provided by our partner VMware. So that portfolio of strength is still, you know, through our, through our partnerships. >>So what we do, we integrate these, these security functionality and features in into our product. So our partnership grows to our ecosystem through products like VMware, products like nsx, Horizon, Carbon Black and vSphere. All of them integrate seamlessly with VMware and we also leverage VMware's software, part software partnerships on top of that. So for example, VX supports multifactor authentication through vSphere integration with something called Active Directory Federation services for adfs. So there's a lot of providers that support adfs including Microsoft Azure. So now we can support a wide array of identity providers such as Off Zero or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my my answer, we consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >>Great, I mean that's super helpful. You've mentioned nsx, Horizon, Carbon Black, all the, you know, the VMware component OTH zero, which the developers are gonna love. You got Azure identity, so it's really an ecosystem. So you may have actually answered my next question, but I'm gonna ask it anyway cuz you've got this software defined environment and you're managing servers and networking and storage with this software led approach, how do you ensure that the entire system is secure end to end? >>That's a really great question. So the, the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example, VxRail is the market's only co engineered solution with VMware, other vendors sell VMware as a hyper converged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code and their process dovetails with ours because we have a secure development life cycle, which other products might talk about in their discussions with you that we integrate into our engineering life cycle. So because we follow the same framework, all of the, all of the codes should interoperate from a security standpoint. And so when we do our final validation testing when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >>That's great. All right, let's, let's close pitch me, what would you say is the strong suit summarize the, the strengths of the Dell hyper-converged infrastructure and converged infrastructure portfolio specifically from a security perspective? Jerome? >>So I talked about how hyper hyper-converged infrastructure simplifies security management because basically you're gonna take all of these features that are abstracted in in hardware, they're now abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be, say, you know, in for VX rail would be b be center, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the, the key to making it to hci. Now, what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co engineered, it's not bolted on. So I gave the example of spo, I gave the example of how we, we modify our software release process with VMware to make it very responsive. >>A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell that's not done through a partnership. So we digitally signed our software updates so the user can be sure that the, the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own a specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for, for example, the benefit to the customer is you don't have to create a complicated security framework that's hard for your users to use and it's hard for your system administrators to manage it all comes in a package. So it, it can be all managed through vCenter, for example, or, and then the specific hyper, hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few pains of glass that the, the administrator or user ever has to worry about. It's all self contained and manageable. >>That makes a lot of sense. So you've got your own infrastructure, you're applying your best practices to that, like the digital signatures, you've got your ecosystem, you're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason Jerome, this is so important is because SecOps teams, you know, they gotta deal with cloud security, they gotta deal with multiple clouds. Now they have their shared responsibility model going across multiple cl. They got all this other stuff that they have to worry, they gotta secure the containers and the run time and and, and, and, and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the, the securities is gonna get worse. So what my takeaway is, you're removing that infrastructure piece and saying, Okay guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners to and your own teams to really nail that. Is that a fair summary? >>I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define, to define and develop a new security feature, the thing I keep foremost in mind is, will this be something our users want to use and our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user friendly and practical. And this is a challenge sometimes because we are, our products operate in highly regulated environments and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I, I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and, and other highly regulated environments and we're very successful there. >>Excellent. Okay, Jerome, thanks. We're gonna leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry and so would appreciate that. >>I would look forward to it. Thank you very much, Dave. >>You're really welcome. In a moment I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. I wanna thank our guests for their contributions in helping us understand how investments by a company like Dell can both reduce the need for dev sec up teams to worry about some of the more fundamental security issues around infrastructure and have greater confidence in the quality providence and data protection designed in to core infrastructure like servers, storage, networking, and hyper-converged systems. You know, at the end of the day, whether your workloads are in the cloud, on prem or at the edge, you are responsible for your own security. But vendor r and d and vendor process must play an important role in easing the burden faced by security devs and operation teams. And on behalf of the cube production content and social teams as well as Dell Technologies, we want to thank you for watching a blueprint for trusted infrastructure. Remember part one of this series as well as all the videos associated with this program and of course today's program are available on demand@thecube.net with additional coverage@siliconangle.com. And you can go to dell.com/security solutions dell.com/security solutions to learn more about Dell's approach to securing infrastructure. And there's tons of additional resources that can help you on your journey. This is Dave Valante for the Cube, your leader in enterprise and emerging tech coverage. We'll see you next time.

>>Welcome back everyone to the Cube and Horizon three.ai special presentation. I'm John Furrier, host of the Cube. We with Chris Hill, Sector head for strategic accounts and federal@horizonthree.ai. Great innovative company. Chris, great to see you. Thanks for coming on the Cube. >>Yeah, like I said, you know, great to meet you John. Long time listener. First time call. So excited to be here with >>You guys. Yeah, we were talking before camera. You had Splunk back in 2013 and I think 2012 was our first splunk.com. Yep. And boy man, you know, talk about being in the right place at the right time. Now we're at another inflection point and Splunk continues to be relevant and continuing to have that data driving security and that interplay. And your ceo, former CTO of Splunk as well at Horizons Neha, who's been on before. Really innovative product you guys have, but you know, Yeah, don't wait for a brief to find out if you're locking the right data. This is the topic of this thread. Splunk is very much part of this new international expansion announcement with you guys. Tell us what are some of the challenges that you see where this is relevant for the Splunk and the Horizon AI as you guys expand Node zero out internationally? >>Yeah, well so across, so you know, my role within Splunk was working with our most strategic accounts. And so I look back to 2013 and I think about the sales process like working with, with our small customers. You know, it was, it was still very siloed back then. Like I was selling to an IT team that was either using us for IT operations. We generally would always even say, yeah, although we do security, we weren't really designed for it. We're a log management tool. And you know, we, and I'm sure you remember back then John, we were like sort of stepping into the security space and in the public sector domain that I was in, you know, security was 70% of what we did. When I look back to sort of the transformation that I was, was witnessing in that digital transformation, you know when I, you look at like 2019 to today, you look at how the IT team and the security teams are, have been forced to break down those barriers that they used to sort of be silo away, would not communicate one, you know, the security guys would be like, Oh this is my BA box it, you're not allowed in today. >>You can't get away with that. And I think that the value that we bring to, you know, and of course Splunk has been a huge leader in that space and continues to do innovation across the board. But I think what we've we're seeing in the space that I was talking with Patrick Kauflin, the SVP of security markets about this, is that, you know, what we've been able to do with Splunk is build a purpose built solution that allows Splunk to eat more data. So Splunk itself, as you well know, it's an ingest engine, right? So the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it, but without data it doesn't do anything, right? So how do you drive and how do you bring more data in? And most importantly from a customer perspective, how do you bring the right data in? >>And so if you think about what node zero and what we're doing in a Horizon three is that, sure we do pen testing, but because we're an autonomous pen testing tool, we do it continuously. So this whole thought of being like, Oh, crud like my customers, Oh yeah, we got a pen test coming up, it's gonna be six weeks. The wait. Oh yeah. You know, and everyone's gonna sit on their hands, Call me back in two months, Chris, we'll talk to you then. Right? Not, not a real efficient way to test your environment and shoot, we, we saw that with Uber this week. Right? You know, and that's a case where we could have helped. >>Well just real quick, explain the Uber thing cause it was a contractor. Just give a quick highlight of what happened so you can connect the >>Dots. Yeah, no problem. So there it was, I think it was one of those, you know, games where they would try and test an environment. And what the pen tester did was he kept on calling them MFA guys being like, I need to reset my password re to set my password. And eventually the customer service guy said, Okay, I'm resetting it. Once he had reset and bypassed the multifactor authentication, he then was able to get in and get access to the domain area that he was in or the, not the domain, but he was able to gain access to a partial part of the network. He then paralleled over to what would I assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains. And so within minutes they had access. And that's the sort of stuff that we do under, you know, a lot of these tools. >>Like not, and I'm not, you know, you think about the cacophony of tools that are out there in a CTA orchestra architecture, right? I'm gonna get like a Zscaler, I'm gonna have Okta, I'm gonna have a Splunk, I'm gonna do this sore system. I mean, I don't mean to name names, we're gonna have crowd strike or, or Sentinel one in there. It's just, it's a cacophony of things that don't work together. They weren't designed work together. And so we have seen so many times in our business through our customer support and just working with customers when we do their pen test, that there will be 5,000 servers out there. Three are misconfigured. Those three misconfigurations will create the open door. Cause remember the hacker only needs to be right once, the defender needs to be right all the time. And that's the challenge. And so that's why I'm really passionate about what we're doing here at Horizon three. I see this my digital transformation, migration and security going on, which we're at the tip of the sp, it's why I joined say Hall coming on this journey and just super excited about where the path's going and super excited about the relationship with Splunk. I get into more details on some of the specifics of that. But you know, >>I mean, well you're nailing, I mean we've been doing a lot of things around super cloud and this next gen environment, we're calling it NextGen. You're really seeing DevOps, obviously Dev SecOps has, has already won the IT role has moved to the developer shift left as an indicator of that. It's one of the many examples, higher velocity code software supply chain. You hear these things. That means that it is now in the developer hands, it is replaced by the new ops, data ops teams and security where there's a lot of horizontal thinking. To your point about access, there's no more perimeter. So >>That there is no perimeter. >>Huge. A hundred percent right, is really right on. I don't think it's one time, you know, to get in there. Once you're in, then you can hang out, move around, move laterally. Big problem. Okay, so we get that. Now, the challenges for these teams as they are transitioning organizationally, how do they figure out what to do? Okay, this is the next step. They already have Splunk, so now they're kind of in transition while protecting for a hundred percent ratio of success. So how would you look at that and describe the challenges? What do they do? What is, what are the teams facing with their data and what's next? What do they, what do they, what action do they take? >>So let's do some vernacular that folks will know. So if I think about dev sec ops, right? We both know what that means, that I'm gonna build security into the app, but no one really talks about SEC DevOps, right? How am I building security around the perimeter of what's going inside my ecosystem and what are they doing? And so if you think about what we're able to do with somebody like Splunk is we could pen test the entire environment from soup to nuts, right? So I'm gonna test the end points through to it. So I'm gonna look for misconfigurations, I'm gonna, and I'm gonna look for credential exposed credentials. You know, I'm gonna look for anything I can in the environment. Again, I'm gonna do it at at light speed. And, and what we're, what we're doing for that SEC dev space is to, you know, did you detect that we were in your environment? >>So did we alert Splunk or the SIM that there's someone in the environment laterally moving around? Did they, more importantly, did they log us into their environment? And when did they detect that log to trigger that log? Did they alert on us? And then finally, most importantly, for every CSO out there is gonna be did they stop us? And so that's how we, we, we do this in, I think you, when speaking with Stay Hall, before, you know, we've come up with this boils U Loop, but we call it fine fix verify. So what we do is we go in is we act as the attacker, right? We act in a production environment. So we're not gonna be, we're a passive attacker, but we will go in un credentialed UN agents. But we have to assume, have an assumed breach model, which means we're gonna put a Docker container in your environment and then we're going to fingerprint the environment. >>So we're gonna go out and do an asset survey. Now that's something that's not something that Splunk does super well, you know, so can Splunk see all the assets, do the same assets marry up? We're gonna log all that data and think then put load that into the Splunk sim or the smoke logging tools just to have it in enterprise, right? That's an immediate future ad that they've got. And then we've got the fix. So once we've completed our pen test, we are then gonna generate a report and we could talk about about these in a little bit later. But the reports will show an executive summary the assets that we found, which would be your asset discovery aspect of that, a fixed report. And the fixed report I think is probably the most important one. It will go down and identify what we did, how we did it, and then how to fix that. >>And then from that, the pen tester or the organization should fix those. Then they go back and run another test. And then they validate through like a change detection environment to see, hey, did those fixes taste, play take place? And you know, SNA Hall, when he was the CTO of JS o, he shared with me a number of times about, he's like, Man, there would be 15 more items on next week's punch sheet that we didn't know about. And it's, and it has to do with how we, you know, how they were prioritizing the CVEs and whatnot because they would take all CVS was critical or non-critical. And it's like we are able to create context in that environment that feeds better information into Splunk and whatnot. That >>Was a lot. That brings, that brings up the, the efficiency for Splunk specifically. The teams out there. By the way, the burnout thing is real. I mean, this whole, I just finished my list and I got 15 more or whatever the list just can, keeps, keeps growing. How did Node zero specifically help Splunk teams be more efficient? Now that's the question I want to get at, because this seems like a very scalable way for Splunk customers and teams, service teams to be more efficient. So the question is, how does Node zero help make Splunk specifically their service teams be more efficient? >>So to, so today in our early interactions with building Splunk customers, what we've seen are five things, and I'll start with sort of identifying the blind spots, right? So kind of what I just talked about with you. Did we detect, did we log, did we alert? Did they stop node zero, right? And so I would, I put that at, you know, a a a more layman's third grade term. And if I was gonna beat a fifth grader at this game would be, we can be the sparring partner for a Splunk enterprise customer, a Splunk essentials customer, someone using Splunk soar, or even just an enterprise Splunk customer that may be a small shop with three people and, and just wants to know where am I exposed. So by creating and generating these reports and then having the API that actually generates the dashboard, they can take all of these events that we've logged and log them in. >>And then where that then comes in is number two is how do we prioritize those logs, right? So how do we create visibility to logs that are, have critical impacts? And again, as I mentioned earlier, not all CVEs are high impact regard and also not all are low, right? So if you daisy chain a bunch of low CVEs together, boom, I've got a mission critical AP CVE that needs to be fixed now, such as a credential moving to an NT box that's got a text file with a bunch of passwords on it, that would be very bad. And then third would be verifying that you have all of the hosts. So one of the things that Splunk's not particularly great at, and they, they themselves, they don't do asset discovery. So do what assets do we see and what are they logging from that? And then for, from, for every event that they are able to identify the, one of the cool things that we can do is actually create this low-code, no-code environment. >>So they could let, you know, float customers can use Splunk. So to actually triage events and prioritize that events or where they're being routed within it to optimize the SOX team time to market or time to triage any given event. Obviously reducing mtr. And then finally, I think one of the neatest things that we'll be seeing us develop is our ability to build glass tables. So behind me you'll see one of our triage events and how we build a lock Lockheed Martin kill chain on that with a glass table, which is very familiar to this Splunk community. We're going to have the ability, not too distant future to allow people to search, observe on those IOCs. And if people aren't familiar with an ioc, it's an incident of compromise. So that's a vector that we want to drill into. And of course who's better at drilling in into data and Splunk. >>Yeah, this is a critical, this is awesome synergy there. I mean I can see a Splunk customer going, Man, this just gives me so much more capability. Action actionability. And also real understanding, and I think this is what I wanna dig into, if you don't mind understanding that critical impact, okay. Is kind of where I see this coming. I got the data, data ingest now data's data. But the question is what not to log, You know, where are things misconfigured? These are critical questions. So can you talk about what it means to understand critical impact? >>Yeah, so I think, you know, going back to those things that I just spoke about, a lot of those CVEs where you'll see low, low, low and then you daisy chain together and you're suddenly like, oh, this is high now. But then to your other impact of like if you're a, if you're a a Splunk customer, you know, and I had, I had several of them, I had one customer that, you know, terabytes of McAfee data being brought in and it was like, all right, there's a lot of other data that you probably also wanna bring, but they could only afford, wanted to do certain data sets because that's, and they didn't know how to prioritize or filter those data sets. And so we provide that opportunity to say, Hey, these are the critical ones to bring in. But there's also the ones that you don't necessarily need to bring in because low CVE in this case really does mean low cve. >>Like an ILO server would be one that, that's the print server where the, your admin credentials are on, on like a, a printer. And so there will be credentials on that. That's something that a hacker might go in to look at. So although the CVE on it is low, if you daisy chain was something that's able to get into that, you might say, ah, that's high. And we would then potentially rank it giving our AI logic to say that's a moderate. So put it on the scale and we prioritize though, versus a, a vulner review scanner's just gonna give you a bunch of CVEs and good luck. >>And translating that if I, if I can and tell me if I'm wrong, that kind of speaks to that whole lateral movement. That's it. Challenge, right? Print server, great example, look stupid low end, who's gonna wanna deal with the print server? Oh, but it's connected into a critical system. There's a path. Is that kind of what you're getting at? >>Yeah, I used daisy chain. I think that's from the community they came from. But it's, it's just a lateral movement. It's exactly what they're doing. And those low level, low critical lateral movements is where the hackers are getting in. Right? So that's what the beauty thing about the, the Uber example is that who would've thought, you know, I've got my multifactor authentication going in a human made a mistake. We can't, we can't not expect humans to make mistakes. Were fall, were fallible, right? Yeah. The reality is is once they were in the environment, they could have protected themselves by running enough pen tests to know that they had certain exposed credentials that would've stopped the breach. Yeah. And they did not, had not done that in their environment. And I'm not poking. Yeah, >>They put it's interesting trend though. I mean it's obvious if sometimes those low end items are also not protected well. So it's easy to get at from a hacker standpoint, but also the people in charge of them can be fished easily or spear fished because they're not paying attention. Cause they don't have to. No one ever told them, Hey, be careful of what you collect. >>Yeah. For the community that I came from, John, that's exactly how they, they would meet you at a, an international event introduce themselves as a graduate student. These are national actor states. Would you mind reviewing my thesis on such and such? And I was at Adobe at the time though I was working on this and start off, you get the pdf, they opened the PDF and whoever that customer was launches, and I don't know if you remember back in like 2002, 2008 time frame, there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it. And John, that's >>Or LinkedIn. Hey I wanna get a joke, we wanna hire you double the salary. Oh I'm gonna click on that for sure. You know? Yeah, >>Right. Exactly. Yeah. The one thing I would say to you is like when we look at like sort of, you know, cuz I think we did 10,000 pen test last year is it's probably over that now, you know, we have these sort of top 10 ways that we think then fine people coming into the environment. The funniest thing is that only one of them is a, a CVE related vulnerability. Like, you know, you guys know what they are, right? So it's it, but it's, it's like 2% of the attacks are occurring through the CVEs, but yet there's all that attention spent to that. Yeah. And very little attention spent to this pen testing side. Yeah. Which is sort of this continuous threat, you know, monitoring space and, and, and this vulnerability space where I think we play such an important role and I'm so excited to be a part of the tip of the spear on this one. >>Yeah. I'm old enough to know the movie sneakers, which I love as a, you know, watching that movie, you know, professional hackers are testing, testing, always testing the environment. I love this. I gotta ask you, as we kind of wrap up here, Chris, if you don't mind the benefits to team professional services from this alliance, big news Splunk and you guys work well together. We see that clearly. What are, what other benefits do professional services teams see from the Splunk and Horizon three AI alliance? >>So if you're a, I think for, from our, our, from both of our partners as we bring these guys together and many of them already are the same partner, right? Is that first off, the licensing model is probably one of the key areas that we really excel at. So if you're an end user, you can buy for the enterprise by the enter of IP addresses you're using. But if you're a partner working with this, there's solution ways that you can go in and we'll license as to MSPs and what that business model on our MSPs looks like. But the unique thing that we do here is this c plus license. And so the Consulting Plus license allows like a, somebody a small to midsize to some very large, you know, Fortune 100, you know, consulting firms uses by buying into a license called Consulting Plus where they can have unlimited access to as many ips as they want. >>But you can only run one test at a time. And as you can imagine when we're going and hacking passwords and checking hashes and decrypting hashes, that can take a while. So, but for the right customer, it's, it's a perfect tool. And so I I'm so excited about our ability to go to market with our partners so that we underhand to sell, understand how not to just sell too or not tell just to sell through, but we know how to sell with them as a good vendor partner. I think that that's one thing that we've done a really good job building bringing into market. >>Yeah. I think also the Splunk has had great success how they've enabled partners and professional services. Absolutely. They've, you know, the services that layer on top of Splunk are multifold tons of great benefits. So you guys vector right into that ride, that wave with >>Friction. And, and the cool thing is that in, you know, in one of our reports, which could be totally customized with someone else's logo, we're going to generate, you know, so I, I used to work at another organization, it wasn't Splunk, but we, we did, you know, pen testing as a, as a for, for customers and my pen testers would come on site, they, they do the engagement and they would leave. And then another really, someone would be, oh shoot, we got another sector that was breached and they'd call you back, you know, four weeks later. And so by August our entire pen testings teams would be sold out and it would be like, wow. And in March maybe, and they'd like, No, no, no, I gotta breach now. And, and, and then when they do go in, they go through, do the pen test and they hand over a PDF and they pat you on the back and say, there's where your problems are, you need to fix it. And the reality is, is that what we're gonna generate completely autonomously with no human interaction is we're gonna go and find all the permutations that anything we found and the fix for those permutations and then once you fixed everything, you just go back and run another pen test. Yeah. It's, you know, for what people pay for one pen test, they could have a tool that does that. Every, every pat patch on Tuesday pen test on Wednesday, you know, triage throughout the week, >>Green, yellow, red. I wanted to see colors show me green, green is good, right? Not red. >>And once CIO doesn't want, who doesn't want that dashboard, right? It's, it's, it is exactly it. And we can help bring, I think that, you know, I'm really excited about helping drive this with the Splunk team cuz they get that, they understand that it's the green, yellow, red dashboard and, and how do we help them find more green so that the other guys are >>In Yeah. And get in the data and do the right thing and be efficient with how you use the data, Know what to look at. So many things to pay attention to, you know, the combination of both and then, then go to market strategy. Real brilliant. Congratulations Chris. Thanks for coming on and sharing this news with the detail around this Splunk in action around the alliance. Thanks for sharing, >>John. My pleasure. Thanks. Look forward to seeing you soon. >>All right, great. We'll follow up and do another segment on DevOps and IT and security teams as the new new ops, but, and Super cloud, a bunch of other stuff. So thanks for coming on. And our next segment, the CEO of Verizon, three AA, will break down all the new news for us here on the cube. You're watching the cube, the leader in high tech enterprise coverage.

>>We're back with the cube at Falcon 2022, Dave ante and Dave Nicholson. We're at the aria. We do of course, a lot of events in Las Vegas. It's the, it's the place to do events. Dave, I think is my sixth or seventh time here this year. At least. I don't know. I lose track. Jeff Swain is here. He's the vice president of global programs store and tech alliances at CrowdStrike. Jeff. Good to see you again. We saw each other at reinvent in July in Boston. >>Yes. Yeah, it was great to see you again, Dave, thank >>Very much. And we talked about making this happen so thrilled to be here at, at, at CrowdStrike Falcon. We're gonna talk today about the CrowdStrike XDR Alliance partners. First of all, what's XDR >>Well, I hope you were paying attention to George's George's keynote this morning. I guess. You know, the one thing we know is that if you ask 10, five people, what XDR is you'll get 10 answers. >>I like this answer a holistic approach to endpoint security. I, that was, >>It was good. Simple. >>That was a good one at black hat. So, but tell us about the XDR Alliance partners program. Give us the update there. >>Yeah, so I mean, we spoke about it reinforced, you know, the XDR program is really predicated on having a robust ecosystem of partners to help us share that telemetry across all of the different parts of our customers' environment. So we've done a lot of work over the last few weeks and trying to bolster that environment specifically, putting a lot of focus on firewall. You'll see that Cisco and fortunate have both joined the XD XDR Alliance. So we're working on that right now. A lot of customer demand for firewall data into the telemetry set. You know, obviously it's a very rich data environment. There's a lot of logs on firewalls. And so it drives a lot of, of, of information that we can, we can leverage. So we're continuing to grow that. And what we're doing is building out different content packs that support different use cases. So firewall is one CAS B is another emails another and we're building, building out the, the partner set right across the board. So it's, it's, it's been a, a great set of >>Activity. So it's it's partners that have data. Yep. There's probably some, you know, Joe Tuchi year old boss used to say that that overlap is better than gaps. So there's sometimes there's competition, but that's from a customer standpoint, overlap is, is better than gaps. So as gonna mention Cisco forte and there are a number of others, they've got data. Yes. And they're gonna pump it into your system, our platform, and you've got the, your platform. You've got the ability to ingest. You've got the cloud native architecture, you've got the analytics and you've got the near real time analysis capability. Right, right. >>Augmented by people as well, which is a really important part of our value proposition. You know, we, it's not just relying purely on AI, but we have a human, a human aspect to it as well to make sure we're getting extremely accurate responses. And then there's the final phase is the response phase. So being able to take action on a CASB, for example, when we have a known bad actor operating in the cloud is a really important, easy action for our customer to take. That's highly valuable. You're >>Talking about your threat hunting capability, right? >>So it's threat hunting and our Intel capability as well. We use all of that information as well as the telemetry to make sure we're making good, actionable >>Decisions, Intel being machine intelligence or, or human and machine >>Human and human and machine intelligence that we have. We have a whole business that's out there gathering Intel. I believe you think to Adam Myers who runs that business. And you know, that Intel is critical to making good decisions for our customers. >>So the X and XDR is extended, correct. Extending to things like firewalls. That's pretty obvious in the security space. Are there some less obvious data sources that you look to extend to at some point? >>Yeah, I think we're gonna continually go with where the customer demand is. And firewalls is one of the first and is very significant. Other one, you'll see that we're announcing support for Microsoft 365 as well as part of this, this announcement, but then we'll still grow out into the other areas. NDR is, you know, a specific area where we've already got a number of partners in that, in that space. And, and we'll grow that as we go. I think one of the really exciting additional elements is the, the OCS F announcement that we made at at, at, at, at reinforced, which also is a shared data scheme across a number of vendors as well. So talking to Mike's point, Microsoft ST's point this morning in his keynote, it's really about the industry getting together to do better job for our customers. And XDR is the platform to do that. And crowd strikes it way of doing it is the only really true, visible way for a customer to get their hands on all that information, make the decision, see the good from the bad and take the action. So I feel like we're really well placed to help our customers in >>That space. Well, Kevin mania referenced this too today, basically saying the industry's doing a better job of collaborations. I mean, sometimes I'm skeptical because we've certainly seen people try to, you know, commercialize private information, private reports. Yeah. But, but, but you're talking about, you know, some of your quasi competitors cooperatives, you know, actually partnering with you now. So that's a, that's a good indicator. Yeah. I want to step back a little bit, talk about the macro, the big conversation on wall street. Everybody wants to talk about the macro of course, for obvious reasons, we just published our breaking analysis, talking about you guys potentially being a generational company and sort of digging into that a little bit. We've seen, you know, cyber investments hold up a little bit better, both in terms of customer spending and of course the stock market better than tech broadly. Yeah. So in that case it would, it would suggest that cyber investments are somewhat non-discretionary. So, but that is my question are cyber investments non-discretionary if, if so, how, >>You know, I think George George calls that out directly in our analyst reports as well that, you know, we believe that cyber is a non-discretionary spend, but I, I actually think it's more than that. I think in this current macro or economic environment where CIOs and CSOs are being asked to sweat their assets for significantly longer period of time, that actually creates vulnerabilities because they have older kit, that's running for a longer period that they normally, you know, round out or churn out of their environment. They're not getting the investment to replace those laptops. They're not getting the, I placement to replace those servers. We have to sweat them for a little bit longer, longer, which means they need to be on top of the security posture of those devices. So that means that we need the best possible telemetry that we can get to protect those in the best possible way. So I actually think not only is it makes it non-discretionary, it actually increases the, the business case for, for, for taking on a, a cyber project. >>And I buy that. I buy that the business case is better potentially for cyber business case. And cyber is about, about risk reduction, right? It's about, it's about reducing expected loss. I, I, I, I, but the same time CISOs don't have an open wallet. They have to compete with other P and L managers. I also think the advantage for CrowdStrike I'm, I'm getting deeper into the architecture and beginning to understand the power of a lightweight agent that can do handle. I think you're up to 22 modules now, correct? Yes. I've got questions on how you keep that lightweight, but, but nonetheless, if you can consolidate the point tools, which is, you know, one of the biggest challenges that, that SecOps teams face that strengthens the ROI as well. >>Absolutely. And if you look at what George was saying this morning in the keynote, the combination of being able to provide tools, not only to the SecOps team, but the it ops team as well, being able to give the it ops team visibility on how many assets they have. I mean, these simple, these are simple questions that we should be able to answer. But often when we ask, you know, an operations leader, can you answer it? It sometimes it's hard for them. We actually have a lot of that information. So we are able to bring that into the platform. We're able to show them, we're able to show them where the assets are, where the vulnerabilities are against those assets and help it ops do a better job as well as SecOps. So the, the strength, the case strengthens, as you said, the CSO can also be talking to the it ops budget. >>The edge is getting more real. We're certainly hearing a lot about it now we're seeing a lot more and you kind of got the, the near edge, like the home Depot and the lows, you know, stores. Yeah. Okay. That I, I can get a better handle on, okay. How do I secure that? I've got some standards, but that's the far edge. It's, it's the, the OT yes. Piece of it. That's sort of the brave new world. What are you seeing there? How do you protect those far flowing estates? >>I think this gets back to the question of what's what's new or what's coming and where do we see the, the next set of workloads that we have to tackle? You know, when we came along first instance, we were really doing a lot of the on-prem on-prem and, and, and known cloud infrastructure suites. Then we started really tackling the broader crowd market with tools and technology to give visibility and control of the overall cloud environment. OT represents that next big addressable market for us, because there are so many questions around devices where they are, how old they are, what they're running. So visibility into the OT network is extremely, extremely important. And, you know, the, the wall that has existed again between the CISO and the OT environments coming down, we're seeing that's closer, closer alignment between the security on both those worlds. So the announcement that we've made around extending our Falcon discover product, to be able to receive and understand device information from the OT network and bring it into the same console as the, the it and the OT in the same console to give one cohesive picture of, of visibility of all of our devices is a major step forward for our customers and for, for the industry as well. >>And we see that being, being able to get the visibility will then lead us to a place of being able to build our AI models, build our response frameworks. So then we can go to a full EDR and then beyond that, there's, you know, all the other things that CrowdStrike do so well, but this is the first step to really the first step on control is visibility. And >>The OT guys are engineers. So they're obviously conscious of this stuff. It's, it's more it's again, you're extending that culture, isn't >>It? Yeah, yeah, yeah. Now when you're looking at threats, great, you want to do things to protect against those threats, but how much, how much of CrowdStrike's time is spent thinking about the friction that's involved in transactions? If I wanna go to the grocery store, think of me as an end point. If I wanna go to the grocery store, if I had to drive through three DUI checkpoints or car safety inspections. Yeah. Every time I went to the grocery store, I wouldn't be happy as an end point as an end user in this whole thing. Ideally, we'd be able just to be authenticated and then not have to worry about anything moving forward. Do you see that as your role, reducing friction 1%, >>That's again, one of the core tenants of, of, of why George founded the company. I mean, he tells the story of sitting on an airplane and seeing an executive who was also on the airplane, trying to boot their machine up and try and get an email out before the plane took off and watching the scanning happen, you know, old school virus scanning happening on the laptop and, and that executive not making it because, and he is like in this day and age, how can we be holding people back with that much friction in their day to day life? So that's one of the, again, founding principles of what we do at CrowdStrike was the security itself needs to support business growth, support, user growth, and actually get out of the way of how people do things. And we've seen progression along that lines. I think the zero trust work that we're doing right now really helps with that as well. >>Our integrations into other companies that play within the zero trust space makes that frictionless experience for the user, because yeah, we, we, we want to be there. We want to know everything that's happening, but we don't wanna see where we always want control points, but that's the value of the telemetry we take. We're taking all the data so we can see everything. And then we pick what we want to review rather than having to do the, the checkpoint approach of stop here. Now, let me see your credentials. Stop here. Let me see your credentials because we have a full field of, of knowledge and information on what the device is doing and what the user is doing. We're able to then do the trust with verify style approach. >>So coming back to the, to the edge in IOT, you know, bringing that zero trust concept to the, to the edge you've got, you've got it. And OT. Okay. So that's a new constituency, but you're consolidating that view. Your job gets harder. Doesn't it? So, so, so talk about how you resolve that. Do do the, do the concepts that you apply to traditional it endpoints apply at the edge. >>So first things we have to do is gain the visibility. And, and so the way in which we're doing that is effectively drawing information out from the OT environment at, by, by having a collector that's sitting there and bringing that into our console, which then will give us the ability to run our AI models and our other, you know, indications of attack or our indicators of misconfiguration into the model. So we can see whether something's good or bad whilst we're doing that. Obviously we're also working on building specific senses that will then sit in OT devices down, you know, one layer down from rather being collected and pulled and brought into the platform, being collected at the individual sensor level when we have that completed. And that requires a whole different ecosystem for us, it means that we have to engage with organizations like Rockwell and Siemens and Schneider, because they're the people who own the equipment, right? Yeah. And we have to certify with them to make sure that when we put technology onto their equipment, we're not going to cause any kind of critical failure that, you know, that could have genuine real world physical disastrous consequences. So we have to be super careful with how we build that, which we're we're in the process of >>Doing are the IOA signatures indicator as a tax. So I don't have to throw a dollar in the jar. Are the IOA signatures substantially similar at, at the edge, or >>I think we learn as we go, you know, first we have to gain the information and understand what good and bad looks like, what the kind of behaviors are there. But what we will see is that, you know, as someone's trying to, there's an actor, you know, making an attack, you know, will be able to see how they're affecting each of those endpoints individually, whether they're trying to take some form of control, whether they're switching them on and off in the edge and the far edge, it's a little bit more binary in terms of the kind of function of the device. It is the valve open or is the valve closed? It's is the production line running or is the production not line running, not running. So we need to be able to see that it's more about protecting the outcomes there as well. But again, you know, it's about first, we have to get the information. That's what this product will help us do, get it into the platform, get our teams over the top of it, learn more about what's going on there and then be able to take action. >>But the key point is the architecture will scale. And that's where the cloud native things comes >>Into. Yeah, it'll, it'll it'll scale. But to your, to your point about the lack of investment and infrastructure means older stuff means potentially wider gaps, bigger security holes, more opportunity for the security sector. Yep. I buy that. That makes sense. I think if it's a valid argument, when you, when you, when you know, we, we loosely talk about internet of things, edge, a lot of those things on the edge, there's probably a trillion dollars worth of a hundred year old garbage, and I'm only slightly exaggerating on the trillion and the a hundred years old, a lot of those critical devices that need to be sensed that are controlling our, our, our, our electrical grid. For example, a lot of those things need to be updated. So, so as you're pushing into that frontier, are you, you know, are, are you extending out developer kits and APIs to those people as they're developing those new things? Well, because some of the old stuff will never work. >>And that's what we're we're seeing is that there is a movement within the industrial control side of things to actually start, you know, doing this. Some, some simple things like removing the air gap from certain systems because you, now we can build a system around it. That's trustable and supportable. So now we can get access there over, over and over a network over the internet to, to, to kind of control a valve set that's down a pipeline or something like that. So there is, there is, there is willingness within the ecosystem, the, the IOT provider ecosystem to give us access to some of those, those controls, which, which wasn't there, which has led to some of some of these issues. Are we gonna be able to get to all of them? No, we're gonna have to make decisions based on customer demand, based on where the big, the big rock lie. And, and so we will continue to do that based on customer feedback on again, on what we see >>And the legacy air gaps in the OT worlds were by design for security reasons, or just sort of >>Mostly because there was no way to, to do before. Right. So it was, was like black >>Connectivity is >>So, so, so it was, people felt more comfortable sending an engineer route to the field truck roll. Yeah, yeah, yeah. To do it rather than expensive, rather. And, and exactly that, again, going back to our macro economic situation, you know, it's a very expensive way of managing and maintaining your fleet if you have to send someone to it every time. So there is a lot of there's, there's a lot of customer demand for change, and we're engaging in that change. And we want, we see a huge opportunity there >>Coming back to the X XDR Alliance, cuz that's kind of where we started. Where do you wanna see that go? What's your vision for that? >>So the Alliance itself has been fundamental in terms of now where we go with the overall platform. We are always constantly looking for customer feedback on where we go next on what additional elements to add that the Alliance members have been this fantastic time and effort in terms of engaging with us so that we can build in responses to their platforms, into, you know, into, into what we do. And they're seeing the value of it. I, I feel that over the next, you know, over the next two year period, we're gonna see those, our XDR Alliance and other XDR alliances growing out to get to each other and they will they'll touch each other. We will have to do it like the OSF project at AWS. And as that occurs, we're gonna be able to focus on customer outcomes, which is, you know, again, if you listen to George, you listen to Mike protecting the customers, the mission of CrowdStrike. So I think that's core to that, to, to that story. What we will see now is it's a great vehicle for us to give a structured approach to partnership. So we'll continue to invest in that. We've, we've got, we've got a pipeline of literally hundreds of, of partners who want to join. We've just gotta do that in a way that's consumable for us and consumable for the customer. >>Jeff Swain. Thanks so much for coming back in the cube. It's great to have you. Yeah. Thanks guys. Thank you. Okay. And thank you for watching Dave Nicholson and Dave ante. We'll be back right after this short break. You're watching the cube from Falcon 22 in Las Vegas, right back.

>>Welcome back everyone to the cubes coverage here in Seattle, Washington for the Avis marketplace seller conference, part of the APN partner network merging with the marketplace to form the Amazon partner organization. I'm John furrier, host of the cube Walter Wall coverage today, Christian Gor cash, who is the VP of alliances at Kong Inc. Welcome to the cube. Thanks for coming on. >>Thank you. Thank you, John. Really glad to be here. Corke exactly. Yeah. It's awesome. >>So Kong we've been following you guys for while Docker Kong cube. You've been part of our cube conversation. Also part of our, our startup showcase fast growing startup, you know, working on stuff that everyone loves APIs. I mean, APIs are so popular now that they now a security concern, right? Yeah. So like it gets squat there everywhere. I won't say API sprawl, but APIs are the connections and that are, is the web. That is the cloud. Okay. Now with cloud native developers who are now in the front lines have taken over it, everyone knows DevOps dev SecOps is now the new it and it's the developers security and data they're below they're the new ops, right? So, so this is where microservices come in, open source service MES new automation is coming down the pike. That's super valuable to businesses as they look at cloud native architecture, what are you guys doing in there? Take a minute to explain Kong's value proposition, the hot products, and then why you're here. >>Yeah. So, you know, I joined Kong now or three years ago, you know, we were still just reaching our hundred employees, mark, which is very important, very startup, but even back then, you know, Kong was relatively well known in industry, you know, so we have one of the most, well the most popular open source project in API gateway area. So con API gateway, you know, we cross now 300 million downloads, even more important is just the scale it, which the product's been used. So between our open source community and enterprise customers, we are now crossing like 11 trillion transactions per month. Now just give you comparison. Like this is like 18, 19 times more than Netflix per month. You know? So for any company that has a technology that operates it at scale, you need to hit few things outta the park. You know, as he mentions cloud data developers, they want simplicity. You know, they want automation. They also want performance and scale and security, which are all critical, you know, to how Kong, you know, start as opensource project. Now, of course we have the whole suite of enterprise products. We also have our con service mesh offering as well as our cloud offerings. >>Yeah. And this is how open source is doing it now, obviously, you know, I, I still remember, I still tell the story to the young startups. Hey, I, there was proprietary software when I was in college. Open source is now everything. Now you've got, got cloud scale. So the dynamic between open source, which has become the software industry open source success doesn't mean it's it's game over. It's the beginning. The commercialization that you guys have gone through is super important. Trillions of transactions. Now you have enterprises working with you. What's the big advantage of the seller relationship that you have with Amazon? Why are customers using it? What are they buying it for? Give the pitch of con for the marketplace customer. >>Yeah, it's actually, we are relatively new in AWS marketplace. You know, so our first transaction that we ever done was actually in July and 2021. So we are just over a year, you know, that journey, you know, when I look what Chris gross talked today, he was talking about, you know, Hey, just publishing marketplace, not enough. You know, you need to understand what's your value proposition. You need to make sure your operations already, your sales is ready. Everything is, is set. And we kind of did this for the first year and a half is spend a lot of time improving our integration with AWS overall, all the first party services relevant to con we also understood, well, what does it take to kind of fine tune our value proposition? We have like three specific sales place. And you know, when we launch our flagship product con connect enterprise and got our first transaction, that was great milestone for, for star like Kong. But then what we've seen is just that work that we've done before really paid off. I mean right now, >>Like what we'll give example. >>Yeah. So, you know, we are focusing on as measure three sales place. Money is we are focused, specific on helping customers who are modernizing and, and their application going to the cloud. And you have a lot of these, you know, lifting shift and are rearchitect and modernized, but most of the attentions on the workloads, what about the connections? You know, so a monolith application had to authentic all the users understand wheres the network and so on. When you build those, when you now decouple this built like 1,000 thousand microservices, you don't want to repeat this for every microservice. So that's where K brings the whole suite from, you know, service match to the API gate to help manage the journey and really support this environment. And we spend a lot of time to just fine tune that message. So that customers understood where, you know, how can we help them on their journey beyond what, for instance, cloud native or AWS API gateway offers them. So we can really help them from day one on the journey and accelerate. And >>I think I it's a no, it's a no braining for a customer to buyer or to come into the marketplace and say, click, I'm gonna buy some data analytics services. I'm gonna buy gateway through Kong. But when they start getting into these microservices, this automation opportunity there, there's more behind the curtain for them with Kong. So I have to ask you with the keynote we heard from Chris, the leader of the marketplace. Now he said that he wants the ISVs to be more native in the cloud. That probably resonates with you. You, >>You guys well with con's relatively simple because we were built at cloud native, you know, so very briefly the whole story of Congo. This is before Ajo, our founders were actually running the, the very popular API exchange col mesh shape. And they had to build their own gateway just to handle the scale and was built on cloud native technologies. And then when everybody's calling you, what are you using to running? This are using PGS. And so else, no, we built ourselves, oh, how can we get our hands on? That's how con actually >>Came to. And that's how the big winners usually happen too. They start build their own, solve their own problem because it's a big scale problem. Exactly. No one's had that problem. >>Yeah. And what we have seen, especially what was very, you know, through, through the pandemic, what we have seen. And it's interesting, you know, being in a startup doing pandemic is like, whoa, will the life just shut down or what we're doing? You know? But actually what we have seen customers prioritize the new business capability. For instance, you have a large parental companies that overnight, they have to understand where the assets are. Yeah. Or banks who are like 45 days of, you know, approving process for the loans. They need to reduce it for a day or two. >>Yeah. And they're adding more developers, too, exactly. To build the modern application. So they need to have that infrastructure as code aspect. Correct. >>And they >>Need in place. >>Yeah. I need to like you have, you know, I don't think that many customers still have waterfall cycles, but they have, have pre pretty long developers development cycles. And now you need to, you know, do this multiple times a day. That's >>Interesting. We talked to a lot of cloud architects and C CIO C says, and you know, the executive just hire more developers take that hill, build. It just don't build a new app. It's not that easy boss. When, when the cloud architect says we have to be fully operationally ready with cloud native infrastructure's code. So with that, you're seeing a lot more enterprises come in now that are more savvy. They getting better. We're seeing Kubernetes more and more. You're seeing containerization. You're seeing that cloud native enterprise acceptance. What does that mean for you guys in the marketplace, as you look at the value proposition, how are you guys working with the marketplace today and where do you see customers buying in the future? >>Yeah, so we as mentioned, you know, we, we are now a year into that journey. We already seen tremendous benefits just in terms of reducing the friction. You know, the whole procurement, you know, you come as a startup with some, some of the largest companies in the world, they used to buy five, 10 billion in software and they have all these processes and you're like, well, but we only have like two people in finance. Sorry. How can you, and where marketplace can really, really helps us is, you know, improve this experience, both sides because they understand like we are fast moving company. They, they want us because of our speed and, and innovation that we, the product's strong. Yeah. They don't want us to get bogged down in all these pro procurement processes either. And so, so that's the first benefit. We also are working very hard to make sure that the customers can provision Kong in AWS and automate across the board. So essentially reducing their time to value dramatically. Yeah. And another thing that we found tremendously beneficial for us is a startup is the whole concept of a standard marketplace contract. Yeah. So instead of us coming with our little MSA or come like 50 page MSA from companies, we now have a middle ground. So we can just agree. You know, there's some differences, some specifics to qu software and it's tremendously reduced costs on both sides. >>Great. For you guys great for the buyers. Yeah. You get deployed services. They're not just buying, they're managing and deploying. Yeah, >>Exactly. Great. >>Quick, final question. Put a plugin for the company. What are you working on now? What's the big news. What's the con update? >>Well, that's an interesting part because I can't tell you because next week we have our con summit. Oh right. In San Francisco. The cubes not so 28, 20 ninth. Yeah. We, we we'll, I think we are gonna fix that in the future. But anyway, this is the first time after pandemic to do this in person, we have number of very exciting announcement, our Kong products, as well as you may hear some news about our AWS partnership, >>We like con we believe that DevOps has happened. Dev sec ops, whatever you gonna call it, dev is now the developers they're in the front lines. They're in the C I CD pipeline. They're shifting left. That's the new they took over it. That's what DevOps does. It's not a title. Now you have security and data ops behind the scenes. That's gonna be middleware. That's gonna have tons of microservices. So more, more, more action coming, all API based. >>Exactly. And the more, you know, the more complexity we can take away from that, the better we, you know, the >>Whole community. Thank you. Spending the time to come on the cube here at the, a us marketplace seller conference. What do you think about the APN merging with the marketplace formed the P the Amazon partner organization. Thumbs up, thumbs down. What's your heard? >>It's excellent. We have a great friend in AP, a great friend, us marketplace. Now both of them work together with huge. >>Fantastic. Yes. Thanks for okay. Cube coverage here in Seattle. I'm John furier APN marketplace together. APOs the new organization making it easier. Of course, we got all the coverage here. Thanks for watching.

>>Welcome back to the cubes coverage here in Seattle for AWS marketplace seller conference, the combination of the Amazon partner network, combined with the marketplace from the AWS partner organization, the APO and John Forer host of the queue, bringing you all the action and what it all means. Our next guest is Trisha kata, Malva, chief strategy officer at DataRobot. Great to have you. Thanks for coming on. >>Thank you, John. Great to be here. >>So DataRobot obviously in the big data business data is the big theme here. A lot of companies are in the marketplace selling data solutions. I just ran into snowflake person. I ran into another data analyst company, lot of, lot of data everywhere. You're seeing security. You're seeing insights a lot more going on with data than ever before. It's one of the most popular categories in the marketplace. Talk about DataRobot what you guys are doing. What's your product in there? Yeah, >>Absolutely. John. So we are an artificial intelligence machine learning platform company. We have been around for 10 years. This is this year marks our 10th anniversary and we provide a platform for data scientists and also citizen data scientists. So essentially wanna be data scientists on the business side to rapidly experiment with data and to get insights and then productionize ML models. So the 100% workflow that goes into identifying the data that you need for machine learning and then building models on top of that and operationalizing a, >>How big is the company, roughly employee count? What's the number in >>General general, about a thousand employees. And we have customers all over the world. Our biggest verticals are financial services, insurance, manufacturing, healthcare pharma, all the highly regulated, as well as our tech presence is also growing. And we have people spread across multiple geographies and I can't disclose a customer number, but needless to say, we have hundreds of customers across the >>World. A lot of customers. Yeah, yeah. You guys are well known in the industry have been following some of the recent news lately as well. Yeah. Obviously data's exploding. What in the marketplace are you guys offering? What's the pitch, someone hits the marketplace that wants to buy DataRobot what's the pitch. >>The pitch is if you're looking to get real value from your data science, personal investments and your data, then you have DataRobot that you can download from your AWS marketplace. You can do a free trial and essentially get from, get value from data in a matter of minutes and not months or quarters, that's generally associated with IML. And after that, if you want to purchase you, it's a private offer on, in the marketplace. So you need to call DataRobot representative, but AWS marketplace offers a fantastic distribution channel for us. >>Yeah. I mean, one of the things I heard Chris say, who's now heading up the marketplace and the partner network was the streamlining, a lot of the benefits for the sellers and for the buyers to have a great experience buyers. Clearly we see this as a macro trend, that's gonna only get stronger in terms of self-service buying bundling, having the console on AWS for low level services like infrastructure. But now you've got other business applications that like analytics applies to. You're seeing that work. Now he said things like than the keynote, I wanna get your reaction to like, we're gonna make this more like a C I C D pipeline. We're gonna have more native services built into AWS. What that means to me is that sounds like, oh, if I have a solution, like DataRobot, that can be more native into AWS level services. How do you see that working out for you guys is that play well for your strategy and your customers? What's the, what's the what's resonating with the >>Customers. It plays extremely well with the strategy. So I call this as a win, win, win strategy, win for DataRobot win for customers and win for AWS, which is our partner. And it's a win for DataRobot because the amount of people, the number of eyeballs that look at AWS marketplace, a significantly higher than, than the doors that we can go knock on. So it's a distribution multiplier for us. And the integration into AWS services that you're talking about. It is very important because in this day and age, we need to be interoperable with cloud player services that they offer, whether it is with SageMaker or Redshift, we support all of those. And it's a win for customers because customers, it is a very important growing buyer persona for DataRobot. Yeah. And they already have pre-committed spend with AWS and they can use the, those spend dollars for DataRobot to procure DataRobot. So it eases their procurement life cycle as >>Well. It's a forced multiplier on, on the revenue side, correct? I mean, as well as, as on the business front cost of sales, go down the cost of order dollar. Correct. This is good. Goodness. >>It's it's definitely sorry, just to finish my thought on the win for the partner for AWS. It's great win for them because they're getting the consumption from the partner side, to your point on the force multiplier. Absolutely. It is a force multiplier on the revenue side, and it's great for customers and us, because for us, we have seen that the deal size increases when there is the cloud commit that we can draw down for, for our customers, the procurement cycle shortens. And also we have multiple constituencies within the customers working together in a very seamless fashion. >>How has the procurement going through AWS helped your customers? What specific things are you seeing that are popping out as benefits to the customer? >>So from a procurement standpoint, we, we are early in our marketplace journey. We got listed about a year ago, but the amount of revenue that has gone through marketplace is pretty significant at DataRobot. We experienced like just in, by, I think this quarter until this quarter, we got like about 20 to 30 transactions that went through AWS marketplace. And that is significant within just a year of us operating on the marketplace. And the procurement becomes easier for our customers. Yeah. Because they trust AWS and we can put our legal paperwork through the AWS machine as well, which we haven't done yet. But if we do that, that'll be a further force multiplier because that's the, the less friction there is. >>I like how you say that it's a machine. Yeah. And if you think about the benefits too, like one of the things that I see happening, and I love to get your thoughts because I think this is what's happening here. Infrastructure services, I get that IAS done hardware I'm oversimplifying, but all the, all the goodness, but as customers have business apps and vertical market solutions, you got more AI involved. You need more data that's specialized for that use case. Or you need a business application. Those, you don't hear words like let's provision that app. I mean, your provision hardware and, and infrastructure, but the, the new net cloud native is that you provision turn on the apps. So you're seeing the wave of building apps are composing Lego blocks, if you will. So it seems like the customers are starting to assemble the solution, almost like deploying a service, correct. And just pressing a button. And it happens. This seems to be where the, the business apps are going. >>Yeah, absolutely. You agree for us? We are, we are a data science platform and for us being very close to the data that the customers have is very important. And where if, if the customer's data is in Redshift, we are close to there. So being very close to the hyperscale or ecosystem in that entire C I C D pipeline, and also the data platform pipeline is very important. >>You know, what's interesting is, is the data is such a big part of, I mean, DevOps infrastructure has code has been the movement for decade. Yeah. So throw security in there. It's dev SecOps. Yeah. That is the developer now. Yeah. They're running essentially what used to be it now the new ops is security and data. Yeah. You see, in those teams really level up to be highly high velocity data meshes, semantic layer. These are words I'm hearing in the industry around the big waves of data, having this mesh. Yeah. Having it connected. So you're starting to see data availability become more pervasive. And, and we see this as a way that's powering this next gen data science revolution where it's like the business person is now the data science person. >>That's exactly. That is, that is what DataRobot does the best. We were founded with the vision that we wanted to democratize the access to AI within enterprises. It shouldn't be restricted to a small group of people don't get me wrong. Data scientists also love DataRobot. They use DataRobot. But the mission is to enhance many, many hundreds of people within an organization to use data science, like how you use Tableau on a regular basis, how you use Microsoft Excel on a regular basis. We want to democratize AI. And when you want to democratize AI, you need to democratize access to data, which is, which could be stored in data marketplaces, which could be stored in data warehouses and push all the intelligence that we grab from that data into the E R P into the apps layer. Because at the end of the day, business users, customers consume predictions through applications layer. >>You know, it's interesting, you mentioned that comment about, you know, trying not to, to offend data scientists, it's actually a rising tide that the tsunami of data is actually making that population bigger too. Right. So correct. You also have data engineering, which has come out of the woodwork. We covered a lot on the cube, which is, you know, we call data as code. So infrastructure as code kind of a spoof on that. But the reality is that there's a lot more data engineering. I call that the smallest population. Those are the, those are the alphas, the alpha geeks. Yeah. Hardcore data operating systems, kind of education, data science, big pool growing. And then the users yeah. Are the new data science practitioners. Correct? Exactly. So kind of a, the landscape is you see that picture too, right? >>For sure. I mean, we, we have presence in all of those, right? Like data engineers are very important. Data scientists. Those are core users of DataRobot like, how can you develop thousands and hundreds of thousands of models without having to hand code? If you have to hand code, it takes months and years to solve one problem for one customer in one location. I mean, see how fast the microeconomic conditions are moving. And data engineers are very important because at the end of the day, yes, you do. You create the model, but you need to operationalize that model. You need to monitor that model for data drift. You need to monitor how the model is performing and you need to productionize the insights that you gain. And for that engineering effort is very important behind the scenes. Yeah. And the users at the end of the day, they are the ones who consume the predictions. >>Yeah. I mean the volume and, and the scale and scope of the data requires a lot of automation as well. Correct. Cause you had that on top of it. You gotta have a platform that's gonna do the heavy lifting. >>Correct. Exactly. The platform is we call it as an augmented platform. It augments data scientists by eliminating the tedious work that they don't want to do in their everyday life, which some of which is like feature engineering, right? It's a very high value add work. However, it takes like multiple iterations to understand which features in your data actually impact the outcome. >>This is where the SAS platform is a service is evolved and we call that super cloud, right. This new model where people can scale it out and up. So horizontally, scalable cloud, but vertically integrated into the applications. It's an integrator dilemma. Not so much correct innovators dilemma, as we say in the queue. Yeah. So I have to ask you, I'm a, I'm a buyer I'm gonna come to the marketplace. I want DataRobot why should they buy DataRobot what's in it for them? What's the key features of DataRobot for a company to hit the subscribe, buy button. >>Absolutely. Do you want to scale your data science to multiple projects? Do you want to be ahead of your competition? Do you want to make AI real? That is our pitch. We are not about doing data science for the sake of data science. We are about generating business value out of data science. And we have done it for hundreds of customers in multiple different verticals across the world, whether it is investment banks or regional banks or insurance companies or healthcare companies, we have provided real value out of data for them. And we have the knowhow in how to solve, whether it is your supply chain, forecasting, problem, demand, forecasting problem, whether it is your foreign exchange training problem, how to solve all these use cases with AI, with DataRobot. So if you want to be in the business of using your data and being ahead of your competitors, DataRobot is your tool log choice. >>Sure. Great to have you on the cube as a strategy officer, you gotta look at the chess board, right. And we're kind of in the mid game, I call it the cloud opening game was, you know, happened. Now we're in the mid game of cloud computing where you're seeing a lot of refactoring of opportunities where technologies and data is the key to success, being things secure and operationally, scalable, etcetera, et cetera. What's the key right now for the ecosystem as a strategy, look at the chessboard for data robots. Obviously marketplace is important strategy. Yeah. And bet for, for DataRobot. What else do you see for your company to be successful? And you could share with, with customers watching. >>Yeah. For us, we are in the intelligence layer, the data, the layer below us is the data layer. The layer about us is the applications and the engagement layer. DataRobot I mean, interoperability and ecosystem is important for every company, but for DataRobot it's extra important because we are in that middle of middle layer of intelligence. And we, we have to integrate with all different data warehouses out there enable our customers to pull the data out in a very, very faster way and then showcase all the predictions into, into their tool of choice. And from a chessboard perspective, I like your phrase of we are in the mid cycle of the cloud revolution. Yeah. And every cloud player has a data science platform, whether it is simple one or more complex one, or whether it has been around for quite some time or it's been latent features. And it is important for us that we have complimentary value proposition with all of them, because at the end of the day, we want to maximize our customer's choice. And DataRobot wants to be a neutral platform in supporting all the different vendors out there from a complementary standpoint, because you don't want to have a vendor lock in for your customers. So you create models in SageMaker. For example, you monitor those in DataRobot or you create models in DataRobot and monitor those in AWS so that you have to provide like a very flexible >>That's a solution architecture. >>Correct? Exactly. You have to provide a very flexible tech stack for your customers. >>Yeah. That's the choice. That's the choice. It's all good. Thank you for coming on the cube, sharing the data robot. So I really appreciate it. Thank >>You for coming. Thank you very much for the opportunity. >>Okay. Breaking it all down with the partners here, the marketplace, it's the future, obviously where people are gonna buy the buyers and sellers coming together, the partner network and marketplace, the big news here at 80 seller conference. I'm John ferry with the cube will be right back with more coverage after this short break.

>>We're back with the cube at Falcon 2022, Dave ante and Dave Nicholson. We're at the aria. We do obvious of course, a lot of events in Las Vegas. It's the, it's the place to do events. Dave, I think is my sixth or seventh time here this year. At least. I don't know. I lose track. Jeff Swayne is here. He's the vice president of global programs store and tech alliances at CrowdStrike. Jeff. Good to see again. We saw each other at reinvent in July in Boston. >>Yes. Have it's great to see you again, Dave. Thank you very >>Much. And we talked about making this happen, so it's thrilled to be here at, at, at CrowdStrike Falcon. We're gonna talk today about the CrowdStrike XDR Alliance partners. First of all, what's XDR >>Well, I hope you were paying attention to George's George's keynote this morning. I guess. You know, the one thing we know is that if you ask 10, five people, what XDR is you'll get 10 answers. >>I like this answer a holistic approach to endpoint security. I, that was a, >>It was good. Simple. That >>Was a good one at black hat. So, but tell us about the XDR Alliance partners program. Give us the update there. >>Yeah, so I mean, we spoke about it reinforced, you know, the XDR program is really predicated on having a robust ecosystem of partners to help us share that telemetry across all of the different parts of our customers' environment. So we've done a lot of work over the last few weeks and trying to bolster that environment, specifically, putting a, a lot of focus on firewall. You'll see that Cisco and fortunate have both joined the XD XDR Alliance. So we're working on that right now. A lot of customer demand for firewall data into the telemetry set. You know, obviously it's a very rich data environment. There's a lot of logs on firewalls. And so it drives a lot of, of, of information that we can, we can leverage. So we're continuing to grow that. And what we're doing is building out different content packs that support different use cases. So firewall is one CAS B is another emails another and we're building, building out the, the partner set right across the board. So it's, it's, it's been a, a great set of >>Activity. So it's it's partners that have data. Yep. There's probably some, you know, Joe, Tuchi your old boss used to say that that overlap is better than gaps. So there's sometimes there's competition, but that's from a customer standpoint, overlap is, is better than gaps. So you gonna mention Cisco forte and there are a number of others. They've got data. Yes. And they're gonna pump it into your system, our platform, and you've got the, your platform. You've got the ability to ingest. You've got the cloud native architecture, you've got the analytics and you've got the near real time analysis capability, right. >>Augmented by people as well, which is a really important part of our value proposition. You know, we, it's not just relying purely on AI, but we have a human, a human aspect to it as well to make sure we're getting extremely accurate responses. And then there's the final phase is the response phase. So being able to take action on a CASB, for example, when we have a known bad actor operating in the cloud is a really important, easy action for our customer to take. That's highly valuable. You're >>Talking about your threat hunting capability, right? >>So threat hunting and our Intel capability as well. We use all of that information as well as the telemetry to make sure we're making good, actionable >>Decisions, Intel being machine intelligence or, or human in >>Machine human and human and machine intelligence that we have. We have a whole business that's out there gathering Intel. I believe you're thinking to Adam Myers who runs that business. And you know, that Intel is critical to making good decisions for our customers. >>So the X and XDR is extended, correct. Extending to things like firewalls. That's pretty obvious in the security space. Are there some less obvious data sources that you look to extend to at some point? >>Yeah, I think we're gonna continually go with where the customer demand is. Firewalls is one of the first and email is very significant. Other one, you'll see that we're announcing support for Microsoft 365 as well as part of this, this announcement, but then we'll still grow out into the other areas. NDR is, you know, a specific area where we've already got a number of partners in that, in that space. And, and we'll grow that as we go. I think one of the really exciting additional elements is the, the OCS F announcement that we made at at, at, at, at reinforced, which also is a shared data scheme across a number of vendors as well. So talking to Mike's point Microsoft's point this morning in his keynote, it's really about the industry getting together to do better job for our customers. And XDR is the platform to do that. And crowd strikes it way of doing it is the only really true, visible way for a customer to get their hands on all that information, make the decision, see the good from the bad and take the action. So I feel like we're really well placed to help our customers in >>That space. Well, Kevin, Mandy referenced this too today, basically saying the industry's doing a better job of collaboration. I mean, sometimes I'm skeptical because we've certainly seen people try to, you know, commercialize private information, private reports. Yeah. But, but, but you're talking about, you know, some of your quasi competitors cooperatives, you know, actually partnering with you now. So that's a, that's a good indicator. Yeah. I want to step back a little bit, talk about the macro, the big conversation on wall street. Everybody wants to talk about the macro of course, for obvious reasons, we just published our breaking analysis, talking about you guys potentially being a generational company and sort of digging into that a little bit. We've seen, you know, cyber investments hold up a little bit better, both in terms of customer spending and of course the stock market better than tech broadly. Yeah. So in that case it would, it would suggest that cyber investments are somewhat non-discretionary. So, but that's is my question are cyber investments non-discretionary if so, how, >>You know, I think George George calls that out directly in our analyst reports as well that, you know, we believe that cyber is a non-discretionary spend, but I, I actually think it's more than that. I think in this current macro of economic environment where CIOs and CSOs are being asked to sweat their assets for a significantly longer period of time, that actually creates vulnerabilities because they have older kit, that's running for a longer period that they normally, you know, round out or churn out of their environment. They're not getting the investment to replace those laptops. They're not getting the investment to replace those servers. We have to sweat them for a little bit longer, longer, which means they need to be on top of the security posture of those devices. So that means that we need the best possible telemetry that we can get to protect those in the best possible way. So I actually think not only is it makes it non-discretionary, it actually increases the, the business case for, for, for taking on a, a cyber project. >>And I buy that. I buy that the business case is better potentially for cyber business case. And cyber is about, about risk reduction, right? It's about, it's about reducing expected loss. I, I, I, I, but the same time CISOs don't have an open wallet. They have to compete with other P and L managers. I also think the advantage for CrowdStrike I'm, I'm getting deeper into the architecture and beginning to understand the power of a lightweight agent that can do handle. I think you're up to 22 modules now, correct? Yes. I've got questions on how you keep that lightweight, but, but nonetheless, if you can consolidate the point tools, which is, you know, one of the biggest challenges that, that SecOps teams face that strengthens the ROI as well. >>Absolutely. And if you look at what George was saying this morning in the keynote, the combination of being able to provide tools, not only to the SecOps team, but the it ops team as well, being able to give the it ops team visibility on how many assets they have. I mean, these simple, these are simple questions that we should be able to answer. But often when we ask, you know, an operations leader, can you answer it? It sometimes it's hard for them. We actually have a lot of that information. So we are able to bring that into the platform. We're able to show them, we're able to show them where the assets are, where the vulnerabilities are against those assets and help it ops do a better job as well as SecOps. So the, the strength, the case strengths, as you said, the CSO can also be talking to the it ops budget. >>The edge is getting more real. We're certainly hearing a lot about it. Now we're seeing a lot more and you kind of got the, the near edge. It's like the home Depot and the lows, you know, stores okay. That I, I can get a better handle on, okay. How do I secure that? I've got some standards, but that's the far edge. It's, it's the, the OT yes. Piece of it. That's sort of the brave new world. What are you seeing there? How do you protect those far flung estates? >>I think this gets back to the question of what's what's new what's coming and where do we see the, the next set of workloads that we have to tackle? You know, when we came along first instance, we were really doing a lot of the on-prem on-prem and, and, and known cloud infrastructure suites. Then we started really tackling the broader cloud market with tools and technology to give visibility and control of the overall cloud environment. OT represents that next big addressable market for us, because there are so many questions around devices where they are, how old they are, what they're running. So visibility into the OT network is extremely, extremely important. And, you know, the, the wall that has existed again between the CISO and the OT environments coming down, we're seeing that's closer, closer alignment between the security on both those worlds. So the announcement that we've made around extending our Falcon discover product, to be able to receive and understand device information from the OT network and bring it into the same console as the, the it and the OT in the same console to give one cohesive picture of, of visibility of all of our devices is a major step forward for our customers and for, for the industry as well. >>And we see that being, being able to get the visibility will then lead us to a place of being able to build our AI models, build our response frameworks. So then we can go to a full EDR and then beyond that, there's, you know, all the other things that CrowdStrike do so well, but this is the first step to really the first step on control is visibility. And >>The OT guys are engineers. So they're obviously conscious of this stuff. It's, it's more it's again, you're extending that culture, isn't it? >>Yeah, yeah, yeah. Now when you're looking at threats, great, you want to do things to protect against those threats, but how much, how much of CrowdStrike's time is spent thinking about the friction that's involved in transactions? If I wanna go to the grocery store, think of me as an end point. If I wanna go to the grocery store, if I had to drive through three DUI checkpoints or car safety inspections, every time I went to the grocery store, I wouldn't be happy as an end point as an end user in this whole thing. Ideally, we'd be able just to be authenticated and then not have to worry about anything moving forward. Do you see that as your role, reducing friction >>100%, that's again, one of the core tenants of, of, of why George founded the company. I mean, he tells the story of sitting on an airplane and seeing an executive who was also on the airplane, trying to boot their machine up and trying, and get an email out before the plane took off and watching the scanning happen, you know, old school virus scanning happening on the laptop and, and that executive not making it because, and he is like in this day and age, how can we be holding people back with that much friction in their day to day life? So that's one of the, again, founding principles of what we do at CrowdStrike was the security itself needs to support business growth, support, user growth, and actually get out of the way of how people do things. And we've seen progression along that lines. I think the zero trust work that we're doing right now really helps with that as well. >>Our integrations into other companies that play within the zero trust space makes that frictionless experience for the user, because yeah, we, we, we want to be there. We want to know everything that's happening, but we don't want to see where we always want control points, but that's the value of the telemetry we take. We're taking all the data so that we can see everything. And then we pick what we want to review rather than having to do the, the checkpoint approach of stop here. Now, let me see your credentials stop here. And let me see your credentials because we have a full field of, of knowledge and information on what the device is doing and what the user is doing. We're able to then do the trust with verify style approach. >>So coming back to the, to the edge and IOT, you know, bringing that zero trust concept to the, to the edge you've got, you've got it and OT. Okay. So that's a new constituency, but you're consolidating that view. Your job gets harder. Doesn't it? So, so, so talk about how you resolve that. Do do the, do the concepts that you apply to traditional it endpoints apply at the edge. >>So first things we have to do is gain the visibility. And, and so the way in which we're doing that is effectively drawing information out from the OT environment at, by, by having a collector that's sitting there and bringing that into our console, which then will give us the ability to run our AI models and our other, you know, indications of attack or our indications of misconfiguration into the model. So we can see whether something's good or bad whilst we're doing that. Obviously we're also working on building specific sensors that will then sit in OT devices down, you know, one layer down from rather being collected and pulled and brought into the platform, being collected at the individual sensor level when we have that completed. And that requires a whole different ecosystem for us, it means that we have to engage with organizations like Rockwell and Siemens and Schneider, because they're the people who own the equipment, right? Yeah. And we have to certify with them to make sure that when we put technology onto their equipment, we're not going to cause any kind of critical failure that, you know, that could have genuine real world physical disastrous consequences. So we have to be super careful with how we build that, which we're we're in the process of doing >>Are the IOA signatures indicator as a tax. So I don't have to throw a dollar in the jar, are the IOA signatures substantially similar at, at the edge? I think >>We learn as we go, you know, first we have to gain the information and understand what good and bad looks like, what the kind of behaviors are there. But what we will see is that, you know, as someone's trying to make, if there's an actor, you know, making an attack, you know, we'll be able to see how they're affecting each of those end points individually, whether they're trying to take some form of control, whether they're switching them on and off in the edge and the far edge, it's a little bit more binary in terms of the kind of function of the device. It is the valve open or is the valve closed? It's is the production line running or is the production not line running, not running. So we need to be able to see that it's more about protecting the outcomes there as well. But again, you know, it's about first, we have to get the information. That's what this product will help us do. Get it into the platform, get our teams over the top of it, learn more about what's going on there and then be able to take action. >>But the key point is the architecture will scale. That's where the cloud native things >>Comes into. Yeah, it'll, it'll it'll scale. But to your, to your point about the lack of investment and infrastructure means older stuff means potentially wider gaps, bigger security holes, more opportunity for the security sector. Yep. I buy that. That makes sense. I think if it's a valid argument, when you, when you, when you know, we, we loosely talk about internet of things, edge, a lot of those things on the edge, there's probably a trillion dollars worth of a hundred year old garbage, and I'm only slightly exaggerating on the trillion and the a hundred years old, a lot of those critical devices that need to be sensed that are controlling our, our, our, our electrical grid. For example, a lot of those things need to be updated. So, so as you're pushing into that frontier, are you, you know, are, are you extending out developer kits and APIs to those people as they're developing those new things, right? Because some of the old stuff will never work. >>And that's what we're we're seeing is that there is a movement within the industrial control side of things to actually start, you know, doing this. Some, some simple things like removing the air gap from certain systems, because now we can build a system around it, that's trustable and supportable. So now we can get access there over, over and over a network over the internet to, to, to kind of control a valve set that's down a pipeline or something like that. So there is a, there is, there is willingness within the ecosystem, the, the IOT provider ecosystem to give us access to some of those, those controls, which, which wasn't there, which has led to some of some of these issues. Are we gonna be able to get to all of them? No, we're gonna have to make decisions based on customer demand, based on where the big, the big rock lie. And, and so we will continue to do that based on customer feedback on again, on what we see >>And the legacy air gaps in the OT worlds were by design for security reasons, or just sort of, >>I see. Because there was no way to, to do before. Right. So it was, was like >>Lack connectivity is, >>Yeah. So, so, so it was, people felt more comfortable sending an engineer route to the field truck roll. Yeah, yeah, yeah. To do it rather than expensive, rather. And, and exactly that, again, going back to our macro economic situation, you know, it's a very expensive way of managing and maintaining your fleet if you have to send someone to it every time. So there is a lot of there's, there's a lot of customer demand for change, and we're engaging in that change. And we want to see a huge opportunity there >>Coming back to the XDR Alliance, cuz that's kind of where we started. Where do you wanna see that go? What's your vision for that? >>So the Alliance itself has been fundamental in terms of now where we go with the overall platform. We are always constantly looking for customer feedback on where we go next on what additional elements to add. The, the Alliance members have video this fantastic time and effort in terms of engaging with us so that we can build in responses to their platforms, into, you know, into, into what we do. And they're seeing the value of it. I, I feel that over the next, you know, over the next two year period, we're gonna see those, our XDR Alliance and other XDR alliances growing out to get to each other and they will they'll touch each other. We will have to do it like this O project at AWS. And as that occurs, we're gonna be able to focus on customer outcomes, which is, you know, again, if you listen to George, you listen to Mike protecting the customers, the mission of CrowdStrike. So I think that's core to that, to, to that story. What we will see now is it's a great vehicle for us to give a structured approach to partnership. So we'll continue to invest in that. We've, we've got, we've got a pipeline of literally hundreds of, of partners who want to join. We've just gotta do that in a way that's consumable for us and consumable for the customer. >>Jeff Swain. Thanks so much for coming back in the cube. It's great to have you. Yeah. Thanks guys. Thank you. Okay. And thank you for watching Dave Nicholson and Dave ante. We'll be back right to this short break. You're watching the cube from Falcon 22 in Las Vegas, right back.

(upbeat music) >> We're back with Jerome West, the Product Management Security Lead for HCI at Dell Technologies Hyper-Converged Infrastructure. Jerome, welcome. >> Thank you, Dave. >> Hey, Jerome, in this series "A Blueprint for Trusted Infrastructure," we've been digging into the different parts of the infrastructure stack, including storage servers and networking, and now we want to cover hyper-converged infrastructure. So my first question is what's unique about HCI that presents specific security challenges? What do we need to know? >> So what's unique about hyper-converged infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system, so like a server or a storage system or a virtualization piece of software. I mean, HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft and internal partners, like the Dell Power Edge Team, the Dell Storage Team, the Dell Networking Team, and on and on. These partnerships and these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past, we're seeing growing scope and sophistication in supply chain attacks. This means an attacker is going to attack your software supply chain upstream, so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or a Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short-term solutions and we need long-term solutions as well. So for the short-term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio, we build our software on VMware. So we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily, VxRail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle, so that VMware will produce a patch, and within 14 days we will integrate our own code with the VMware release. We will have tested and validated the update, and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, VxRail had over 40 releases of software updates last year. For a longer term solution, we're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability, and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co-engineer with effective collaborations with our partners. >> Great, thank you for that description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, to me, my takeaway was you got to have a short-term instant patch solution and then you got to do an integration in a very short time, you know, two weeks to then have that integration done. And then longer-term, you have to have a software bill of materials so that you can ensure the provenance of all the components. Help us, is that a right way to think about cybersecurity resilience? Do you have, you know, additives to that definition? >> I do. I really think that cybersecurity and resilience for HCI, because like I said it has sort of unprecedented breadth across our portfolio. It's not a single thing. It's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me give you an example. So HCI, it's a basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtualizing hardware functionality, like say a storage controller. You could implement it in the hardware, but for HCI, for example, in our VxRail portfolio, our VxRail product, we integrated it into a product called vSan which is provided by our partner VMware. So that portfolio strength is still, you know, through our partnerships. So what we do, we integrate these security functionality and features into our product. So our partnership grows through our ecosystem through products like VMware products, like NSX, Horizon, Carbon Black and vSphere. All of them integrate seamlessly with VMware. And we also leverage VMware's software partnerships on top of that. So for example, VxRail supports multifactor authentication through vSphere's integration with something called Active Directory Federation Services or ADFS. So there is a lot of providers that support ADFS, including Microsoft Azure. So now we can support a wide array of identity providers such as Auth0, or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners' partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my answer, we consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >> Great, I mean, that's super helpful. You've mentioned NSX, Horizon, Carbon Black, all the you know, the VMware component, Auth0, which the developers are going to love. You got Azure Identity. So it's really an ecosystem. So you may have actually answered my next question, but I'm going to ask it anyway cause you've got this software-defined environment, and you're managing servers and networking and storage with this software-led approach. How do you ensure that the entire system is secure end to end? >> That's a really great question. So the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example VxRail is the market's only co-engineered solution with VMware. Other vendors sell VMware as a hyper-converged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code, and their process dovetails with ours because we have a secure development lifecycle which other products might talk about in their discussions with you, that we integrate into our engineering lifecycle. So because we follow the same framework, all of the code should inter-operate from a security standpoint. And so when we do our final validation testing, when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >> That's great. All right, let's close. Pitch me. What would you say is the strong suit, summarize the the strengths of the Dell hyper-converged infrastructure and converged infrastructure portfolio, specifically from a security perspective, Jerome? >> So I talked about how hyper-converged infrastructure simplifies security management because basically you're going to take all of these features that are abstracted in hardware. They're not abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be say, you know, for VxRail it would be vCenter, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the key to making, to HCI. Now what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co-engineered. It's not bolted on. So I gave the example of SBOM. I gave the example of how we modify our software release process with VMware to make it very responsive. A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell. It's not done through a partnership. So we digitally sign our software updates. So the user can be sure that the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for example, the benefit to the customer is you don't have to create a complicated security framework. That's hard for your users to use, and it's hard for your system administrators to manage. It all comes in a package, so it can be all managed through vCenter, for example. And then the specific hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few panes of glass that the administrator or user ever has to worry about. It's all self-contained and manageable. >> That makes a lot of sense. So you've got your own infrastructure. You're applying your best practices to that like the digital signatures. You've got your ecosystem. You're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason, Jerome, this is so important is because SecOps teams, you know, they got to deal with Cloud security. They got to deal with multiple Clouds. Now they have their shared responsibility model going across multiple. They got all this other stuff that they have to worry. They got to secure the containers and the run time and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the security is just going to get worse. So my takeaway is you're removing that infrastructure piece and saying, okay, guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners and your own teams to really nail that. Is that a fair summary? >> I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define and develop a new security feature, the thing I keep foremost in mind is will this be something our users want to use and our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user-friendly and practical. And this is a challenge sometimes because our products operate in highly regulated environments, and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and other highly regulated environments. And we're very successful there. >> Excellent, okay, Jerome, thanks. We're going to leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry, and so would appreciate that >> I would look forward to it. Thank you very much, Dave. >> You're really welcome. In a moment, I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. (upbeat music)