(upbeat music) >> We're back in Boston, theCUBE's coverage of Re:Inforce 2022. My name is Dave Vellante. Dave Hatfield is here. He's the co-CEO of Lacework. Dave, great to see again. Hat. >> Thanks Dave. >> Do you still go by Hat? >> Hat is good for me. (Dave V laughing) >> All right cool. >> When you call me David, I'm in trouble for something. (Dave V Laughing) So just call me Hat for now. >> Yeah, like my mom, David Paul. >> Exactly. >> All right. So give us the update. I mean, you guys have been on a tear. Obviously the Techlash, >> Yep. >> I mean, a company like yours, that has raised so much money. You got to be careful. But still, I'm sure you're not taking the foot off the gas. What's the update? >> Yeah no. We were super focused on our mission. We want to de deliver a cloud security for everybody. Make it easier for developers and builders, to do their thing. And we're fortunate to be in a situation, where people are in the early innings of moving into the cloud, you know. So our customers, largely digital natives. And now increasingly cloud migrants, are recognizing that in order to build fast, you know, in the cloud, they need to have a different approach to security. And, you know, it used to be that you're either going be really secure or really fast. And we wanted to create a platform that allowed you to have both. >> Yeah. So when you first came to theCUBE, you described it. We are the first company. And at the time, I think you were the only company, thinking about security as a data problem. >> Yeah. >> Explain what that means. >> Well, when you move to the cloud, you know, there's literally a quintillion data sets, that are out there. And it's doubling every several days or whatever. And so it creates a massive problem, in that the attack surface grows. And different than when you're securing a data center or device, where you have a very fixed asset, and you kind of put things around it and you kind of know how to do it. When you move to the shared ephemeral massive scale environment, you can't write rules, and do security the way you used to do it, for a data centers and devices. And so the insight for us was, the risk was the data, the upside was the data, you know? And so if you can harness all of this data, ingest it, process it, contextualize it, in the context of creating a baseline of what normal is for a company. And then monitor it constantly in real time. Figure out, you know, identify abnormal activity. You can deliver a security posture for a company, unlike anything else before. Because it used to be, you'd write a rule. You have a known adversary or a bad guy that's out there, and you constantly try and keep up with them for a very specific attack service. But when you move to the cloud, the attack service is too broad. And so, the risk of the massive amount of data, is also the solution. Which is how do you harness it and use it with machine learning and AI, to solve these problems. >> So I feel like for CISOs, the cloud is now becoming the first line of defense. >> Yep. The CISOs is now the second line. Maybe the auditing is the third line. I don't know. >> Yeah. >> But, so how do you work with AWS? You mentioned, you know, quadrillion. We heard, I think it was Steven Schmidt, who talked about in his keynote. A quadrillion, you know, data points of a month or whatever it was. That's 15 zeros. Mind boggling. >> Yeah. >> How do you interact with AWS? You know, where's your data come from? Are you able to inspect that AWS data? Is it all your own kind of first party data? How does that all work? >> Yeah, so we love AWS. I mean we ultimately, we started out our company building our own service, you know, on AWS. We're the first cloud native built on the cloud, for the cloud, leveraging data and harnessing it. So AWS enabled us to do that. And partners like Snowflake and others, allowed us to do that. But we are a multi-cloud solution too. So we allow builders and customers, to be able to have choice. But we'd go deep with AWS and say, the shared responsibility model they came up with. With partners and themselves to say, all right, who ultimately owns security? Like where is the responsibility? And AWS does a great job on database storage, compute networking. The customer is responsible for the OS, the platform, the workloads, the applications, et cetera, and the data. And that's really where we come in. And kind of help customers secure their posture, across all of their cloud environments. And so we take a cloud trail data. We look at all of the network data. We look at configuration data. We look at rules based data and policies, that customers might have. Anything we can get our hands on, to be able to ingest into our machine learning models. And everybody knows, the more data you put into a machine learning model, the finer grain it's going to be. The more insightful and the more impactful it's going to be. So the really hard computer science problem that we set out to go do seven years ago, when we founded the company, was figure out a way to ingest, process, and contextualize mass amounts of data, from multiple streams. And the make sense out of it. And in the traditional way of protecting customers' environments, you know, you write a rule, and you have this linear sort of connection to alerts. And so you know, if you really want to tighten it down and be really secure, you have thousands of alerts per day. If you want to move really fast and create more risk and exposure, turn the dial the other way. And you know, we wanted to say, let's turn it all the way over, but maintain the amount of alerts, that really are only the ones that they need to go focus on. And so by using machine learning and artificial intelligence, and pulling all these different disparate data systems into making sense of them, we can take, you know, your alert volume from thousands per day, to one or two high fidelity critical alerts per day. And because we know the trail, because we're mapping it through our data graph, our polygraph data platform, the time to remediate a problem. So figure out the needle in the haystack. And the time to remediate is 90, 95% faster, than what you have to do on your own. So we want to work with AWS, and make it really easy for builders to use AWS services, and accelerate their consumption of them. So we were one of the first to really embrace Fargate and Graviton. We're embedded in Security Hub. We're, you know, embedded in all of the core platforms. We focus on competencies, you know. So, you know, we got container competency. We've got security and compliance competencies. And we really just want to continue to jointly invest with AWS. To deliver a great customer outcome and a really integrated seamless solution. >> I got a lot to unpack there. >> Okay. >> My first question is, what you just described, that needle in the haystack. You're essentially doing that in near real time? >> Yep. >> Or real time even, with using AI inferencing. >> Yeah. >> Describe it a little better. >> You're processing all of this data, you know, how do you do so efficiently? You know. And so we're the fastest. We do it in near real time for everything. And you know, compared to our competitors, that are doing, you know, some lightweight side scanning technology, and maybe they'll do a check or a scan once a day or twice a day. Well, the adversaries aren't sleeping, you know, over the other period of time. So you want to make it as near real time as you can. For certain applications, you know, you get it down into minutes. And ideally over time, you want to get it to actual real time. And so there's a number of different technologies that we're deploying, and that we're putting patents around. To be able to do as much data as you possibly can, as fast as you possibly can. But it varies on the application of the workload. >> And double click in the technology. >> Yeah. >> Like tell me more about it. What is it? Is it a purpose-built data store? >> Yeah. Is it a special engine? >> Yeah. There's two primary elements to it. The first part is the polygraph data platform. And this is this ingestion engine, the processing engine, you know, correlation engine. That has two way APIs, integrates into your workflows, ingests as much data as we possibly can, et cetera. And unifies all the data feeds that you've got. So you can actually correlate and provide context. And security now in the cloud, and certainly in the future, the real value is being able to create context and correlate data across the board. And when you're out buying a bunch of different companies, that have different architectures, that are all rules based engines, and trying to stitch them together, they don't talk to each other. And so the hard part first, that we wanted to go do, was build a cloud native platform, that was going to allow us to build applications, that set on top of it. And that, you know, handled a number of different security requirements. You know, behavior based threat detection, obviously is one of the first services that we offered, because we're correlating all this data, and we're creating a baseline, and we're figuring out what normal is. Okay, well, if your normal behavior is this. What's abnormal? So you can catch not only a known bad threat, you know, with rules, et cetera, that are embedded into our engines, but zero day threats and unknown unknowns. Which are the really scary stuff, when you're in the cloud. So, you know, we've got, you know, application, you know, for behavioral threat detection. You have vulnerability management, you know. Where you're just constantly figuring out, what vulnerabilities do I have across my development cycle and my run time cycle, that I need to be able to keep up on, and sort of patch and remediate, et cetera. And then compliance. And as you're pulling all these data points in, you want to be able to deliver compliance reports really efficiently. And the Biden Administration, you know, is issuing, you know, all of these, you know, new edicts for regulations. >> Sure. Obviously countries in, you know, in Europe. They have been way ahead of the US, in some of these regulations. And so they all point to a need for continuous monitoring of your cloud environment, to ensure that you're, you know, in real time, or near real time complying with the environments. And so being able to hit a button based on all of this data and, you know, deliver a compliance report for X regulation or Y regulation, saves a lot of time. But also ensures customers are secure. >> And you mentioned your multi-cloud, so you started on AWS. >> Yeah. >> My observation is that AWS isn't out trying to directly, I mean, they do some monetization of their security, >> Yep. >> But it's more like security here it is, you know. Use it. >> Yeah. >> It comes with the package. Whereas for instance, take Microsoft for example, I mean, they have a big security business. I mean, they show up in the spending surveys. >> Yeah. >> Like wow, off the charts. So sort of different philosophies there. But when you say you're Multicloud, you're saying, okay, you run on AWS. Obviously you run on Azure. You run on GCP as well. >> Yeah. Yep. >> We coin this term, Supercloud, Dave. It's it's like Multicloud 2.0. The idea is it's a layer above the clouds, that hides the underlying complexity. >> Yep. >> You mentioned Graviton. >> Yep. >> You worry about Graviton. Your customer don't, necessarily. >> We should be able to extract that. >> Right. But that's going to be different than what goes on Microsoft. With Microsoft primitives or Google primitives. Are you essentially building a Supercloud, that adds value. A layer, >> Yeah. >> on top of those Hyperscalers. >> Yeah. >> Or is it more, we're just going to run within each of those individual environments. >> Yeah. No we definitely want to build the Security OS, you know, that sort of goes across the Supercloud, as you talk about. >> Yeah. >> I would go back on one thing that you said, you know, if you listen to Andy or Adam now, talk about AWS services, and all the future growth that they have. I mean, security is job one. >> Yeah. Right, so AWS takes security incredibly seriously. They need to. You know, they want to be able to provide confidence to their customers, that they're going to be able to migrate over safely. So I think they do care deeply it. >> Oh, big time. >> And are delivering a number of services, to be able to do it for their customers,. Which is great. We want to enhance that, and provide Multicloud flexibility, deeper dives on Kubernetes and containers, and just want to stay ahead, and provide an option for companies. You know, when you're operating in AWS, to have better or deeper, more valuable, more impactful services to go layer on top. >> I see. >> And then provide the flexibility, like you said, of, hey look, I want to have a consistent security posture across all of my clouds. If I choose to use other clouds. And you don't, the schema are different on all three. You know, all of the protocols are different, et cetera. And so removing all of that complexity. I was just talking with the CISO at our event last night, we had like 300 people at this kind of cocktail event. Boston's pretty cool in the summertime. >> Yeah. Boston in July is great. >> It's pretty great. They're like going, look, we don't want to hire a Azure specialist, and a AWS specialist, and you know, a GCP specialist. We don't want to have somebody that is deep on just doing container security, or Kubernetes security. Like we want you to abstract all of that. Make sense of it. Stay above it. Continue to innovate. So we can actually do what we want to do. Which is, we want to build. We want to build fast. Like the whole point here, is to enable developers to do their job without restriction. And they intuitively want to have, and build secure applications. And, you know, because they recognize the importance of it. But if it slows them down. They're not going to do it. >> Right. >> And so we want to make that as seamless as possible, on top of AWS. So their developers feel confident. They can move more and more applications over. >> So to your point about AWS, I totally agree. I mean, security's job one. I guess the way I would say it is, from a monetization standpoint. >> Yeah. >> My sense is AWS, right now anyway, is saying we want the ecosystem, >> Yeah. >> to be able to monetize. >> Yeah. >> We're going to leave that meat on the bone for those guys. Whereas Microsoft is, they sometimes, they're certainly competitive with the ecosystem, sometimes. End point. >> Yeah. >> They compete with CrowdStrike. There's no question about it. >> Yeah. >> Are they competitive with you in some cases? Or they're not there yet. Are you different. >> Go talk to George, about what he thinks about CrowdStrike and I, versus Microsoft. (Dave V laughing) >> Well, yeah. (Dave H laughing) A good point in terms of the depth of capability. >> Yeah. >> But there's definitely opportunities for the ecosystem there as well. >> Yeah. But I think on certain parts of that, there are more, there's higher competitiveness, than less. I think in the cloud, you know, having flexibility and being open, is kind of core to the cloud's premise. And I think all three of the Hyperscalers, want to provide a choice for customers. >> Sure. >> And they want to provide flexibility. They obviously, want to monetize as much as they possibly can too. And I think they have varying strategies of those. And I do think AWS is the most open. And they're also the biggest. And I think that bodes well for what the marketplace really wants. You know, if you are a customer, and you want to go all in for everything, with one cloud. All right, well then maybe you use their security stack exclusively. But that's not the trend on where we're going. And we're talking about a $154 billion market, growing at, you know, 15% for you. It's a $360 billion market. And one of the most fragmented in tech. Customers do want to consolidate on platforms. >> Absolutely. >> If they can consolidate on CSPs, or they consolidate on the Supercloud, I'm going to steal that from you, with the super cloud. You know, to be able to, you know, have a consistent clarity posture, for all of your workloads, containers, Kubernetes, applications, across multiple clouds. That's what we think customers want. That's what we think customers need. There's opportunity for us to build a really big, iconic security business as well. >> I'm going to make you laugh. Because, so AWS doesn't like the term Supercloud. And the reason is, because it implies that they're the infrastructure, kind of commodity layer. And my response is, you'll appreciate this, is Pure Storage has 70% gross margin. >> Yeah. Yep. >> Right. Look at Intel. You've got Graviton. You control, you can have Intel, like gross margin. So maybe, your infrastructure. But it's not necessarily commodity, >> Yeah. >> But it leaves, to me, it leaves the ecosystem value. Companies like Lacework. >> Amazon offers 220 something services, for customers to make their lives easier. There's all kinds of ways, where they're actually focusing on delivering value, to their customers that, you know, is far from commodity and always will be. >> Right. >> I think when it comes to security, you're going to have, you're going to need security in your database. Your storage. Your network compute. They do all of that, you know, monetize all of that. But customers also want to, you know, be able to have a consistent security posture, across the Supercloud. You know, I mean, they don't have time. I think security practitioners, and security hiring in general, hasn't had unemployment for like seven or 10 years. It's the hardest place to find quality people. >> Right. >> And so our goal, is if we can up level and enable security practitioners, and DevSecOps teams, to be able to do their job more efficiently, it's a good thing for them. It's a win for them. And not having to be experts, on all of these different environments, that they're operating in. I think is really important. >> Here's the other thing about Supercloud. And I think you'll appreciate this. You know, Andreesen says, all companies are software companies. Well, all companies are becoming SAS and Cloud companies. >> Yeah. >> So you look at Capital One. What they're doing with on Snowflake. You know, Goldman what they're doing with AWS. Oracle by Cerner, you know that. So industries, incumbents, are building their own Superclouds. They don't want to deal with all this crap. >> Yeah. >> They want to add their own value. Their own tools. Their own software. And their own data. >> Yeah. >> And actually serve their specific vertical markets. >> Yeah. A hundred percent. And they also don't want tools, you know. >> Right. >> I think when you're in the security business. It's so fragmented, because you had to write a rule for everything, and they were super nuanced. When you move to a data driven approach, and you actually have a platform, that removes the need to actually have very nuanced, specific expertise across all these different. Because you're combining it into your baseline and understanding it. And so, customers want to move from, you know, one of the biggest banks in North America, has 550 different point solutions for security. Thousands of employees to go manage all of this. They would love to be able to consolidate around a few platforms, that integrate the data flows, so they can correlate value across it. And this platform piece is really what differentiates our approach. Is that we already have that built. And everybody else is sort of working backwards from Legacy approaches, or from a acquired companies. We built it natively from the ground up. Which we believe gives us an advantage for our customers. An advantage of time to market speed, efficacy, and a much lower cost. Because you can get rid of a bunch of point solutions in the process. >> You mentioned Devs. Did you, you know, that continuous experience across clouds. >> Yep. >> Do you have like the equivalent of a Super PAs layer, that is specific to your use case? Or are you kind of using, I mean, I know you use off the shelf tooling, >> Yep. >> you allow your developers to do so, but is, is the developer experience consistent across the clouds? That's really what I'm asking? >> Well, I think it is. I mean, I was talking to another CEO of a company, you know, on the floor here, and it's focusing on the build side. You know we focus on both the build and the run time. >> Right. >> And we were talking about, you know, how many different applications, or how fragmented the developer experience is, with all the different tools that they have. And it's phenomenal. I mean, like this, either through acquisition or by business unit. And developers, like to have choice. Like they don't like to be told what to do or be standardized, you know, by anybody. Especially some compliance organization or security organization. And so, it's hard for them to have a consistent experience, that they're using a bunch of different tools. And so, yeah. We want to be able to integrate into whatever workload, a workflow a customer uses, in their Dev cycle, and then provide consistent security on top of it. I mean, for our own company, you know, we got about a thousand people. And a lot of them are developers. We want to make it as consistent as we possibly can, so they can build code, to deliver security efficacy, and new applications and new tools for us. So I think where you can standardize and leverage a platform approach, it's always going to be better. But the reality is, especially in large existing companies. You know, they've got lots of different tools. And so you need to be able to set above it. Integrate with it and make it consistent. And security is one of those areas, where having a consistent view, a consistent posture, a consistent read, that you can report to the board, and know that your efficacy is there. Whatever environment you're in. Whatever cloud you're on. Is super, super critical. >> And in your swim lane, you're providing that consistency, >> Yep. >> for Devs. But you're right. You've got to worry about containers. You got to worry about the run time. You got to worry about the platform. The DevSecOps team is, you know, becoming the new line of defense, right? I mean, security experts. >> Absolutely. Well, we have one customer, that we just have been working with for four years ago. And it's, you know, a Fortune, a Global 2000 company. Bunch of different industries grew through acquisition, et cetera. And four years ago, their CTO said, we're moving to the cloud. Because we want to drive efficiency and agility, and better service offerings across the board. And so he has engineering. So he has Dev, you know. He has operations. And he has security teams. And so organizationally, I think that'll be the model, as companies do follow entries in to sort of, you know, quote. Become software companies and move on their digital journeys. Integrating the functions of DevSecOps organizationally, and then providing a platform, and enabling platform, that makes their jobs easier for each of those personas. >> Right. >> Is what we do. You want to enable companies to shift left. And if you can solve the problems in the code, on the front end, you know, before it gets out on the run time. You're going to solve, you know, a lot of issues that exist. Correlating the data, between what's happening in your runtime, and what's happening in your build time, and being able to fix it in near realtime. And integrate with those joint workflows. We think is the right answer. >> Yeah. >> Over the long haul. So it's a pretty exciting time. >> Yeah. Shift left, ops team shield right. Hat, great to see you again. >> Good to see you, Dave. >> Thanks so much for coming on theCUBE. >> Thanks a lot. >> All Right. Keep it right there. We'll be back. Re:Inforce 2022. You're watching theCUBE from Boston. (calming music)

>> From theCUBE Studios in Palo Alto and Boston bringing you data driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> After a two year hiatus, AWS re:Inforce is back on as an in-person event in Boston next week. Like the All-Star break in baseball, re:Inforce gives us an opportunity to evaluate the cyber security market overall, the state of cloud security and cross cloud security and more specifically what AWS is up to in the sector. Welcome to this week's Wikibon cube insights powered by ETR. In this Breaking Analysis we'll share our view of what's changed since our last cyber update in May. We'll look at the macro environment, how it's impacting cyber security plays in the market, what the ETR data tells us and what to expect at next week's AWS re:Inforce. We start this week with a checkpoint from Breaking Analysis contributor and stock trader Chip Simonton. We asked for his assessment of the market generally in cyber stocks specifically. So we'll summarize right here. We've kind of moved on from a narrative of the sky is falling to one where the glass is half empty you know, and before today's big selloff it was looking more and more like glass half full. The SNAP miss has dragged down many of the big names that comprise the major indices. You know, earning season as always brings heightened interest and this time we're seeing many cross currents. It starts as usual with the banks and the money centers. With the exception of JP Morgan the numbers were pretty good according to Simonton. Investment banks were not so great with Morgan and Goldman missing estimates but in general, pretty positive outlooks. But the market also shrugged off IBM's growth. And of course, social media because of SNAP is getting hammered today. The question is no longer recession or not but rather how deep the recession will be. And today's PMI data was the weakest since the start of the pandemic. Bond yields continue to weaken and there's a growing consensus that Fed tightening may be over after September as commodity prices weaken. Now gas prices of course are still high but they've come down. Tesla, Nokia and AT&T all indicated that supply issues were getting better which is also going to help with inflation. So it's no shock that the NASDAQ has done pretty well as beaten down as tech stocks started to look oversold you know, despite today's sell off. But AT&T and Verizon, they blamed their misses in part on people not paying their bills on time. SNAP's huge miss even after guiding lower and then refusing to offer future guidance took that stock down nearly 40% today and other social media stocks are off on sympathy. Meta and Google were off, you know, over 7% at midday. I think at one point hit 14% down and Google, Meta and Twitter have all said they're freezing new hires. So we're starting to see according to Simonton for the first time in a long time, the lower income, younger generation really feeling the pinch of inflation. Along of course with struggling families that have to choose food and shelter over discretionary spend. Now back to the NASDAQ for a moment. As we've been reporting back in mid-June and NASDAQ was off nearly 33% year to date and has since rallied. It's now down about 25% year to date as of midday today. But as I say, it had been, you know much deeper back in early June. But it's broken that downward trend that we talked about where the highs are actually lower and the lows are lower. That's started to change for now anyway. We'll see if it holds. But chip stocks, software stocks, and of course the cyber names have broken those down trends and have been trading above their 50 day moving averages for the first time in around four months. And again, according to Simonton, we'll see if that holds. If it does, that's a positive sign. Now remember on June 24th, we recorded a Breaking Analysis and talked about Qualcomm trading at a 12 X multiple with an implied 15% growth rate. On that day the stock was 124 and it surpassed 155 earlier this month. That was a really good call by Simonton. So looking at some of the cyber players here SailPoint is of course the anomaly with the Thoma Bravo 7 billion acquisition of the company holding that stock up. But the Bug ETF of basket of cyber stocks has definitely improved. When we last reported on cyber in May, CrowdStrike was off 23% year to date. It's now off 4%. Palo Alto has held steadily. Okta is still underperforming its peers as it works through the fallout from the breach and the ingestion of its Auth0 acquisition. Meanwhile, Zscaler and SentinelOne, those high flyers are still well off year to date, with Ping Identity and CyberArk not getting hit as hard as their valuations hadn't run up as much. But virtually all these tech stocks generally in cyber issues specifically, they've been breaking their down trend. So it will now come down to earnings guidance in the coming months. But the SNAP reaction is quite stunning. I mean, the environment is slowing, we know that. Ad spending gets cut in that type of market, we know that too. So it shouldn't be a huge surprise to anyone but as Chip Simonton says, this shows that sellers are still in control here. So it's going to take a little while to work through that despite the positive signs that we're seeing. Okay. We also turned to our friend Eric Bradley from ETR who follows these markets quite closely. He frequently interviews CISOs on his program, on his round tables. So we asked to get his take and here's what ETR is saying. Again, as we've reported while CIOs and IT buyers have tempered spending expectations since December and early January when they called for an 8% plus spending growth, they're still expecting a six to seven percent uptick in spend this year. So that's pretty good. Security remains the number one priority and also is the highest ranked sector in the ETR data set when you measure in terms of pervasiveness in the study. Within security endpoint detection and extended detection and response along with identity and privileged account management are the sub-sectors with the most spending velocity. And when you exclude Microsoft which is just dominant across the board in so many sectors, CrowdStrike has taken over the number one spot in terms of spending momentum in ETR surveys with CyberArk and Tanium showing very strong as well. Okta has seen a big dropoff in net score from 54% last survey to 45% in July as customers maybe put a pause on new Okta adoptions. That clearly shows in the survey. We'll talk about that in a moment. Look Okta still elevated in terms of spending momentum, but it doesn't have the dominant leadership position it once held in spend velocity. Year on year, according to ETR, Tenable and Elastic are seeing the biggest jumps in spending momentum, with SailPoint, Tanium, Veronis, CrowdStrike and Zscaler seeing the biggest jump in new adoptions since the last survey. Now on the downside, SonicWall, Symantec, Trellic which is McAfee, Barracuda and TrendMicro are seeing the highest percentage of defections and replacements. Let's take a deeper look at what the ETR data tells us about the cybersecurity space. This is a popular view that we like to share with net score or spending momentum on the Y axis and overlap or pervasiveness in the data on the X axis. It's a measure of presence in the data set we used to call it market share. With the data, the dot positions, you see that little inserted table, that's how the dots are plotted. And it's important to note that this data is filtered for firms with at least 100 Ns in the survey. That's why some of the other ones that we mentioned might have dropped off. The red dotted line at 40% that indicates highly elevated spending momentum and there are several firms above that mark including of course, Microsoft, which is literally off the charts in both dimensions in the upper right. It's quite incredible actually. But for the rest of the pack, CrowdStrike has now taken back its number one net score position in the ETR survey. And CyberArk and Okta and Zscaler, CloudFlare and Auth0 now Okta through the acquisition, are all above the 40% mark. You can stare at the data at your leisure but I'll just point out, make three quick points. First Palo Alto continues to impress and as steady as she goes. Two, it's a very crowded market still and it's complicated space. And three there's lots of spending in different pockets. This market has too many tools and will continue to consolidate. Now I'd like to drill into a couple of firms net scores and pick out some of the pure plays that are leading the way. This series of charts shows the net score or spending velocity or granularity for Okta, CrowdStrike, Zscaler and CyberArk. Four of the top pure plays in the ETR survey that also have over a hundred responses. Now the colors represent the following. Bright red is defections. We're leaving the platform. The pink is we're spending less, meaning we're spending 6% or worse. The gray is flat spend plus or minus 5%. The forest green is spending more, i.e, 6% or more and the lime green is we're adding the platform new. That red dotted line at the 40% net score mark is the same elevated level that we like to talk about. All four are above that target. Now that blue line you see there is net score. The yellow line is pervasiveness in the data. The data shown in each bar goes back 10 surveys all the way back to January 2020. First I want to call out that all four again are seeing down trends in spending momentum with the whole market. That's that blue line. They're seeing that this quarter, again, the market is off overall. Everybody is kind of seeing that down trend for the most part. Very few exceptions. Okta is being hurt by fewer new additions which is why we highlighted in red, that red dotted area, that square that we put there in the upper right of that Okta bar. That lime green, new ads are off as well. And the gray for Okta, flat spending is noticeably up. So it feels like people are pausing a bit and taking a breather for Okta. And as we said earlier, perhaps with the breach earlier this year and the ingestion of Auth0 acquisition the company is seeing some friction in its business. Now, having said that, you can see Okta's yellow line or presence in the data set, continues to grow. So it's a good proxy from market presence. So Okta remains a leader in identity. So again, I'll let you stare at the data if you want at your leisure, but despite some concerns on declining momentum, notice this very little red at these companies when it comes to the ETR survey data. Now one more data slide which brings us to our four star cyber firms. We started a tradition a few years ago where we sorted the ETR data by net score. That's the left hand side of this graphic. And we sorted by shared end or presence in the data set. That's the right hand side. And again, we filtered by companies with at least 100 N and oh, by the way we've excluded Microsoft just to level the playing field. The red dotted line signifies the top 10. If a company cracks the top 10 in both spending momentum and presence, we give them four stars. So Palo Alto, CrowdStrike, Okta, Fortinet and Zscaler all made the cut this time. Now, as we pointed out in May if you combined Auth0 with Okta, they jumped to the number two on the right hand chart in terms of presence. And they would lead the pure plays there although it would bring down Okta's net score somewhat, as you can see, Auth0's net score is lower than Okta's. So when you combine them it would drag that down a little bit but it would give them bigger presence in the data set. Now, the other point we'll make is that Proofpoint and Splunk both dropped off the four star list this time as they both saw marked declines in net score or spending velocity. They both got four stars last quarter. Okay. We're going to close on what to expect at re:Inforce this coming week. Re:Inforce, if you don't know, is AWS's security event. They first held it in Boston back in 2019. It's dedicated to cloud security. The past two years has been virtual and they announced that reinvent that it would take place in Houston in June, which everybody said, that's crazy. Who wants to go to Houston in June and turns out nobody did so they postponed the event, thankfully. And so now they're back in Boston, starting on Monday. Not that it's going to be much cooler in Boston. Anyway, Steven Schmidt had been the face of AWS security at all these previous events as the Chief Information Security Officer. Now he's dropped the I from his title and is now the Chief Security Officer at Amazon. So he went with Jesse to the mothership. Presumably he dropped the I because he deals with physical security now too, like at the warehouses. Not that he didn't have to worry about physical security at the AWS data centers. I don't know. Anyway, he and CJ Moses who is now the new CISO at AWS will be keynoting along with some others including MongoDB's Chief Information Security Officer. So that should be interesting. Now, if you've been following AWS you'll know they like to break things down into, you know, a couple of security categories. Identity, detection and response, data protection slash privacy slash GRC which is governance, risk and compliance, and we would expect a lot more talk this year on container security. So you're going to hear also product updates and they like to talk about how they're adding value to services and try to help, they try to help customers understand how to apply services. Things like GuardDuty, which is their threat detection that has machine learning in it. They'll talk about Security Hub, which centralizes views and alerts and automates security checks. They have a service called Detective which does root cause analysis, and they have tools to mitigate denial of service attacks. And they'll talk about security in Nitro which isolates a lot of the hardware resources. This whole idea of, you know, confidential computing which is, you know, AWS will point out it's kind of become a buzzword. They take it really seriously. I think others do as well, like Arm. We've talked about that on previous Breaking Analysis. And again, you're going to hear something on container security because it's the hottest thing going right now and because AWS really still serves developers and really that's what they're trying to do. They're trying to enable developers to design security in but you're also going to hear a lot of best practice advice from AWS i.e, they'll share the AWS dogfooding playbooks with you for their own security practices. AWS like all good security practitioners, understand that the keys to a successful security strategy and implementation don't start with the technology, rather they're about the methods and practices that you apply to solve security threats and a top to bottom cultural approach to security awareness, designing security into systems, that's really where the developers come in, and training for continuous improvements. So you're going to get heavy doses of really strong best practices and guidance and you know, some good preaching. You're also going to hear and see a lot of partners. They'll be very visible at re:Inforce. AWS is all about ecosystem enablement and AWS is going to host close to a hundred security partners at the event. This is key because AWS doesn't do it all. Interestingly, they don't even show up in the ETR security taxonomy, right? They just sort of imply that it's built in there even though they have a lot of security tooling. So they have to apply the shared responsibility model not only with customers but partners as well. They need an ecosystem to fill gaps and provide deeper problem solving with more mature and deeper security tooling. And you're going to hear a lot of positivity around how great cloud security is and how it can be done well. But the truth is this stuff is still incredibly complicated and challenging for CISOs and practitioners who are understaffed when it comes to top talent. Now, finally, theCUBE will be at re:Inforce in force. John Furry and I will be hosting two days of broadcast so please do stop by if you're in Boston and say hello. We'll have a little chat, we'll share some data and we'll share our overall impressions of the event, the market, what we're seeing, what we're learning, what we're worried about in this dynamic space. Okay. That's it for today. Thanks for watching. Thanks to Alex Myerson, who is on production and manages the podcast. Kristin Martin and Cheryl Knight, they helped get the word out on social and in our newsletters and Rob Hoff is our Editor in Chief over at siliconangle.com. You did some great editing. Thank you all. Remember all these episodes they're available, this podcast. Wherever you listen, all you do is search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com. You can get in touch with me by emailing avid.vellante@siliconangle.com or DM me @dvellante, or comment on my LinkedIn post and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching and we'll see you in Boston next week if you're there or next time on Breaking Analysis (soft music)

>> Narrator: From around the globe, It's theCUBE! Covering Fortinet Security Summit, brought to you by Fortinet. >> And welcome to the cube coverage here at the PGA champion-- Fortinet championship, where we're going to be here for Napa valley coverage of Fortinet's, the championships security summit, going on Fortinet, sponsoring the PGA, but a great guest Merritt Baer, who's the principal in the office of the CISO at Amazon web services. Great to see you. Thanks for coming on. >> Merritt: Thank you for having me. It's good to be here. >> So Fortinet, uh, big brand now, sponsoring the PGA. Pretty impressive that they're getting out there with the golf. It's very enterprise focused, a lot of action. A lot of customers here. >> Merritt: It seems like it, for sure. >> Bold move. Amazon, Amazon web services has become the gold standard in terms of cloud computing, seeing DevOps people refactoring. You've seen the rise of companies like Snowflake building on Amazon. People are moving not only to the cloud, but they're refactoring their business and security is top of mind for everyone. And obviously cybersecurity threats that Fortinet helps cover, you guys are partnering with them, is huge. What is your state of the union for cyber? What's the current situation with the threat landscape? Obviously there's no perimeter in the cloud. More end points are coming on board. The Edge is here. 5G, wavelength with outpost, a lot happening. >> That was a long question, but I'll, I'll try. So I think, you know, as always business in innovation is the driver. And security needs to be woven into that. And so I think increasingly we're seeing security not be a no shop, but be an enabler. And especially in cloud, when we're talking about the way that you do DevOps with security, I know folks don't like the term DevSecOps, but you know, to be able to do agile methodology and be able to do the short sprints that are really agile and, and innovative where you can-- So instead of nine months or whatever, nine week timelines, we're talking about short sprints that allow you to elastically scale up and down and be able to innovate really creatively. And to do that, you need to weave in your security because there's no like, okay, you pass go, you collect $200. Security is not an after the fact. So I think as part of that, of course the perimeter is dead, long live the perimeter, right? It does matter. And we can talk about that a little bit. You know, the term zero trust is really hot right now. We can dig into that if that's of interest. But I think part of this is just the business is kind of growing up. And as you alluded to we're at the start of what I think is an S curve that is just at the beginning. >> You know, I was really looking forward to Reinforced this year. It was got canceled last year, but the first inaugural event was in Boston. I remember covering that. This year it was virtual, but the keynote Steven gave was interesting, security hubs at the center of it. And I want to ask you, because I need you to share your view on how security's changed with the cloud, because there's now new things that are there to take advantage of if you're a business or an enterprise, yeah on premises, there's a standard operating procedure. You have the perimeter, et cetera. That's not there anymore, but with the cloud, there's a new, there's new ways to protect and security hub is one. What are some of the new things that cloud enables for security? >> Well, so just to clarify, like perimeters exist logically just like they do physically. So, you know, a VPC for example, would be a logical perimeter and that is very relevant, or a VPN. Now we're talking about a lot of remote work during COVID, for example. But one of the things that I think folks are really interested with Security Hub is just having that broad visibility and one of the beauties of cloud is that, you get this tactile sense of your estate and you can reason about it. So for example, when you're looking at identity and access management, you can look at something like access analyzer that will under the hood be running on a tool that our, our group came up with that is like reasoning about the permissions, because you're talking about software layers, you're talking about computer layer reasoning about security. And so another example is in inspector. We have a tool that will tell you without sending a single packet over the network, what your network reach ability is. There's just like this ability to do infrastructure as code that then allows you to do security as code. And then that allows for ephemeral and immutable infrastructures so that you could, for example, get back to a known good state. That being said, you know, you kill a, your web server gets popped and you kill it and you spin up a new one. You haven't solved your problem, right? You need to have some kind of awareness of networking and how principals work. But at the same time, there's a lot of beauties about cloud that you inherit from a security perspective to be able to work in those top layers. And that's of course the premise of cloud. >> Yeah, infrastructure as code, you mentioned that, it's awesome. And the program ability of it with, with server-less functions, you're starting to see new ways now to spin up resources. How is that changing the paradigm and creating opportunities for better security? Is it, is it more microservices? Is it, is, are there new things that people can do differently now that they didn't have a year ago or two years ago? Because you're starting to see things like server-less functions are very popular. >> So yes, and yes, I think that it is augmenting the way that we're doing business, but it's especially augmenting the way we do security in terms of automation. So server-less, under the hood, whether it's CloudWatch events or config rules, they are all a Lambda function. So that's the same thing that powers your Alexa at home. These are server-less functions and they're really simple. You can program them, you can find them on GitHub, but they are-- one way to really scale your enterprise is to have a lot of automation in place so that you put those decisions in ahead of time. So your gray area of human decision making is scaled down. So you've got, you know, what you know to be allowable, what you know to be not allowable. And then you increasingly kind of whittled down that center into things that really are novel, truly novel or high stakes or both. But the focus on automation is a little bit of a trope for us. We at Amazon like to talk about mechanisms, good intentions are not enough. If it's not someone's job, it's a hope and hope is not a plan, you know, but creating the actual, you know, computerized version of making it be done iteratively. And I think that is the key to scaling a security chain because as we all know, things can't be manual for long, or you won't be able to grow. >> I love the AWS reference. Mechanisms, one way doors, raising the bar. These are all kind of internal Amazon, but I got to ask you about the Edge. Okay. There's a lot of action going on with 5G and wavelength. Okay, and what's interesting is if the Edge becomes so much more robust, how do you guys see that security from a security posture standpoint? What should people be thinking about? Because certainly it's just a distributed Edge point. What's the security posture, How should we be thinking about Edge? >> You know, Edge is a kind of catch all, right, we're talking about Internet of Things. We're talking about points of contact. And a lot of times I think we focus so much on the confidentiality and integrity, but the availability is hugely important when we're talking about security. So one of the things that excites me is that we have so many points of contact and so many availability points at the Edge that actually, so for example, in DynamoDB, the more times you put a call on it, the more available it is because it's fresher, you've already been refreshing it, there are so many elements of this, and our core compute platform, EC2, all runs on Nitro, which is our, our custom hardware. And it's really fascinating, the availability benefits there. Like the best patching is a patching you don't have to do. And there are so many elements that are just so core to that Greengrass, you know, which is running on FreeRTOS, which has an open source software, for example, is, you know, one element of zero trust in play. And there are so many ways that we can talk about this in different incarnations. And of course that speaks to like the breadth and depth of the industries that use cloud. We're talking about automotive, we're talking about manufacturing and agriculture, and there are so many interesting use cases for the ways that we will use IOT. >> Yeah. It's interesting, you mentioned Nitro. we also got Annapurna acquisition years ago. You got latency at the Edge. You can handle low latency, high volume compute with the data. That's pretty powerful. It's a paradigm shift. That's a new dynamic. It's pretty compelling, these new architectures, most people are scratching their heads going, "okay, how do I do this, like what do I do?" >> No, you're right. So it is a security inheritance that we are extremely calculated about our hardware supply chain. And we build our own custom hardware. We build our own custom Silicon. Like, this is not a question. And you're right in that one of the things, one of the north stars that we have is that the security properties of our engineering infrastructure are built in. So there just is no button for it to be insecure. You know, like that is deliberate. And there are elements of the ways that nature works from it running, you know, with zero downtime, being able to be patched running. There are so many elements of it that are inherently security benefits that folks inherit as a product. >> Right. Well, we're here at the security summit. What are you excited for today? What's the conversations you're having here at the Fortinet security summit. >> Well, it's awesome to just meet folks and connect outside. It's beautiful outside today. I'm going to be giving a talk on securing the cloud journey and kind of that growth and moving to infrastructure as code and security as code. I'm excited about the opportunity to learn a little bit more about how folks are managing their hybrid environments, because of course, you know, I think sometimes folks perceive AWS as being like this city on a hill where we get it all right. We struggle with the same things. We empathize with the same security work. And we work on that, you know, as a principal in the office of the CISO, I spend a lot of my time on how we do security and then a lot of my time talking to customers and that empathy back and forth is really crucial. >> Yeah. And you've got to be on the bleeding edge and have the empathy. I can't help but notice your AWS crypto shirt. Tell me about the crypto, what's going on there. NFT's coming out, is there a S3 bucket at NFT now, I mean. (both laughing) >> Cryptography never goes out of style. >> I know, I'm just, I couldn't help-- We'll go back to the pyramids on that one. Yeah, no, this is not a, an advertisement for cryptocurrency. It is, I'm a fangirl of the AWS crypto team. And as a result of wearing their shirts, occasionally they send me more shirts. And I can't argue with that. >> Well, love, love, love the crypto. I'm big fan of crypto, I think crypto is awesome. Defi is amazing. New applications are going to come out. We think it's going to be pretty compelling, again, let's get today right. (laughing) >> Well, I don't think it's about like, so cryptocurrency is just like one small iteration of what we're really talking about, which is the idea that math resolves, and the idea that you can have value in your resolution that the math should resolve. And I think that is a fundamental principle and end-to-end encryption, I believe is a universal human right. >> Merritt, thank you for coming on the cube. Great, great to have you on. Thanks for sharing that awesome insight. Thanks for coming on. >> Merritt: Thank you. >> Appreciate it. Okay. CUBE coverage here in Napa valley, our remote set for Fortinet's security cybersecurity summit here as part of their PGA golf Pro-Am tournament happening here in Napa valley. I'm John Furrier. Thanks for watching.

(techno pop music)- [Announcer] Live from Boston, Massachusetts, it's theCUBE. Covering AWS re:Inforce 2019. Brought to you by Amazon Web Services and its ecosystem partners. >> Hello everyone, welcome to theCUBE here in Boston. We're live at Amazon Web Services, AWS' first inaugural security conference. It's called the re:Inforce. They have re:Invent, which is the annual Amazon Web Services, AWS customer event. This is kind of like an Amazon Web Services summit meets with re:Invent. They're calling it re:Inforce. This is an event that looks like it's going to be a lot like re:Invent for the security sector. I'm John Furrier your host, with my co-host, David Vellante. Dave, re:Inforce inaugural show for Amazon Web Services, AWS but it's got a feel for summit, a little education but big keynotes. This is about security. This is a stake in the ground for AWS to have a dedicated conference and customer event around security, reinforces the name. Kind of like re:Invent, kind of get the vibe there. They're tryin' to go kind of independent, kind of new swim lane for a conference. Certainly there's demand. >> Yeah well two years ago, when you and I were at the DC public sector, you just came off of that show recently. The head of IT at the CIA said, "Security of the cloud on our worst day is better than "our clients' server systems on their best day." So this narrative of the sky is falling that you always hear from security vendors, is not what Amazon is projecting. Amazon is projecting that the state of the Cloud Union is strong. Kind of (laughs) like the president, every time he gives a State of the Union Address. So it comes down to me John as how do you secure massively distributed systems in the Cloud? Huge challenge for people. We heard from customers today, Liberty Mutual and Capital One, their number one challenge is how to keep pace with AWS? How to keep pace with the changes? So what you're seeing is this shared security model. Amazon takes care of the infrastructure, the database, the storage, and the customer still has to worry about endpoints, their own network, the operating system, the applications. So, they always talk about undifferentiated heavy lifting. You're seeing a shift toward that customer side of focus and on response. So putting more resources on response versus securing that core infrastructure. >> And security's changing. This is also a show about CISOs, the chief information security officer, also known as a CISO. The CISO and CIO kind of have similar roles. They have to look out over massive change in the enterprise these days, digital transformations, On-premise versus Cloud. Two different modes of operation. People love the On-premise in the old days, but now moving to the Cloud creates a different challenge and opportunity for security. I have some thoughts. I'd love to get your thoughts on what you see as Cloud security because there's a difference. Lift and shift is easy when you're talking about infrastructure. But when you start getting into coding and having something be security Native, there's a difference between Cloud security and On-premise's security. How are you seeing that play out? >> Well I think the whole notion of infrastructure as a code emanated 'cause of the Cloud. So I see it playing out as you got to have security as code. So it's sort of the intersection of DevOps and SecOps. And then to your other point, is what's the right regime? Who's responsible for it? Is it the CIO, is it the CISO? Should the CISO report to the CIO, all that other stuff. And personally I've always felt like it should be a separate reporting structure because otherwise you've got the sort of the fox guarding the henhouse. So I think that's key point number one. The other point is, bad security practices by end users will trump good security by IT. So it is really, it's a cliche, but it is truly a team sport. I think the big challenge again that people have is how do they keep pace with AWS? They're moving so fast. And it's not only just for customers, John. I think it's for the ecosystem as well. I can see Amazon eating away (laughs) at the value created by a lot of their partners. >> I mean, Amazon clearly is showing their cards here. They're continuing to push the agility, raising the bar kind of philosophy. And really what's happening with AWS is that, it's a continuation of their subscription model. You've got Dave McCann, he's going to be coming on theCUBE, he runs the Marketplace. You're seeing now hundreds and hundreds of subscriptions in the marketplace, thousands of subscriptions coming out, huge buying philosophy there. But this notion of foundational security built-in from day one. Is a philosophy Amazon is believing that and they can secure their environment. And they want customers as you pointed out, saying "Look it, we'll cover our AWS, we'll be highly secure." "You focus on what you do better." "You can use Security Hub, Control Tower." Which was announced as general availability. And they're saying to their ecosystems, "Look it, build on top of AWS, "because we have the best security." "We are a bit more secure." "But we won't try to compete with you if you use our stuff." So this has been a very interesting dynamic. And the security industry is responding well to it because they want to rely on Amazon. Why recreate the wheel? Use the Amazon, but they have to be free to compete on their own. That's what Amazon is saying in the private conversations I've had. Is that they're saying, "We're not going to compete with you, if you build on AWS." >> Yeah, and you move fast. (laughs) >> (laughs) And you move fast, and you make more money. >> But this is why I think everybody's going after Multi-Cloud. 'Cause if you hear that story, you're like, Wow, I don't think I could move as fast as AWS. I can't just build on AWS. I have to have a hedge strategy. So therein lies the Multi-Cloud. But John you I think, nailed it several years ago. It's Cloud, right? It's data. The Security fits in there and it weaves in availability, certainly privacy. You don't hear Amazon talking tons about privacy, but that's another side of the coin. These things are all intertwined, and it comes back to the data. >> We're going to see, for the folks watching, we're going to be seeing a lot of security cut on theCUBE. Security's a natural fit for what we've been covering. Starting out with the infrastructure, with Cloud, Big data, AI, Security, IoT are all kind of in the center there, because Security's looking a lot more like Cloud, than Cloud looking like Security. So Security has to become more agile, shared responsibility. Things like automation, reasoning, these are terms that are coming up. AI and Cloud are a perfect mixture to come in and actually reshape the security landscape. 'Cause the fact of the matter is there are way too many vendors and suppliers and service providers for customers that want to get down the (laughs) lower numbers, suppliers and more functionality. So you're seeing the conversations from the CISO's that I've had here. In the hallways and meetings I've had privately they all tell me Dave, that "We want want to reduce our suppliers down to, "big number down to single digits." "Ya know double digits not three digits." "Hundreds to a handful." The second thing that they're telling me is Multi-Cloud is B.S. to them. And that shocked me to hear top regime leaders saying "Multi-Cloud is not something we're interested in." Because this flies in the face of what we've been reporting, what we've been hearing, around Multi-Cloud. And I asked, "Why is that an issue?" "Won't there be multiple Clouds?" And this person said, "Yeah we use multiple Clouds "but I can't split my talents up multi-talents." So it's a talent game in Security. And the risk for the organization is to have multiple Clouds, multiple stacks, too many code bases. They're forking their talent base and that is not consistent with the security direction that they're taking from a coding Native standpoint. They want to have Security built-in and everything. So the devs can be agile and start and build stuff on top of Security. So Multi-Cloud great messaging and concept. You might have a few Clouds but the fact of the matter is, when they start splitin' the talent out like that, you dilute the overall power. >> But you actually, >> That was surprising. >> You actually did report on this. And when you tie back to your JEDI coverage, I mean the DOD basically said that Multi-Cloud is more complex, more costly and less secure. Now for that team that's doing JEDI they want a single (laughs) environment. The other thing I heard today, which I think is interesting, huge challenge is IoT. 75 billion connected endpoints by 2025. Okay we always hear those big numbers. But somethin' I didn't know. 90% of IoT data is plain text in the form of HTTP. Plain text. So it's not encrypted. So Amazon is going hard after that. And so they're going to bring tooling to that problem. I like Amazon strategy and ya everybody says, "Oh you can't bring the Cloud." It's about building applications securely at the edge. And that's what Amazon wants to enable. I like that strategy better than what you see from companies like Dell and HP. Is like, hey here's a box. We're going to top-down, throw it over and secure the edge. I don't think that top-down approach is going to be as effective as a bottom-up application developer approach. To your point, building security in. >> Yeah I mean, we're back to the classic digital transformation and people process technology equation. Where you have the organizational structures. A big conversation here as well. You mentioned which regime runs it. Because if you want to do DevOps, you got to develop and then put it in production. So you have two kind of splits there. You want to have more agility, you need more DevOps and you want to have that Native stack built-in, a firm Security stack, but then when you ship it to production you've got governance. So most organizations here that other big players in Security have kind of pillars. Right? Governance and risk management, operations and intelligence, data, and then full-blown engineering teams and then information security groups. That are just peaked on those. And the numbers are becoming much more significant. Security is IT now. It's not some sanctioned off group. It's becoming the way. And a lot of cutting-edge technologies are coming out of the Security market. So to me, I think the Security industry and the idea of having a conference dedicated to Security is a good one. Because the canary in the coal mine in this industry, is coming out of Security. And this is where the action is. So I see a lot of innovation and I think there's going to be a tsunami of apps that are going to be bought, like services. So I think ya know, this notion of shared services with Amazon and the Marketplace could be a great consumption model for enterprises. So ya know, you're going to see that dynamic. Enablement for channel and ecosystem. Marketplace for customers to buy software and services. >> And it's really again, a strong bottoms-up message from Amazon. It's kind of CISO on down. You know it's not the corner sweep that Amazon is messaging to. Although there's some messaging in there. They're basically positioning themselves as by far the fastest innovator, most features, most compliance, GRC, all that stuff. But really it's hardcore deep dives on Security. They're talkin' to Security pros. It's like when you go to reinvent strong developer crowd. Hardcore security SecOps, really detailed, serious technical people. That's their bottoms-up approach. >> Well Dave let me give you my thoughts on the Keynote. Then I want to get yours. And I want to give you a list of things that I was reporting on last night and getting in today, getting all the data on kind of the key topics that are going to be covered here in this show and beyond. So first the Keynote. Loved the encrypt anywhere message. >> Everywhere yeah. >> Assume everyone's watching. Security is everyone's job. Very big theme around you know, that notion of encryption. And that, you got to take care of it. The shared responsibility model. I loved that kind of message. And then automated remediation. This came up in my CISO conversations I've had this week where remediation can be automated so they can focus the talent on threat detection and notification alerting. So threat detection's moving to notifications and alerts. And they want to use automation like Lambda to automate known tech problems that can just take away and not have their people work on it. So that's a huge, huge topic on the Keynote. I love that. And using Lambda is great one. Building security measures into APIs. And then mathing the Cloud. I love that concept. Nerded on that. So overall typical Amazon Keynote. Meat and potatoes being served up in terms of the course of content and that was an awesome, awesome piece of it. So that' my take. What's your take on the Keynote. >> So my number one takeaway is again the customer saying, "Our number one biggest challenge is keeping up with the pace of change and the pace of innovation." And to your point, the answer to that challenge is automation. Amazon is forcing it's customers to automate so they can move faster. And Amazon knows that that's its key competitive weapon. It can rollout features faster than anybody else. Create that fly-wheel effect. If it can get its customers, you know most vendors move at the speed of the fat-middle of IT. Which is really slow. Amazon, interestingly, is pushing its customers faster than they're used to going. >> So Dave I had a chance to have a sit down and poll a bunch of CISOs and CIOs. So sometimes they have a CISO sometimes it's a CIO. >> Right. >> The role seems to be blending in as kind of one big, kind of overseer of the action. And here's what I've found terms of the key themes that were on their mind. And again this is part of our ongoing CISO interviews we've been doing and paneling the top CISOs of the top companies. Key topics that's on their mind. Vendor lock-in. Spend. They're spendin' a lot of cash. Being Security Native and kind of having that cultural philosophy of Security built-in so developers don't have to do it. That's very DevOpsy. Your point about Security as code. Big topic. That was a big one. And then kind of in the management side. Service providers slash suppliers. Dealing with the legacy (laughs) of the inherited supplier base that's calling on them and people who want to sell them things. The value creation process that's wants to be tied into suppliers. So that's kind of a procurement thing. Metrics. Which KPI should they be paying attention to? What's really going on? As I mentioned the threat detection versus alerts. Threat detection is not, kind of seems to be moving more towards alerts so threat detections can be managed. These are kind of things they want to measure. If you just measure one thing then might be have a blind spot. So metrics is I think what keeps them up at night. In terms of the topic. The Cloud Security model's different On-Premise and Cloud. Integration. Integration from third parties 'cause that's going to be a reality. Ecosystems like Amazon has a ton of suppliers that they can be buying services from, so it better integrate into a security stack. Identity management, obviously big. Automation. Workforce and talent. The Multi-Cloud comment came out of this. Talent is the number one game. This is a really critical piece. They coming up with strategies to recruit and to retain and have the best people working on the tech stacks, not working on just general architecture. And then finally, coding security. These are the top topics on the minds of the top CISOs and CIOs in the enterprise. And this is the key areas we're going to be covering. >> So that says to me you know, the concern about lock-in and the concern about spend, so they probably will have exit strategies in hedge. So (laughs) probably will be Multi-Cloud, which is interesting. The Multi-Cloud at one said Multi-Cloud's B.S. But at the same time their top-of-mind issues suggest that Multi-Cloud is going to be a key. On metrics. You know there's a metric out there that after you get infiltrated it takes 256 days to identify that. >> Yep. >> I'd like to see in the Cloud what that metric looks like. >> Yeah, yeah. >> Does that go down? So that's something that's really interesting. As opposed to, okay, how many threats did we count? Right? Or thwart. You know like you mentioned ID management. Identity management. Automation. And I agree talent. There's a big war. Capital One said they just opened a big technical presence in Boston. A lot of talent here. A lot of talent, around the world >> Well just for the record. I'm not anti Multi-cloud. I was just pointing out, the comments that, >> Right, no right. I understand that ya. >> the CISOs said I think Multi-Cloud is realistic. But what he was pointing out is that right now Multi-Cloud isn't attainable in the way that they want it. They have to spend too much of their talent on code bases and stacks that aren't compatible. >> And integration. >> I personally think that you'll have Multi-Cloud environments for all companies but they're going to pick one. For example, and the workload should define the Cloud you're working on so why would you want to just split a workload between two Clouds. Makes no sense. Unless it's completely automated, and frictionless and there's (laughs) value. >> Well Multi-Cloud is a symptom of multi-vendor. You've got different teams doing different projects, different parts of the organization and that's what it is. It's less of strategy then it is a symptom, at least at this point in time. >> Okay that's the kickoff for the inaugural AWS show here in Boston. This is the live Cube coverage here for two days. I'm John Furrier, Dave Vellante. Stay with us for two days of coverage. We'll be right back. (techno pop music)