(soft electronic music) >> Good afternoon guys and gals. Welcome back to theCube's Live coverage of AWS re:Invent 2022. We've been in Sin City since Monday night, giving you a load of content. I'm sure you've been watching the whole time, so you already know. Lisa Martin here with John Furrier. John, we love having these conversations at AWS re:Invent. So many different topics of conversation. We also love talking to AWS's partner ecosystem. There's so much emphasis on it, so much growth and innovation. >> Yeah, and the thing is we got two great leaders from a very popular company that's doing very well. Security, security's a big part of the story. Data and security. Taking up all the keynote time, you're hearing a lot of it. This company's a company we've been following from the beginning. Doing really good stuff in open source, cloud native, security, shifting-left. Snyk's just a great company. With the CTO and the head of the product organization, these guys have the keys to the kingdom in security. We're going to have a great conversation. >> Yeah, we are. Both from Snyk, Manoj Nair joins us, rejoins us, for your, I believe, 11th visit. Chief Product Officer of Snyk. Adi Sharabani, Chief Technology Officer. Welcome guys. Great to have you. >> Yeah, thank you. >> Great to be back. >> So what's going on at Snyk? I know we get to talk to you often, but Manoj, give us the lowdown on what are some of the things that are new since we last connected with Snyk. >> A lot of innovation going on. We just had a major launch last month and you know when we talked to our customers three big themes are happening in parallel. One is the shift to going from traditional development to, really, DevOps, but we need to make that DevSecOps and Snyk was ahead of, that was the genesis of Snyk, but we're still, you know, maybe 15, 20% of organizations have realized that. So that one big theme. Supply chain security, top of mind for everyone. And then really, cloud and, you know, how do you really take advantage of cloud. Cloud is code. So our innovation map to those three big themes, we have done a lot in terms of that shift-left. And Adi will talk about, kind of, some of our original, like, you know, thinking behind that. But we flipped the security paradigm on its head. Was to make sure developers loved what they were, you know, experiencing with Snyk. And oh, by the way, they're fixing security issues. The second one, supply chain. So you know, SBOMs and everyone hears about this and executive orders, what do you do? Who does what with that? So we launched a few things in terms of simplifying that. You can go to our website and, you know, just upload your SBOM. It'll tell you using the best security intelligence data. In fact, the same data is used by AWS inside their products, inside Inspector. So we use that data from Snyk's intelligence to light up and tell you what vulnerabilities do your third party code have. Even things that you might not be scanning. And then the last one is really code to cloud. Cloud is code. So we have brought the ability to monitor your cloud environments all the way into your platform and the security engineering teams, rather than later on and after the fact. Those are some of the big ones that we're working on. >> Lisa: Lots going on. >> Yeah. >> Lisa: Wow. >> Lots going on there. I mean, SBOMs, Software Bill of Materials. I mean, who would've thought in the developer community, going back a decade, that we'd be talking about bill of materials, open source becomes so popular. You guys are cloud native. Developer productivity's a hot trend. Not much going on here, talking about developer productivity. Maybe Werner, keynote tomorrow will talk about it. Software supply chain, huge security risk. You guys are in the front lines. I want to understand, if you can share, why is Snyk successful? Everyone is hearing about you guys. Your business is doing great. What's the secret sauce of your success? Why are you guys so successful? >> I think that, you know, I've been doing application security for more than two decades now and in the past we always saw the potential associated with transferring, shifting-left in a sense, before the term, right? Taking those security solutions out of the hands of the security people and putting it in the hands of developers. It's speeds up the process. It's very, very clear to anyone. The problem was that we always looked at it the wrong way. We did shift-left, and shift-left is not enough because in my terminology shift-left, meaning let's take those security solution put it earlier in the cycle, but that's not enough because the developer is not speaking those terms. The developer is not a security persona. The security persona is thinking in terms of risk. What are the risks that a specific issue creates? The developer is thinking in terms of the application. What would be the impact on application of a change I would might make into it. And so the root cause of Snyk success, in my opinion, is the fact that from the get-go we scratch that, we build a solution for the developer that is based on how the workflows of the developer, whether it's the ID, whether it's the change management, the pull request. Whether it's integration with the Gits and so on. And whether it's with integration with the cloud and the interaction with the cloud providers. And doing that properly, addressing the developers how they want to context, to get, with the context they want to get as part of the issues, with the workflows they want to get. That's kind of the secret sauce, in a sense. And very easy maybe to say, but very, very hard to implement properly. >> This is huge. I want to unpack that. I want to just, great call out, great description. This is huge. This is a, we're seeing the past three years in particular, maybe three with the pandemic. Okay, maybe go a couple years earlier, then. The developers' behavior is driving the change. And you know, if you look at the past three DockerCons we've covered, we've been powering that site, been following that community very closely since the beginning, as well. It just seems in the past three to four years that the developers choices at scale, not what they're buying or who's pushing tools to them, has been one big trend. >> Yeah. >> They're setting the pace. >> Developer is the king. >> If it's self-service, we've seen self-service. Whether it's freemium to paid, that works. This is the new equation. Developer, developer choice is critical. So self-service they want. And two, the language barrier or jargon between or mindsets between security and developers. Okay, so DevOps brings IT into the workflow. Check. DevSecOps brings in there. You guys crack the code on that, is that what you're saying? >> Yes, and it's both the product, like how do you use the solution, as well as the go to market. How do you consume the solution? And you alluded to that with the PLG motion, that I think Synk has done the superb job at and that really helped our businesses. >> Okay, so Manoj, product, you got the keys to the kingdom, you got the product roadmap. I could imagine, and what I'd love to get your reaction too Adi, if you don't mind. If you do that, what you've done, the consequence of that is now security teams and the data teams can build guardrails. We're reporting a lot of that in the queue. We're hearing that we can provide guardrails. So the velocity of the developer seems to be increasing. Do you see that? Is that a consequence? >> That's something that we actually measure in the product. Right, so Snyk's focus is not finding issues, it's fixing issues. So one of the things we have been able to heuristically look at our thousands of customers and say, they're fixing issues 27 days faster than they were prior to Snyk. So, you know, I'm a Formula one fan. Guardrails, you say. I say there's a speed circuit. Developers love speed. We give them the speed. We give the security teams the ability to sit on those towers and, you know, put the right policies and guardrails in place to make sure that it's not speed without safety. >> And then I'm sure you guys are in the luxury box now, partying while the developers are (Lisa laughing) no more friction, no more fighting, right? >> The culture is changing. I had a discussion with a Fortune 50 CISO a month ago, and they told me, "Adi, it's the first time in my life where the development teams are coming to me, asking me, hey I want you to buy us this security solution." And for, that was mind blowing for him, right? Because it really changes the discussion with the security teams and the development teams >> Before Lisa jumps in, well how long, okay, let me ask you that question on that point. When did that tipping point change, culturally? Was it just the past few years? Has there, has DevOps kind of brought that in, can you? >> Yeah, I think it's a journey that happened together with Snyk's, kind of, growth. So if three years ago it was the very early adopters that were starting to consume that. So companies that are very, you know, modern in the way they developed and so on. And we saw it in our business. In the early days, most of our business came from the high tech industry. And now it's like everywhere. You have manufacturing, you have banks, you have like every segment whatsoever. >> Talk about that cultural shift. That's really challenging for organizations to achieve. Are you seeing, so that, that CISO was quite surprised that the developer came and said, this is what I want. Are you seeing more of that cultural changes? Is that becoming pervasive? >> Yeah, so I think that the root cause of that is that, you mentioned the growth, like the increased speed of velocity in applications. We have 30 million developers in the world today. 30 millions. By the end of the decade it's going to be 45 millions and all of them are using open source, third party code. Look at what's going on here in the event, right? This accelerates the speed for which they develop. So with that, what happened in the digital transformation world, the organizations are facing that huge growth, exponential growth in the amount of technology and products that are being built by their teams. But the way they manage that before, from a security perspective, just doesn't scale. And it breaks and it breaks and it breaks. This is why you need a different approach. A solution that is based on the developers, who are the ones that created the problems and the ones that will be responsible of fixing the issues. This is why we are kind of centering ourselves around them. >> And the world has changed, right? What is cloud? It's code, it's not infrastructure. Old infrastructure, hosted infrastructure. So if cloud is code and cloud native applications are all code and they're being deployed with Terraform packages and cloud formations, that's code. Why take an old school approach of scanning it outside-in. I talked to CISO today who said, I feel bad that, you know, our policy makes it such that a terraform change takes six months. What did I do? I made cloud look like infrastructure. >> Yeah, it's too slow. >> So that, you know, so both sides, you know, CISOs want something that the business, you know, accepts and adopts and it's, culture changes happen because the power is with the developers because all of this is code, and we enabled that whole seamless journey, all the way from code to cloud. So it's kind, you know, I think that this is a part of it. It's by direction, it's a bridge and both sides are meeting in the middle here. >> It's a bridge. I'm curious, how are you facilitating that bridge? You, we talk about the developers being the kings and queens and really so influential in business decisions these days. And you're talking about the developers now embracing Snyk. But you're also talking to CISOs. Is your customer conversation level changing as a result of security folks understanding why it needs to shift-left. >> We had a breakfast meeting with customers, prospects and everyone, I think this morning. It was interesting, we were remarking. There are CTOs, VPs of engineering, CISOs, VPs of AppSec. And it was such a rich conversation on both sides, right? So just the joy of facilitating that conversation and dialogue. CISOs, and so the levels are changing. It started for us in CTOs and VPs of engineering and now it's both because, you know, one of the things Adi talks about is, like, that security has to become development aware. And that's starting to be like the reality. Me getting another solution, with maybe a better acronym than the old acronym, but it's still outside-in, it's scan based. I light up up the Christmas tree, who is going to fix it? And with the speed of cloud, now I got throw in more lights. Those lights are no longer valid. >> The automation. >> The automation without prioritization and actual empowerment is useless. >> All right, I know we got a couple minutes left, but I want to get into that point about automation because inside-out, you've made me think about this. I want to get your thought Adi, if you don't mind. The integration challenges now are much more part of the ecosystem, more joint engineering. You mentioned these meetings are not just salesperson and customer buyer, it's teams are talking to each other. There's a lot of that going on. How do you guys look at that? Because now the worst things that I hear and when I talk to customers is, I hate the word PenTest and AppSec review. It slows things down. People want to go faster. So how do you guys look at that? What's Snyk doing around making the AppSec review process, integration across companies, work better? >> So I'll give you an example from the cloud and then I will relate to the AppSec. And this relates to what you mentioned before. We had a discussion yesterday with a CISO that said, we are scanning the cloud, we are opening the lights, we see this issue. Now what do I do? Who needs to fix this? So they have this long process of finding the actual team that is required to fix it. Now they get to the team and they say, why didn't you tell me about it when I developed it? The same goes for AppSec, right? The audit is a very late stage of the game. You want to make sure that the testing, that the policies, everything is under the same structure, the same policies. So when you do the same thing, it's part of the first time of code that you create, it's part of the change management, it's part of the build, it's part of the deployment and it's part of the audit. And you have everything together being done under the same platform. And this is, kind of, one of the strengths that we bring to the table. The discussion changes because now you have an aligned strategy, rather than kind of blocks that we have, kind of, mashed up together. >> So the new workflow, it's a new workflow, basically, in the mindset of the customer. They got to get their arms around that thing. If we don't design it in, the wheels could come off the bus at the 11th hour. >> Adi: Yeah. >> And everything slows down. >> I had a discussion with Amazon today, actually, that they had an internal discussion and they said, like, some of the teams were like, why have you blocked my app from being released? And they said, have you ever scanned your app? Have you ever looked at your, like, and, and they're like, if you haven't, then you're not really onboard with the platform and it just breaks. This is what happens. >> Great conversation. I know we don't, I wish we had more time. We'll do a follow up on theCube for sure. Should we get into the new twist? >> I've got one final question for you guys. We're making some Instagram reels, so think about your elevator pitch in 30 seconds. And I want to ask you about Snyk's evolution. Manoj, I want to start with you. What is that elevator pitch about Snyk's evolution to the end user customer? >> Empower developers, help them go faster, more productive and do it in a way that security is really built in, not bolted on. And that's really, you know, from a, the evolution and the power that we are giving is make the organization more productive because security is just happening as a part of making the developer more productive. >> Awesome. And Adi, question for you, how, your elevator pitch on how Snyk is really an enabler for CISOs these days? >> Yeah, so I always ask the CISO first of all, are you excited about the way your environment looks like today? Do you need to have a cultural change? Because if you need to have a cultural change, if you want to get those two teams working closely together, we are here to enable that. And it goes from the product, it goes from our education pieces that we can talk about in another section, and it works around the language that we build to allow and enable that discussion. >> Awesome. Guys, that was a double mic drop for both of you. >> Manoj: Thank you. >> Adi: Thank you, Lisa. >> Thank you so much for joining John and me, talking about what's happening with Snyk, what you're enabling customers to do and how, really, you're enabling cultural change. That's hard to do. That's awesome stuff guys. And congratulations on your 11th and your first Cube. >> Second, second, >> Second. >> Adi: I will be here more, but (laughs) >> You got it, you got it. You have to come back because we have too much to talk about. >> Adi: Exactly. (laughs) >> Thanks guys, we appreciate it. >> If we can without Manoj, so I can catch up. (Manoj laughs) >> Okay. We'll work on that. >> Bring you in the studio. (everyone laughing) >> Exactly. >> Eight straight interviews. (John and Lisa laughing) >> We hope you've enjoyed this conversation. We want to thank our guests. For John Furrier, I'm Lisa Martin. You're watching theCUBE, the leader in emerging and enterprise tech coverage. (soft electronic music)

>>Okay. We're back in Boston covering AWS reinvent 2022. This is our second live reinvent. We've done the other ones, uh, in between as digital. Uh, my name is Dave Lanta and you're watching the cube. Peter McKay is here. He's the CEO of sneaking ad Shani is the chief technical officer guys. Great to see you again. Awesome. Being here in Boston >>In July. It is Peter. You can't be weather's good weather. Yeah, red SOS. Aren't good. But everything else >>Is SOS are ruin in our sub, you know, >>Hey, they're still in the playoff, the hunt, you >>Know, all you gotta do is make it in. Yes. >>Right. And there's a new season. Simple >>Kinda like hockey, but you know, I'm worried they're gonna be selling at the trading >>Deadline. Yeah. I think they should be. I think it's you think so it's not looking good. Oh, >>You usually have a good angle on this stuff, but uh, well, Hey, we'll see. We'll go. I got a lot of tickets. We'll go and see the Yankees at least we'll see a winning team. Anyway, we last talked, uh, after your fundraising. Yeah. You know, big, big round at your event last night, a lot of buzz, one of the largest, I think the largest event I saw around here, a lot of good customers there. >>It's great. Great time. >>So what's new. Give us the update. You guys have made some, an acquisition since then. Integration. We're gonna talk >>About that. Yeah. It's been, uh, a lot has happened. So, uh, the business itself has done extremely well. We've been growing at 170% year, over year, a hundred percent growth in our number of customers added. We've done six acquisitions. So now we have, uh, five products that we've added to the mix. We've tripled the size of the company. Now we're 1300 people, uh, in the organization. So quite a bit in a very short period of time. >>Well, and of course my, in my intro, I, I said, reinvent, I'm getting ahead of myself. Right. >>Of course we'll >>Reinforced. We'll be at reinve >>In November. Are that's the next one at >>Reinforced. We've done a lot of reinvents by the way, you know? >>So there's a lot, lot of reinvention >>Here. So of course, well, you're reinventing security, right? Yes. So, you know, I try to, I think about when I go to these events, like, what's the takeaway, what's the epiphany. And we're really seeing the, the developer security momentum, and it's a challenge. They gotta worry about containers. They gotta worry about run time. They gotta worry about platform. Yeah. You guys are attacking that problem. Maybe describe that a >>Little bit for us. Yeah. I mean, for years it was always, um, you know, after the fact production fixing security in run time and billions and billions of dollars spent in fixing after the fact. Right. And so the realization early on with the was, you know, you gotta fix these issues earlier and earlier, we started with open source was the first product at wait. Then six, six years ago, then we added container security and we added infrastructure's code. We added code security. We added, um, most recently cloud security with the F acquisition. So one platform, one view that a developer can look at to fix all the issues through the, be from the beginning, all the way through the software development life cycle. So we call it developer security. So allowing developers to develop fast, but stay secure at the same time. >>So I like the fact that you're using some of your capital to do acquisitions. Yeah. Now a lot of M and a is, okay, we're gonna buy this company. We're gonna leave them alone. You guys chose to integrate them. Maybe describe what that process was like. Yeah. Why you chose that. Yeah. How hard it was, how long it took. Take us through that. >>Yeah. Yeah. I'll give, uh, two examples, maybe one on sneak, which was an acquisition of, of the company that was focused on, uh, code analysis, actually not for security. And we have identified the merit of what we need in terms of the first security solution, not an ability to take a security product and put it in the end of developer, but rather build something that will build into the dev motion, which means very fast, very accurate things that it can rely on source and not just on the build code and so on. And we have built that into the platform and by that our customers can gain all of their code related issues together with all of their ISE related issues together with all of the container issues in one platform that they can prioritize accordingly. >>Yeah. Okay. So, so talk more about the, the, the call, the few, the sneak cloud, right? Yeah. So the few name goes away. I presume, right. Or yes, it does. Okay. So you retire that and bring it in the brand is sneak. Yeah. Right. So talk about the cloud, what it does, what problems >>It's solving. Yeah. Awesome. And, and this goes exactly the same. As we mentioned on, on the code, we have looked at the, the, the cloud security solutions for a while now. And what we loved about the few team is that they were building their product with their first approach. Okay. So the notion is as followed as you are, you know, you're a CSO, you have your pro you have your program, you're looking, you have different types of controls and capabilities. And your team is constantly looking for threats. When we are monitoring your cloud environment, we can detect problems like, you know, your FL bucket is not exposing the right permissions and is exposed to the world or things like that. But from a security perspective, it might be okay to stop there. But if you're looking at an operation perspective, you need to know who needs to fix, how do they need to fix it? >>Where do they need to fix it? What will the be the impact if they would fix it? So what do we actually doing is we are connecting all the dots of the platform. So on one end, you know, the actual resources that are running and what's the implication in the actual deployed environment. On the other end, we get correlation back to the actual code that generates that. And then I can give that context both to the security person, the context of how it affects the application. But more importantly, the context for the developer is required to fix the problem. What's the context of the cloud. Yeah. And a lot of things are being exposed this way. And we can talk about that. Uh, >>So this is really interesting because, and look, I love AWS to do an amazing job. One of the other things I really like about 'em is it seems like they're not trying to go hard and monetize their security products. Mm-hmm, they're leaving that to the ecosystem, which I like. Yeah. Microsoft taken a little different approach, right? Yeah, yeah, yeah. Ton a lot. But this, this, this example you're giving ad about the S3 bucket. So we heard in the keynotes yesterday about, you know, reasoning, AI reasoning, they said, we can say, is this S3 bucket exposed to the public? We can do that with math. Right. Yeah. But you're what I'm inferring is you don't stop there. Yeah. Yeah. There's a lot of other stuff that has to, >>And sometimes have to, not as simple, just as a configuration change, sometimes the correlation between what your application is doing affects what is the resulted experience of, you know, the remote user or in this case, the attacker, right. I mean, >>The application has access, who has access to the application, is this, this the chain. >>So propagates, you have to, you have to have a, a solution that looks both at have very good understanding of the application context. A very good understanding of what we refer to as the application graph, like understanding how it works, being able to analyze that and apply the same policies, both at development time, as well as run time. >>So there's, there's human to app. There's also a machine to machine. Can you guys help with that problem as well? Or is that sort of a futures thing or >>Could you, I'm not sure. I understand what >>Referring, so machines talking to machines, right. I mean, there's data flowing. Yep. You know, between those machines, right. It's not just the humans interacting with the application. Is that a trend that you see and is that something that you guys can solve? >>So at, at the end of the day, there is a lot of automation that happens both for, by humans for good reasons, as well as by humans for bads. Right. <laugh> and, and the notion is that we are really trying to focus on what matters to the developer as they're trying to improve their business around that. So both improves making sure they know, you know, quality problems or things of this kind. But as part of that, more importantly, when we're looking at security as a quality problem, making sure that we have a flow in the development life cycle that streamline what the developer is expecting to do as they're building the solution. And if every single point, whether it's the ID, whether it's the change management, whether it's the actual build, whether it's the deployed instance on the cloud, making sure that we identify with that and connect that back to the code. >>Okay. So if there's machine automation coming in, that shouldn't be there, you can sort of identify that and then notify remediate or whatever action should be >>Taken. Yeah. Identify, identify remediate. Yep. >>Yeah. We, we really focus on making sure that we help developers build better products. So our core focus is identify areas where the product is not built way in a good way, and then suggest the corrective action that is required to make that happen. >>And I think part of this is the, you know, just, uh, the speed of the software development today. I mean, you look at developers are constantly and not just look at sneak you're, you're trying to get so much more productivity outta the developers that you have. Every company is trying to get more productivity out of developers, incredible innovation, incredible pace, get those is a competitive advantage. And so what we're trying to do is we make it easier for developers to go fast innovate, but also do it securely and embed it without slowing them down, develop fast and secure. >>So again, I love, I love AWS love what they're doing. We heard, uh, yesterday from, from CJ, you know, a lot of talk about, you know, threat detection and, you know, some talk about DevOps, et cetera. But yeah, I, I, I didn't hear a lot about how to reduce the complexity for the CSO. And the reason I bring this up is it feels like the cloud is now the first level of defense and the CISO is, is becoming the next level, which is on the developer. So the developer is becoming responsible for security at a whole shift left, maybe shield. Right. But, but shift left is becoming critical. Seems like your role and maybe others in the ecosystem is to address my concern about simplifying the life of the CISO. Is that a reasonable way to think about it? I >>Think it's changing the role of the CISO. How so? You know, really it's, I, I think it's before it, in this, in the security organization and D you should chime in here is, you know, it used to be, I did, I owned all application security, I owned the whole thing and they couldn't keep up. Like, I think it's just every security organization is totally overwhelmed. And so they have to share the responsibility. They have to get that fix the issues earlier and earlier, because it's waiting too long. It's after the fact. And then you gotta throw this over the fence and developers have to fix it. So they've gotta find a new way because they're the bottleneck they're slowing down the company from, in innovating and bringing these applications to market. So we are the kind of this bridge between the security teams that wanna make sure the, that we're staying secure and the development organizations and engineering and CEOs go fast. We need you guys to go faster and faster. So we, we tend to be the bridge between the two of them. >>One of the things I really love happening these days is that we change the culture of the organization from a culture where the CSO is trying to, you know, push and enforce and dictate the policy, which, which they should, but they really wanna see the development team speak up like that. The whole motion of DevOps is that we are empowering them to make the decisions that are right for the business, right? And then there is a gap because on one hand, this is always like, you need to do this, you need to do this. You need to do that. And the dev teams don't understand how that impacts their business. Good enough. And they don't have the tools and, you know, the ability to add a source problem. So with the solution liken, we really empower the developers to bake security as part of their cycle, which is what was done in many other fields, quality, other things, everything, it, everything moves into development already, right? So we're doing that. And the entire discussion now changes into an enablement discussion. >>So interesting. Cause you saw, this is the role of the CSOs changing. How so? I see that in a way like frees, sneak the CSO with the cloud is becoming a compliance officer. Like you do this, you do this, you do this, you do this, you third >>One would take a responsibility >>Trying. Yeah. Right, right. And so you're flipping that equation saying, Hey, we're gonna actually make this an accelerant to your business. >>So, so set the policy, determine compliance, but make sure that the teams, the developers are building applications in compliance with your policy. Right. So make sure and, and don't allow them to do something. If they're doing, if they're developing an application with a number of vulnerabilities, you can stop that from happening so you can oversee it, but you don't have to be the one who owns it all the way through from beginning to, >>Or, or get it before it's deployed. So you don't have to go back after the fact and, and remediate it with, you know, but, >>But think about deploy, they're deploying apps today. I mean, they're updating by the hour, right? Where, you know, six years ago, five years ago, two years ago was every six to nine months. Right? So the pace of this innovation from developers is so fast that the old way of doing security can't keep up. Like they're built for six month release cycles. This is six hour release cycles. And so we had to, it has to change security. Can't stay the way it is. So what we've been doing for se seven years for application security is exactly what we're doing for cloud security is moving all that earlier. All these products that we've been building over the years is really taking these afterthought security components and bringing 'em all earlier, you know, bringing everything like cloud security is done after the fact. Now we can take those issues and bring 'em right to the developers who created that and can fix the issues. So it's code to cloud back to code in a very automated fashion. So doesn't slow developers down. >>Okay. So what's the experience. We all know there's, everybody has more than one cloud. What's the experience across clouds. Can you create a consistent, continuous experience, cloud agnostic, >>Agnostic, cloud agnostic, uh, development environment, agnostic, you know, language agnostic. So that's kind of the beauty oft where you have maybe other certain tools for certain clouds, uh, or certain languages or certain development environments, but you have to learn different tools, you know, and, and they all roll up to security in a different way. And so what we have done is consolidated all that spend for open source security, container security infrastructure, now, cloud security, all that spend and all that fragmentation all under one platform. So it's one company that brings all those pieces >>Together. So it's a single continuous experience. Yeah. The developer experience you're saying is identical. Yes. >>Actually one product >>It's entitlement that we're getting. Yes. So you're hiding the underlying complexities of the respective clouds and those primitives developer doesn't have to worry about them. No, I call that a super cloud super >>Cloud. >>Okay. But no, but essentially that's what you're, you're building, building on the, on this ed Walsh would say on the shoulders of giants. Yeah, exactly. You know, you don't have to worry about the hyperscale infrastructure. Yep. Right. That you're building a layer of value on top of that. Yes. Is, is that essentially a PAs layer or is it, is it, can I think of it that way or is it not? Hmm. Is it platform? I >>Mean, yeah. I, I, I would say that at the end of the day, the, the way developers want to use a security tool is the same. Right. So we expose our functionality to them in those ways, if you're using, you know, uh, uh, one GI repository or another, if you're using one cloud or we, we are agnostic to data, don't, it's not, it doesn't really affect us in that manner. Um, I want to add another thing about the, the experience and associated with the consolidation that Peter referred to, uh, earlier, when you have a motion that automatically assess, you know, uh, problems that the developer is putting as part of the change management, as example, you do creating pool request. Now adding more capabilities into that motion is easy. So from enablement of the team, you can add another functionality, add cloud at ISC, add code and so on like that, because you already, you already made the decisions on how you are looking at that. And now you're integrated at, into your developer workflows, >>Right? So it's, it's already, it's already integrated for open source, adding container and ISD is real easy. It's all, you've already done all the integrations. And so for us going to five products and eventually 6, 7, 8, all, all based on the integrations that you already have in the same workflows that developers have become a use accustomed >>To. And that's what we, a lot of work from the company perspective. Right. >>I can ask you about another sort of trend we're seeing where you see Goldman Sachs last reinvent announced a cloud product, essentially bringing their data, their tools, their software. They're gonna run it on AWS at the snowflake summit, uh, capital one announced the service running on snowflake, Oracle by Cerner, right? Yeah. You know, they're gonna be, do something on OCI. Of course, make 'em do that. But it's, it's a spin on Andreessens every company's a software company. It's like every company's now becoming digital, a software company building their own SAS, essentially building their own clouds, or maybe, maybe something they'll be super clouds. Are you seeing industry come to sneak and say, Hey, help us build products that we can monetize >>There companies. So, first off, I think kind of the first iteration is, you know, all these industries of becoming software driven, like you said, and more software is more software risk. And so that kind of led us down this journey of now financial services, you know, tech, you know, media and entertainment, financial services, healthcare. Now it's this long tail of, of low tech. Yeah. Within those companies, they are offering services to the other parts of the organization. We have >>So far, mostly >>Internal, mostly internal, other than the global SI. And some of the companies who do that for a living, you know, they build the apps for companies and they are offering a sneak service. So before I give you these, I update these applications. I'm gonna make sure I'm running. I'm, I'm, I'm signifying those applications to make sure that they're secure before you get them. And so that now a company like a capital one coming to us saying, I wanna offer this to others. I think that's a, that's a leap because you know, companies are taking on security of someone else's and I think that's a, that's not there yet. It may be, >>Do you think it'll happen? >>We do have the, uh, uh, threat Intel that we, we have a very, a very strong security group that constantly monitors and analyzing the threat. And we create this vulnerability database. So in open sources, an example, we're the fact of standard, uh, in the field. So many of our partners are utilizing the threat Intel feed of snake as part of their offering. Okay. If you go to dock as an example, you can scan with, with snake intelligence immediately out of the gate over there, right? Yeah. >>And tenable, rapid seven trend micro. They all use the vulnerability database as well. Okay. So a lot of financial institutions use it because they had, they'd have seven, 10 people doing re security research on their own. And now they can say, well, I don't have to have those seven. I've got the industry standard for vulnerability database from Steve. >>And they don't have to throw out their existing tool sets where they have skills. >>Yes, exactly. >>Peter bring us homes, give us the bumper sticker, summarize, you know, reinforce and kind what we can expect going forward. >>Yeah, no, I mean, we're gonna continue the pace. We don't see anything slowing, slowing us down in terms of, um, just the number of customers that are, that are shifting left. Everybody's talking about, Hey, I need to embed this earlier and earlier. And I think what they're finding is this, this need to rein reinnovate like get innovation back into their business. And a lot of it had to slow down because, well, you know, you, we can't let developers develop an app without it going through security. And that takes time. It slows you down and allows you not to like slow the pace of innovation. And so for us, it's it help developers go fast, incredibly, you know, quickly, aggressively, creatively, but do it in a secure way. And I think that balance, you know, making sure that they're doing what they're doing, they're increasing developer productivity, increasing the amount of innovation that developers are trying to do, but you gotta do it securely. And that's where we compliment really what every CEO is pushing companies. I need more productivity. I need more aggressive creativity, innovation, but you better be secure at the same time. And that's what we bring together for our customers. >>And you better do that without slowing us down. That's >>Don't trade off, slow >>Us down. Always had to make. Yes, guys. Thanks so much for coming to the cube. Thanks, David. Always great to see you guys see ID. Appreciate it. All right. Keep it right there. This is the Cube's coverage of reinforced 2022 from Boston. We'll be right back right after the short break.

(bright upbeat music) >> Welcome, everyone, to theCUBE's, continuing coverage of AWS re:Invent 2021. I'm your host, Lisa Martin. And we are running one of the industry's most important and largest hybrid tech events of the year with AWS and its ecosystem partners. We have two live sets, two remote studios, and over 100 guests on the program talking about the next decade in cloud innovation. We're very excited to be welcoming back one of our CUBE alumni, Peter McKay, the CEO of Snyk. He's set to talk about reinventing application security with Snyk. Peter, welcome back to the program. >> It's great to be back, Lisa. Thanks for having me. >> Great to talk to you. So, my goodness, Snyk has had an incredible year, last year, this year, I was just looking at your Series F funding raised over 600 million in the month of September alone. Your valuation is, I think I saw over 9.6 billion, which is nearly doubled. This year-- >> Don't rush at 8.6, but yes, it was double the last time. Yeah, it's been been a crazy 2021, that's for sure. >> So, talk to me about some of that before we get into what you guys are doing with AWS. Let's talk about that, we talked about that funding. What are some of the strategic areas of investment? I know you've done a recent acquisition cloud skiff, but where are you really going to be focusing the Series F funding? >> Yeah, we've been very aggressive in building out our platform. We have a great vision for where we see developer security evolving and we want to get there fast. A lot of our customers and developers are kind of pushing us in that direction of really consolidating a platform. And so, to get there quickly, we do it organically building it ourselves, and we do it in inorganically where we can see other companies accelerate that roadmap. And so, it's this combination of very aggressive, organic expansion of both the breadth of our products, but also the depth, like adding more to our platform, but also the inorganic, because a lot of companies who have team and technologies that are very complimentary to what we're doing and allows us to continue to consolidate what is a very fragmented market in and around developers security. And so, we're going to continue to use the resources to accelerate that roadmap. The second part of it is, we are a little bit different than some companies where they kind of follow where the decision headquarters are of companies for us, we follow developers. And so, around the globe, Multinational Corporations have developers in the Philippines, in Argentina and all around the world and we needed to be there. And so, expanding our community, expanding our customer success organization around the world is critical for us. And so, that's something part of our kind of use of proceeds is the expansion of our go-to-market as well. >> Peter, modern development has changed. Next thing modern development has changed. So, traditional AppSec doesn't apply anymore. A new approach is needed. Talk to me about why Snyk believes that and what that new approach is. >> Yeah, you just go back to for 30 years, security was owned by application security teams and that's when it was kind of this waterfall application development model where they develop an app and every three, six, nine months, and then the security teams would audit that application and kind of send all the feedback, hear all the issues, go fix it, developers, and it was incredibly inefficient. And then you throw on top of this digital transformation and companies moving incredibly fast in building new applications. This agile development motion and all the incredible tools that allow developers to develop really fast. But then you get this very slow antiquated way of kind of testing it at the very end, right before you move the applications in production. So, it just didn't scale. And so, the concept is just way too late in the process. You really need to move security testing into that developer environment from the IDE, the CI/CD all the way through. So, when you're developing along the way, you're fixing the issues well ahead of time. And that's where modern development organizations are all this concept of shift left and building it in, into that's really the driver is moving security earlier and earlier in the software development life cycle. >> And that's key, especially you talked about the acceleration of digital transformation, but we've also seen the acceleration of the threat landscape in the last 20 months. There's been significant changes. The perimeter is so fragmented, it's expanding, the threat landscape goes all the way into outer space to low earth orbit these days. Talk to me about that as kind of a facilitator or an accelerator of what Snyk is doing to really focus on shifting security left with those developers. >> Yeah, I think people are kind of waking up to the fact that up to this point, they've spent billions and billions of dollars on endpoint securities and runtime security and all the things that are kind of in production. And they're realizing that, okay, well, why are we still vulnerable? Why are we still have these issues? And I think it's the realization that they're waiting too long to fix it. And a lot of the issues are happening. They're either new issues with moving to the cloud or they're issues that happen well before it got into production. And so, this realization that we've got to go earlier and earlier and fix these issues well before we go into production and don't wait till the very end. So, I think that's really driving the market to this shift lab. >> And you guys have actually kind of really pivoted your go-to-market model around that developers don't try and buy software the way that IT and security teams do. Talk to me about Snyk's GTM. >> Yeah, it's very unique in that it's really marrying this model developer security approach with the way developers want to buy. So, we start with our community and we do free content and tools all around building awareness for the developer community. We have, all of our products are free, so developers can try before they buy. And if you're truly a developer solution, you offer it free and let them use it. And then when they want to collaborate and they want to integrate and automate that moves from free to paid. So, it's very much of this bottoms up motion that really allowed developers to try MI. That's a big, big driver for our business, inbound motion drives 70% of our pipeline from them coming to us from this community. And then we come in kind of top down once they kind of get into different places. And we go in through those security organizations, which are trying to shift labs, trying to move security earlier, earlier and we work together with the security organizations to help move that to the developer world. So, you've got this bottoms up, developer adoption, viral adoption of Snyk within those organizations. Now, with the top-down kind of, and we become this bridge between the developer teams in engineering, and the security teams that are all trying to move in the same direction. And so, that's kind of how this market is evolved. And we're kind of that bridge for both those organizations. >> I was going to ask you about that, that bridge is critical, but also that bridge is a cultural change. I'm curious, how do you see organizations? It sounds like obviously you're, what over, I think, six, 700 customers now, a couple of million developers using the technology, so-- >> 1300 customers today >> 1300, okay. Wow! You have had a big year. 1300 customers, millions of developers using the technology. Talk to me a little bit about how you guys have figured out how to facilitate that cultural shift and shift security left, but also bridge between the IT and the security folks which have tended to be on sort of opposite sides of the spectrum. >> Yeah, I think the realization, I think a lot of people are very early on and I was... We'd been in the software industry for 25 years. Even nobody ever thought developers would care about security. Like there's no way developers really care about security. And really, if you think about, if you asked the developer, would you rather develop a secure app or an insecure app? If all things were equal, of course, they'd want it to be secure, but it needs to be easy. It needs to be like, don't slow me down, whatever you do, don't slow me down. And so, we have this, "Hey, it's all about speed of development, speeds, speed, speed." So, for us, we need to make it embedded, like integrated completely into that software development life cycle. So, developers don't have to be security experts, developers don't have to get out of their flow to do it, learn a different piece of software to figure out it's all embedded into that process. So, you can be fast and you can be agile, but you can also be secure at the same time. And so, part of that is embedding education and other things in there to learn that expansion of getting in the door and kind of building that momentum within these development communities all around the world. And so, I think we help all our customers with that kind of developer adoption and working together with the security teams and engineering teams on how we roll that out around best practices. And in some of the things we've learned over the six and a half years of doing this. >> It sounds very strategic and methodical and a great approach that is obviously quite successful. We talked about the growth trajectory now, 1300 customers. Let's talk about what you guys are doing with AWS. Here we are at reinvent this year. Talk to me about this Snyk, AWS partnership. >> Yeah, it's been really gaining momentum over the past year and a half, almost two years now. AWS, a lot of the workloads, one of the reasons, a lot of the applications don't go to the cloud is because of security issues and moving workloads to the cloud. Also developing applications in the cloud, security is a critical part of it. So, AWS is obviously infrastructure, but they also need solutions that allow them to make sure that those companies that are developing on AWS are secure. And so, we've integrated our Intel database into AWS inspector. We have a lot of offerings, very specific AWS offerings that our mutual customers can leverage. And we work very collaboratively with AWS in not only our technical roadmap with them, but also our go-to-market side, which is very much aligned. And it's continuing, we kind of, I say, we're in the second inning of that game. We got a lot more coming. >> Okay, but well aligned. Give me a customer example, if you will, have joined AWS Snyk customer that you've really helped with this transition, shifting security left they're building apps in the AWS cloud very successfully and securely. >> Yeah, I'd well, almost every company has some relationship with size with AWS. And so, for us, it's one of the first questions we ask anybody coming in is what's your relationship with one of the cloud vendors? And that inevitably it'll be, yeah, we have a relationship with AWS. And so, we talk about our roadmap that we have with AWS. They can buy our software through the AWS marketplace. You could leverage kind of your EDPs that you have with AWS to kind of build that scale. So, we're very technically aligned with the AWS platform. And so, you look at financial services, we've done a fair amount of financial services, insurance companies that are all kind of moving more workloads to AWS. Some of them have been our customers before, some of them separate from AWS, and now they're kind of, "Hey, can I move all my apps over and leveraged, Snyk in that process?" So, it's now, a good part of our go-to-market motion is coming through AWS marketplace as well. So, it's been a very successful partnership on both parties. >> A lot of momentum there, speaking of momentum, we talked about the funding raise this year alone, tremendous momentum going on for the company. What are some of the things that we can expect to see from Snyk in calendar year 22? >> Yeah, well, aggressive roadmap. I mean, that's still, we see, we have four modules today. We started with one and we added to, that was open to a security. We added a container security, infrastructure as code security. Then we added code security or a stats solution. We see modules five, six, seven coming out. we made an acquisition of drift technology, adding into kind of adding some more depth. So, you're going to see just a lot more continued aggressiveness on our side, as we scale both our engineering, organically and inorganically, but also, the go-to-market, now we're almost in all the major countries around the world and we're going to continue to invest in building that out and going where the developers are, the 28 million developers around the world. Our goal is to reach every one of them as fast as we possibly can with our free or paid, or whatever way is to get to 28 million developers as fast as we can. >> So, for those developers watching, where do you want to point them to go to, to start their free trial. >> Just go right to our website, snyk.io and you can get all of our products free, you can chat, schedule demos, you can do everything very easily if not. And it's very self-service so, if you don't want to talk to anybody, you don't have to talk to anybody, but if you do, we have plenty of people you can talk to. That's our world, frictionless motion. >> Frictionless and contactless at the same time, Peter, congratulations on the growth and momentum of the company. What you're doing, the evolution of the partnership with AWS and that lofty goal to reach 28 million developers. Am looking forward to our next conversation to see where you are on that progress. >> Same thing, same here, Lisa, thank you for your time. >> Oh, likewise. For Peter McKay, I'm Lisa Martin and you're watching theCUBE's continuous coverage of AWS re:Invent 2021. Stick around, more great content coming up next. (soft upbeat music)

>>mhm Yes. >>Hello and welcome back to the cubes coverage of dr khan 2021 virtual. I'm john Kerry hosted the Q got a great cube segment here. Simon Maple Field C T Oh it's technique. Great company security shifting left great to have you on Simon. Thanks for thanks for stopping by >>absolute pleasure. Thank you very much for having me. >>So you guys were on last year the big partnership with DR Conn remember that interview vividly because it was really the beginning at the beginning but really come to me the mainstream of shifting left as devops. It's not been it's been around for a while. But as a matter of practice as containers have been going super mainstream. Super ballistic in the developer community then you're seeing what's happening. It's containers everywhere. Security Now dev sec apps is the standard. So devops great infrastructure as code. We all know that but now it's def sec ops is standard. This is the real deal. Give us the update on what's going on with sneak. >>Absolutely, yeah. And you know, we're still tireless in our approach of trying to get make sure developers don't just have the visibility of security but are very much empowered in terms of actually fixing issues and secure development is what we're really striving for. So yeah, the update, we're still very, very deep into a partnership with DACA. We have updates on DR desktop which allows developers to scan the containers on the command line, providing developers that really fast feedback as as early as possible. We also have uh, you know, new updates and support for running Docker scan on Lennox. Um, and yeah, you know, we're still there on the Docker hub and providing that security insights um, to, to users who are going to Docker hub to grab their images. >>Well, for the folks watching maybe for the first time, the sneak Docker partnership, we went in great detail last year was the big reveal why Docker and sneak partnership, what is the evolution of that partnership over the year? They speak highly of you guys as a developer partner. Why Doctor? What's the evolution looked like? >>It's a it's a really great question. And I think, you know, when you look at the combination of DACA and sneak well actually let's take let's take each as an individual. Both companies are very, very developer focused. First of all, right, so our goals and will be strife or what we what we tirelessly spend their time doing is creating features and creating, creating an environment in which a developer you can do what they need to do as easily as possible. And that, you know, everyone says they want to be developer friendly, They want to be developer focused. But very few companies can achieve. And you look at a company like doctor, you're a company like sneak it really, really provides that developer with the developer experience that they need to actually get things done. Um, and it's not just about being in a place that a developer exists. It's not enough to do that. You need to provide a developer with that experience. So what we wanted to do was when we saw doctor and extremely developer friendly environment and a developer friendly company, when we saw the opportunity there to partner with Yoko, we wanted to provide our security developer friendliness and developer experience into an already developed a friendly tool. So what the partnership provides is the ease of, you know, deploying code in a container combined with the ease of testing your code for security issues and fixing security issues in your code and your container and pulling it together in one place. Now, one of the things which we as a as a security company um pride ourselves on is actually not necessarily saying we provide security tools. One of what our favorite way of saying is we're a developer tooling company. So we provide tools that are four developers now in doing that. It's important you go to where the developers are and developers on DACA are obviously in places like the Docker hub or the Docker Cli. And so it's important for us to embed that behavior and that ease of use inside Dhaka for us to have that uh that that flow. So the developer doesn't need to leave the Docker Cli developer that doesn't need to leave Docker hub in order to see that data. If you want to go deeper, then there are probably easier ways to find that data perhaps with sneak or on the sneak site or something like that. But the core is to get that insight to get that visibility and to get that remediation, you can see that directly in in the in the Dhaka environment. And so that's what makes the relationship so so powerful. The fact that you combine everything together and you do it at source >>and doing it at the point of code. >>Writing >>code is one of the big things I've always liked about the value proposition is simple shift left. Um So let's just step back for a second. I got to ask you this question because this I wanted to make sure we get this on the table. What are the main challenges uh and needs to, developers have with container security? What are you seeing as the main top uh A few things that they need to have right now for the challenges uh with container security? >>Yeah, it's a it's a very good question. And I think to answer that, I think we need to um we need to think of it in a couple of ways. First of all, you've just got developers security uh in general, across containers. Um And the that in itself is there are different levels at which developers engage with containers. Um In some organizations, you have security teams that are very stringent in terms of what developers can and can't do in other organizations. It's very much the developer that that chooses their environment, chooses their parent image, et cetera. And so there when a developer has many, many choices in which they need to need to decide on, some of those choices will lead to more issues, more risk. And when we look at a cloud native environment, um uh Let's take let's take a node uh image as an example, the number of different uh images tags you can choose from as a developer. It's you know, there are hundreds, probably thousands. That you can actually you can actually choose. What is the developer gonna do? Well, are they going to just copy paste from another doctor file, for example, most likely. What if there are issues in that docker file? They're just gonna copy paste that across mis configurations that exist. Not because the developer is making the wrong decision, but because the developer very often doesn't necessarily know that they need to add a specific directive in. Uh So it's not necessarily what you add in a conflict file, but it's very often what you admit. So there are a couple of things I would say from a developer point of view that are important when we think about cloud security, the first one is just that knowledge that understanding what they need to do, why they need to do it. Secure development doesn't need to be, doesn't mean they need to be deep in security. It means they need to understand how they can develop securely and what what the best decisions that could come from guard rails, from the security team that they provide the development team to offer. But that's the that's an important error of secure development. The second thing and I think one of the most important things is understanding or not understanding necessarily, but having the information to get an act on those things early. So we know the length of time that developers are uh working on a branch or working on um some some code changes that is reducing more and more and more so that we can push to production very, very quickly. Um What we need to do is make sure that as a developer is making their changes, they can make the right decision at the right time and they have the right information at that time. And a lot of this could be getting information from tools, could be getting information from your team where it could be getting information from your production environments and having that information early is extremely important to make. That decision. May be in isolation with your team in an autonomous way or with advice from the security team. But I would say those are the two things having that information that will allow you to make that action, that positive change. Um uh and and yeah, understanding and having that knowledge about how you can develop security. >>All right. So I have a security thing. So I'm a development team and by the way, this whole team's thing is a huge deal. I think we'll get to that. I want to come back to that in a second but just throw this out there. Got containers, got some security, it's out there and you got kubernetes clusters where containers are coming and going. Sometimes containers could have malware in them. Um and and this is, I've heard this out and about how do how that happens off container or off process? How do you know about it? Is that infected by someone else? I mean is it gonna be protected? How does the development team once it's released into the wild, so to speak. Not to be like that, but you get the idea, it's like, okay, I'm concerned off process this containers flying around. What is it How do you track all >>and you know, there's a there's a few things here that are kind of like potential potential areas that, you know, we can trip up when we think about malware that's running um there are certain things that we need to that we need to consider and what we're really looking at here are kind of, what do we have in place in the runtime that can kind of detect these issues are happening? How do we block that? And how do you provide that information back to the developer? The area that I think is, and that is very, very important in order to in order to be able to identify monitor that those environments and then feed that back. So that that that's the kind of thing that can be that can be fixed. Another aspect is, is the static issues and the static issues whether that's in your os in your OS packages, for example, that could be key binaries that exist in your in your in your docker container out the box as well or of course in your application, these are again, areas that are extremely important to detect and they can be detected very very early. So some things, you know, if it's malware in a package that has been identified as malware then absolutely. That can be that can be tracked very very early. Sometimes these things need to be detected a little bit later as well. But yeah, different tools for different for different environments and wear sneak is really focused. Is this static analysis as early as possible. >>Great, great insight there. Thanks for sharing that certainly. Certainly important. And you know, some companies classes are locked down and all of sudden incomes, you know, some some malware from a container, people worried about that. So I want to bring that up. Uh The other thing I want to ask you is this idea of end to end security um and this is a team formation thing we're seeing where modern teams have essentially visibility of their workload and to end. So this is a huge topic. And then by the way it might integrate their their app might integrate with other processes to that's great for containers as well and observe ability and microservices. So this is the trend. What's in it for the developer? If I work with sneak and docker, what benefits do I get if I want to go down that road of having these teams began to end, but I want the security built in. >>Mhm. Yeah, really, really important. And I think what's what's most important there is if we don't look end to end, there are component views and there are applications. If we don't look into end, we could have our development team fixing things that realistically aren't in production anyway or aren't the key risks that are potentially hurting us in our production environment. So it's important to have that end to end of you so that we have the right insights and can prioritize what we need to identify and look at early. Um, so I think, I think that visibility into end is extremely important. If we think about who, who is re fixing uh certain issues, again, this is gonna depend from dog to walk, but what we're seeing more and more is this becoming a developer lead initiative to not just find or be given that information, but ultimately fixed. They're getting more and more responsible for DR files for for I see for for their application code as well. So one of the areas which we've looked into as well is identifying and actually running in cuba Netease workloads to identify where the most important areas that a developer needs to look at and this is all about prioritization. So, you know, if the developer has just a component view and they have 100 different images, 100 different kubernetes conflicts, you know, et cetera. Where do they prioritize, where do they spend their time? They shouldn't consider everything equal. So this identification of where the workloads are running and what um is causing you the most risk as a business and as an organization, that is the data. That can be directly fed back into your, your your vulnerability data and then you can prioritize based on the kubernetes workloads that are in your production and that can be fed directly into the results in the dashboards. That's neat. Can provide you as well. So that end to end story really provides the context you need in order to not just develop securely, but act and action issues in a proper way. >>That's a great point. Context matters here because making it easy to do the right thing as early as possible, the right time is totally an efficiency productivity gain, you see in that that's clearly what people want. It's a great formula, success, reduce the time it takes to do something, reduced the steps and make it easy. Right, come on, that's a that's a formula. Okay, so I gotta bring that to the next level. When I ask you specifically around automation, this is one the hot topic and def sec ops, automation is part of it. You got scale, you got speed, you've got a I machine learning, you go out of all these new things. Microservices, how do you guys fit into the automation story? >>It's a great question. And you know, one of the recent reports that we that we did based on a survey data this year called the state of a state of cloud, native applications security. We we asked the question how automated our people in their in their deployment pipelines and we found some really strong correlations between value from a security point of view um in terms of in terms of having that automation in it, if I can take you through a couple of them and then I'll address that question about how we can be automated in that. So what we found is a really strong correlation as you would expect with security testing in ci in your source code repositories and all the way through the deployment ci and source code were the two of the most most well tested areas across the pipeline. However the most automated teams were twice as likely to test in I. D. S. And testing your CLS in local development. And now those are areas that are really hard to automate if at all because it's developers running running their cli developers running and testing in their I. D. So the having a full automation and full uh proper testing throughout the sclc actually encourages and and makes developers test more in their development environment. I'm not saying there's causation there but there's definite correlation. A couple of other things that this pushes is um Much much more likely to test daily or continuously being automated as you would expect because it's part of the bills as part of your monitoring. But crucially uh 73% of our respondents were able to fix a critical issue in less than a week as opposed to just over 30% of people that were not automated, so almost double people are More likely to fix within a week. 36% of people who are automated can fix a critical security issue in less than a day as opposed to 8% of people who aren't automated. So really strong data that correlates being automated with being able to react now. If you look at something like Sneak what if our um goals of obviously being developer friendly developer first and being able to integrate where developers are and throughout the pipeline we want to test everywhere and often. Okay, so we start as far left as we can um integrating into, you know, CLS integrating into Docker hub, integrating into into doctors can so at the command line you type in doctors can you get sneak embedded in DHAKA desktop to provide you those results so as early as possible, you get that data then all the way through to to uh get reposed providing that testing and automatically testing and importing results from there as well as as well as other repositories, container repositories, being at a poor from there and test then going into ci being able to run container tests in C I to make sure we're not regressing and to choose what we want to do their whether we break, whether we continue with with raising an issue or something like that, and then continuing beyond that into production. So we can monitor tests and automatically send pull requests, etcetera. As and when new issues or new fixes occur. So it's about integrating at every single stage, but providing some kind of action. So, for example, in our ui we provide the ability to say this is the base level you should be or could be at, it will reduce your number of vulnerabilities by X and as a result you're going to be that much more secure that action ability across the pipeline. >>That's a great, great data dump, that's a masterclass right there on automation. Thanks for sharing that sign. I appreciate it. I gotta ask you the next question that comes to my mind because I think this is kind of the dots connect for the customer is okay. I love this kind of hyper focus on containers and security. You guys are all over it, shift left as far as possible, be there all the time, test, test, test all through the life cycle of the code. Well, the one thing that is popping up as a huge growth areas, obviously hybrid cloud devops across both environments and the edge, whether it's five G industrial or intelligent edge, you're gonna have kubernetes clusters at the edge now. So you've got containers. The relationship to kubernetes and then ultimately cloud native work clothes at, say, the edge, which has data has containers. So there's a lot of stuff going on all over the place. What's your, what's your comment there for customer says, Hey, you know, I got, this is my architecture that's happening to me now. I'm building it out. We're comfortable with kubernetes put in containers everywhere, even on the edge how to sneak fit into that story. >>Yeah, really, really great question. And I think, you know, a lot of what we're doing right now is looking at a developer platform. So we care about, we care about everything that a developer can check in. Okay, so we care about get, we care about the repositories, we care about the artifact. So um, if you look at the expansion of our platform today, we've gone from code that people uh, third party libraries that people test. We added containers. We've also added infrastructure as code. So Cuban eighties conflicts, Terror form scripts and things like that. We're we're able to look at everything that the developer touches from their code with sneak code all the way through to your to your container. And I see, so I think, you know, as we see more and more of this pushing out into the edge, cuba Nitties conflict that that, you know, controls a lot of that. So much of this is now going to be or not going to be, but so much of the environment that we need to look at is in the configurations or the MIS configurations in that in those deployment scripts, um, these are some of the areas which which we care a lot about in terms of trying to identify those vulnerabilities, those miS configurations that exist within within those scripts. So I can see yeah more and more of this and there's a potential shift like that across to the edge. I think it's actually really exciting to be able to see, to be able to see those uh, those pushing across. I don't necessarily see any other, any, you know, different security threats or the threat landscape changing as a result of that. Um there could be differences in terms of configurations, in terms of miS configurations that that that could increase as a result, but, you know, a lot of this and it just needs to be dealt with in the appropriate way through tooling through, through education of of of of how that's done. >>Well, obviously threat vectors are all gonna look devops like there's no perimeter. So they're everywhere right? Looking at I think like a hacker to be being there. Great stuff. Quick question on the future relationship with DR. Obviously you're betting a lot here on that container relationship, a good place to start. A lot of benefits there. They have dependencies, they're going to have implications. People love them, they love to use them, helps old run with the new and helps the new run better. Certainly with kubernetes, everything gets better together. What's the future with the DACA relationship? Take us through how you see it. >>So yeah, I mean it's been an absolute blast the doctor and you know, even from looking at some of the internal internal chats, it's been it's been truly wonderful to see the, the way in which both the doctor and sneak from everything from an engineering point of view from a marketing, from a product team. It's been a pleasure to, it's been a pleasure to see that relationship grow and flourish. And, and I think there's two things, first of all, I think it's great that as companies, we, we both worked very, very well together. I think as as as users um seeing, you know, doctor and and and sneak work so so seamlessly and integrated a couple of things. I would love to see. Um, I think what we're gonna see more and more and this is one of the areas that I think, um you know, looking at the way sneak is going to be viewing security in general. We see a lot of components scanning a lot, a lot of people looking at a components can and seeing vulnerabilities in your components. Can I think what we need to, to to look more upon is consolidating a lot of the a lot of the data which we have in and around different scans. What I would love to see is perhaps, you know, if you're running something through doctors can how can you how can you view that data through through sneak perhaps how can we get that closer integration through the data that we that we see. So I would love to see a lot more of that occur, you know, within that relationship and these are kind of like, you know, we're getting to that at that stage where we see integration, it just various levels. So we have the integration where we have we are embedded but how can we make that better for say a sneak user who also comes to the sneak pages and wants to see that data through sneak. So I would love to see at that level uh more there where as I mentioned, we have we have some some additional support as well. So you can run doctors can from from Lenox as well. So I can see more and more of that support rolling out but but yeah, in terms of the future, that's where I would love to see us uh to grow more >>and I'll see in the landscape side on the industry side, um, security is going beyond the multiple control planes out there. Kubernetes surveillance service matches, etcetera, continues to be the horizontally scalable cloud world. I mean, and you got you mentioned the edge. So a lot more complexity to rein in and make easier. >>Yeah, I mean there's a lot more complexity, you know, from a security point of view, the technology is the ability to move quickly and react fast in production actually help security a lot because you know, being able to spin a container and make changes and and bring a container down. These things just weren't possible, you know, 10 years ago, 20 years ago. Pre that it's like it was it's insanely hard compared trying to trying to do that compared to just re spinning a container up. However, the issue I see from a security point of view, the concerns I see is more around a culture and an education point of view of we've got all this great tech and it's it's awesome but we need to do it correctly. So making sure that as you mentioned with making the right decision, what we want to make sure is that right decision is also the easy decision and the clear decision. So we just need to make sure that as we as we go down this journey and we're going down it fast and it's not gonna, I don't see it slowing down, we're going fast down that journey. How do we make, how do we prepare ourselves for that? We're already seeing, you know, miss configurations left, right and center in the news, I am roles as three buckets, etcetera. These are they're they're simpler fixes than we than we believe, right? We just need to identify them and and make those changes as needed. So we just need to make sure that that is in place as we go forward. But it's exciting times for sure. >>It's really exciting. And you got the scanning and right at the point of coding automation to help take that basic mis configuration, take that off the table. Not a lot of manual work, but ultimately get to that cloud scale cool stuff. >>Simon, thank you >>for coming on the cube dr khan coverage. Really appreciate your time. Drop some nice commentary there. Really appreciate it. Thank you. >>My pleasure. Thank you very much. >>Simon Maple Field C T. O. A sneak hot startup. Big partner with Docker Security, actually built in deVOPS, is now dead. Say cops. This is dr khan cube 2021 virtual coverage. I'm sean for your host. Thanks for watching. Mm.

>> (narrator) From around the globe. It's theCUBE. With digital coverage of AWS re:Invent 2020. Sponsored by Intel, AWS and our community partners. >> Welcome to theCUBE virtual. Our coverage of AWS re:Invent 2020 continues. I'm Lisa Martin. Got a couple of guests joining me next. Wendy Moore the VP of product marketing from Trend Micro is here and Geva Solomonovich Global Alliances CTO from Snyk. Wendy and Geva, It's great to have you both on the program today. >> Thanks for having us. Great to be here. >> Hi, thanks for having us. >> Last year we were probably all crammed in Vegas together. Here we are virtually but it's great that we're still able to connect. So lot has gone on since we were all at re:Invent in Vegas last year. Wendy, let's start with you from a security perspective there's been a growth in open source vulnerabilities that have impacted enterprises globally. Talk to me about what you're seeing there. What's going on? >> Yeah. Well. I think everybody in this audience recognizes the rapid shift to the use of open source in development teams. And what we've seen alongside that is a rapid increase in the number of vulnerabilities that are showing up in open source software. So that means that vulnerabilities that can be exploited and cause damage to your company's application, reputation and your customers, are on the increase out there. >> And a number that you sent over was two and a half X growth in open source vulnerabilities in the last year. Has that number gone up during the pandemic? >> So I'm not sure if the vulnerabilities have gone up during the pandemic, but we've definitely seen an increase in exploitation of vulnerabilities. There's so much in the news about ransomware incidents in healthcare targeting pharmaceutical organizations, and most of those are taking advantage of vulnerabilities. Not necessarily in open source, but some of it is definitely happening in open source. >> Now we've been talking about the rise in ransomware for awhile, and it's all... The numbers and types of companies and healthcare organizations like is it schools, governments, for example lot of vulnerabilities being exploited that's for sure. >> So Geva let's go over to you. Talk about from Synk's perspective. The impact on businesses and how can you guys help. >> And then I'll put in a few insights there. on the open source risk. Wendy talked about it as well. Why is it growing? One of course is open source tuition usage is growing. So of course it bulges, the amounts of vulnerabilities is growing and the amount of exploits. But when you look at it from a hacker's perspective, attacking is an ROI based activity. Hackers want to spend their hacking hours where they're more likely to get our reward, be able to get that ransom or steal the data or do whatever they can. And open source actually makes it much easier for them than a lot of these other alternatives. One, the source is open. So just finding a vulnerability is much easier than trying to find the vulnerability in proprietary code. Two, there's like a market for these exploits and companies even like need for chapter. One of the byproducts of that is you can just go and feel the vulnerabilities out there and pick the ones that you want to try to exploit. But three, which is really the most critical piece is that if you do find the juicy vulnerability in a very popular open source package, the amount of companies you can attack is not one, is thousands or tens of thousands because that's precisely what makes the popular open source packages popular. It's being used broadly and so if you spend this effort to develop an exploit and then you can send it like there just across the world to 10 thousands of companies you're more likely to be successful. And that's what's driving a lot of the hacker attention into the open source vulnerabilities and that's why the growing. >> So it's a low cost high reward for those hackers. Wendy what are some of the ways that organizations can protect themselves from this? >> Well, one of the best ways to protect themselves against exploitation of vulnerabilities and against vulnerability showing up in their code is to actually analyze their code and scan it looking for vulnerabilities. And the best possible place to do that is actually in the code repository. So before code is ever packaged up and deployed it actually gets caught really early. So it's all about shifting security left. But some of the challenges with that is that you know the code repository, Tory and the code and open source has largely been the domain of DevOps and the developers and security who is tasked with managing the risk of the organization has little to know visibility into what vulnerabilities might exist. So something that's a growing part of an enterprise risk profile the security team doesn't really see. And that's a big gap for most organizations. >> So in terms of that visibility being essential, sounds like maybe even a cultural gap there. Geva what are your recommendations? We, you know, we talk about SecOps, we talk about DevOps. Is the solution DevSecOps or SecDevOps? >> I mean, all these partners are definitely helping there but you kind of need to break it down and understand what their problems, which is what Wendy was articulating. Why you have these traditional security teams have all their traditional tools. They look at mostly and let's call it the IC type security. Then you have this entire new category of risk which is lets say open source risk, but it's just inside the code repository inside a GitHub repo or somewhere, or they completely have no visibility into. And what that causes is one has to have a conversation with the developers who are those who are convenient to pick those vulnerabilities, remove them from the code. And, but to also, just from the mind ensuring that in our location it's hard for you to protect something that you don't have visibility into which causes opensource security to be possibly under provisioned in your entire a security fence. As you're looking at the security risk. And as we are talking about solution, so one of the movements we've seen with DevOps, where you know engineering team and IT teams have come together to have a shared ownership of the results of deploying these applications. In production now you expand out into DevSecOps. It's okay to actually make this work. We need to have a shared responsibility model where both developers step up to take some ownership and the traditional security each step up to understand what the developers are doing, build tools to make it easier for them. And ultimately I think Wendy nailed it on the head. She said the best way to protect yourself is actually to remove the vulnerable line of code from your application, not wait for it to be deployed and try to put some blocks in there. >> All right. So Wendy how are Trend Micro and Snyk working together to resolve that challenge that you guys just described? >> Yeah, we'll Trend Micro and Snyk have been working together for over a year now. And we came out with an initial offering and now we're coming out with a new offering that is really focused on basically delivering that code scanning ability right in the code repository. And through Trend Micro's Cloud One platform, we are delivering this as a service to the security operations team so that they get visibility of anything that Snyk finds in the code repository. And they can take action from there. So Trend Micro's Cloud One security services platform basically equips cloud builders with a whole bunch of different types of technologies to satisfy their different infrastructure requirements. So we've got things like workload security application security, network security, a number of different take types of security tools. And this just brings another security tool to the security operations team and the DevOps team so that they can basically extend their visibility and their security controls back to the code repository. >> Geva what are some of the impacts that you're seeing. So for obviously besides wanting to find those vulnerabilities faster as when you talk about shifting left. Give me some examples of some customers that you were working with maybe in the first iteration and what the impact has been. >> The impact is the... what, sorry, can you repeat the question? >> Yeah. Impact of your technologies together? You said that there's a new offering coming up but talk to me about some of the impact that these customers are making. >> Yeah. Okay. Sorry. Thank you for repeating the question. And so this joint product is very cunning from a multiple perspective. So one, it's going to be delivered inside the Cloud One platform, which Wendy just talked about. You asked before what is the impact of COVID? And one of the big impacts has been on the financial stress. Every company in every, every vendor is having. And so just the ease of managing less vendors and less tools and less places to procurement is of high value for every organization Just in terms of efficiency of operations. And just being able to acquire this new product on an existing platform where there are already consuming security tools. That by itself is amazing value. And number two, we're taking again... We're taking a technology which is a cloud native, it's a modern technology. And that's typically has been outside of the purview of a traditional security team and making it accessible to them in a place where it's easy for them to try out and they can, you know, start small and grow from there. They don't have to make a big commitment to get going. And more importantly, it's giving them visibility into this important technology that they didn't have before. >> So Wendy this is all intended at bridging that gap? I'm just curious, like if we take a peek inside, what this enables SecOps to do what it enables DevOps to do. What were some of the feedback that you're hearing from customers about those teams coming together and actually being able to work very collaboratively with that shift left actually being able to be done? >> Yeah. I mean, you know, if you talk to... There's some organizations who do this really well. They're very mature and their security operations teams and their DevOps teams work very closely together collaboratively, excuse me. And they also understand each other's needs. So they're able to insert tools into the security pipeline that don't slow DevOps down but also meet the needs of the security team. Whereas we see some other organizations where Dev is at one side of the pipeline and you've got security at the other and they don't tend to converse or meet. And those are the organizations where there tends to be more challenges. So the idea with this new solution is it's going to give the security team visibility of basically the scale and scope of their open source situation. So that they've actually got some data to go have conversations with the DevOps teams and start going in that direction of making those teams work more seamlessly together. I mean, you used the term DevSecOps before, some organizations that's a very real situation. Others still have a long way to go. And we think this is a great first step to bring those teams together. >> Fostering long-term friendships I'm sure. Just talk to me about the go to market, Wendy. How are you guys going to market together? Trend Micro and Snyk selling direct channel? What is it like? >> So this is actually going to be a Trend Micro Cloud One offering. So we jointly developed it with Snyk but it's going to be Trend Micro who is selling it. And we go to market a number of different ways. AWS marketplace is a big channel to market for us And this will be available for purchase there. When it becomes available in January. And also, we also work very closely with channel partners as well who also participate in AWS marketplace. >> So what are some of the things that you're expecting to customers to be able to take advantage of around the time of re:Invent and into early 2021? >> Yeah. I really encourage customers to visit our page on the AWS re:Invent platform. We're going to have all kinds of exciting demos there. You can go learn more about this new offering that we're delivering jointly developed with Snyk. And you can also ask about how you can sign up for early access to this new offering. So highly encourage you to go check that out. >> Excellent, early access is always nice to be a beta tester and really get that symbiotic relationship. >> Geva last question for you is as the Global Alliances CTO I imagine your customer conversations in the last year have changed dramatically. Talk to me about some of the things that you really think like in terms of like exposing vulnerabilities. Let's talk about exposing opportunities that that Snyk is helping organizations do so that they can not just keep the lights on during this very unprecedented time but actually be winners of tomorrow. >> Yeah, I think again at the heart of the DevOps movement and why it's been successful it's reducing that feedback loop between writing some codes, getting it to production in the hands of customers, getting the feedback from them and rinse and repeat and starting that loop. And those who have it, the faster you can get to market faster and can deliver value faster ultimately are the winners. Now, one of the things we've seen with the COVID is a lot of the this outbound activity has been going down. People have been going less to events and need to look more internally and how you can become better as an organization. And you've actually seen an increase in the investment of a digital transformation and cloud journeys and stuff like that. And one of the... One of kind of the traditional inhibitors that's going fast and all in into the cloud is the loss of control of the traditional security teams on the application development. Where now people can, you know... deploy hundreds of times every application to the cloud a day. And what we've seen is that they come to Snyk or to companies like ours, so we can secure those new modern development life cycles and give the security feedback to the developers as they're building the applications and give the security teams the visibility into those pipelines and application domain. So they have a sense that they're not losing all the control they used to have. They're still getting visibility into those application development and actually allowing their organizations to go faster because of it they can sign up to and be doing the technologies and actually increase the speed of going to the cloud. >> Yeah and that's critical because as we, you mentioned as we've been talking about for months now that the acceleration of cloud adoption, the speed of digital transformation it's one of those things that's challenging to do. You've got to have visibility. Period. In order to facilitate that. And if it's another thing that you kind of were describing Geva as that visibility provides that sense of control or trust, and that's also huge for not just a business to catch vulnerabilities but for teams the DevOps teams, the SecOps teams to be working together in a highly collaborative way. Do you agree Wendy? >> Absolutely. And the beautiful thing is this sets that up This tool. So it allows them to work together very collaboratively but it also sets up that visibility. So that down the road there could be even further automation into that process. Because you know, the whole purpose of DevOps is to take the people out of it. Right. So, but in order... You need to set up those processes to begin with. So this is a first step in terms of setting up that automation and visibility amongst those two teams. >> Excellent. And can you say one more time Wendy where prospective customers can go to learn more and become a early adopter? >> Yeah, absolutely. So visit our Trend Micro page at the AWS reinvent platform. And there you'll be able to learn much more about the offering and also learn how you can access the early adopter program. >> Excellent. You guys thank you so much for joining me on the program today. Sharing what Trend Micro and Snyk are doing together and how you're helping organizations cross-functionally be successful. We appreciate your time. >> Thank you, Lisa. Appreciate it. >> Thank you so much. >> My pleasure. For my guests, I'm Lisa Martin and you're watching theCUBE virtual. (upbeat music)

(upbeat music) >> Narrator: From around the globe, It's theCUBE with digital coverage of DockerCon live 2020 brought to you by Docker and its ecosystem partners. >> Hello, welcome back to our DockerCon 2020 DockerCon 20 coverage this is theCUBE virtual here in the Palo Alto studios with our quarantine crew, I'm John Furrier your host, got two great guests here. Scott Johnson is the CEO of Docker and Peter McKay CEO of Snyk hot security startup with some big news, you guys have rolled out, but really it's got an impact to developers. Scott and Peter great to see you guys again. >> Great to see John. >> Good to see you John. I'm glad we can at least talk remotely. I wish we were face to face, but obviously we're living in a time of crisis were you starting to see a Cambrian explosion starting to emerge where all people are recognizing that a lot is going to come out of this. You guys have announced a strategic alliance. Can you guys take a minute to explain what is this alliance and what does it mean ? Scott, we'll start with you. >> Absolutely, and thank you, Peter, thank you, John, for this chance to share with you all that's going on it's very exciting. Look, what we saw together as teams, both, both Peter's and ours was the developer experience is getting better and better in terms of faster and faster iterations but we weren't in the world of the Docker Desktop and Docker Hub experience having kind of scary as a first pass citizen that was really right in front and center with developer workflow. And so in working with Peter's team, we realized that the two companies had the same vision of like, let's bring that developer for security just right in center, in the user experience in the command line, in the tooling and just make it natural. So that developers could continue to iterate rapidly, continue to ship value, ship features fast. But in addition to doing that, do so in a secure fashion and in a secure manner. And really that's what this partnership is about is making security just kind of built in natural developer friendly developer first. We're very very excited to partner with Snyk and then bring this to development community. >> Peter, you guys have a unique business model, you're developer first security. What does this mean to you? Docker has got millions of developers out there who know containers, there's certainly developer first. What does this alliance mean to you guys as Snyk? >> Yeah, when you think of the developer community, you think of Docker, I mean, that's when we looked at the front end of our funnel, the people who we go after and our users, it's developers, and when you think developers, you think Docker and so we've got... Scott and I got together I'd say four or five months ago where we started talking about building a tighter relationship together the synergies between what he was doing and the team was doing, we're doing at Docker. And what we were trying to do is kind of embed the developer experience and develope and integrate security into that really made a very compelling value proposition together for developers and embedding that security into that application development into your containers and your image and your application development life cycle just made it a better developer experience overall. >> We've been talking to a lot of developers, certainly for DockerCon and just outside of the industry anecdotally, is that Docker really revolutionized, container ideas has been such a great win for developers. Containerizing applications really has changed the game, has spawned the generation of Kubernetes and cloud native microservices. What specifically is going on with you guys in this partnership? Where's the security fit in because can I just do a scan and scan the vulnerabilities? I mean, what's unique here? What does this mean for developers? What's going on with the alliance? >> Yeah, I'll take it first, Peter, but then jump in. So John, in the history of application development, so often security is not addressed until the end. And so developers they're shipping rapidly. They're they're iterating quickly, but then it gets, right before production and the alarm goes off and security team swoops in and security is often seen as a point of friction or a way to delay applications from getting the market and delivering value quickly. And this partnership completely reverses that where instead of having security be further down the stream of the tool chain or the application development life cycle, we're pulling it right up in front and having it be right alongside all the other activities that a developer is doing around building their code around, testing their code around, running their code locally. And it's the whole shift left I'm mean I'm sure you've seen out there and we are shifting this as far left it can be where it's right there on the local Docker Desktop in the command line as a primary emotion and its primary tool to building a great secure application as any other aspect of the tool chain. And that was really the focus of the partnership, which is like, make this just native and as far left as possible and not make security an afterthought or something that gets taken place by other Ops people downstream. >> Peter. >> If you think can about... That's the whole concept of how Snyk was founded. We all came from an application security background where it was security tools for security people, and it really... The whole industry needed this fundamental shift in the approach. And as Scott said that whole shifting left concept to really scale security in the right way and is to embed it into that application development life cycle into embedded into the tools that developers use each and every day. So they wanted to be a security expert, a developer doesn't need to be someone who knows all the vulnerabilities, they just need to know how to develop the most creative, indeed the most agile organization to develop, much better applications. And if they can do it in a more secure way they would obviously do it, but don't make them do something dramatically different and don't ask them to be security experts. And that's what we've tried to do in the partnership with Docker allows us to embed that continuous security insights into that whole development loop to when they develop these applications, they're secure when they're done and all the way through that development life cycle, you're testing for vulnerabilities in auto remediating along the way. So it allows them to develop very creative at the pace in which they want to develop. And it makes them more secure by doing it. >> Yeah, let me pick up on Peter's point there, which is so often security has been something that's discovered late in the process, right? Either just before production or sometimes even in production. And then just think about that feedback loop. It's got to go all the way back upstream all the way to the element team developers got to go find what they're working on. Well, maybe not hours ago, it could have been days ago could even be weeks ago and then both figure out how to remediate, get it all the way through the inner loop and the outer loop. We're completely blowing that up and disrupting that by bringing it all the way forward such that the feedback is right then and there with the developer in the moment on the laptop, in their inner loop and giving them the immediate response that they need and the single they need to take action remediate and then move on to the next creative thing they can do is they're just thinking about shortening that whole feedback loop. And really as Peter said, building security in from the get go because the signal is there to give them a indication of what they need to do right then and there. >> Great, I want to get into the... I mean, I can see the workflow advantage, so I totally get that. I've heard on theCUBE many times that security has got to be built in from the beginning. We've heard that before many times, I don't think I've heard security discussed this way, combined with the trends arounds automation. So can you guys talk about how that fits in? Because I get shifting left all that workflow, all goodness. But now I'm assuming there's a whole op side of security. And then if I'm trying to automate things and that's the real trend we're seeing here, how does that all work? Does that all come together? And it's this kind of unique that you guys are doing? Can you unpack that a little bit and clarify? >> Yeah, I mean, this has been something that we've been focused on quite a bit. I mean, the first it's... Used to be that you used to find a lot of vulnerability and yes we find a lot of vulnerabilities. And what we tried to do is focused on the prioritization and really hear the critical ones that developers need to fix first, second, third, and fourth based on severity. And we build that all in and that's something that we learned that we built into the process. And then last phase is this auto remediation. To the extent we can auto correct and auto fix, which is becoming increasingly a bigger part because the more you learn about the vulnerabilities in some of the fixes, the more you can automate and remediate that just makes the whole development process that much more productive and efficient. And that's really what we're trying to do, not only just find vulnerabilities, prioritize them, what are the ones that are what the team feels as severity one twos and threes embed that into the process. So you fix these are the ones you're fixing first, second, and third, into the extent they could be auto remediated, then fix them automatically. So we're trying to build that increasingly into the application. >> So, is this the first secure containerization deployment model? I mean, have other people have been doing this? I mean, is this new to Docker new to the industry? What's what's going on? >> Well, so we're here to talk about the partnership and of course there's a wealth of a very active ecosystem in and around security and other spaces. But we think this is the first that brings it this close to the developer in the moment in the command line on the desktop. And thus we think it has a lot of value to offer development team. >> I'll put my developer hat on. I'm one of the millions of developers, containers are part of my daily design coding, What's in it for me? Why does it matter to me as a developer? What does it do for me? Save time? What's the impact for the developer? >> Well, you think about... I mean, just look at the old model, right? The old model is you develop an application, you send it to the security team and they'll audit it. They'll tell you all the vulnerabilities and then they'll ship it back to you. You fix it, then they'll check it again. And they were waiting in the queue and then they'll tell you what's wrong and they'll send it back and think of that long. It's just like... Can you remember in the early day, when they a quality issue, fix it earlier in the life cycle of an application, don't wait till the end where the quality is embedded into the process. And so what you find is, the developers are embracing this and we have our like Docker, you have a freemium where developers can try it and realize that look, and I'm going to have to do security anyway, I mean, I have to develop secure application. If I can use a tool that's built for me and embedded into my development life cycle so I don't have to be a security expert and I don't have to wait for the security teams, to tell me what's wrong. And I can embed this all the way through and then not have to go through that painful step at the very end, to go through that security audit. I would do that any day of the week-- >> (mumbles) it back to you, do the scans, "Hey, you got to fix this." And then developer Scott your point moves on. They're coding, right? I mean, that's a problem. >> Developers want to ship, right? I mean, going back to your point, John, like one of the revolutions of Docker is that it is given the expectation that developers can ship faster. And right now in much of the state of the state, because security is important, like it can serve as a gate. And as Peter just walked you through it can slow down developer shipping and having impact. And so for you, the developer, John, like this gives you freedom to ship early often, high-frequency everything the promise of the container development model. This really unleashes that. >> Yeah 'cause that rails around the security policies too allows them to be projected in as syntax, if you will, or as part of the coding environment so I don't have to worry about it. I mean, at the end of the day, it's peace of mind, more than anything, time is certainly a pain in the butt, but yeah, as a developer, the creativity we needed more than ever. Okay, so with the COVID crisis-- >> One last point I want to make on that, sorry, it's also the security teams want it to because they don't want to be the bottleneck. They don't want to be doing this at the last minute and having all the pressure on them. I mean, they know that a big chunk of their business is going through these applications. So a lot of the budget dollars that come from people buying Snyk and embedding it into the process is from security because they can't keep up this digital transformation and what companies are going through. They don't want to be, there's one of two things. Either they're going to be the bottleneck or the developers are going to go around them and just put an application in the cloud in it and ship the container, put it anywhere then going around security. So they don't want that either. So there's just a very tight alignment between developers want to ship fast and security teams want to do the same. >> I hate to say it, but the whole agility is now not only just normal for us insiders in the industry. It's proven now with this COVID crisis that you have to be fast, you have to be at scale. And I think this speaks to some of the experiences you guys had in the industry, you were talking earlier. If you're not moving at the pace that you need to move at the scale you need the automation it's proven cloud native is going is completely ratified in my mind. There's no doubt, that means microservices is front and center and this change that's happening right now. And when we come out of this pandemic, there's going to be growth winners and not growth winners. We flat line to decline or winners, and it's all going to be based on microservices. So for the developers out there going to be called into the office as someday or in a Zoom, let's get these apps double down on this, kill that project. There's going to be those conversations >> It's happening right now, John. So look, what's happening, as a result of COVID an entire bodies of human activity are shifting from offline online. Like social, consumer, B2B, healthcare going down the list, finance, commerce, retail, like massive tectonic shift going from offline online. That means massive demand for new applications, new application development, and quickly, some this shift is happening and there's a bunch of businesses that didn't have exposure to digital they're like, "Oh my goodness, I need a digital strategy. "I need a digital channel. "I need a digital revenue stream." And so the demand for new applications quickly is exploding through the roof. And we see this across the board in our industry right now which is very, very fortunate given the other circumstances and other industries, but you're absolutely right. Like this lets them ship faster. And now is the time when they need to ship and ship fast. >> And the budgets are going to be allocated on these new projects was just a nuance in your point, it's new projects and then there's fixing modernizing the old stuff. Because look at Walmart, Walmart got hamstrung on the eCommerce side, they just killed their jet acquisition. They spent $3 billion on, this is the reality. This is not like just a strategy to do innovation, innovation strategy or some walk down, digital transformation lane. This is happening, it has to be done. What do they do? >> Its interesting and it starts, we always say, we start with the new and replaced the old. We start with a new application, it usually is always the case where we usually start with a lot of the companies is a new (mumbles) on application. And then it expands from there. And so know you look at what you used to be the best practices were tech companies, and then it moved to financial services, industries and insurance and then in retail, now you look at manufacturing, you look across the board, as Scott said, this offline to online, is driving so much of the empowering developers to take on more responsibility and to own more of it, but to be faster and to be more agile. And that's really, what's driving this big shifts in the market. And like you said earlier, if they're not there, they're in trouble because this market is driving that direction. >> I want to get both of your comments on this final question, because even with the progression of the developers from the Steve bomber developer development developers, speech on YouTube to developers on the front lines, cloud native, and now today it's been a progression. And I think it's always been the developers on the front lines are getting closer to the front lines. I think now it's even more compelling because there's a scale and agility speed game going on. So I think it's just another step function, developer relevance. It's not so much, they've never been close to, they have been getting closer they're in the business conversation and the ones that could move fast are the ones going to deliver the value. So if automation is in the playbook, if cloud need is not in the playbook, this is going to be the new developer equation, the ones that meet that will be successful. Can you guys react to that and your thoughts? >> Go ahead Peter. >> I mean, I think what we're trying to do is make that developer experience just one from just the partnership with Docker and is a key, just making it really easy, do the integration, do a lot of the work, make the developer experience as seamless as possible, make it very efficient for them, make it easy for them to try and buy, make it just a great experience and allow them to, or empower them to take on more of the responsibility of getting that App published and in the containers out the door. And that's what we're excited about with the partnership with Docker is that with the number of developers that they have, the work that we do together, and the roadmap that we have is really making that experience just an incredible journey for our developer and that's what we want to continue to make sure we foster. >> Scott, the new relevance of developers, your thoughts. >> Yeah, I would only--building on Peter's point, observed that a lot of the developer expectations are informed by the stack and what's possible. And to your points earlier about the previous waves, John, like, developers are important, but their full potential if you will was perhaps muted or gated because there was not a clean abstraction between the application on the underlying infrastructure. And now, as we know, Dockerization and the surrounding ecosystem of Kubernetes and other tools, we have a much cleaner separation between the Application and the infrastructure, and that allows and set expectations for a much higher cadence of release much faster, time to value, much more agile operations in terms of responding to competitors and the market and your customers. And so with that expectation, how do you unleash that? And this partnership is really key to that, by taking the friction out. As we talked about kind of historical security models and bringing a new model that bring the security way left right into the developers around that experience. And then in some sense, really fulfills that ability to move quickly, react in an agile fashion and have an impact as quickly as possible. >> That's awesome security built into the workflow, automated industry first, guys thanks so much for a great partnership, but the final work at the plugin for the relationship going forward, how's that work is going to be available is integration code is it development? Give a quick plug for what's happening, the relationship and what's happening going forward? >> Look, Docker only succeeds if the ecosystem succeeds. and we're very very proud and humbled to join arms with Peter and the Snyk team as a partner in the security ecosystem. And so you'll see us not only in this integrated developer experience on the command line, which is going to be very, very valuable to developers that we've been talking about, but you'll see us out there promoting the solution in different forms and community groups. And so it doesn't stop and end with the DockerCon experience, look for us in the year ahead to do more and more together. >> Awesome. >> I agree and I think that just culturally and the way the organizations work really well together, I think this is a beginning of a longer journey and a longer partnership we're going to have together with Scott and the team, so we're excited. I think the validation, the early validation we've got from the development teams that we've been talking to around the world, I think there's tremendous desire for this to happen, and we're excited to launch the journey together, with Scott and team. >> It's been a lot of fun watching this progression, like you said, create that headroom, the developable, we'll take it right up and there'll be another step function, more progression. Great job guys. Congratulations on the great partnership >> We need to security built in, we need more creativity. We need that, we need this new modern era to be flourishing. Thanks for your time, appreciate it. >> Thanks John. >> Thank you. >> theCUBE coverage, virtual CUBE coverage of DockerCon 20. I'm John Furrier your host, along with Docker for DockerCon 20 #Docker 20. Thanks for watching and stay tuned for our next segment of DockerCon 20 virtual. (upbeat music)

>> From the Silicon Angle Media Office in Boston Massachusetts, it's "The Cube." (groovy techno music) Now, here's your host, Dave Vellante. >> Hello, everyone. The rise of open source is really powering the digital economy. And in a world where every company is essentially under pressure to become a software firm, open source software really becomes the linchpin of digital services for both incumbents and, of course, digital natives. Here's the challenge, is when developers tap and apply open source, they're often bringing in hundreds, or even thousands of lines of code that reside in open sourced packages and libraries. And these code bases, they have dependencies, and essentially hidden traps. Now typically, security vulnerabilities in code, they're attacked after the software's developed. Or maybe thrown over the fence to the sec-ops team and SNYK is a company that set out to solve this problem within the application development life cycle, not after the fact as a built-on. Now, with us to talk about this mega-trend is Peter McKay, a friend of The Cube and CEO of SNYK. Peter, great to see you again. >> Good to see you, dude. >> So I got to start with the name. SNYK, what does it mean? >> SNYK, So Now You Know. You know, people it's sneakers sneak. And they tend to use the snick. So it's SNYK or snick. But it is SNYK and it stands for So Now You Know. Kind of a security, so now you know a lot more about your applications than you ever did before. So it's kind of a fitting name. >> So you heard my narrative upfront. Maybe you can add a little color to that and provide some additional background. >> Yeah, I mean, it's a, you know, when you think of the larger trends that are going on in the market, you know, every company is going through this digital transformation. You know, and every CEO, it's the number one priority. We've got to change our business from, you know, financial services, healthcare, insurance company, whatever, are all switching to digital, you know, more of a software company. And with that, more software equals more software risk and cybersecurity continues to be, you know, a major. I think 72% of CEOs worry about cybersecurity as a top issue in protecting companies' data. And so for us, we've been in the software in the security space for the four and a half years. I've been in the security space since, you know, Watchfire 20 years ago. And right now, with more and more, as you said, open source and containers, the challenge of being able to address the cybersecurity issues that have never been more challenging. And so especially when you add the gap between the need for security professionals and what they have. I think it's four million open positions for security people. So you know, with all this added risk, more and more open source, more and more digitization, it's created this opportunity in the market where you're traditional approaches to addressing security don't work today, you know? Like you said, throwing it over the fence and having someone in security, you know, check and make sure and finding all these vulnerabilities, and throw it back to developers to fix is very slow and something at this point is not driving to success. >> So talk a little bit more about what attracted you to SNYK early. I mean, you've been with the company, you're at least involved in the company for a couple years now. What were the trends that you saw, and what was it about SNYK that, you know, led you to become an investor and ultimately, CEO? >> Yeah, so four years involved in the business. So you know, I've always loved the security space. I've been in it for a number, almost 20 years. So I enjoy the space. You know, I've watched it. The founder, Guy Podjarny, one of the founders of SNYK, has been a friend of mine for 16 years from back in the Watchfire days. So we've always stayed connected. I've always worked well together with him. And so when you started, and I was on the board, the first board member of the company, so I could see what was going on, and it was this, you know, changing, kind of the right place at the right time in terms of developer first security. Really taking all the things that are going on in the security space that impacts a developer or can be addressed by the developer, and embedding it into the software into that developer community, in a way that developers use, the tools that they use. So it's a developer-first mindset with security expertise built-in. And so when you look at the market, the number of open source container evolution, you know, it's a huge market opportunity. Then you look at the business momentum, just took off over the past, you know, four years. That it was something that I was getting more and more involved in. And then when Guy asked me to join as the CEO, it was like, "Sure, what took you so long?" (Dave laughing) >> We had Guy on at Node JS Summit. I want to say it was a couple years ago now. And what he was describing is when you package, take the example of Node. When you package code in Node, you bring in all these dependencies, kind of what I was talking about there, but the challenge that he sort of described was really making it seamless as part of the development workflow. It seems like that's unique to SNYK. Maybe you could talk about-- >> Yeah, it is. And you know, we've built it from the ground up. You know, it's very difficult. If it was a security tool for security people, and then say, "Oh, let's adapt it for the developer," that is almost impossible. Why I think we've been so successful from the 400,000 developers in the community using Freemium to paid, was we built it from the ground up for developer, embedded into the application-development life cycle. Into their process, the look and feel, easy for them to use, easy for them to try it, and then we focused on just developer adoption. A great experience, developers will continue to use it and expand with it. And most of our opportunities that we've been successful at, the customers, we have over 400 customers. That had been this try, you know, start it with the community. They used the Freemium, they tried it for their new application, then they tried it for all their new, and then they go back and replace the old. So it was kind of this Freemium, land and expand has been a great way for developers to try it, use it. Does it work, yes, buy more. And that's the way we work. >> We're really happy, Peter, that you came on because you've got some news today that you're choosing to share with us in our Cube community. So it's around financing, bring us up to date. What's the news? >> Yeah so you know, I'd say four months ago, five months ago, we raised a $70 million round from great investors. And that was really led by one of our existing investors, who kind of knew us the best and it was you know, Excel Venture, and then Excel Growth came in and led the $70 million round. And part of that was a few new investors that came in and Stripes, which is you know a very large growth equity investor were part of that $70 million round said you know, preempted it and said, "Look it, we know you don't need the money, but we want to," you know, "We want to preempt. We believe your customer momentum," here we did, you know, five or six really large deals. You know, one, 700, seven million, 7.4 million, one's 3.5 million. So we started getting these bigger deals and we doubled since the $70 million round. And so we said, "Okay, we want to make money not the issue." So they led the next round, which is $150 million round, at a valuation of over a billion. That really allows us now to, with the number of other really top tier, (mumbles) and Tiger and Trend and others, who have been part of watching the space and understand the market. And are really helping us grow this business internationally. So it's an exciting time. So you know, again, we weren't looking to raise. This was something that kind of came to us and you know, when people are that excited about it like we are and they know us the best because they've been part of our board of directors since their round, it allows us to do the things that we want to do faster. >> So $150 million raise this round, brings you up to the 250, is that correct? >> Yes, 250. >> And obviously, an up-round. So congratulations, that's great. >> Yeah, you know, I think a big part of that is you know, we're not, I mean, we've always been very fiscally responsible. I mean, yes we have the money and most of it's still in the bank. We're growing at the pace that we think is right for us and right for the market. You know, we continue to invest product, product, product, is making sure we continue our product-led organization. You know, from that bottoms up, which is something we continue to do. This allows us to accelerate that more aggressively, but also the community, which is a big part of what makes that, you know, when you have a bottoms up, you need to have that community. And we've grown that and we're going to continue to invest aggressively and build in that community. And lastly, go to market. Not only invest, invest aggressively in the North America, but also Europe and APJ, which, you know, a lot of the things we've learned from my Veeam experience, you know how to grow fast, go big or go home. You know, are things that we're going to do but we're going to do it in the right way. >> So the Golden Rule is product and sales, right? >> Yes, you're either building it or selling it. >> Right, that's kind of where you're going to put your money. You know, you talk a lot about people, companies will do IPOs to get seen, but companies today, I mean, even software companies, which is a capital-efficient industry, they raise a lot of dough and they put it towards promotion to compete. What are your thoughts on that? >> You know, we've had, the model is very straightforward. It's bottoms up, you know? Developers, you know, there's 28 million developers in the world, you know? What we want is every one of those 28 million to be using our product. Whether it's free or paid, I want SNYK used in every application-development life cycle. If you're one developer, or you're a sales force with standardized on 12,000 developers, we want them using SNYK. So for us, it's get it in the hands. And that, you know, it's not like-- developers aren't going to look at Super Bowl ads, they're not going to be looking. It's you know, it's finding the ways, like the conference. We bought the DevSecCon, you know, the conference for developer security. Another way to promote kind of our, you know, security for developers and grow that developer community. That's not to say that there isn't a security part. Because, you know, what we do is help security organizations with visibility and finding a much more scalable way that gets them out of the, you know, the slows-down, the speed bump to the moving apps more aggressively into production. And so this is very much about helping security people. A lot of times the budgets do come from security or dev-ops. But it's because of our focus on the developer and the success of fixing, finding, fixing, and auto-remediating that developer environment is what makes us special. >> And it's sounds like a key to your success is you're not asking developer to context switch into a new environment, right? It's part of their existing workflow. >> It has to be, right? Don't change how they do their job, right? I mean, their job is to develop incredible applications that are better than the competitors, get them to market faster than they can, than they've ever been able to do before and faster than the competitor, but do it securely. Our goal is to do the third, but not sacrifice on one and two, right? Help you drive it, help you get your applications to market, help you beat your competition, but do it in a secure fashion. So don't slow them down. >> Well, the other thing I like about you guys is the emphasis is on fixing. It's not just alerting people that there's a problem. I mean, for instance, a company like Red Hat, is that they're going to put a lot of fixes in. But you, of course, have to go implement them. What you're doing is saying, "Hey, we're going to do that for you. Push the button and then we'll do it," right? So that, to me, that's important because it enables automation, it enables scale. >> Exactly, and I think this has been one of the challenges for kind of more of the traditional legacy, is they find a whole bunch of vulnerabilities, right? And we feel as though just that alone, we're the best in the world at. Finding vulnerabilities in applications in open source container. And so the other part of it is, okay, you find all them, but prioritizing what it is that I should fix first? And that's become really big issue because the vulnerabilities, as you can imagine, continue to grow. But focusing on hey, fix this top 10%, then the next, and to the extent you can, auto-fix. Auto-remediate those problems, that's ultimately, we're measured by how many vulnerabilities do we fix, right? I mean, finding them, that's one thing. But fixing them is how we judge a successful customer. And now it's possible. Before, it was like, "Oh, okay, you're just going to show me more things." No, when you talk about Google and Salesforce and Intuit, and all of our customers, they're actually getting far better. They're seeing what they have in terms of their exposure, and they're fixing the problems. And that's ultimately what we're focused on. >> So some of those big whales that you just mentioned, it seems to me that the value proposition for those guys, Peter, is the quality of the code that they can develop and obviously, the time that it takes to do that. But if you think about it more of a traditional enterprise, which I'm sure is part of your (mumbles), they'll tell you, the (mumbles) will tell you our biggest problem is we don't have enough people with the skills. Does this help? >> It absolutely-- >> And how so? >> Yeah, I mean, there's a massive gap in security expertise. And the current approach, the tools, are, you know, like you said at the very beginning, it's I'm doing too late in the process. I need to do it upstream. So you've got to leverage the 28 million developers that are developing the applications. It's the only way to solve the problem of, you know, this application security challenge. We call it Cloud Dative Application Security, which all these applications usually are new apps that they're moving into the Cloud. And so to really fix it, to solve the problem, you got to embed it, make it really easy for developers to leverage SNYK in their whole, we call it, you know, it's that concept of shift left, you know? Our view is that it needs to be embedded within the development process. And that's how you fix the problem. >> And talk about the business model again. You said it's Freemium model, you just talked about a big seven figure deals that you're doing and that starts with a Freemium, and then what? I upgrade to a subscription and then it's a land and expand? Describe that. >> Yeah we call it, it's you know, it's the community. Let's get every developer in a community. 28 million, we want to get into our community. From there, you know, leverage our Freemium, use it. You know, we encourage you to use it. Everybody to use our Freemium. And it's full functionality. It's not restricted in anyway. You can use it. And there's a subset of those that are ready to say, "Look it, I want to use the paid version," which allows me to get more visibility across more developers. So as you get larger organization, you want to leverage the power of kind of a bigger, managing multiple developers, like a lot of, in different teams. And so that kind of gets that shift to that paid. Then it goes into that Freemium, land, expand, we call it explode. Sales force, kind of explode. And then renew. That's been our model. Get in the door, get them using Freemium, we have a great experience, go to paid. And that's usually for an application, then it goes to 10 applications, and then 300 developers and then the way we price is by developer. So the more developers who use, the better your developer adoption, the bigger the ultimate opportunity is for us. >> There's a subscription service right? >> All subscription. >> Okay and then you guys have experts that are identifying vulnerabilities, right? You put them into a database, presumably, and then you sort of operationalize that into your software and your service. >> Yeah, we have 15 people in our security team that do nothing everyday but looking for the next vulnerability. That's our vulnerability database, in a large case, is a lot of our big companies start with the database. Because you think of like Netflix and you think of Facebook, all of these companies have large security organizations that are looking for issues, looking for vulnerabilities. And they're saying, "Well okay, if I can get that feed from you, why do I have my own?" And so a lot of companies start just with the database feed and say, "Look, I'll get rid of mine, and use yours." And then eventually, we'll use this scanning and we'll evolve down the process. But there's no doubt in the market people who use our solution or other solution will say our known the database of known vulnerabilities, is far better than anybody else in the market. >> And who do you sell to, again? Who are the constituencies? Is it sec-ops, is it, you know, software engineering? Is it developers, dev-ops? >> Users are always developers. In some cases dev-ops, or dev-sec. Apps-sec, you're starting to see kind of the world, the developer security becoming bigger. You know, as you get larger, you're definitely security becomes a bigger part of the journey and some of the budget comes from the security teams. Or the risk or dev-ops. But I think if we were to, you know, with the user and some of the influencers from developers, dev-ops, and security are kind of the key people in the equation. >> Is your, you have a lot of experience in the enterprise. How do you see your go to market in this world different, given that it's really a developer constituency that you're targeting? I mean, normally, you'd go out, hire a bunch of expensive sales guys, go to market, is that the model or is it a little different here because of the target? >> Yeah, you know, to be honest, a lot of the momentum that we've had at this point has been inbound. Like most of the opportunities that come in, come to us from the community, from this ground up. And so we have a very large inside sales team that just kind of follows up on the inbound interest. And that's still, you know, 65, 70% of the opportunities that come to us both here and Europe and APJ, are coming from the community inbound. Okay, I'm using 10 licenses of SNYK, you know, I want to get the enterprise version of it. And so that's been how we've grown. Very much of a very cost-effective inside sales. Now, when you get to the Googles and Salesforces and Nordstroms of the world, and they have already 500 licenses us, either paid or free, then we usually have more of a, you know, senior sales person that will be involved in those deals. >> To sort of mine those accounts. But it's really all about driving the efficiency of that inbound, and then at some point driving more inbound and sort of getting that flywheel effect. >> Developer adoption, developer adoption. That's the number one driver for everybody in our company. We have a customer success team, developer adoption. You know, just make the developer successful and good things happen to all the other parts of the organization. >> Okay, so that's a key performance indicator. What are the, let's wrap kind of the milestones and the things that you want to accomplish in the next, let's call it 12 months, 18 months? What should we be watching? >> Yeah, so I mean it continues to be the community, right? The community, recruiting more developers around the globe. We're expanding, you know, APJ's becoming a bigger part. And a lot of it is through just our efforts and just building out this community. We now have 20 people, their sole job is to build out, is to continue to build our developer community. Which is, you know, content, you know, information, how to learn, you know, webinars, all these things that are very separate and apart from the commercial side of the business and the community side of the business. So community adoption is a critical measurement for us, you know, yeah, you look at Freemium adoption. And then, you know, new customers. How are we adding new customers and retaining our existing customers? And you know, we have a 95% retention rate. So it's very sticky because you're getting the data feed, is a daily data feed. So it's like, you know, it's not one that you're going to hook on and then stop at any time soon. So you know, those are the measurements. You look at your community, you look at your Freemium, you look at your customer growth, your retention rates, those are all the things that we measure our business by. >> And your big pockets of brain power here, obviously in Boston, kind of CEO's prerogative, you got a big presence in London, right? And also in Israel, is that correct? >> Yeah, I would say we have four hubs and then we have a lot of remote employees. So, you know, Tel Aviv, where a lot of our security expertise is, in London, a lot of engineering. So between London and Tel Aviv is kind of the security teams, the developers are all in the community is kind of there. You know, Boston, is kind of more go to market side of things, and then we have Ottawa, which is kind of where Watchfire started, so a lot of good security experience there. And then, you know, we've, like a lot of modern companies, we hired the best people wherever we can find them. You know, we have some in Sydney, we've got some all around the world. Especially security, where finding really good security talent is a challenge. And so we're always looking for the best and brightest wherever they are. >> Well, Peter, congratulations on the raise, the new role, really, thank you for coming in and sharing with The Cube community. Really appreciate it. >> Well, it's great to be here. Always enjoy the conversations, especially the Patriots, Red Sox, kind of banter back and forth. It's always good. >> Well, how do you feel about that? >> Which one? >> Well, the Patriots, you know, sort of strange that they're not deep into the playoffs, I mean, for us. But how about the Red Sox now? Is it a team of shame? All my friends who were sort of jealous of Boston sports are saying you should be embarrassed, what are your thoughts? >> It's all about Houston, you know? Alex Cora, was one of the assistant coaches at Houston where all the issues are, I'm not sure those issues apply to Boston, but we'll see, TBD. TBD, I am optimistic as usual. I'm a Boston fan making sure that there isn't any spillover from the Houston world. >> Well we just got our Sox tickets, so you know, hopefully, they'll recover quickly, you know, from this. >> They will, they got to get a coach first. >> Yeah, they got to get a coach first. >> We need something to distract us from the Patriots. >> So you're not ready to attach an asterisk yet to 2018? >> No, no. No, no, no. >> All right, I like the optimism. Maybe you made the right call on Tom Brady. >> Did I? >> Yeah a couple years ago. >> Still since we talked what, two in one. And they won one. >> So they were in two, won one, and he threw for what, 600 yards in the first one so you can't, it wasn't his fault. >> And they'll sign him again, he'll be back. >> Is that your prediction? I hope so. >> I do, I do. >> All right, Peter. Always a pleasure, man. >> Great to see you. >> Thank you so much, and thank you for watching everybody, we'll see you next time. (groovy techno music)

>> Hey welcome back everybody Jeff Frick here with theCUBE. We're at Node Summit 2015 in Downtown San Francisco Mission Bay Conference Center. About 800 people talking about nodes, Node JS. The crazy growth in this application development platform and we're excited to have our next guest to talk about security. Which I don't think we've talked about yet. He's Guy Podjarny, I'm sorry. >> Podjarny Correct. >> Welcome, he's a CEO of Snyk, not spelled like Snyk. (laughing) You'll see it on the lower third. >> It's amazing how often we that question. How do you pronounce Snyk? >> Well I know, obviously people that have never had this start up and tried to go through a URL search. >> Indeed. >> Just don't know what's it's all about. >> It's sort of Google dominance. It's short for so now you know. So now you know. >> Oh, so now you know. Okay perfect, super. First off welcome, great to see you. >> Thank you. Thanks for having me. >> You said this is your second year at the conference. Just kind of share your general impressions of what's going on here. >> Sure, well I think Node Summit is an awesome conference. I think this year's event is bigger, better organized. I don't know if it's bigger people wise but definitely feels that way. It sort of feels more structured. It's nice to see in the audience as well. Just an increased amount of larger organizations that are around and talking about their challenges and a little bit a lot earlier in the conference but a little bit of more experienced conversations. So conversations about hey, we've used node and we've encountered these issues versus we're about to use it. We're thinking of using it so definitely can see the enterprise adoption kind of growing up. That's my primary impression so far. >> Yeah and it's it in 'cause you're a start up but Microsoft is here, Google's here, Intel is here, IBM is here so a lot of the big players. Who've demonstrated in other open source communities that they have completely embraced open source as a method and way to get actually more than the software is getting closer to development community. >> Yeah, agreed and I think another adjacent trend that's happening is ServerList and ServerList has grown ridiculously, by massive amounts in these last while. And Node JS is sort of the de facto default language for ServerList. LAM just started with it and AWS and many of the other platforms only support it. I think that contribution also brings the giants a little bit more in here. The Cloud giants but also I think again just sort of boost the Node JS. As though the Node JS echo system needed a boost. They get another amplifier. Just raise enterprise awareness and general usage. >> Okay, so what's the Snyk all about? Gives us, some people aren't familiar with the company. >> Cool, so Snyk deals with open source security and specifically in Node JS, the world of MPMs. MPM is amazing and it allows us to build on the shoulders of giants and all the others in the community. But there are some inherent security risks with just pulling code off the internet and running it in your application. >> Jeff: Right, right. >> What we do at Snyk is we help you find known security flaws, known vulnerabilities in MPM packages, and do that in a natural fashion as part of your continuous development process, and then fix those efficiently and monitor for them over time. That's basically. >> That's your focus is really keeping track of all these other packages that people are using to their development. Precisely and we're helping you just use open source code and stay secure. The word node is our flag ship and it's where we started and build and now we support a bunch of other systems as well. >> It's interesting, Monica from Intel said that in some of their work they found that some of these applications. The actual developers only contributing 2% of the code 'cause they're pulling in all this other stuff. >> Precisely, I have this example I use in a bunch of my talks that shows ServerList example that has 19 lines of codes. Copies some file from URL and puts it on S3. That's 19 lines of codes which is awesome. Uses two packages which in turn use 19 packages which bring in 190,000 lines of code. >> Wow. >> That's a massive-- >> So what is that step function again? Start from the beginning. >> 19 to 190,000. >> It starts at two? >> 19 lines of code use two MPM packages. They use 19 packages because every package uses other packages as well, and combined those 19 packages bring in 190,000 lines of code. >> Wow, that's amazing. That's an extreme example but you see that pattern. You see this again and again that the majority of your code in your applications especially node is not first party it's third party code. >> Jeff: Right. >> And that means most of your security risks. Most of your vulnerabilities, they come from there so there is a lot of challenges around managing dependencies. I know it's called dependency help for a reason but specifically security is still not sufficiently taken care of. It's still overlooked and we need to make sure that it's not just addressed by security people. But it's addressed a part of the development process by developers. >> How do you keep up? Both with the number as the proliferation grows as well as the revisions and versions inside of any particular package? You kind of chasing a multi headed beast there. >> It's definitely tough. First of all the short answer is automation. Any scale solution has to start with automation. I've got a security research team in Israel that has a vulnerability pipeline that feeds in from activity in the open source world. Some developer opens an issue and gets helps that say SQL injection in some package and that disappears into the ether. So we try to surface those, get it to our security analysts, determine if it's a real vulnerability curated in our database, and then just build that database with your own research but a lot of it is around tapping into community. And then subsequently when you consume this if you want to be able to apply security correctly as you develop your applications Node JS or otherwise. It has to come to you. The security tool has to be a seamless integration with how you currently work. If you impose another step, another two steps, another three steps on the developers. They're just not going to use it. That's a lot of our emphasis is scale on the consumption and the tracking of the database and simplicity and ease of use on the developer on the user side. >> And do you help with just like flagging. Flagging is a problem or is there an alternative. I mean I would imagine with all these interdependencies, you find one rotten apple kind of have a huge impact. It's a huge scale of impact right. >> Absolutely so we do really what our moniker is that we don't find vulnerabilities, we fix them and our goal is to fix vulnerabilities. So we actually, first of all in the flow we have single click, open a fixed PR. We figure out what changes we need to do. What upgrades you need to make the vulnerability go away. Literally click a button to fix it. Put on one bat for everything and then what we also do. We build patches, sort of a little known fact is in the world of operation systems RedHat and Canonical. They build a lot of fixes or they back port a lot open source fixes, and they put them into their repository. You can just say on updates or upgrade and just get those fixes. You don't even know which vulnerabilities you're fixing. You're just getting the fixes so we build patches for our MPM packages as well to allow you to patch vulnerabilities you can not upgrade away. A lot of it is around fix. Make fix easy. >> Right and then the other part as you said is baking security in the development all the way through which we hear over and over and over. >> Build it in and bolt it in. >> The cast in method doesn't work anymore. You've got to have it throughout the application so you said you're speaking on a panel tomorrow. And I wondered if you can just highlight some of the topics for tomorrow for the folks that aren't going to be here and see the panel. When you look at ServerList security. Say that three times fast. What are some of the real special challenges that people need to be thinking about? >> Sure, so you know I actually have two talks tomorrow. One is a panel on Node JS security as a whole and that's sort of a broader panel. We have a few other colleagues in there and we talk about the evolution of Node JS security that includes the platform itself which is increasingly well handled by the foundation. Definitely some improvements there over the years and some of it is around best practices like the ones that was just discussed which is understanding known pitfalls and Node JS sort of security mistakes that you might do as well as handling the MPM echo system. The other talk that I have later in the day is around ServerList security. ServerList security is interesting because a lot of the promise of ServerList is function as a service is that a lot of the concerns. A lot of the earlier or lower levels get abstracted away from you. You don't need to manage servers. You don't need to manage operation systems and with those auto security concerns go away. Which in turns focuses the attackers and should focus you on the application. As attackers are not just going to give up because they can't hack the operating system that the pros are managing. They would look at the next low hanging fruit and that would be the application. Platform as a service and function as a service really increase the importance of dealing with application security as a whole. So my talk is a lot about that but also deals with other security concerns that you might of course any new methodology introduces its own concerns so talk a little bit about how to address those. ServerList like Node JS is an opportunity to build security into the culture and into our methodologies from the early day so trying to help us get that right. >> Alright, as you look forward, the next 12 months. I won't say more than 12 months, 6 months, 9 months, 12 months. What are some of your priorities at Snyk? What are you working on if we get together a year from now, what will we be talking about? I think, so two primary ones. One is continuing the emphasis on fix. Making fixing trivial in the Node JS environments as well as others. I think we've done well there but there is more work to be done. It needs to be as seamless as possible. The other aspect is indeed in this sort of past and fast world and platform and function as a service. Where increasingly there is this awareness as we work with different platforms to the blind spot that they have to open source libraries. They fix your NGX vulnerabilities but not your express vulnerabilities. I sometimes refer to MPM packages or open source packages as sprinkles of infrastructure that are just scattered through your application. And today, all of these Cloud platforms are blind to it so I expect us at Snyk to be helping past and fast users dealing with that security concerns efficiently. >> Alright, well I look forwards to the conversation. >> Thanks. >> Thanks for stopping by. >> Thank you. >> He's Guy Podjarny. He is from Snyk. The CEO of Snyk. I'm Jeff Frick, you're watching theCUBE. (uptempo techno music)

(upbeat music beginning) >> From the Cube Studios in Palo Alto and Boston, bringing you data-driven insights from the Cube and ETR, this is "Breaking Analysis" with Dave Vellante. >> Making predictions about the future of enterprise tech is more challenging if you strive to lay down forecasts that are measurable. In other words, if you make a prediction, you should be able to look back a year later and say, with some degree of certainty, whether the prediction came true or not, with evidence to back that up. Hello and welcome to this week's Wikibon Cube Insights, powered by ETR. In this breaking analysis, we aim to do just that, with predictions about the macro IT spending environment, cost optimization, security, lots to talk about there, generative AI, cloud, and of course supercloud, blockchain adoption, data platforms, including commentary on Databricks, snowflake, and other key players, automation, events, and we may even have some bonus predictions around quantum computing, and perhaps some other areas. To make all this happen, we welcome back, for the third year in a row, my colleague and friend Eric Bradley from ETR. Eric, thanks for all you do for the community, and thanks for being part of this program. Again. >> I wouldn't miss it for the world. I always enjoy this one. Dave, good to see you. >> Yeah, so let me bring up this next slide and show you, actually come back to me if you would. I got to show the audience this. These are the inbounds that we got from PR firms starting in October around predictions. They know we do prediction posts. And so they'll send literally thousands and thousands of predictions from hundreds of experts in the industry, technologists, consultants, et cetera. And if you bring up the slide I can show you sort of the pattern that developed here. 40% of these thousands of predictions were from cyber. You had AI and data. If you combine those, it's still not close to cyber. Cost optimization was a big thing. Of course, cloud, some on DevOps, and software. Digital... Digital transformation got, you know, some lip service and SaaS. And then there was other, it's kind of around 2%. So quite remarkable, when you think about the focus on cyber, Eric. >> Yeah, there's two reasons why I think it makes sense, though. One, the cybersecurity companies have a lot of cash, so therefore the PR firms might be working a little bit harder for them than some of their other clients. (laughs) And then secondly, as you know, for multiple years now, when we do our macro survey, we ask, "What's your number one spending priority?" And again, it's security. It just isn't going anywhere. It just stays at the top. So I'm actually not that surprised by that little pie chart there, but I was shocked that SaaS was only 5%. You know, going back 10 years ago, that would've been the only thing anyone was talking about. >> Yeah. So true. All right, let's get into it. First prediction, we always start with kind of tech spending. Number one is tech spending increases between four and 5%. ETR has currently got it at 4.6% coming into 2023. This has been a consistently downward trend all year. We started, you know, much, much higher as we've been reporting. Bottom line is the fed is still in control. They're going to ease up on tightening, is the expectation, they're going to shoot for a soft landing. But you know, my feeling is this slingshot economy is going to continue, and it's going to continue to confound, whether it's supply chains or spending. The, the interesting thing about the ETR data, Eric, and I want you to comment on this, the largest companies are the most aggressive to cut. They're laying off, smaller firms are spending faster. They're actually growing at a much larger, faster rate as are companies in EMEA. And that's a surprise. That's outpacing the US and APAC. Chime in on this, Eric. >> Yeah, I was surprised on all of that. First on the higher level spending, we are definitely seeing it coming down, but the interesting thing here is headlines are making it worse. The huge research shop recently said 0% growth. We're coming in at 4.6%. And just so everyone knows, this is not us guessing, we asked 1,525 IT decision-makers what their budget growth will be, and they came in at 4.6%. Now there's a huge disparity, as you mentioned. The Fortune 500, global 2000, barely at 2% growth, but small, it's at 7%. So we're at a situation right now where the smaller companies are still playing a little bit of catch up on digital transformation, and they're spending money. The largest companies that have the most to lose from a recession are being more trepidatious, obviously. So they're playing a "Wait and see." And I hope we don't talk ourselves into a recession. Certainly the headlines and some of their research shops are helping it along. But another interesting comment here is, you know, energy and utilities used to be called an orphan and widow stock group, right? They are spending more than anyone, more than financials insurance, more than retail consumer. So right now it's being driven by mid, small, and energy and utilities. They're all spending like gangbusters, like nothing's happening. And it's the rest of everyone else that's being very cautious. >> Yeah, so very unpredictable right now. All right, let's go to number two. Cost optimization remains a major theme in 2023. We've been reporting on this. You've, we've shown a chart here. What's the primary method that your organization plans to use? You asked this question of those individuals that cited that they were going to reduce their spend and- >> Mhm. >> consolidating redundant vendors, you know, still leads the way, you know, far behind, cloud optimization is second, but it, but cloud continues to outpace legacy on-prem spending, no doubt. Somebody, it was, the guy's name was Alexander Feiglstorfer from Storyblok, sent in a prediction, said "All in one becomes extinct." Now, generally I would say I disagree with that because, you know, as we know over the years, suites tend to win out over, you know, individual, you know, point products. But I think what's going to happen is all in one is going to remain the norm for these larger companies that are cutting back. They want to consolidate redundant vendors, and the smaller companies are going to stick with that best of breed and be more aggressive and try to compete more effectively. What's your take on that? >> Yeah, I'm seeing much more consolidation in vendors, but also consolidation in functionality. We're seeing people building out new functionality, whether it's, we're going to talk about this later, so I don't want to steal too much of our thunder right now, but data and security also, we're seeing a functionality creep. So I think there's further consolidation happening here. I think niche solutions are going to be less likely, and platform solutions are going to be more likely in a spending environment where you want to reduce your vendors. You want to have one bill to pay, not 10. Another thing on this slide, real quick if I can before I move on, is we had a bunch of people write in and some of the answer options that aren't on this graph but did get cited a lot, unfortunately, is the obvious reduction in staff, hiring freezes, and delaying hardware, were three of the top write-ins. And another one was offshore outsourcing. So in addition to what we're seeing here, there were a lot of write-in options, and I just thought it would be important to state that, but essentially the cost optimization is by and far the highest one, and it's growing. So it's actually increased in our citations over the last year. >> And yeah, specifically consolidating redundant vendors. And so I actually thank you for bringing that other up, 'cause I had asked you, Eric, is there any evidence that repatriation is going on and we don't see it in the numbers, we don't see it even in the other, there was, I think very little or no mention of cloud repatriation, even though it might be happening in this in a smattering. >> Not a single mention, not one single mention. I went through it for you. Yep. Not one write-in. >> All right, let's move on. Number three, security leads M&A in 2023. Now you might say, "Oh, well that's a layup," but let me set this up Eric, because I didn't really do a great job with the slide. I hid the, what you've done, because you basically took, this is from the emerging technology survey with 1,181 responses from November. And what we did is we took Palo Alto and looked at the overlap in Palo Alto Networks accounts with these vendors that were showing on this chart. And Eric, I'm going to ask you to explain why we put a circle around OneTrust, but let me just set it up, and then have you comment on the slide and take, give us more detail. We're seeing private company valuations are off, you know, 10 to 40%. We saw a sneak, do a down round, but pretty good actually only down 12%. We've seen much higher down rounds. Palo Alto Networks we think is going to get busy. Again, they're an inquisitive company, they've been sort of quiet lately, and we think CrowdStrike, Cisco, Microsoft, Zscaler, we're predicting all of those will make some acquisitions and we're thinking that the targets are somewhere in this mess of security taxonomy. Other thing we're predicting AI meets cyber big time in 2023, we're going to probably going to see some acquisitions of those companies that are leaning into AI. We've seen some of that with Palo Alto. And then, you know, your comment to me, Eric, was "The RSA conference is going to be insane, hopping mad, "crazy this April," (Eric laughing) but give us your take on this data, and why the red circle around OneTrust? Take us back to that slide if you would, Alex. >> Sure. There's a few things here. First, let me explain what we're looking at. So because we separate the public companies and the private companies into two separate surveys, this allows us the ability to cross-reference that data. So what we're doing here is in our public survey, the tesis, everyone who cited some spending with Palo Alto, meaning they're a Palo Alto customer, we then cross-reference that with the private tech companies. Who also are they spending with? So what you're seeing here is an overlap. These companies that we have circled are doing the best in Palo Alto's accounts. Now, Palo Alto went and bought Twistlock a few years ago, which this data slide predicted, to be quite honest. And so I don't know if they necessarily are going to go after Snyk. Snyk, sorry. They already have something in that space. What they do need, however, is more on the authentication space. So I'm looking at OneTrust, with a 45% overlap in their overall net sentiment. That is a company that's already existing in their accounts and could be very synergistic to them. BeyondTrust as well, authentication identity. This is something that Palo needs to do to move more down that zero trust path. Now why did I pick Palo first? Because usually they're very inquisitive. They've been a little quiet lately. Secondly, if you look at the backdrop in the markets, the IPO freeze isn't going to last forever. Sooner or later, the IPO markets are going to open up, and some of these private companies are going to tap into public equity. In the meantime, however, cash funding on the private side is drying up. If they need another round, they're not going to get it, and they're certainly not going to get it at the valuations they were getting. So we're seeing valuations maybe come down where they're a touch more attractive, and Palo knows this isn't going to last forever. Cisco knows that, CrowdStrike, Zscaler, all these companies that are trying to make a push to become that vendor that you're consolidating in, around, they have a chance now, they have a window where they need to go make some acquisitions. And that's why I believe leading up to RSA, we're going to see some movement. I think it's going to pretty, a really exciting time in security right now. >> Awesome. Thank you. Great explanation. All right, let's go on the next one. Number four is, it relates to security. Let's stay there. Zero trust moves from hype to reality in 2023. Now again, you might say, "Oh yeah, that's a layup." A lot of these inbounds that we got are very, you know, kind of self-serving, but we always try to put some meat in the bone. So first thing we do is we pull out some commentary from, Eric, your roundtable, your insights roundtable. And we have a CISO from a global hospitality firm says, "For me that's the highest priority." He's talking about zero trust because it's the best ROI, it's the most forward-looking, and it enables a lot of the business transformation activities that we want to do. CISOs tell me that they actually can drive forward transformation projects that have zero trust, and because they can accelerate them, because they don't have to go through the hurdle of, you know, getting, making sure that it's secure. Second comment, zero trust closes that last mile where once you're authenticated, they open up the resource to you in a zero trust way. That's a CISO of a, and a managing director of a cyber risk services enterprise. Your thoughts on this? >> I can be here all day, so I'm going to try to be quick on this one. This is not a fluff piece on this one. There's a couple of other reasons this is happening. One, the board finally gets it. Zero trust at first was just a marketing hype term. Now the board understands it, and that's why CISOs are able to push through it. And what they finally did was redefine what it means. Zero trust simply means moving away from hardware security, moving towards software-defined security, with authentication as its base. The board finally gets that, and now they understand that this is necessary and it's being moved forward. The other reason it's happening now is hybrid work is here to stay. We weren't really sure at first, large companies were still trying to push people back to the office, and it's going to happen. The pendulum will swing back, but hybrid work's not going anywhere. By basically on our own data, we're seeing that 69% of companies expect remote and hybrid to be permanent, with only 30% permanent in office. Zero trust works for a hybrid environment. So all of that is the reason why this is happening right now. And going back to our previous prediction, this is why we're picking Palo, this is why we're picking Zscaler to make these acquisitions. Palo Alto needs to be better on the authentication side, and so does Zscaler. They're both fantastic on zero trust network access, but they need the authentication software defined aspect, and that's why we think this is going to happen. One last thing, in that CISO round table, I also had somebody say, "Listen, Zscaler is incredible. "They're doing incredibly well pervading the enterprise, "but their pricing's getting a little high," and they actually think Palo Alto is well-suited to start taking some of that share, if Palo can make one move. >> Yeah, Palo Alto's consolidation story is very strong. Here's my question and challenge. Do you and me, so I'm always hardcore about, okay, you've got to have evidence. I want to look back at these things a year from now and say, "Did we get it right? Yes or no?" If we got it wrong, we'll tell you we got it wrong. So how are we going to measure this? I'd say a couple things, and you can chime in. One is just the number of vendors talking about it. That's, but the marketing always leads the reality. So the second part of that is we got to get evidence from the buying community. Can you help us with that? >> (laughs) Luckily, that's what I do. I have a data company that asks thousands of IT decision-makers what they're adopting and what they're increasing spend on, as well as what they're decreasing spend on and what they're replacing. So I have snapshots in time over the last 11 years where I can go ahead and compare and contrast whether this adoption is happening or not. So come back to me in 12 months and I'll let you know. >> Now, you know, I will. Okay, let's bring up the next one. Number five, generative AI hits where the Metaverse missed. Of course everybody's talking about ChatGPT, we just wrote last week in a breaking analysis with John Furrier and Sarjeet Joha our take on that. We think 2023 does mark a pivot point as natural language processing really infiltrates enterprise tech just as Amazon turned the data center into an API. We think going forward, you're going to be interacting with technology through natural language, through English commands or other, you know, foreign language commands, and investors are lining up, all the VCs are getting excited about creating something competitive to ChatGPT, according to (indistinct) a hundred million dollars gets you a seat at the table, gets you into the game. (laughing) That's before you have to start doing promotion. But he thinks that's what it takes to actually create a clone or something equivalent. We've seen stuff from, you know, the head of Facebook's, you know, AI saying, "Oh, it's really not that sophisticated, ChatGPT, "it's kind of like IBM Watson, it's great engineering, "but you know, we've got more advanced technology." We know Google's working on some really interesting stuff. But here's the thing. ETR just launched this survey for the February survey. It's in the field now. We circle open AI in this category. They weren't even in the survey, Eric, last quarter. So 52% of the ETR survey respondents indicated a positive sentiment toward open AI. I added up all the sort of different bars, we could double click on that. And then I got this inbound from Scott Stevenson of Deep Graham. He said "AI is recession-proof." I don't know if that's the case, but it's a good quote. So bring this back up and take us through this. Explain this chart for us, if you would. >> First of all, I like Scott's quote better than the Facebook one. I think that's some sour grapes. Meta just spent an insane amount of money on the Metaverse and that's a dud. Microsoft just spent money on open AI and it is hot, undoubtedly hot. We've only been in the field with our current ETS survey for a week. So my caveat is it's preliminary data, but I don't care if it's preliminary data. (laughing) We're getting a sneak peek here at what is the number one net sentiment and mindshare leader in the entire machine-learning AI sector within a week. It's beating Data- >> 600. 600 in. >> It's beating Databricks. And we all know Databricks is a huge established enterprise company, not only in machine-learning AI, but it's in the top 10 in the entire survey. We have over 400 vendors in this survey. It's number eight overall, already. In a week. This is not hype. This is real. And I could go on the NLP stuff for a while. Not only here are we seeing it in open AI and machine-learning and AI, but we're seeing NLP in security. It's huge in email security. It's completely transforming that area. It's one of the reasons I thought Palo might take Abnormal out. They're doing such a great job with NLP in this email side, and also in the data prep tools. NLP is going to take out data prep tools. If we have time, I'll discuss that later. But yeah, this is, to me this is a no-brainer, and we're already seeing it in the data. >> Yeah, John Furrier called, you know, the ChatGPT introduction. He said it reminded him of the Netscape moment, when we all first saw Netscape Navigator and went, "Wow, it really could be transformative." All right, number six, the cloud expands to supercloud as edge computing accelerates and CloudFlare is a big winner in 2023. We've reported obviously on cloud, multi-cloud, supercloud and CloudFlare, basically saying what multi-cloud should have been. We pulled this quote from Atif Kahn, who is the founder and CTO of Alkira, thanks, one of the inbounds, thank you. "In 2023, highly distributed IT environments "will become more the norm "as organizations increasingly deploy hybrid cloud, "multi-cloud and edge settings..." Eric, from one of your round tables, "If my sources from edge computing are coming "from the cloud, that means I have my workloads "running in the cloud. "There is no one better than CloudFlare," That's a senior director of IT architecture at a huge financial firm. And then your analysis shows CloudFlare really growing in pervasion, that sort of market presence in the dataset, dramatically, to near 20%, leading, I think you had told me that they're even ahead of Google Cloud in terms of momentum right now. >> That was probably the biggest shock to me in our January 2023 tesis, which covers the public companies in the cloud computing sector. CloudFlare has now overtaken GCP in overall spending, and I was shocked by that. It's already extremely pervasive in networking, of course, for the edge networking side, and also in security. This is the number one leader in SaaSi, web access firewall, DDoS, bot protection, by your definition of supercloud, which we just did a couple of weeks ago, and I really enjoyed that by the way Dave, I think CloudFlare is the one that fits your definition best, because it's bringing all of these aspects together, and most importantly, it's cloud agnostic. It does not need to rely on Azure or AWS to do this. It has its own cloud. So I just think it's, when we look at your definition of supercloud, CloudFlare is the poster child. >> You know, what's interesting about that too, is a lot of people are poo-pooing CloudFlare, "Ah, it's, you know, really kind of not that sophisticated." "You don't have as many tools," but to your point, you're can have those tools in the cloud, Cloudflare's doing serverless on steroids, trying to keep things really simple, doing a phenomenal job at, you know, various locations around the world. And they're definitely one to watch. Somebody put them on my radar (laughing) a while ago and said, "Dave, you got to do a breaking analysis on CloudFlare." And so I want to thank that person. I can't really name them, 'cause they work inside of a giant hyperscaler. But- (Eric laughing) (Dave chuckling) >> Real quickly, if I can from a competitive perspective too, who else is there? They've already taken share from Akamai, and Fastly is their really only other direct comp, and they're not there. And these guys are in poll position and they're the only game in town right now. I just, I don't see it slowing down. >> I thought one of your comments from your roundtable I was reading, one of the folks said, you know, CloudFlare, if my workloads are in the cloud, they are, you know, dominant, they said not as strong with on-prem. And so Akamai is doing better there. I'm like, "Okay, where would you want to be?" (laughing) >> Yeah, which one of those two would you rather be? >> Right? Anyway, all right, let's move on. Number seven, blockchain continues to look for a home in the enterprise, but devs will slowly begin to adopt in 2023. You know, blockchains have got a lot of buzz, obviously crypto is, you know, the killer app for blockchain. Senior IT architect in financial services from your, one of your insight roundtables said quote, "For enterprises to adopt a new technology, "there have to be proven turnkey solutions. "My experience in talking with my peers are, "blockchain is still an open-source component "where you have to build around it." Now I want to thank Ravi Mayuram, who's the CTO of Couchbase sent in, you know, one of the predictions, he said, "DevOps will adopt blockchain, specifically Ethereum." And he referenced actually in his email to me, Solidity, which is the programming language for Ethereum, "will be in every DevOps pro's playbook, "mirroring the boom in machine-learning. "Newer programming languages like Solidity "will enter the toolkits of devs." His point there, you know, Solidity for those of you don't know, you know, Bitcoin is not programmable. Solidity, you know, came out and that was their whole shtick, and they've been improving that, and so forth. But it, Eric, it's true, it really hasn't found its home despite, you know, the potential for smart contracts. IBM's pushing it, VMware has had announcements, and others, really hasn't found its way in the enterprise yet. >> Yeah, and I got to be honest, I don't think it's going to, either. So when we did our top trends series, this was basically chosen as an anti-prediction, I would guess, that it just continues to not gain hold. And the reason why was that first comment, right? It's very much a niche solution that requires a ton of custom work around it. You can't just plug and play it. And at the end of the day, let's be very real what this technology is, it's a database ledger, and we already have database ledgers in the enterprise. So why is this a priority to move to a different database ledger? It's going to be very niche cases. I like the CTO comment from Couchbase about it being adopted by DevOps. I agree with that, but it has to be a DevOps in a very specific use case, and a very sophisticated use case in financial services, most likely. And that's not across the entire enterprise. So I just think it's still going to struggle to get its foothold for a little bit longer, if ever. >> Great, thanks. Okay, let's move on. Number eight, AWS Databricks, Google Snowflake lead the data charge with Microsoft. Keeping it simple. So let's unpack this a little bit. This is the shared accounts peer position for, I pulled data platforms in for analytics, machine-learning and AI and database. So I could grab all these accounts or these vendors and see how they compare in those three sectors. Analytics, machine-learning and database. Snowflake and Databricks, you know, they're on a crash course, as you and I have talked about. They're battling to be the single source of truth in analytics. They're, there's going to be a big focus. They're already started. It's going to be accelerated in 2023 on open formats. Iceberg, Python, you know, they're all the rage. We heard about Iceberg at Snowflake Summit, last summer or last June. Not a lot of people had heard of it, but of course the Databricks crowd, who knows it well. A lot of other open source tooling. There's a company called DBT Labs, which you're going to talk about in a minute. George Gilbert put them on our radar. We just had Tristan Handy, the CEO of DBT labs, on at supercloud last week. They are a new disruptor in data that's, they're essentially making, they're API-ifying, if you will, KPIs inside the data warehouse and dramatically simplifying that whole data pipeline. So really, you know, the ETL guys should be shaking in their boots with them. Coming back to the slide. Google really remains focused on BigQuery adoption. Customers have complained to me that they would like to use Snowflake with Google's AI tools, but they're being forced to go to BigQuery. I got to ask Google about that. AWS continues to stitch together its bespoke data stores, that's gone down that "Right tool for the right job" path. David Foyer two years ago said, "AWS absolutely is going to have to solve that problem." We saw them start to do it in, at Reinvent, bringing together NoETL between Aurora and Redshift, and really trying to simplify those worlds. There's going to be more of that. And then Microsoft, they're just making it cheap and easy to use their stuff, you know, despite some of the complaints that we hear in the community, you know, about things like Cosmos, but Eric, your take? >> Yeah, my concern here is that Snowflake and Databricks are fighting each other, and it's allowing AWS and Microsoft to kind of catch up against them, and I don't know if that's the right move for either of those two companies individually, Azure and AWS are building out functionality. Are they as good? No they're not. The other thing to remember too is that AWS and Azure get paid anyway, because both Databricks and Snowflake run on top of 'em. So (laughing) they're basically collecting their toll, while these two fight it out with each other, and they build out functionality. I think they need to stop focusing on each other, a little bit, and think about the overall strategy. Now for Databricks, we know they came out first as a machine-learning AI tool. They were known better for that spot, and now they're really trying to play catch-up on that data storage compute spot, and inversely for Snowflake, they were killing it with the compute separation from storage, and now they're trying to get into the MLAI spot. I actually wouldn't be surprised to see them make some sort of acquisition. Frank Slootman has been a little bit quiet, in my opinion there. The other thing to mention is your comment about DBT Labs. If we look at our emerging technology survey, last survey when this came out, DBT labs, number one leader in that data integration space, I'm going to just pull it up real quickly. It looks like they had a 33% overall net sentiment to lead data analytics integration. So they are clearly growing, it's fourth straight survey consecutively that they've grown. The other name we're seeing there a little bit is Cribl, but DBT labs is by far the number one player in this space. >> All right. Okay, cool. Moving on, let's go to number nine. With Automation mixer resurgence in 2023, we're showing again data. The x axis is overlap or presence in the dataset, and the vertical axis is shared net score. Net score is a measure of spending momentum. As always, you've seen UI path and Microsoft Power Automate up until the right, that red line, that 40% line is generally considered elevated. UI path is really separating, creating some distance from Automation Anywhere, they, you know, previous quarters they were much closer. Microsoft Power Automate came on the scene in a big way, they loom large with this "Good enough" approach. I will say this, I, somebody sent me a results of a (indistinct) survey, which showed UiPath actually had more mentions than Power Automate, which was surprising, but I think that's not been the case in the ETR data set. We're definitely seeing a shift from back office to front soft office kind of workloads. Having said that, software testing is emerging as a mainstream use case, we're seeing ML and AI become embedded in end-to-end automations, and low-code is serving the line of business. And so this, we think, is going to increasingly have appeal to organizations in the coming year, who want to automate as much as possible and not necessarily, we've seen a lot of layoffs in tech, and people... You're going to have to fill the gaps with automation. That's a trend that's going to continue. >> Yep, agreed. At first that comment about Microsoft Power Automate having less citations than UiPath, that's shocking to me. I'm looking at my chart right here where Microsoft Power Automate was cited by over 60% of our entire survey takers, and UiPath at around 38%. Now don't get me wrong, 38% pervasion's fantastic, but you know you're not going to beat an entrenched Microsoft. So I don't really know where that comment came from. So UiPath, looking at it alone, it's doing incredibly well. It had a huge rebound in its net score this last survey. It had dropped going through the back half of 2022, but we saw a big spike in the last one. So it's got a net score of over 55%. A lot of people citing adoption and increasing. So that's really what you want to see for a name like this. The problem is that just Microsoft is doing its playbook. At the end of the day, I'm going to do a POC, why am I going to pay more for UiPath, or even take on another separate bill, when we know everyone's consolidating vendors, if my license already includes Microsoft Power Automate? It might not be perfect, it might not be as good, but what I'm hearing all the time is it's good enough, and I really don't want another invoice. >> Right. So how does UiPath, you know, and Automation Anywhere, how do they compete with that? Well, the way they compete with it is they got to have a better product. They got a product that's 10 times better. You know, they- >> Right. >> they're not going to compete based on where the lowest cost, Microsoft's got that locked up, or where the easiest to, you know, Microsoft basically give it away for free, and that's their playbook. So that's, you know, up to UiPath. UiPath brought on Rob Ensslin, I've interviewed him. Very, very capable individual, is now Co-CEO. So he's kind of bringing that adult supervision in, and really tightening up the go to market. So, you know, we know this company has been a rocket ship, and so getting some control on that and really getting focused like a laser, you know, could be good things ahead there for that company. Okay. >> One of the problems, if I could real quick Dave, is what the use cases are. When we first came out with RPA, everyone was super excited about like, "No, UiPath is going to be great for super powerful "projects, use cases." That's not what RPA is being used for. As you mentioned, it's being used for mundane tasks, so it's not automating complex things, which I think UiPath was built for. So if you were going to get UiPath, and choose that over Microsoft, it's going to be 'cause you're doing it for more powerful use case, where it is better. But the problem is that's not where the enterprise is using it. The enterprise are using this for base rote tasks, and simply, Microsoft Power Automate can do that. >> Yeah, it's interesting. I've had people on theCube that are both Microsoft Power Automate customers and UiPath customers, and I've asked them, "Well you know, "how do you differentiate between the two?" And they've said to me, "Look, our users and personal productivity users, "they like Power Automate, "they can use it themselves, and you know, "it doesn't take a lot of, you know, support on our end." The flip side is you could do that with UiPath, but like you said, there's more of a focus now on end-to-end enterprise automation and building out those capabilities. So it's increasingly a value play, and that's going to be obviously the challenge going forward. Okay, my last one, and then I think you've got some bonus ones. Number 10, hybrid events are the new category. Look it, if I can get a thousand inbounds that are largely self-serving, I can do my own here, 'cause we're in the events business. (Eric chuckling) Here's the prediction though, and this is a trend we're seeing, the number of physical events is going to dramatically increase. That might surprise people, but most of the big giant events are going to get smaller. The exception is AWS with Reinvent, I think Snowflake's going to continue to grow. So there are examples of physical events that are growing, but generally, most of the big ones are getting smaller, and there's going to be many more smaller intimate regional events and road shows. These micro-events, they're going to be stitched together. Digital is becoming a first class citizen, so people really got to get their digital acts together, and brands are prioritizing earned media, and they're beginning to build their own news networks, going direct to their customers. And so that's a trend we see, and I, you know, we're right in the middle of it, Eric, so you know we're going to, you mentioned RSA, I think that's perhaps going to be one of those crazy ones that continues to grow. It's shrunk, and then it, you know, 'cause last year- >> Yeah, it did shrink. >> right, it was the last one before the pandemic, and then they sort of made another run at it last year. It was smaller but it was very vibrant, and I think this year's going to be huge. Global World Congress is another one, we're going to be there end of Feb. That's obviously a big big show, but in general, the brands and the technology vendors, even Oracle is going to scale down. I don't know about Salesforce. We'll see. You had a couple of bonus predictions. Quantum and maybe some others? Bring us home. >> Yeah, sure. I got a few more. I think we touched upon one, but I definitely think the data prep tools are facing extinction, unfortunately, you know, the Talons Informatica is some of those names. The problem there is that the BI tools are kind of including data prep into it already. You know, an example of that is Tableau Prep Builder, and then in addition, Advanced NLP is being worked in as well. ThoughtSpot, Intelius, both often say that as their selling point, Tableau has Ask Data, Click has Insight Bot, so you don't have to really be intelligent on data prep anymore. A regular business user can just self-query, using either the search bar, or even just speaking into what it needs, and these tools are kind of doing the data prep for it. I don't think that's a, you know, an out in left field type of prediction, but it's the time is nigh. The other one I would also state is that I think knowledge graphs are going to break through this year. Neo4j in our survey is growing in pervasion in Mindshare. So more and more people are citing it, AWS Neptune's getting its act together, and we're seeing that spending intentions are growing there. Tiger Graph is also growing in our survey sample. I just think that the time is now for knowledge graphs to break through, and if I had to do one more, I'd say real-time streaming analytics moves from the very, very rich big enterprises to downstream, to more people are actually going to be moving towards real-time streaming, again, because the data prep tools and the data pipelines have gotten easier to use, and I think the ROI on real-time streaming is obviously there. So those are three that didn't make the cut, but I thought deserved an honorable mention. >> Yeah, I'm glad you did. Several weeks ago, we did an analyst prediction roundtable, if you will, a cube session power panel with a number of data analysts and that, you know, streaming, real-time streaming was top of mind. So glad you brought that up. Eric, as always, thank you very much. I appreciate the time you put in beforehand. I know it's been crazy, because you guys are wrapping up, you know, the last quarter survey in- >> Been a nuts three weeks for us. (laughing) >> job. I love the fact that you're doing, you know, the ETS survey now, I think it's quarterly now, right? Is that right? >> Yep. >> Yep. So that's phenomenal. >> Four times a year. I'll be happy to jump on with you when we get that done. I know you were really impressed with that last time. >> It's unbelievable. This is so much data at ETR. Okay. Hey, that's a wrap. Thanks again. >> Take care Dave. Good seeing you. >> All right, many thanks to our team here, Alex Myerson as production, he manages the podcast force. Ken Schiffman as well is a critical component of our East Coast studio. Kristen Martin and Cheryl Knight help get the word out on social media and in our newsletters. And Rob Hoof is our editor-in-chief. He's at siliconangle.com. He's just a great editing for us. Thank you all. Remember all these episodes that are available as podcasts, wherever you listen, podcast is doing great. Just search "Breaking analysis podcast." Really appreciate you guys listening. I publish each week on wikibon.com and siliconangle.com, or you can email me directly if you want to get in touch, david.vellante@siliconangle.com. That's how I got all these. I really appreciate it. I went through every single one with a yellow highlighter. It took some time, (laughing) but I appreciate it. You could DM me at dvellante, or comment on our LinkedIn post and please check out etr.ai. Its data is amazing. Best survey data in the enterprise tech business. This is Dave Vellante for theCube Insights, powered by ETR. Thanks for watching, and we'll see you next time on "Breaking Analysis." (upbeat music beginning) (upbeat music ending)

>> From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> OpenAI The company, and ChatGPT have taken the world by storm. Microsoft reportedly is investing an additional 10 billion dollars into the company. But in our view, while the hype around ChatGPT is justified, we don't believe OpenAI will lock up the market with its first mover advantage. Rather, we believe that success in this market will be directly proportional to the quality and quantity of data that a technology company has at its disposal, and the compute power that it could deploy to run its system. Hello and welcome to this week's Wikibon CUBE insights, powered by ETR. In this Breaking Analysis, we unpack the excitement around ChatGPT, and debate the premise that the company's early entry into the space may not confer winner take all advantage to OpenAI. And to do so, we welcome CUBE collaborator, alum, Sarbjeet Johal, (chuckles) and John Furrier, co-host of the Cube. Great to see you Sarbjeet, John. Really appreciate you guys coming to the program. >> Great to be on. >> Okay, so what is ChatGPT? Well, actually we asked ChatGPT, what is ChatGPT? So here's what it said. ChatGPT is a state-of-the-art language model developed by OpenAI that can generate human-like text. It could be fine tuned for a variety of language tasks, such as conversation, summarization, and language translation. So I asked it, give it to me in 50 words or less. How did it do? Anything to add? >> Yeah, think it did good. It's large language model, like previous models, but it started applying the transformers sort of mechanism to focus on what prompt you have given it to itself. And then also the what answer it gave you in the first, sort of, one sentence or two sentences, and then introspect on itself, like what I have already said to you. And so just work on that. So it it's self sort of focus if you will. It does, the transformers help the large language models to do that. >> So to your point, it's a large language model, and GPT stands for generative pre-trained transformer. >> And if you put the definition back up there again, if you put it back up on the screen, let's see it back up. Okay, it actually missed the large, word large. So one of the problems with ChatGPT, it's not always accurate. It's actually a large language model, and it says state of the art language model. And if you look at Google, Google has dominated AI for many times and they're well known as being the best at this. And apparently Google has their own large language model, LLM, in play and have been holding it back to release because of backlash on the accuracy. Like just in that example you showed is a great point. They got almost right, but they missed the key word. >> You know what's funny about that John, is I had previously asked it in my prompt to give me it in less than a hundred words, and it was too long, I said I was too long for Breaking Analysis, and there it went into the fact that it's a large language model. So it largely, it gave me a really different answer the, for both times. So, but it's still pretty amazing for those of you who haven't played with it yet. And one of the best examples that I saw was Ben Charrington from This Week In ML AI podcast. And I stumbled on this thanks to Brian Gracely, who was listening to one of his Cloudcasts. Basically what Ben did is he took, he prompted ChatGPT to interview ChatGPT, and he simply gave the system the prompts, and then he ran the questions and answers into this avatar builder and sped it up 2X so it didn't sound like a machine. And voila, it was amazing. So John is ChatGPT going to take over as a cube host? >> Well, I was thinking, we get the questions in advance sometimes from PR people. We should actually just plug it in ChatGPT, add it to our notes, and saying, "Is this good enough for you? Let's ask the real question." So I think, you know, I think there's a lot of heavy lifting that gets done. I think the ChatGPT is a phenomenal revolution. I think it highlights the use case. Like that example we showed earlier. It gets most of it right. So it's directionally correct and it feels like it's an answer, but it's not a hundred percent accurate. And I think that's where people are seeing value in it. Writing marketing, copy, brainstorming, guest list, gift list for somebody. Write me some lyrics to a song. Give me a thesis about healthcare policy in the United States. It'll do a bang up job, and then you got to go in and you can massage it. So we're going to do three quarters of the work. That's why plagiarism and schools are kind of freaking out. And that's why Microsoft put 10 billion in, because why wouldn't this be a feature of Word, or the OS to help it do stuff on behalf of the user. So linguistically it's a beautiful thing. You can input a string and get a good answer. It's not a search result. >> And we're going to get your take on on Microsoft and, but it kind of levels the playing- but ChatGPT writes better than I do, Sarbjeet, and I know you have some good examples too. You mentioned the Reed Hastings example. >> Yeah, I was listening to Reed Hastings fireside chat with ChatGPT, and the answers were coming as sort of voice, in the voice format. And it was amazing what, he was having very sort of philosophy kind of talk with the ChatGPT, the longer sentences, like he was going on, like, just like we are talking, he was talking for like almost two minutes and then ChatGPT was answering. It was not one sentence question, and then a lot of answers from ChatGPT and yeah, you're right. I, this is our ability. I've been thinking deep about this since yesterday, we talked about, like, we want to do this segment. The data is fed into the data model. It can be the current data as well, but I think that, like, models like ChatGPT, other companies will have those too. They can, they're democratizing the intelligence, but they're not creating intelligence yet, definitely yet I can say that. They will give you all the finite answers. Like, okay, how do you do this for loop in Java, versus, you know, C sharp, and as a programmer you can do that, in, but they can't tell you that, how to write a new algorithm or write a new search algorithm for you. They cannot create a secretive code for you to- >> Not yet. >> Have competitive advantage. >> Not yet, not yet. >> but you- >> Can Google do that today? >> No one really can. The reasoning side of the data is, we talked about at our Supercloud event, with Zhamak Dehghani who's was CEO of, now of Nextdata. This next wave of data intelligence is going to come from entrepreneurs that are probably cross discipline, computer science and some other discipline. But they're going to be new things, for example, data, metadata, and data. It's hard to do reasoning like a human being, so that needs more data to train itself. So I think the first gen of this training module for the large language model they have is a corpus of text. Lot of that's why blog posts are, but the facts are wrong and sometimes out of context, because that contextual reasoning takes time, it takes intelligence. So machines need to become intelligent, and so therefore they need to be trained. So you're going to start to see, I think, a lot of acceleration on training the data sets. And again, it's only as good as the data you can get. And again, proprietary data sets will be a huge winner. Anyone who's got a large corpus of content, proprietary content like theCUBE or SiliconANGLE as a publisher will benefit from this. Large FinTech companies, anyone with large proprietary data will probably be a big winner on this generative AI wave, because it just, it will eat that up, and turn that back into something better. So I think there's going to be a lot of interesting things to look at here. And certainly productivity's going to be off the charts for vanilla and the internet is going to get swarmed with vanilla content. So if you're in the content business, and you're an original content producer of any kind, you're going to be not vanilla, so you're going to be better. So I think there's so much at play Dave (indistinct). >> I think the playing field has been risen, so we- >> Risen and leveled? >> Yeah, and leveled to certain extent. So it's now like that few people as consumers, as consumers of AI, we will have a advantage and others cannot have that advantage. So it will be democratized. That's, I'm sure about that. But if you take the example of calculator, when the calculator came in, and a lot of people are, "Oh, people can't do math anymore because calculator is there." right? So it's a similar sort of moment, just like a calculator for the next level. But, again- >> I see it more like open source, Sarbjeet, because like if you think about what ChatGPT's doing, you do a query and it comes from somewhere the value of a post from ChatGPT is just a reuse of AI. The original content accent will be come from a human. So if I lay out a paragraph from ChatGPT, did some heavy lifting on some facts, I check the facts, save me about maybe- >> Yeah, it's productive. >> An hour writing, and then I write a killer two, three sentences of, like, sharp original thinking or critical analysis. I then took that body of work, open source content, and then laid something on top of it. >> And Sarbjeet's example is a good one, because like if the calculator kids don't do math as well anymore, the slide rule, remember we had slide rules as kids, remember we first started using Waze, you know, we were this minority and you had an advantage over other drivers. Now Waze is like, you know, social traffic, you know, navigation, everybody had, you know- >> All the back roads are crowded. >> They're car crowded. (group laughs) Exactly. All right, let's, let's move on. What about this notion that futurist Ray Amara put forth and really Amara's Law that we're showing here, it's, the law is we, you know, "We tend to overestimate the effect of technology in the short run and underestimate it in the long run." Is that the case, do you think, with ChatGPT? What do you think Sarbjeet? >> I think that's true actually. There's a lot of, >> We don't debate this. >> There's a lot of awe, like when people see the results from ChatGPT, they say what, what the heck? Like, it can do this? But then if you use it more and more and more, and I ask the set of similar question, not the same question, and it gives you like same answer. It's like reading from the same bucket of text in, the interior read (indistinct) where the ChatGPT, you will see that in some couple of segments. It's very, it sounds so boring that the ChatGPT is coming out the same two sentences every time. So it is kind of good, but it's not as good as people think it is right now. But we will have, go through this, you know, hype sort of cycle and get realistic with it. And then in the long term, I think it's a great thing in the short term, it's not something which will (indistinct) >> What's your counter point? You're saying it's not. >> I, no I think the question was, it's hyped up in the short term and not it's underestimated long term. That's what I think what he said, quote. >> Yes, yeah. That's what he said. >> Okay, I think that's wrong with this, because this is a unique, ChatGPT is a unique kind of impact and it's very generational. People have been comparing it, I have been comparing to the internet, like the web, web browser Mosaic and Netscape, right, Navigator. I mean, I clearly still remember the days seeing Navigator for the first time, wow. And there weren't not many sites you could go to, everyone typed in, you know, cars.com, you know. >> That (indistinct) wasn't that overestimated, the overhyped at the beginning and underestimated. >> No, it was, it was underestimated long run, people thought. >> But that Amara's law. >> That's what is. >> No, they said overestimated? >> Overestimated near term underestimated- overhyped near term, underestimated long term. I got, right I mean? >> Well, I, yeah okay, so I would then agree, okay then- >> We were off the charts about the internet in the early days, and it actually exceeded our expectations. >> Well there were people who were, like, poo-pooing it early on. So when the browser came out, people were like, "Oh, the web's a toy for kids." I mean, in 1995 the web was a joke, right? So '96, you had online populations growing, so you had structural changes going on around the browser, internet population. And then that replaced other things, direct mail, other business activities that were once analog then went to the web, kind of read only as you, as we always talk about. So I think that's a moment where the hype long term, the smart money, and the smart industry experts all get the long term. And in this case, there's more poo-pooing in the short term. "Ah, it's not a big deal, it's just AI." I've heard many people poo-pooing ChatGPT, and a lot of smart people saying, "No this is next gen, this is different and it's only going to get better." So I think people are estimating a big long game on this one. >> So you're saying it's bifurcated. There's those who say- >> Yes. >> Okay, all right, let's get to the heart of the premise, and possibly the debate for today's episode. Will OpenAI's early entry into the market confer sustainable competitive advantage for the company. And if you look at the history of tech, the technology industry, it's kind of littered with first mover failures. Altair, IBM, Tandy, Commodore, they and Apple even, they were really early in the PC game. They took a backseat to Dell who came in the scene years later with a better business model. Netscape, you were just talking about, was all the rage in Silicon Valley, with the first browser, drove up all the housing prices out here. AltaVista was the first search engine to really, you know, index full text. >> Owned by Dell, I mean DEC. >> Owned by Digital. >> Yeah, Digital Equipment >> Compaq bought it. And of course as an aside, Digital, they wanted to showcase their hardware, right? Their super computer stuff. And then so Friendster and MySpace, they came before Facebook. The iPhone certainly wasn't the first mobile device. So lots of failed examples, but there are some recent successes like AWS and cloud. >> You could say smartphone. So I mean. >> Well I know, and you can, we can parse this so we'll debate it. Now Twitter, you could argue, had first mover advantage. You kind of gave me that one John. Bitcoin and crypto clearly had first mover advantage, and sustaining that. Guys, will OpenAI make it to the list on the right with ChatGPT, what do you think? >> I think categorically as a company, it probably won't, but as a category, I think what they're doing will, so OpenAI as a company, they get funding, there's power dynamics involved. Microsoft put a billion dollars in early on, then they just pony it up. Now they're reporting 10 billion more. So, like, if the browsers, Microsoft had competitive advantage over Netscape, and used monopoly power, and convicted by the Department of Justice for killing Netscape with their monopoly, Netscape should have had won that battle, but Microsoft killed it. In this case, Microsoft's not killing it, they're buying into it. So I think the embrace extend Microsoft power here makes OpenAI vulnerable for that one vendor solution. So the AI as a company might not make the list, but the category of what this is, large language model AI, is probably will be on the right hand side. >> Okay, we're going to come back to the government intervention and maybe do some comparisons, but what are your thoughts on this premise here? That, it will basically set- put forth the premise that it, that ChatGPT, its early entry into the market will not confer competitive advantage to >> For OpenAI. >> To Open- Yeah, do you agree with that? >> I agree with that actually. It, because Google has been at it, and they have been holding back, as John said because of the scrutiny from the Fed, right, so- >> And privacy too. >> And the privacy and the accuracy as well. But I think Sam Altman and the company on those guys, right? They have put this in a hasty way out there, you know, because it makes mistakes, and there are a lot of questions around the, sort of, where the content is coming from. You saw that as your example, it just stole the content, and without your permission, you know? >> Yeah. So as quick this aside- >> And it codes on people's behalf and the, those codes are wrong. So there's a lot of, sort of, false information it's putting out there. So it's a very vulnerable thing to do what Sam Altman- >> So even though it'll get better, others will compete. >> So look, just side note, a term which Reid Hoffman used a little bit. Like he said, it's experimental launch, like, you know, it's- >> It's pretty damn good. >> It is clever because according to Sam- >> It's more than clever. It's good. >> It's awesome, if you haven't used it. I mean you write- you read what it writes and you go, "This thing writes so well, it writes so much better than you." >> The human emotion drives that too. I think that's a big thing. But- >> I Want to add one more- >> Make your last point. >> Last one. Okay. So, but he's still holding back. He's conducting quite a few interviews. If you want to get the gist of it, there's an interview with StrictlyVC interview from yesterday with Sam Altman. Listen to that one it's an eye opening what they want- where they want to take it. But my last one I want to make it on this point is that Satya Nadella yesterday did an interview with Wall Street Journal. I think he was doing- >> You were not impressed. >> I was not impressed because he was pushing it too much. So Sam Altman's holding back so there's less backlash. >> Got 10 billion reasons to push. >> I think he's almost- >> Microsoft just laid off 10000 people. Hey ChatGPT, find me a job. You know like. (group laughs) >> He's overselling it to an extent that I think it will backfire on Microsoft. And he's over promising a lot of stuff right now, I think. I don't know why he's very jittery about all these things. And he did the same thing during Ignite as well. So he said, "Oh, this AI will write code for you and this and that." Like you called him out- >> The hyperbole- >> During your- >> from Satya Nadella, he's got a lot of hyperbole. (group talks over each other) >> All right, Let's, go ahead. >> Well, can I weigh in on the whole- >> Yeah, sure. >> Microsoft thing on whether OpenAI, here's the take on this. I think it's more like the browser moment to me, because I could relate to that experience with ChatG, personally, emotionally, when I saw that, and I remember vividly- >> You mean that aha moment (indistinct). >> Like this is obviously the future. Anything else in the old world is dead, website's going to be everywhere. It was just instant dot connection for me. And a lot of other smart people who saw this. Lot of people by the way, didn't see it. Someone said the web's a toy. At the company I was worked for at the time, Hewlett Packard, they like, they could have been in, they had invented HTML, and so like all this stuff was, like, they just passed, the web was just being passed over. But at that time, the browser got better, more websites came on board. So the structural advantage there was online web usage was growing, online user population. So that was growing exponentially with the rise of the Netscape browser. So OpenAI could stay on the right side of your list as durable, if they leverage the category that they're creating, can get the scale. And if they can get the scale, just like Twitter, that failed so many times that they still hung around. So it was a product that was always successful, right? So I mean, it should have- >> You're right, it was terrible, we kept coming back. >> The fail whale, but it still grew. So OpenAI has that moment. They could do it if Microsoft doesn't meddle too much with too much power as a vendor. They could be the Netscape Navigator, without the anti-competitive behavior of somebody else. So to me, they have the pole position. So they have an opportunity. So if not, if they don't execute, then there's opportunity. There's not a lot of barriers to entry, vis-a-vis say the CapEx of say a cloud company like AWS. You can't replicate that, Many have tried, but I think you can replicate OpenAI. >> And we're going to talk about that. Okay, so real quick, I want to bring in some ETR data. This isn't an ETR heavy segment, only because this so new, you know, they haven't coverage yet, but they do cover AI. So basically what we're seeing here is a slide on the vertical axis's net score, which is a measure of spending momentum, and in the horizontal axis's is presence in the dataset. Think of it as, like, market presence. And in the insert right there, you can see how the dots are plotted, the two columns. And so, but the key point here that we want to make, there's a bunch of companies on the left, is he like, you know, DataRobot and C3 AI and some others, but the big whales, Google, AWS, Microsoft, are really dominant in this market. So that's really the key takeaway that, can we- >> I notice IBM is way low. >> Yeah, IBM's low, and actually bring that back up and you, but then you see Oracle who actually is injecting. So I guess that's the other point is, you're not necessarily going to go buy AI, and you know, build your own AI, you're going to, it's going to be there and, it, Salesforce is going to embed it into its platform, the SaaS companies, and you're going to purchase AI. You're not necessarily going to build it. But some companies obviously are. >> I mean to quote IBM's general manager Rob Thomas, "You can't have AI with IA." information architecture and David Flynn- >> You can't Have AI without IA >> without, you can't have AI without IA. You can't have, if you have an Information Architecture, you then can power AI. Yesterday David Flynn, with Hammersmith, was on our Supercloud. He was pointing out that the relationship of storage, where you store things, also impacts the data and stressablity, and Zhamak from Nextdata, she was pointing out that same thing. So the data problem factors into all this too, Dave. >> So you got the big cloud and internet giants, they're all poised to go after this opportunity. Microsoft is investing up to 10 billion. Google's code red, which was, you know, the headline in the New York Times. Of course Apple is there and several alternatives in the market today. Guys like Chinchilla, Bloom, and there's a company Jasper and several others, and then Lena Khan looms large and the government's around the world, EU, US, China, all taking notice before the market really is coalesced around a single player. You know, John, you mentioned Netscape, they kind of really, the US government was way late to that game. It was kind of game over. And Netscape, I remember Barksdale was like, "Eh, we're going to be selling software in the enterprise anyway." and then, pshew, the company just dissipated. So, but it looks like the US government, especially with Lena Khan, they're changing the definition of antitrust and what the cause is to go after people, and they're really much more aggressive. It's only what, two years ago that (indistinct). >> Yeah, the problem I have with the federal oversight is this, they're always like late to the game, and they're slow to catch up. So in other words, they're working on stuff that should have been solved a year and a half, two years ago around some of the social networks hiding behind some of the rules around open web back in the days, and I think- >> But they're like 15 years late to that. >> Yeah, and now they got this new thing on top of it. So like, I just worry about them getting their fingers. >> But there's only two years, you know, OpenAI. >> No, but the thing (indistinct). >> No, they're still fighting other battles. But the problem with government is that they're going to label Big Tech as like a evil thing like Pharma, it's like smoke- >> You know Lena Khan wants to kill Big Tech, there's no question. >> So I think Big Tech is getting a very seriously bad rap. And I think anything that the government does that shades darkness on tech, is politically motivated in most cases. You can almost look at everything, and my 80 20 rule is in play here. 80% of the government activity around tech is bullshit, it's politically motivated, and the 20% is probably relevant, but off the mark and not organized. >> Well market forces have always been the determining factor of success. The governments, you know, have been pretty much failed. I mean you look at IBM's antitrust, that, what did that do? The market ultimately beat them. You look at Microsoft back in the day, right? Windows 95 was peaking, the government came in. But you know, like you said, they missed the web, right, and >> so they were hanging on- >> There's nobody in government >> to Windows. >> that actually knows- >> And so, you, I think you're right. It's market forces that are going to determine this. But Sarbjeet, what do you make of Microsoft's big bet here, you weren't impressed with with Nadella. How do you think, where are they going to apply it? Is this going to be a Hail Mary for Bing, or is it going to be applied elsewhere? What do you think. >> They are saying that they will, sort of, weave this into their products, office products, productivity and also to write code as well, developer productivity as well. That's a big play for them. But coming back to your antitrust sort of comments, right? I believe the, your comment was like, oh, fed was late 10 years or 15 years earlier, but now they're two years. But things are moving very fast now as compared to they used to move. >> So two years is like 10 Years. >> Yeah, two years is like 10 years. Just want to make that point. (Dave laughs) This thing is going like wildfire. Any new tech which comes in that I think they're going against distribution channels. Lina Khan has commented time and again that the marketplace model is that she wants to have some grip on. Cloud marketplaces are a kind of monopolistic kind of way. >> I don't, I don't see this, I don't see a Chat AI. >> You told me it's not Bing, you had an interesting comment. >> No, no. First of all, this is great from Microsoft. If you're Microsoft- >> Why? >> Because Microsoft doesn't have the AI chops that Google has, right? Google is got so much core competency on how they run their search, how they run their backends, their cloud, even though they don't get a lot of cloud market share in the enterprise, they got a kick ass cloud cause they needed one. >> Totally. >> They've invented SRE. I mean Google's development and engineering chops are off the scales, right? Amazon's got some good chops, but Google's got like 10 times more chops than AWS in my opinion. Cloud's a whole different story. Microsoft gets AI, they get a playbook, they get a product they can render into, the not only Bing, productivity software, helping people write papers, PowerPoint, also don't forget the cloud AI can super help. We had this conversation on our Supercloud event, where AI's going to do a lot of the heavy lifting around understanding observability and managing service meshes, to managing microservices, to turning on and off applications, and or maybe writing code in real time. So there's a plethora of use cases for Microsoft to deploy this. combined with their R and D budgets, they can then turbocharge more research, build on it. So I think this gives them a car in the game, Google may have pole position with AI, but this puts Microsoft right in the game, and they already have a lot of stuff going on. But this just, I mean everything gets lifted up. Security, cloud, productivity suite, everything. >> What's under the hood at Google, and why aren't they talking about it? I mean they got to be freaked out about this. No? Or do they have kind of a magic bullet? >> I think they have the, they have the chops definitely. Magic bullet, I don't know where they are, as compared to the ChatGPT 3 or 4 models. Like they, but if you look at the online sort of activity and the videos put out there from Google folks, Google technology folks, that's account you should look at if you are looking there, they have put all these distinctions what ChatGPT 3 has used, they have been talking about for a while as well. So it's not like it's a secret thing that you cannot replicate. As you said earlier, like in the beginning of this segment, that anybody who has more data and the capacity to process that data, which Google has both, I think they will win this. >> Obviously living in Palo Alto where the Google founders are, and Google's headquarters next town over we have- >> We're so close to them. We have inside information on some of the thinking and that hasn't been reported by any outlet yet. And that is, is that, from what I'm hearing from my sources, is Google has it, they don't want to release it for many reasons. One is it might screw up their search monopoly, one, two, they're worried about the accuracy, 'cause Google will get sued. 'Cause a lot of people are jamming on this ChatGPT as, "Oh it does everything for me." when it's clearly not a hundred percent accurate all the time. >> So Lina Kahn is looming, and so Google's like be careful. >> Yeah so Google's just like, this is the third, could be a third rail. >> But the first thing you said is a concern. >> Well no. >> The disruptive (indistinct) >> What they will do is do a Waymo kind of thing, where they spin out a separate company. >> They're doing that. >> The discussions happening, they're going to spin out the separate company and put it over there, and saying, "This is AI, got search over there, don't touch that search, 'cause that's where all the revenue is." (chuckles) >> So, okay, so that's how they deal with the Clay Christensen dilemma. What's the business model here? I mean it's not advertising, right? Is it to charge you for a query? What, how do you make money at this? >> It's a good question, I mean my thinking is, first of all, it's cool to type stuff in and see a paper get written, or write a blog post, or gimme a marketing slogan for this or that or write some code. I think the API side of the business will be critical. And I think Howie Xu, I know you're going to reference some of his comments yesterday on Supercloud, I think this brings a whole 'nother user interface into technology consumption. I think the business model, not yet clear, but it will probably be some sort of either API and developer environment or just a straight up free consumer product, with some sort of freemium backend thing for business. >> And he was saying too, it's natural language is the way in which you're going to interact with these systems. >> I think it's APIs, it's APIs, APIs, APIs, because these people who are cooking up these models, and it takes a lot of compute power to train these and to, for inference as well. Somebody did the analysis on the how many cents a Google search costs to Google, and how many cents the ChatGPT query costs. It's, you know, 100x or something on that. You can take a look at that. >> A 100x on which side? >> You're saying two orders of magnitude more expensive for ChatGPT >> Much more, yeah. >> Than for Google. >> It's very expensive. >> So Google's got the data, they got the infrastructure and they got, you're saying they got the cost (indistinct) >> No actually it's a simple query as well, but they are trying to put together the answers, and they're going through a lot more data versus index data already, you know. >> Let me clarify, you're saying that Google's version of ChatGPT is more efficient? >> No, I'm, I'm saying Google search results. >> Ah, search results. >> What are used to today, but cheaper. >> But that, does that, is that going to confer advantage to Google's large language (indistinct)? >> It will, because there were deep science (indistinct). >> Google, I don't think Google search is doing a large language model on their search, it's keyword search. You know, what's the weather in Santa Cruz? Or how, what's the weather going to be? Or you know, how do I find this? Now they have done a smart job of doing some things with those queries, auto complete, re direct navigation. But it's, it's not entity. It's not like, "Hey, what's Dave Vellante thinking this week in Breaking Analysis?" ChatGPT might get that, because it'll get your Breaking Analysis, it'll synthesize it. There'll be some, maybe some clips. It'll be like, you know, I mean. >> Well I got to tell you, I asked ChatGPT to, like, I said, I'm going to enter a transcript of a discussion I had with Nir Zuk, the CTO of Palo Alto Networks, And I want you to write a 750 word blog. I never input the transcript. It wrote a 750 word blog. It attributed quotes to him, and it just pulled a bunch of stuff that, and said, okay, here it is. It talked about Supercloud, it defined Supercloud. >> It's made, it makes you- >> Wow, But it was a big lie. It was fraudulent, but still, blew me away. >> Again, vanilla content and non accurate content. So we are going to see a surge of misinformation on steroids, but I call it the vanilla content. Wow, that's just so boring, (indistinct). >> There's so many dangers. >> Make your point, cause we got to, almost out of time. >> Okay, so the consumption, like how do you consume this thing. As humans, we are consuming it and we are, like, getting a nicely, like, surprisingly shocked, you know, wow, that's cool. It's going to increase productivity and all that stuff, right? And on the danger side as well, the bad actors can take hold of it and create fake content and we have the fake sort of intelligence, if you go out there. So that's one thing. The second thing is, we are as humans are consuming this as language. Like we read that, we listen to it, whatever format we consume that is, but the ultimate usage of that will be when the machines can take that output from likes of ChatGPT, and do actions based on that. The robots can work, the robot can paint your house, we were talking about, right? Right now we can't do that. >> Data apps. >> So the data has to be ingested by the machines. It has to be digestible by the machines. And the machines cannot digest unorganized data right now, we will get better on the ingestion side as well. So we are getting better. >> Data, reasoning, insights, and action. >> I like that mall, paint my house. >> So, okay- >> By the way, that means drones that'll come in. Spray painting your house. >> Hey, it wasn't too long ago that robots couldn't climb stairs, as I like to point out. Okay, and of course it's no surprise the venture capitalists are lining up to eat at the trough, as I'd like to say. Let's hear, you'd referenced this earlier, John, let's hear what AI expert Howie Xu said at the Supercloud event, about what it takes to clone ChatGPT. Please, play the clip. >> So one of the VCs actually asked me the other day, right? "Hey, how much money do I need to spend, invest to get a, you know, another shot to the openAI sort of the level." You know, I did a (indistinct) >> Line up. >> A hundred million dollar is the order of magnitude that I came up with, right? You know, not a billion, not 10 million, right? So a hundred- >> Guys a hundred million dollars, that's an astoundingly low figure. What do you make of it? >> I was in an interview with, I was interviewing, I think he said hundred million or so, but in the hundreds of millions, not a billion right? >> You were trying to get him up, you were like "Hundreds of millions." >> Well I think, I- >> He's like, eh, not 10, not a billion. >> Well first of all, Howie Xu's an expert machine learning. He's at Zscaler, he's a machine learning AI guy. But he comes from VMware, he's got his technology pedigrees really off the chart. Great friend of theCUBE and kind of like a CUBE analyst for us. And he's smart. He's right. I think the barriers to entry from a dollar standpoint are lower than say the CapEx required to compete with AWS. Clearly, the CapEx spending to build all the tech for the run a cloud. >> And you don't need a huge sales force. >> And in some case apps too, it's the same thing. But I think it's not that hard. >> But am I right about that? You don't need a huge sales force either. It's, what, you know >> If the product's good, it will sell, this is a new era. The better mouse trap will win. This is the new economics in software, right? So- >> Because you look at the amount of money Lacework, and Snyk, Snowflake, Databrooks. Look at the amount of money they've raised. I mean it's like a billion dollars before they get to IPO or more. 'Cause they need promotion, they need go to market. You don't need (indistinct) >> OpenAI's been working on this for multiple five years plus it's, hasn't, wasn't born yesterday. Took a lot of years to get going. And Sam is depositioning all the success, because he's trying to manage expectations, To your point Sarbjeet, earlier. It's like, yeah, he's trying to "Whoa, whoa, settle down everybody, (Dave laughs) it's not that great." because he doesn't want to fall into that, you know, hero and then get taken down, so. >> It may take a 100 million or 150 or 200 million to train the model. But to, for the inference to, yeah to for the inference machine, It will take a lot more, I believe. >> Give it, so imagine, >> Because- >> Go ahead, sorry. >> Go ahead. But because it consumes a lot more compute cycles and it's certain level of storage and everything, right, which they already have. So I think to compute is different. To frame the model is a different cost. But to run the business is different, because I think 100 million can go into just fighting the Fed. >> Well there's a flywheel too. >> Oh that's (indistinct) >> (indistinct) >> We are running the business, right? >> It's an interesting number, but it's also kind of, like, context to it. So here, a hundred million spend it, you get there, but you got to factor in the fact that the ways companies win these days is critical mass scale, hitting a flywheel. If they can keep that flywheel of the value that they got going on and get better, you can almost imagine a marketplace where, hey, we have proprietary data, we're SiliconANGLE in theCUBE. We have proprietary content, CUBE videos, transcripts. Well wouldn't it be great if someone in a marketplace could sell a module for us, right? We buy that, Amazon's thing and things like that. So if they can get a marketplace going where you can apply to data sets that may be proprietary, you can start to see this become bigger. And so I think the key barriers to entry is going to be success. I'll give you an example, Reddit. Reddit is successful and it's hard to copy, not because of the software. >> They built the moat. >> Because you can, buy Reddit open source software and try To compete. >> They built the moat with their community. >> Their community, their scale, their user expectation. Twitter, we referenced earlier, that thing should have gone under the first two years, but there was such a great emotional product. People would tolerate the fail whale. And then, you know, well that was a whole 'nother thing. >> Then a plane landed in (John laughs) the Hudson and it was over. >> I think verticals, a lot of verticals will build applications using these models like for lawyers, for doctors, for scientists, for content creators, for- >> So you'll have many hundreds of millions of dollars investments that are going to be seeping out. If, all right, we got to wrap, if you had to put odds on it that that OpenAI is going to be the leader, maybe not a winner take all leader, but like you look at like Amazon and cloud, they're not winner take all, these aren't necessarily winner take all markets. It's not necessarily a zero sum game, but let's call it winner take most. What odds would you give that open AI 10 years from now will be in that position. >> If I'm 0 to 10 kind of thing? >> Yeah, it's like horse race, 3 to 1, 2 to 1, even money, 10 to 1, 50 to 1. >> Maybe 2 to 1, >> 2 to 1, that's pretty low odds. That's basically saying they're the favorite, they're the front runner. Would you agree with that? >> I'd say 4 to 1. >> Yeah, I was going to say I'm like a 5 to 1, 7 to 1 type of person, 'cause I'm a skeptic with, you know, there's so much competition, but- >> I think they're definitely the leader. I mean you got to say, I mean. >> Oh there's no question. There's no question about it. >> The question is can they execute? >> They're not Friendster, is what you're saying. >> They're not Friendster and they're more like Twitter and Reddit where they have momentum. If they can execute on the product side, and if they don't stumble on that, they will continue to have the lead. >> If they say stay neutral, as Sam is, has been saying, that, hey, Microsoft is one of our partners, if you look at their company model, how they have structured the company, then they're going to pay back to the investors, like Microsoft is the biggest one, up to certain, like by certain number of years, they're going to pay back from all the money they make, and after that, they're going to give the money back to the public, to the, I don't know who they give it to, like non-profit or something. (indistinct) >> Okay, the odds are dropping. (group talks over each other) That's a good point though >> Actually they might have done that to fend off the criticism of this. But it's really interesting to see the model they have adopted. >> The wildcard in all this, My last word on this is that, if there's a developer shift in how developers and data can come together again, we have conferences around the future of data, Supercloud and meshs versus, you know, how the data world, coding with data, how that evolves will also dictate, 'cause a wild card could be a shift in the landscape around how developers are using either machine learning or AI like techniques to code into their apps, so. >> That's fantastic insight. I can't thank you enough for your time, on the heels of Supercloud 2, really appreciate it. All right, thanks to John and Sarbjeet for the outstanding conversation today. Special thanks to the Palo Alto studio team. My goodness, Anderson, this great backdrop. You guys got it all out here, I'm jealous. And Noah, really appreciate it, Chuck, Andrew Frick and Cameron, Andrew Frick switching, Cameron on the video lake, great job. And Alex Myerson, he's on production, manages the podcast for us, Ken Schiffman as well. Kristen Martin and Cheryl Knight help get the word out on social media and our newsletters. Rob Hof is our editor-in-chief over at SiliconANGLE, does some great editing, thanks to all. Remember, all these episodes are available as podcasts. All you got to do is search Breaking Analysis podcast, wherever you listen. Publish each week on wikibon.com and siliconangle.com. Want to get in touch, email me directly, david.vellante@siliconangle.com or DM me at dvellante, or comment on our LinkedIn post. And by all means, check out etr.ai. They got really great survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching, We'll see you next time on Breaking Analysis. (electronic music)

>> TheCUBE presents Ignite 22 brought to you by Palo Alto Networks. >> Welcome back to Las Vegas, everyone. We're glad you're with us. This is theCUBE live at Palo Alto Ignite 22 at the MGM Grant in Las Vegas. Lisa Martin here with Dave Vellante, day one of our coverage. We've had great conversations. The cybersecurity landscape is so interesting Dave, it's such a challenging problem to solve but it's so diverse and dynamic at the same time. >> You know, Lisa theCUBE started in May of 2010 in Boston. We called it the chowder event, chowder and Lobster. It was a EMC world, 2010. BJ Jenkins, who's here, of course, was a longtime friend of theCUBE and made the, made the transition into from, well, it's still data, data to, to cyber. So >> True. And BJ is back with us. BJ Jenkins, president Palo Alto Networks great to have you back on theCUBE. >> It is great to be here in person on theCube >> Isn't it great? >> In Vegas. It's awesome. >> And we can tell by your voice will be, will be gentle. You, you've been in Vegas typical Vegas occupational hazard of losing the voice. >> Yeah. It was one of the benefits of Covid. I didn't lose my voice at home sitting talking to a TV. You lose it when you come to Vegas. >> Exactly. >> But it's a small price to pay. >> So things kick off yesterday with the partner summit. You had a keynote then, you had a customer, a CISO on stage. You had a keynote today, which we didn't get to see. But talk to us a little bit about the lay of the land. What are you hearing from CISOs, from CIOs as we know security is a board level conversation. >> Yeah, I, you know it's been an interesting three or four months here. Let me start with that. I think, cybersecurity in general is still front and center on CIOs and CISO's minds. It has to be, if you saw Wendy's presentation today and the threats out there companies have to have it front and center. I do think it's been interesting though with the macro uncertainty. We've taken to calling this year the revenge of the CFO and you know these deals in cybersecurity are still a top priority but they're getting finance and procurements, scrutiny which I think in this environment is a necessity but it's still a, you know, number one number two imperative no matter who you talked to, in my mind >> It was interesting what Nikesh was saying in the last conference call that, hey we just have to get more approvals. We know this. We're, we're bringing more go-to-market people on board. We, we have, we're filling the pipeline 'cause we know they're going to split up deals big deals go into smaller chunks. So the question I have for you is is how are you able to successfully integrate those people so that you can get ahead of that sort of macro transition? >> Yeah I, you know, I think there's two things I'd say about uncertain macro situations and Dave, you know how old I am. I'm pretty old. I've been through a lot of cycles. And in those cycles I've always found stronger companies with stronger value proposition separate themselves actually in uncertain, economic times. And so I think there's actually an opportunity here. The message tilts a little bit though where it's been about innovation and new threat vectors to one of you have 20, 30, 40 vendors you can consolidate become more effective in your security posture and save money on your TCOs. So one of the things as we bring people on board it's training them on that business value proposition. How do you take a customer who's got 20 or 30 tools take 'em down to 5 or 10 where Palo is more central and strategic and be able to demonstrate that value. So we do that through, we're making a huge investment in our people but macroeconomic times also puts some stronger people back on the market and we're able to incorporate them into the business. >> What are the conditions that are necessary for that consolidation? Like I would imagine if you're, if you're a big customer of a big, you know, competitor of yours that that migration is going to be harder than if you're dealing with lots of little point tools. Do those, do those point tools, are they sort of is it the end of the subscription? Is it just stuff that's off the books now? What's, the condition that is ripe for that kind of consolidation? >> Look, I think the challenge coming into this year was skills. And so customers had all of these point products. It required a lot more human intervention as Nikesh was talking about to integrate them or make them work. And as all of us know finding people with cybersecurity skills over the last 12 months has been incredibly hard. That drove, if you know, if you think about that a CIO and a CISO sitting there going, I have all all this investment in tools. I don't have the people to operate 'em. What do I need to do? What we tried to do is elevate that conversation because in a customer, everybody who's bought one of those, they they bought it to solve a problem. And there's people with affinity for that tool. They're not just going to say I want to get consolidated and give up my tool. They're going to wrap their arms around it. And so what we needed to do and this changed our ecosystem strategy too how we leverage partners. We needed to get into the CIO and CISO and say look at this chaos you have here and the challenges around people that it's, it's presenting you. We can help solve that by, by standardizing, consolidating taking that integration away from you as Nikesh talked about, and making it easier for your your high skill people to work on high skill, you know high challenges in there. >> Let chaos reign, and then reign in the chaos. >> Yes. >> Andy Grove. >> I was looking at some stats that there's 26 million developers but less than 3 million cybersecurity professionals. >> Talked about that skills gap and what CISOs and CIOs are facing is do you consider from a value prop perspective Palo Alto Networks to be a, a facilitator of helping organizations deal with that skills gap? >> I think there's a short term and a long term. I think Nikesh today talked about the long term that we'll never win this battle with human beings. We're going to have to win it with automation. That, that's the long term the short term right here and now is that people need people with cybersecurity skills. Now what we're trying to do, you know, is multifaceted. We work with universities to standardize programs to develop skills that people can come into the marketplace with. We run our own programs inside the company. We have a cloud academy program now where we take people high aptitude for sales and technical aptitude and we will put them through a six month boot camp on cloud and they'll come out of that ready to really work with the leading experts in cloud security. The third angle is partners, right, there are partners in the marketplace who want to drive their business into high services areas. They have people, they know how to train. We give them, we partner with them to give them training. Hopefully that helps solve some of the short-term gaps that are out there today. >> So you made the jump from data storage to security and >> Yeah. >> You know, network security, all kinds of security. What was that like? What you must have learned a lot in the last better part of a decade? >> Yeah. >> Take us through that. >> You know, so the first jump was from EMC. I was 15 years there to be CEO of Barracuda. And you know, it was interesting because EMC was, you know large enterprise for the most part. At Barracuda we had, you know 250,000 small and mid-size enterprises. And it was, it's interesting to get into security in small and mid-size businesses because, you know Wendy today was talking about nation states. For small and mid-size business, it's common thievery right? It's ransomware, it's, and, those customers don't have, you know, the human and financial resources to keep up with the threat factor. So, you know, Nikesh talked about how it's taken 'em four and a half years to get into cybersecurity. I remember my first week at Barracuda, I was talking with a customer who had, you know, breached data shut down. There wasn't much bitcoin back then so it was just a pure ransom. And I'm like, wow, this is, you know, incredible industry. So it's been a good, you know, transition for me. I still think data is at the heart of all of this. Right? And I have always believed there's a strong connection between the things I learned growing up at EMC and what I put into practice today at Palo Alto Networks. >> And how about a culture because I, you know I know have observed the EMC culture >> Yeah. >> And you were there in really the heyday. >> Yeah. >> Right? Which was an awesome place. And it seems like Palo Alto obviously, different times but you know, similar like laser focus on solving problems, you know, obviously great, you know value sellers, you know, you guys aren't the commodity >> Yeah. For Product. But there seemed to be some similarities from afar. I don't know Palo Alto as well as I know EMC. >> I think there's a lot. When I joined EMC, it was about, it was 2 billion in in revenue and I think when I left it was over 20, 20, 21. And, you know, we're at, you know hopefully 5, 5 5 in revenue. I feel like it's this very similar, there's a sense of urgency, there's an incredible focus on the customer. you know, Near and Moche are definitely different individuals but the both same kind of disruptive, Israeli force out there driving the business. There are a lot of similarities. I, you know, the passion, I feel privileged as a, you know go to market person that I have this incredible portfolio to go, you know, work with customers on. It's a lucky position to be in, but very I feel like it is a movie I've seen before. >> Yeah. And but, and the course, the challenges from the, the target that you're disrupting is different. It was, you know, EMC had a lot of big, you know IBM obviously was, you know, bigger target whereas you got thousands of, you know, smaller companies. >> Yes. >> And, and so that's a different dynamic but that's why the consolidation play is so important. >> Look at, that's why I joined Palo Alto Networks when I was at Barracuda for nine years. It just fascinated me, that there was 3000 plus players in security and why didn't security evolve like the storage market did or the server market or network where working >> Yeah, right. >> You know, two or three big gorillas came to, to dominate those markets. And it's, I think it's what Nikesh talked about today. There was a new problem in best of breed. It was always best of breed. You can never in security go in and, you know, say, Hey it's good I saved us some money but I got the third best product in the marketplace. And there was that kind of gap between products. I, believe in why I joined here I think this is my last gig is we have a chance to change that. And this is the first company as I look from the outside in that had best of breed as, you know Nikesh said 13 categories. >> Yeah. >> And you know, we're in the leaders quadrant and it's a conversation I have with customers. You don't have to sacrifice best of breed but get the benefits of a platform. And I, think that resonates today. I think we have a chance to change the industry from that viewpoint. >> Give us a little view of the voice of the customer. You had, was it Sabre? >> Yeah. >> That was on >> Scott Moser, The CISO from Sabre. >> Give us a view, what are you hearing from the voice of the customer? Obviously they're quite a successful customer but challenges, concerns, the partnership. >> Yeah. Look, I think security is similar to industries where we come up with magic marketing phrases and, you know, things to you know, make you want to procure our solutions. You know, zero trust is one. And you know, you'll talk to customers and they're like, okay, yes. And you know, the government, right? Joe, Joe Biden's putting out zero trust executive orders. And the, the problem is if you talk to customers, it's a journey. They have legacy infrastructure they have business drivers that you know they just don't deal with us. They've got to deal with the business side who's trying to make the money that keeps the, the company going. it's really helped them draw a map from where they're at today to zero trust or to a better security architecture. Or, you know, they're moving their apps into the cloud. How am I going to migrate? Right? Again, that discussion three years ago was around lift and shift, right? Today it's about, well, no I need cloud native developed apps to service the business the way I want to, I want to service it. How do I, so I, I think there's this element of a trusted partner and relationship. And again, I think this is why you can't have 40 or 50 of those. You got to start narrowing it down if you want to be able to meet and beat the threats that are out there for you. So I, you know, the customers, I see a lot of 'em. It's, here's where I'm at help me get here to a better position. And they know it's, you know Scott said in our keynote today, you don't just, you know have layer three firewall policies and decide, okay tomorrow I'm going to go to layer seven. That, that's not how it works. Right? There's, and, and by the way these things are a mission critical type areas. So there's got to be a game plan that you help customers go through to get there. >> Definitely. Last question, my last question for you is, is security being a board level conversation I was reading some stats from a survey I think it was the what's new in Cypress survey that that Palo Alto released today that showed that while significant numbers of organizations think they've got a cyber resiliency playbook, there's a lot of disconnect or lack of alignment at the boardroom. Are you in those conversations? How can you help facilitate that alignment between the executive team and the board when it comes to security being so foundational to any business? >> Yeah, it's, I've been on three, four public company boards. I'm on, I'm on two today. I would say four years ago, this was a almost a taboo topic. It was a, put your head in the sand and pray to God nothing happened. And you know, the world has changed significantly. And because of the number of breaches the impact it's had on brand, boards have to think about this in duty of care and their fiduciary duty. Okay. So then you start with a board that may not have the technical skills. The first problem the security industry had is how do I explain your risk profile in a way you can understand it. I'm, I'm on the board of Generac that makes home generators. It's a manufacturing, you know, company but they put Wifi modules in their boxes so that the dealers could help do the maintenance on 'em. And all of a sudden these things were getting attacked. Right? And they're being used for bot attacks. >> Yeah. >> Everybody on their board had a manufacturing background. >> Ah. >> So how do you help that board understand the risk they have that's what's changed over the last four years. It's a constant discussion. It's one I have with CISOs where they're like help us put it in layman's terms so they understand they know what we're doing and they feel confident but at the same time understand the marketplace better. And that's a journey for us. >> That Generac example is a great one because, you know, think about IOT Technologies. They've historically been air gaped >> Yes. >> By design. And all of a sudden the business comes in and says, "Hey we can put wifi in there", you know >> Connect it to a home Wifi system that >> Make our lives so much easier. Next thing you know, it's being used to attack. >> Yeah. >> So that's why, as you go around the world are you discerning, I know you were just in Japan are you discerning significant differences in sort of attitudes toward, towards cyber? Whether it's public policy, you know things like regulation where you, they don't want you sharing data, but as as a cyber company, you want to share that data with you know, public and private? >> Look it, I, I think around the world we see incredible government activity first of all. And I think given the position we're in we get to have some unique conversations there. I would say worldwide security is an imperative. I, no matter where I go, you know it's in front of everybody's mind. The, on the, the governance side, it's really what do we need to adapt to make sure we meet local regulations. And I, and I would just tell you Dave there's ways when you do that, and we talk with governments that because of how they want to do it reduce our ability to give them full insight into all the threats and how we can help them. And I do think over time governments understand that we can anonymize the data. There's, but that, that's a work in process. Definitely there is a balance. We need to have privacy, we need to have, you know personal security for people. But there's ways to collect that data in an anonymous way and give better security insight back into the architectures that are out there. >> All right. A little shift the gears here. A little sports question. We've had some great Boston's sports guests on theCUBE right? I mean, Randy Seidel, we were talking about him. Peter McKay, Snyk, I guess he's a competitor now but you know, there's no question got >> He got a little funding today. I saw that. >> Down round. But they still got a lot of money. Not of a down round, but they were, but yeah, but actually, you know, he was on several years ago and it was around the time they were talking about trading Brady. He said Never trade Brady. And he got that right. We, I think we can agree Brady's the goat. >> Yes. >> The big question I have for you is, Belichick. Do you ever question Has your belief in him as the greatest coach of all time wavered, you know, now that- No. Okay. >> Never. >> Weigh in on that. >> Never, he says >> Still the Goat. >> I'll give you my best. You know, never In Bill we trust. >> Okay. Still. >> All right >> I, you know, the NFL is a unique property that's designed for parody and is designed, I mean actively designed to not let Mr. Craft and Bill Belichick do what they do every year. I feel privileged as a Boston sports fan that in our worst years we're in the seventh playoff spot. And I have a lot of family in Chicago who would kill for that position, by the way. And you know, they're in perpetual rebuilding. And so look, and I think he, you know the way he's been able to manage the cap and the skill levels, I think we have a top five defense. There's different ways to win titles. And if I, you know, remember in Brady's last title with Boston, the defense won us that Super Bowl. >> Well thanks for weighing in on that because there's a lot of crazy talk going on. Like, 'Hey, if he doesn't beat Arizona, he's got to go.' I'm like, what? So, okay, I'm sometimes it takes a good good loyal fan who's maybe, you know, has >> The good news in Boston is we're emotional fans too so I understand you got to keep the long term long term in mind. And we're, we're in a privileged position in Boston. We've got Celtics, we've got Bruins we've got the Patriots right on the edge of the playoffs and we need the Red Sox to get to work. >> Yeah, no, you know they were last, last year so maybe they're going to win it all like they usually do. So >> Fingers crossed. >> Crazy worst to first. >> Exactly. Well you said, in Bill we trust it sounds like from our conversation in BJ we trust from the customers, the partners. >> I hope so. >> Thank you so much BJ, for coming back on theCUBE giving us the lay of the land, what's new, the voice of the customer and how Palo Alto was really differentiated in the market. We always appreciate your, coming on the show you >> Honor and privilege seeing you here. Thanks. >> You may be thinking that you were watching ESPN just now but you know, we call ourselves the ESPN at Tech News. This is Lisa Martin for Dave Vellante and our guest. You're watching theCUBE, the Leader and live emerging in enterprise tech coverage. (upbeat music)

(upbeat music) >> Hey, welcome back everyone, live coverage here. Re:invent 2022. I'm John Furrier, host of theCUBE. Two sets here. We got amazing content flowing. A third set upstairs in the executive briefing area. It's kind of a final review, day three. We got a special guest for do a re:Invent review. Muddu Sudhakar CEO founder of Aisera. Former multi-exit entrepreneur. Kind of a CUBE analyst who's always watching the floor, comes in, reports on our behalf. Thank you, you're seasoned veteran. Good to see you. Thanks for coming. >> Thank you John >> We've only got five minutes. Let's get into it. What's your report? What are you seeing here at re:Invent? What's the most important story? What's happening? What should people pay attention to? >> No, a lot of things. First all, thank you for having me John. But, most important thing what Amazon has announced is AIML. How they're doubling down on AIML. Amazon Connect for Wise. Watch out all the contact center vendors. Third, is in the area of workflow, low-code, no-code, workflow automation. I see these three are three big pillars. And, the fourth is ETL and ELTs. They're offering ETL as included as a part of S3 Redshift. I see those four areas are the big buckets. >> Well, it's not no ETL to S3. It's ETL into S3 or migration. >> That's right. >> Then the other one was Zero ETL Promise. >> Muddu: That's right. >> Which there's a skeptical group out there that think that's not possible. I do. I think ultimately that'll happen, but what's your take? >> I think it's going to happen. So, it's going to happen both within that data store as well as outside the data store, data coming in. I think that area, Amazon is going to slowly encroach into the whole thing will be part offered as a part of Redshift and S3. >> Got it. What else are you seeing? Security. >> Amazon Connect Amazon Connect is a big thing. >> John: Why is that so important? It seems like they already have that. >> They have it, but what they're doing now is to automate AI bots. They want to use AI bot to automate both agent assist, AI assist, and also WiseBot automation. So, all the contact center Wise to text they're doubling down. I think it's a good competition to Microsoft with the Nuance acquisition and what Zoom is doing today. So, I think within Microsoft, Zoom, and Amazon, it's a nice competition there. >> Okay, so we had Adam's keynote, a lot of security and data, that was big. Today, we had Swami, all ML, 13 announcements. Adam did telegraph to me that he was going to to share the love. Jassy would've probably taken most of those announcements, we know that. Adam shared the love. So, Adam, props to you for sharing the love with Swami and some of those announcements. We had 13. So, good for him. >> Yes. >> And then, we had Aruba with the partners. What's your take on the partner network? A revamp? >> No, I think Aruba did a very good job in terms of partners. Look at these, one of the best stores that Amazon does. Even the companies like me, I'm a startup company. They know how to include the partners, drive more revenue with partners, sell through it, more expansion. So, Amazon is still one of the best for startup to mid-market companies to go into enterprise. So, I love their partnership angle. >> One of the things I like that she said that resonated with me 'cause, I've been working with those teams, is it's unified, clear roles, but together. But, scaling the support for partners and making money for partners. >> That's right. >> That is a huge deal. Big road ahead. She's focused on it. She says, no problem. We want to scale up the business model of the channel. >> Muddu: That's right. >> The resources, so that the ecosystem can make money and serve customers or serve customers and make money. >> Muddu: That's right. And, I think one thing that they're always good is Marketplace. Now, they're doing is outside of market with ISV, co-sell, selling through. I think Amazon really understood that adding the value so that we make money as a partners and they make money, incrementally. So, I think Aruba is doing a very good job. I really like it. >> Okay, final question. What's going on with Werner? What do you expect to hear tomorrow from a developer front? Not a lot of developer productivity conversations at this re:Invent. Not a lot of people talking about software supply chain although Snyk was on theCUBE earlier. Developer productivity. Werner's going to speak to that tomorrow we think. Or, I don't know. What do you think? >> I think he's going talk something called generative AI. Rumored the people are talking about the code will be returned by the algorithms now. I think if I'm Werner, I'm going to talk about where the technology is going, where the humans will not be writing code. So, I think AI is going to double down with Amazon more on the generative AI. He's going to try a lot about that. >> Generative AI is hot. We could have generative CUBE, no hosts. >> Muddu: Yes, that would be good. >> No code, no host >> Muddu: Have an answer, John Software. (both laugh) >> We're going to automate everything. Muddu, great to hear from you. Thanks for reporting. Anything else on the ecosystem? Any observations on the ecosystem and their opportunity? >> So, coming from my side, if I'd to provide an answer, today we have like close to thousand leads that are good. Most of them are financial, healthcare. Healthcare is still one of the largest ones I saw in this conference. Financials, and then, I'm started seeing a lot more on the manufacturing. So, I think supply chain, they were not so. I think Amazon is doing fantastic job with financial, healthcare, and supply chain. >> Where is their blind spot if you had to point that one? >> I think media and entertainment. Media and entertainment is not that big on Amazon. So, I think we should see a lot more of those. >> Yeah, I think they need to look at that. Any other observations? Hallway conversations that are notable that you would like to share with folks watching? >> I think what needs to happen is with VMware, and Citrix desktop, and Endpoint Management. That's their blind spot. So far, nobody's really talking about the Endpoints. Your workstation, laptop, desktop. Remember, that was big with VMware. Nope, that's not a thought of conversation in email right now. So, I think that area is left behind by Amazon. Somebody needs to go after that white space. >> John: And, the audience here is over 50,000. Big numbers. >> Huge. One of the best shows, right? I mean after Covid. It's by far the best show I've seen in this year. >> All right, if you'd do a sizzle reel, what would it be? >> Sizzle reel. I think it's going to be a lot more on, as I said, generative to AI is the key word to watch. And, more than that, low-code no-code workflow automation. How do you automate the workflows? Which is where ServiceNow is fairly strong. I think you'll see Amazon and ServiceNow playing in the workflow automation. >> Muddu, thank you so much for coming on theCube sharing. That's a wrap up for day three here in theCUBE. I'm John Furrier, Dave Vellante for Lisa Martin, Savannah Peterson, all working on Paul Gillan and John Walls and the whole team. Thanks for all your support. Wrapping it up to the end of the day. Pulling the plug. We'll see you tomorrow. (upbeat music)

>> From The Cube Studios in Palo Alto and Boston, bringing you data driven insights from The Cube at ETR. This is "Breaking Analysis" with Dave Vellante. >> The reverse momentum in tech stocks caused by rising interest rates, less attractive discounted cash flow models, and more tepid forward guidance, can be easily measured by public market valuations. And while there's lots of discussion about the impact on private companies and cash runway and 409A valuations, measuring the performance of non-public companies isn't as easy. IPOs have dried up and public statements by private companies, of course, they accentuate the good and they kind of hide the bad. Real data, unless you're an insider, is hard to find. Hello and welcome to this week's "Wikibon Cube Insights" powered by ETR. In this "Breaking Analysis", we unlock some of the secrets that non-public, emerging tech companies may or may not be sharing. And we do this by introducing you to a capability from ETR that we've not exposed you to over the past couple of years, it's called the Emerging Technologies Survey, and it is packed with sentiment data and performance data based on surveys of more than a thousand CIOs and IT buyers covering more than 400 companies. And we've invited back our colleague, Erik Bradley of ETR to help explain the survey and the data that we're going to cover today. Erik, this survey is something that I've not personally spent much time on, but I'm blown away at the data. It's really unique and detailed. First of all, welcome. Good to see you again. >> Great to see you too, Dave, and I'm really happy to be talking about the ETS or the Emerging Technology Survey. Even our own clients of constituents probably don't spend as much time in here as they should. >> Yeah, because there's so much in the mainstream, but let's pull up a slide to bring out the survey composition. Tell us about the study. How often do you run it? What's the background and the methodology? >> Yeah, you were just spot on the way you were talking about the private tech companies out there. So what we did is we decided to take all the vendors that we track that are not yet public and move 'em over to the ETS. And there isn't a lot of information out there. If you're not in Silicon (indistinct), you're not going to get this stuff. So PitchBook and Tech Crunch are two out there that gives some data on these guys. But what we really wanted to do was go out to our community. We have 6,000, ITDMs in our community. We wanted to ask them, "Are you aware of these companies? And if so, are you allocating any resources to them? Are you planning to evaluate them," and really just kind of figure out what we can do. So this particular survey, as you can see, 1000 plus responses, over 450 vendors that we track. And essentially what we're trying to do here is talk about your evaluation and awareness of these companies and also your utilization. And also if you're not utilizing 'em, then we can also figure out your sales conversion or churn. So this is interesting, not only for the ITDMs themselves to figure out what their peers are evaluating and what they should put in POCs against the big guys when contracts come up. But it's also really interesting for the tech vendors themselves to see how they're performing. >> And you can see 2/3 of the respondents are director level of above. You got 28% is C-suite. There is of course a North America bias, 70, 75% is North America. But these smaller companies, you know, that's when they start doing business. So, okay. We're going to do a couple of things here today. First, we're going to give you the big picture across the sectors that ETR covers within the ETS survey. And then we're going to look at the high and low sentiment for the larger private companies. And then we're going to do the same for the smaller private companies, the ones that don't have as much mindshare. And then I'm going to put those two groups together and we're going to look at two dimensions, actually three dimensions, which companies are being evaluated the most. Second, companies are getting the most usage and adoption of their offerings. And then third, which companies are seeing the highest churn rates, which of course is a silent killer of companies. And then finally, we're going to look at the sentiment and mindshare for two key areas that we like to cover often here on "Breaking Analysis", security and data. And data comprises database, including data warehousing, and then big data analytics is the second part of data. And then machine learning and AI is the third section within data that we're going to look at. Now, one other thing before we get into it, ETR very often will include open source offerings in the mix, even though they're not companies like TensorFlow or Kubernetes, for example. And we'll call that out during this discussion. The reason this is done is for context, because everyone is using open source. It is the heart of innovation and many business models are super glued to an open source offering, like take MariaDB, for example. There's the foundation and then there's with the open source code and then there, of course, the company that sells services around the offering. Okay, so let's first look at the highest and lowest sentiment among these private firms, the ones that have the highest mindshare. So they're naturally going to be somewhat larger. And we do this on two dimensions, sentiment on the vertical axis and mindshare on the horizontal axis and note the open source tool, see Kubernetes, Postgres, Kafka, TensorFlow, Jenkins, Grafana, et cetera. So Erik, please explain what we're looking at here, how it's derived and what the data tells us. >> Certainly, so there is a lot here, so we're going to break it down first of all by explaining just what mindshare and net sentiment is. You explain the axis. We have so many evaluation metrics, but we need to aggregate them into one so that way we can rank against each other. Net sentiment is really the aggregation of all the positive and subtracting out the negative. So the net sentiment is a very quick way of looking at where these companies stand versus their peers in their sectors and sub sectors. Mindshare is basically the awareness of them, which is good for very early stage companies. And you'll see some names on here that are obviously been around for a very long time. And they're clearly be the bigger on the axis on the outside. Kubernetes, for instance, as you mentioned, is open source. This de facto standard for all container orchestration, and it should be that far up into the right, because that's what everyone's using. In fact, the open source leaders are so prevalent in the emerging technology survey that we break them out later in our analysis, 'cause it's really not fair to include them and compare them to the actual companies that are providing the support and the security around that open source technology. But no survey, no analysis, no research would be complete without including these open source tech. So what we're looking at here, if I can just get away from the open source names, we see other things like Databricks and OneTrust . They're repeating as top net sentiment performers here. And then also the design vendors. People don't spend a lot of time on 'em, but Miro and Figma. This is their third survey in a row where they're just dominating that sentiment overall. And Adobe should probably take note of that because they're really coming after them. But Databricks, we all know probably would've been a public company by now if the market hadn't turned, but you can see just how dominant they are in a survey of nothing but private companies. And we'll see that again when we talk about the database later. >> And I'll just add, so you see automation anywhere on there, the big UiPath competitor company that was not able to get to the public markets. They've been trying. Snyk, Peter McKay's company, they've raised a bunch of money, big security player. They're doing some really interesting things in developer security, helping developers secure the data flow, H2O.ai, Dataiku AI company. We saw them at the Snowflake Summit. Redis Labs, Netskope and security. So a lot of names that we know that ultimately we think are probably going to be hitting the public market. Okay, here's the same view for private companies with less mindshare, Erik. Take us through this one. >> On the previous slide too real quickly, I wanted to pull that security scorecard and we'll get back into it. But this is a newcomer, that I couldn't believe how strong their data was, but we'll bring that up in a second. Now, when we go to the ones of lower mindshare, it's interesting to talk about open source, right? Kubernetes was all the way on the top right. Everyone uses containers. Here we see Istio up there. Not everyone is using service mesh as much. And that's why Istio is in the smaller breakout. But still when you talk about net sentiment, it's about the leader, it's the highest one there is. So really interesting to point out. Then we see other names like Collibra in the data side really performing well. And again, as always security, very well represented here. We have Aqua, Wiz, Armis, which is a standout in this survey this time around. They do IoT security. I hadn't even heard of them until I started digging into the data here. And I couldn't believe how well they were doing. And then of course you have AnyScale, which is doing a second best in this and the best name in the survey Hugging Face, which is a machine learning AI tool. Also doing really well on a net sentiment, but they're not as far along on that access of mindshare just yet. So these are again, emerging companies that might not be as well represented in the enterprise as they will be in a couple of years. >> Hugging Face sounds like something you do with your two year old. Like you said, you see high performers, AnyScale do machine learning and you mentioned them. They came out of Berkeley. Collibra Governance, InfluxData is on there. InfluxDB's a time series database. And yeah, of course, Alex, if you bring that back up, you get a big group of red dots, right? That's the bad zone, I guess, which Sisense does vis, Yellowbrick Data is a NPP database. How should we interpret the red dots, Erik? I mean, is it necessarily a bad thing? Could it be misinterpreted? What's your take on that? >> Sure, well, let me just explain the definition of it first from a data science perspective, right? We're a data company first. So the gray dots that you're seeing that aren't named, that's the mean that's the average. So in order for you to be on this chart, you have to be at least one standard deviation above or below that average. So that gray is where we're saying, "Hey, this is where the lump of average comes in. This is where everyone normally stands." So you either have to be an outperformer or an underperformer to even show up in this analysis. So by definition, yes, the red dots are bad. You're at least one standard deviation below the average of your peers. It's not where you want to be. And if you're on the lower left, not only are you not performing well from a utilization or an actual usage rate, but people don't even know who you are. So that's a problem, obviously. And the VCs and the PEs out there that are backing these companies, they're the ones who mostly are interested in this data. >> Yeah. Oh, that's great explanation. Thank you for that. No, nice benchmarking there and yeah, you don't want to be in the red. All right, let's get into the next segment here. Here going to look at evaluation rates, adoption and the all important churn. First new evaluations. Let's bring up that slide. And Erik, take us through this. >> So essentially I just want to explain what evaluation means is that people will cite that they either plan to evaluate the company or they're currently evaluating. So that means we're aware of 'em and we are choosing to do a POC of them. And then we'll see later how that turns into utilization, which is what a company wants to see, awareness, evaluation, and then actually utilizing them. That's sort of the life cycle for these emerging companies. So what we're seeing here, again, with very high evaluation rates. H2O, we mentioned. SecurityScorecard jumped up again. Chargebee, Snyk, Salt Security, Armis. A lot of security names are up here, Aqua, Netskope, which God has been around forever. I still can't believe it's in an Emerging Technology Survey But so many of these names fall in data and security again, which is why we decided to pick those out Dave. And on the lower side, Vena, Acton, those unfortunately took the dubious award of the lowest evaluations in our survey, but I prefer to focus on the positive. So SecurityScorecard, again, real standout in this one, they're in a security assessment space, basically. They'll come in and assess for you how your security hygiene is. And it's an area of a real interest right now amongst our ITDM community. >> Yeah, I mean, I think those, and then Arctic Wolf is up there too. They're doing managed services. You had mentioned Netskope. Yeah, okay. All right, let's look at now adoption. These are the companies whose offerings are being used the most and are above that standard deviation in the green. Take us through this, Erik. >> Sure, yet again, what we're looking at is, okay, we went from awareness, we went to evaluation. Now it's about utilization, which means a survey respondent's going to state "Yes, we evaluated and we plan to utilize it" or "It's already in our enterprise and we're actually allocating further resources to it." Not surprising, again, a lot of open source, the reason why, it's free. So it's really easy to grow your utilization on something that's free. But as you and I both know, as Red Hat proved, there's a lot of money to be made once the open source is adopted, right? You need the governance, you need the security, you need the support wrapped around it. So here we're seeing Kubernetes, Postgres, Apache Kafka, Jenkins, Grafana. These are all open source based names. But if we're looking at names that are non open source, we're going to see Databricks, Automation Anywhere, Rubrik all have the highest mindshare. So these are the names, not surprisingly, all names that probably should have been public by now. Everyone's expecting an IPO imminently. These are the names that have the highest mindshare. If we talk about the highest utilization rates, again, Miro and Figma pop up, and I know they're not household names, but they are just dominant in this survey. These are applications that are meant for design software and, again, they're going after an Autodesk or a CAD or Adobe type of thing. It is just dominant how high the utilization rates are here, which again is something Adobe should be paying attention to. And then you'll see a little bit lower, but also interesting, we see Collibra again, we see Hugging Face again. And these are names that are obviously in the data governance, ML, AI side. So we're seeing a ton of data, a ton of security and Rubrik was interesting in this one, too, high utilization and high mindshare. We know how pervasive they are in the enterprise already. >> Erik, Alex, keep that up for a second, if you would. So yeah, you mentioned Rubrik. Cohesity's not on there. They're sort of the big one. We're going to talk about them in a moment. Puppet is interesting to me because you remember the early days of that sort of space, you had Puppet and Chef and then you had Ansible. Red Hat bought Ansible and then Ansible really took off. So it's interesting to see Puppet on there as well. Okay. So now let's look at the churn because this one is where you don't want to be. It's, of course, all red 'cause churn is bad. Take us through this, Erik. >> Yeah, definitely don't want to be here and I don't love to dwell on the negative. So we won't spend as much time. But to your point, there's one thing I want to point out that think it's important. So you see Rubrik in the same spot, but Rubrik has so many citations in our survey that it actually would make sense that they're both being high utilization and churn just because they're so well represented. They have such a high overall representation in our survey. And the reason I call that out is Cohesity. Cohesity has an extremely high churn rate here about 17% and unlike Rubrik, they were not on the utilization side. So Rubrik is seeing both, Cohesity is not. It's not being utilized, but it's seeing a high churn. So that's the way you can look at this data and say, "Hm." Same thing with Puppet. You noticed that it was on the other slide. It's also on this one. So basically what it means is a lot of people are giving Puppet a shot, but it's starting to churn, which means it's not as sticky as we would like. One that was surprising on here for me was Tanium. It's kind of jumbled in there. It's hard to see in the middle, but Tanium, I was very surprised to see as high of a churn because what I do hear from our end user community is that people that use it, like it. It really kind of spreads into not only vulnerability management, but also that endpoint detection and response side. So I was surprised by that one, mostly to see Tanium in here. Mural, again, was another one of those application design softwares that's seeing a very high churn as well. >> So you're saying if you're in both... Alex, bring that back up if you would. So if you're in both like MariaDB is for example, I think, yeah, they're in both. They're both green in the previous one and red here, that's not as bad. You mentioned Rubrik is going to be in both. Cohesity is a bit of a concern. Cohesity just brought on Sanjay Poonen. So this could be a go to market issue, right? I mean, 'cause Cohesity has got a great product and they got really happy customers. So they're just maybe having to figure out, okay, what's the right ideal customer profile and Sanjay Poonen, I guarantee, is going to have that company cranking. I mean they had been doing very well on the surveys and had fallen off of a bit. The other interesting things wondering the previous survey I saw Cvent, which is an event platform. My only reason I pay attention to that is 'cause we actually have an event platform. We don't sell it separately. We bundle it as part of our offerings. And you see Hopin on here. Hopin raised a billion dollars during the pandemic. And we were like, "Wow, that's going to blow up." And so you see Hopin on the churn and you didn't see 'em in the previous chart, but that's sort of interesting. Like you said, let's not kind of dwell on the negative, but you really don't. You know, churn is a real big concern. Okay, now we're going to drill down into two sectors, security and data. Where data comprises three areas, database and data warehousing, machine learning and AI and big data analytics. So first let's take a look at the security sector. Now this is interesting because not only is it a sector drill down, but also gives an indicator of how much money the firm has raised, which is the size of that bubble. And to tell us if a company is punching above its weight and efficiently using its venture capital. Erik, take us through this slide. Explain the dots, the size of the dots. Set this up please. >> Yeah. So again, the axis is still the same, net sentiment and mindshare, but what we've done this time is we've taken publicly available information on how much capital company is raised and that'll be the size of the circle you see around the name. And then whether it's green or red is basically saying relative to the amount of money they've raised, how are they doing in our data? So when you see a Netskope, which has been around forever, raised a lot of money, that's why you're going to see them more leading towards red, 'cause it's just been around forever and kind of would expect it. Versus a name like SecurityScorecard, which is only raised a little bit of money and it's actually performing just as well, if not better than a name, like a Netskope. OneTrust doing absolutely incredible right now. BeyondTrust. We've seen the issues with Okta, right. So those are two names that play in that space that obviously are probably getting some looks about what's going on right now. Wiz, we've all heard about right? So raised a ton of money. It's doing well on net sentiment, but the mindshare isn't as well as you'd want, which is why you're going to see a little bit of that red versus a name like Aqua, which is doing container and application security. And hasn't raised as much money, but is really neck and neck with a name like Wiz. So that is why on a relative basis, you'll see that more green. As we all know, information security is never going away. But as we'll get to later in the program, Dave, I'm not sure in this current market environment, if people are as willing to do POCs and switch away from their security provider, right. There's a little bit of tepidness out there, a little trepidation. So right now we're seeing overall a slight pause, a slight cooling in overall evaluations on the security side versus historical levels a year ago. >> Now let's stay on here for a second. So a couple things I want to point out. So it's interesting. Now Snyk has raised over, I think $800 million but you can see them, they're high on the vertical and the horizontal, but now compare that to Lacework. It's hard to see, but they're kind of buried in the middle there. That's the biggest dot in this whole thing. I think I'm interpreting this correctly. They've raised over a billion dollars. It's a Mike Speiser company. He was the founding investor in Snowflake. So people watch that very closely, but that's an example of where they're not punching above their weight. They recently had a layoff and they got to fine tune things, but I'm still confident they they're going to do well. 'Cause they're approaching security as a data problem, which is probably people having trouble getting their arms around that. And then again, I see Arctic Wolf. They're not red, they're not green, but they've raised fair amount of money, but it's showing up to the right and decent level there. And a couple of the other ones that you mentioned, Netskope. Yeah, they've raised a lot of money, but they're actually performing where you want. What you don't want is where Lacework is, right. They've got some work to do to really take advantage of the money that they raised last November and prior to that. >> Yeah, if you're seeing that more neutral color, like you're calling out with an Arctic Wolf, like that means relative to their peers, this is where they should be. It's when you're seeing that red on a Lacework where we all know, wow, you raised a ton of money and your mindshare isn't where it should be. Your net sentiment is not where it should be comparatively. And then you see these great standouts, like Salt Security and SecurityScorecard and Abnormal. You know they haven't raised that much money yet, but their net sentiment's higher and their mindshare's doing well. So those basically in a nutshell, if you're a PE or a VC and you see a small green circle, then you're doing well, then it means you made a good investment. >> Some of these guys, I don't know, but you see these small green circles. Those are the ones you want to start digging into and maybe help them catch a wave. Okay, let's get into the data discussion. And again, three areas, database slash data warehousing, big data analytics and ML AI. First, we're going to look at the database sector. So Alex, thank you for bringing that up. Alright, take us through this, Erik. Actually, let me just say Postgres SQL. I got to ask you about this. It shows some funding, but that actually could be a mix of EDB, the company that commercializes Postgres and Postgres the open source database, which is a transaction system and kind of an open source Oracle. You see MariaDB is a database, but open source database. But the companies they've raised over $200 million and they filed an S-4. So Erik looks like this might be a little bit of mashup of companies and open source products. Help us understand this. >> Yeah, it's tough when you start dealing with the open source side and I'll be honest with you, there is a little bit of a mashup here. There are certain names here that are a hundred percent for profit companies. And then there are others that are obviously open source based like Redis is open source, but Redis Labs is the one trying to monetize the support around it. So you're a hundred percent accurate on this slide. I think one of the things here that's important to note though, is just how important open source is to data. If you're going to be going to any of these areas, it's going to be open source based to begin with. And Neo4j is one I want to call out here. It's not one everyone's familiar with, but it's basically geographical charting database, which is a name that we're seeing on a net sentiment side actually really, really high. When you think about it's the third overall net sentiment for a niche database play. It's not as big on the mindshare 'cause it's use cases aren't as often, but third biggest play on net sentiment. I found really interesting on this slide. >> And again, so MariaDB, as I said, they filed an S-4 I think $50 million in revenue, that might even be ARR. So they're not huge, but they're getting there. And by the way, MariaDB, if you don't know, was the company that was formed the day that Oracle bought Sun in which they got MySQL and MariaDB has done a really good job of replacing a lot of MySQL instances. Oracle has responded with MySQL HeatWave, which was kind of the Oracle version of MySQL. So there's some interesting battles going on there. If you think about the LAMP stack, the M in the LAMP stack was MySQL. And so now it's all MariaDB replacing that MySQL for a large part. And then you see again, the red, you know, you got to have some concerns about there. Aerospike's been around for a long time. SingleStore changed their name a couple years ago, last year. Yellowbrick Data, Fire Bolt was kind of going after Snowflake for a while, but yeah, you want to get out of that red zone. So they got some work to do. >> And Dave, real quick for the people that aren't aware, I just want to let them know that we can cut this data with the public company data as well. So we can cross over this with that because some of these names are competing with the larger public company names as well. So we can go ahead and cross reference like a MariaDB with a Mongo, for instance, or of something of that nature. So it's not in this slide, but at another point we can certainly explain on a relative basis how these private names are doing compared to the other ones as well. >> All right, let's take a quick look at analytics. Alex, bring that up if you would. Go ahead, Erik. >> Yeah, I mean, essentially here, I can't see it on my screen, my apologies. I just kind of went to blank on that. So gimme one second to catch up. >> So I could set it up while you're doing that. You got Grafana up and to the right. I mean, this is huge right. >> Got it thank you. I lost my screen there for a second. Yep. Again, open source name Grafana, absolutely up and to the right. But as we know, Grafana Labs is actually picking up a lot of speed based on Grafana, of course. And I think we might actually hear some noise from them coming this year. The names that are actually a little bit more disappointing than I want to call out are names like ThoughtSpot. It's been around forever. Their mindshare of course is second best here but based on the amount of time they've been around and the amount of money they've raised, it's not actually outperforming the way it should be. We're seeing Moogsoft obviously make some waves. That's very high net sentiment for that company. It's, you know, what, third, fourth position overall in this entire area, Another name like Fivetran, Matillion is doing well. Fivetran, even though it's got a high net sentiment, again, it's raised so much money that we would've expected a little bit more at this point. I know you know this space extremely well, but basically what we're looking at here and to the bottom left, you're going to see some names with a lot of red, large circles that really just aren't performing that well. InfluxData, however, second highest net sentiment. And it's really pretty early on in this stage and the feedback we're getting on this name is the use cases are great, the efficacy's great. And I think it's one to watch out for. >> InfluxData, time series database. The other interesting things I just noticed here, you got Tamer on here, which is that little small green. Those are the ones we were saying before, look for those guys. They might be some of the interesting companies out there and then observe Jeremy Burton's company. They do observability on top of Snowflake, not green, but kind of in that gray. So that's kind of cool. Monte Carlo is another one, they're sort of slightly green. They are doing some really interesting things in data and data mesh. So yeah, okay. So I can spend all day on this stuff, Erik, phenomenal data. I got to get back and really dig in. Let's end with machine learning and AI. Now this chart it's similar in its dimensions, of course, except for the money raised. We're not showing that size of the bubble, but AI is so hot. We wanted to cover that here, Erik, explain this please. Why TensorFlow is highlighted and walk us through this chart. >> Yeah, it's funny yet again, right? Another open source name, TensorFlow being up there. And I just want to explain, we do break out machine learning, AI is its own sector. A lot of this of course really is intertwined with the data side, but it is on its own area. And one of the things I think that's most important here to break out is Databricks. We started to cover Databricks in machine learning, AI. That company has grown into much, much more than that. So I do want to state to you Dave, and also the audience out there that moving forward, we're going to be moving Databricks out of only the MA/AI into other sectors. So we can kind of value them against their peers a little bit better. But in this instance, you could just see how dominant they are in this area. And one thing that's not here, but I do want to point out is that we have the ability to break this down by industry vertical, organization size. And when I break this down into Fortune 500 and Fortune 1000, both Databricks and Tensorflow are even better than you see here. So it's quite interesting to see that the names that are succeeding are also succeeding with the largest organizations in the world. And as we know, large organizations means large budgets. So this is one area that I just thought was really interesting to point out that as we break it down, the data by vertical, these two names still are the outstanding players. >> I just also want to call it H2O.ai. They're getting a lot of buzz in the marketplace and I'm seeing them a lot more. Anaconda, another one. Dataiku consistently popping up. DataRobot is also interesting because all the kerfuffle that's going on there. The Cube guy, Cube alum, Chris Lynch stepped down as executive chairman. All this stuff came out about how the executives were taking money off the table and didn't allow the employees to participate in that money raising deal. So that's pissed a lot of people off. And so they're now going through some kind of uncomfortable things, which is unfortunate because DataRobot, I noticed, we haven't covered them that much in "Breaking Analysis", but I've noticed them oftentimes, Erik, in the surveys doing really well. So you would think that company has a lot of potential. But yeah, it's an important space that we're going to continue to watch. Let me ask you Erik, can you contextualize this from a time series standpoint? I mean, how is this changed over time? >> Yeah, again, not show here, but in the data. I'm sorry, go ahead. >> No, I'm sorry. What I meant, I should have interjected. In other words, you would think in a downturn that these emerging companies would be less interesting to buyers 'cause they're more risky. What have you seen? >> Yeah, and it was interesting before we went live, you and I were having this conversation about "Is the downturn stopping people from evaluating these private companies or not," right. In a larger sense, that's really what we're doing here. How are these private companies doing when it comes down to the actual practitioners? The people with the budget, the people with the decision making. And so what I did is, we have historical data as you know, I went back to the Emerging Technology Survey we did in November of 21, right at the crest right before the market started to really fall and everything kind of started to fall apart there. And what I noticed is on the security side, very much so, we're seeing less evaluations than we were in November 21. So I broke it down. On cloud security, net sentiment went from 21% to 16% from November '21. That's a pretty big drop. And again, that sentiment is our one aggregate metric for overall positivity, meaning utilization and actual evaluation of the name. Again in database, we saw it drop a little bit from 19% to 13%. However, in analytics we actually saw it stay steady. So it's pretty interesting that yes, cloud security and security in general is always going to be important. But right now we're seeing less overall net sentiment in that space. But within analytics, we're seeing steady with growing mindshare. And also to your point earlier in machine learning, AI, we're seeing steady net sentiment and mindshare has grown a whopping 25% to 30%. So despite the downturn, we're seeing more awareness of these companies in analytics and machine learning and a steady, actual utilization of them. I can't say the same in security and database. They're actually shrinking a little bit since the end of last year. >> You know it's interesting, we were on a round table, Erik does these round tables with CISOs and CIOs, and I remember one time you had asked the question, "How do you think about some of these emerging tech companies?" And one of the executives said, "I always include somebody in the bottom left of the Gartner Magic Quadrant in my RFPs. I think he said, "That's how I found," I don't know, it was Zscaler or something like that years before anybody ever knew of them "Because they're going to help me get to the next level." So it's interesting to see Erik in these sectors, how they're holding up in many cases. >> Yeah. It's a very important part for the actual IT practitioners themselves. There's always contracts coming up and you always have to worry about your next round of negotiations. And that's one of the roles these guys play. You have to do a POC when contracts come up, but it's also their job to stay on top of the new technology. You can't fall behind. Like everyone's a software company. Now everyone's a tech company, no matter what you're doing. So these guys have to stay in on top of it. And that's what this ETS can do. You can go in here and look and say, "All right, I'm going to evaluate their technology," and it could be twofold. It might be that you're ready to upgrade your technology and they're actually pushing the envelope or it simply might be I'm using them as a negotiation ploy. So when I go back to the big guy who I have full intentions of writing that contract to, at least I have some negotiation leverage. >> Erik, we got to leave it there. I could spend all day. I'm going to definitely dig into this on my own time. Thank you for introducing this, really appreciate your time today. >> I always enjoy it, Dave and I hope everyone out there has a great holiday weekend. Enjoy the rest of the summer. And, you know, I love to talk data. So anytime you want, just point the camera on me and I'll start talking data. >> You got it. I also want to thank the team at ETR, not only Erik, but Darren Bramen who's a data scientist, really helped prepare this data, the entire team over at ETR. I cannot tell you how much additional data there is. We are just scratching the surface in this "Breaking Analysis". So great job guys. I want to thank Alex Myerson. Who's on production and he manages the podcast. Ken Shifman as well, who's just coming back from VMware Explore. Kristen Martin and Cheryl Knight help get the word out on social media and in our newsletters. And Rob Hof is our editor in chief over at SiliconANGLE. Does some great editing for us. Thank you. All of you guys. Remember these episodes, they're all available as podcast, wherever you listen. All you got to do is just search "Breaking Analysis" podcast. I publish each week on wikibon.com and siliconangle.com. Or you can email me to get in touch david.vellante@siliconangle.com. You can DM me at dvellante or comment on my LinkedIn posts and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for Erik Bradley and The Cube Insights powered by ETR. Thanks for watching. Be well. And we'll see you next time on "Breaking Analysis". (upbeat music)

(soft music) >> Welcome back, everyone. theCube's live coverage. Day two here at VMware Explore. Our 12th year covering VMware's annual conference formally called Vmworld, now it's VMware Explore. Exploring new frontiers multi-cloud and also bearing some of the fruit from all the investments in cloud native Tanzu and others. I'm John Furrier with Dave Vellante. We have the man who's in charge of a lot of that business and a lot of stuff coming out of the oven and hitting the market. Ajay Patel, senior vice president and general manager of the modern applications and management group at VMware, basically the modern apps. >> Absolutely. >> That's Tanzu. All the good stuff. >> And Aria now. >> And Aria, the management platform, which got social graph and all kinds of graph databases. Welcome back. >> Oh, thank you so much. Thanks for having me. >> Great to see you in person, been since 2019 when you were on. So, a lot's happened since 2019 in your area. Again, things get, the way VMware does it as we all know, they announce something and then you build it and then you ship it and then you announce it. >> I don't think that's true, but okay. (laughs) >> You guys had announced a lot of cool stuff. You bought Heptio, we saw that Kubernetes investment and all the cloud native goodness around it. Bearing fruit now, what's the status? Give us the update on the modern applications of the management, obviously the areas, the big announcement here on the management side, but in general holistically, what's the update? >> I think the first update is just the speed and momentum that containers and Kubernetes are getting in the marketplace. So if you take the market context, over 70% of organizations now have Kubernetes in production, not one or two clusters, but hundreds of clusters, sometimes tens of clusters. So, to me, that is a market opportunity that's coming to fruition. Sometimes people will come and say, Ajay, aren't you late to the market? I say, no, I'm just perfectly timing it. 'Cause where does our value come in? It's enterprise readiness. We're the company that people look to when you have complexity, you have scale, you need performance, you need security, you need the robustness. And so, Tanzu is really about making modern applications real, helping you design, develop, build and run these applications. And with Aria, we're fundamentally changing the game around multicloud management. So the one-two punch of Tanzu and Aria is I'm most excited about. >> Isn't it true that most of the Kubernetes, you know, today is people pulling down open source and banging away. And now, they're looking for, you know, like you say, more of a robust management capability. >> You know, last two years when I would go to many of the largest customers, like, you know, we're doing good. We've got a DIY platform, we're building this. And then you go to the customer a year later, he's got knocked 30, 40 teams and he has Log4j happen. And all of a sudden he is like, oh, I don't want to be in the business of patching this thing or updating it. And, you know, when's the next shoe going to fall? So, that maturity curve is what I was talking about. >> Yeah. Free like a puppy. >> Ajay, you know, mentioned readiness, enterprise readiness and the timing's perfect. You kind of included, not your exact words, but I'm paraphrasing. That's a lot to do with what's going on. I mean, I'll say Cloud Native, IWS, think of the hyper scale partner, big partner and Google and even Google said it today. You know, the market world's spinning in their direction. Especially with respect to VMware. You get the relationship with the hyperscalers. Cloud's been on everyone's agenda for a long time. So, it's always been ready. But enterprise, you are customer base at VMware, very cloud savvy in the sense they know it's there, there's some dabbling, there's some endeavors in the cloud, no problem. But from a business perspective and truly transforming the VMware value proposition, is already, they're ready and it's already time now for them, like, you can see the movement. And so, can you explain the timing of that? I mean, I get enterprise readiness, so we're ready to scale all that good stuff. But the timing of product market fit is important here. >> I think when Raghu talks about that cloud first to cloud chaos, to cloud smart, that's the transition we're seeing. And what I mean by that is, they're hitting that inflection point where it's not just about a single team. One of the guys, basically I talked to the CIO, he was like, look, let's assume hypothetically I have thousand developers. Hundred can talk about microservices, maybe 50 has built a microservice and three are really good at it. So how do I get my thousand developers productive? Right? And the other CIO says, this team comes to me and says, I should be able develop directly to the public cloud. And he goes, absolutely you can do that. You don't have to come through IT. But here's the book of security and compliance that you need to enforce to get that thing in production. >> Go for it. >> Go for it. >> Good luck with that. >> So that reality of how do I scale my dev developers is turning into a developer experience problem. We now have titles which says, head of developer experience. Imagine that two years ago. We didn't talk about it. People start, hey, containers Kubernetes. I'm good to go. I can go get all the open source technology you talked about. And now they're saying no. >> And also software supply chains, another board that you're think. This is a symptom of the growth. I mean, open source is the software industry. That is, I don't think debatable. >> Right. >> Okay. That's cool. But now integration becomes vetting, trust, trusting codes. It's very interesting software time right now. >> That's right. >> And how is that impacting the cloud native momentum in your mind? Accelerating it? What inning are we in? How would you peg the progress? >> You know, on that scale of 1 to 10, I think we're halfway marked now. And that moved pretty quickly. >> It really did. >> And if you sit back today, the kinds of applications we're involved in, I have a Chicago wealth management company. We're building the next generation wealth management application. It's a fundamental refactoring of the legacy application. If you go to a prescription company, they're building a brand new prescription platform. These are not just trivial. What they're learning is the lift and shift. Doesn't work for these major applications. They're having to refactor them which is the modernization. >> So how specifically, are they putting some kind of abstraction layer on that? Are they actually gutting it and rewriting it? >> There's always going to be brownfield. Remember the old days of SOA? >> Yeah, yeah. >> They are putting APIs in front of their main systems. They're not rewriting the core banking or the core platform, but the user experience, the business logic, the AIML capability to bring intelligence in the platform. It's surrounding the capability to make it much more intuitive, much more usable, much more declarative. That's where things are going. And so I'm seeing this mix of integration all over again. Showing my age now. But, you know, the new EAI so is now microservices and messaging and events with the same patterns. But again, being much more accelerated with cloud native services. >> And it is to the point, it's accelerated today. They're not having to freeze the code for six months or nine months and that which would kill the whole recipe for failure. So they're able to now to fast track their modernization. They have to prioritize 'cause they got limited resources. But how are you guys coming up to that? >> But the practice is changing as well, right? Well, the old days, it was 12, 18 months cycle or anything software. If you heard the CVS CIO, Rohan. >> Yeah. >> Three months where they started to engage with us in getting an app in production, right? If you look at the COVID, 10 days to get kind of a new application for getting small loans going with Pfizer, right? These are dramatically short term, but it's not rewriting the entire app. It's just putting these newer experiences, newer capability in front with newer modern developer practices. And they're saying, I need to do it not just once, but for 100, 200, 5,000 members. JPMC has 50,000 developers. Fifty thousand. They're not a bank anymore. >> We just have thousands of apps. >> Exactly. >> Ajay, I want to get your thoughts on something that we've been talking about on our super cloud event. I know we had an event a couple weeks ago, you guys were one of our sponsors, VMware was. It was called super cloud where we're defining that this next gen environment's a super cloud and every company will have a super cloud capability. And underneath that is cross cloud capabilities. So, super cloud is like a super set on top of a multi-cloud. And little word play or play on words is, ecosystem partners versus partners in the ecosystem. Because if you're coming down to the integration side of things, it's about knowing what goes what, it's almost like building an OS if you're a coder or an operating systems person. You got to put the pieces together right, not just go to the directory and say, okay, who's got the cheapest price in DR or air gaping or something or some solution. So ecosystem partners are truly partners. Partners in the ecosystem are a bunch of people out on a list. How do you see that? Because the trend we're seeing is, the development process includes partners at day one. >> That's right. Not bolt-on. >> Completely agree. >> Share your thoughts on that. >> So let's look at that. The first thing I'm hearing from my customers is, they're trying to use all the public clouds as a new IS. That's the first API or contract infrastructures code IS. From then on they're saying, I want more and more portable services. And if you see the success of some of the data vendors and the messaging vendors, you're starting to see best of breed becoming part of the platform. So you are to identify which of these are truly, you know, getting market momentum and are becoming kind of defacto leaders. So, Kafka goes hand in hand with streaming. RabbitMQ from my portfolio goes with messaging. Postgres for database. So these are the, in your definition, ecosystem partners, they're foundational. In the security space, you know, Snyk is a common player in terms of scanning or Aqua and Prisma even though we have Carbon Black. Those become partners from a container security perspective. So, what's happening is the industry stabilizing a handful of critical players that are becoming multi-cloud preference of choice in this. And our job is to bring it all together in a all coordinated, orchestrated manner to give them a platform. >> I mean, you guys always had ecosystem, but I think that priority more than ever. It wasn't really your job at VMware, even, Dave, 10 years ago to say, hey, this is the strategic role that you might play one partner. It was pretty much the partners all kind of fed off the momentum of VMware. Virtualization. And there's not a lot of nuance there. There's pretty much they plug in and you got. >> So what we're doing here is, since we're not the center of the universe, unfortunately, for the application world, things like Backstage is a developer portal from Spotify that became open source. That's becoming the place where everyone wants to provide a plugin. And so we took Backstage, we said, let's provide enterprise support for Backstage. If you take a technology like, you know, what we have with Spring. Every job where developer uses Spring, how do we make it modern with Spring cloud. We work with Microsoft to launch a service with Azure Spring Enterprise for Spring. So you're starting to see us taking communities where they have momentum and bringing the ecosystem around those technologies. Cluster API for Kubernetes, for have you managed stuff. >> Yeah. >> So it's about standard. >> Because the developers are voting with their clicks and their code repos. And so you're identifying the patterns that they like. >> That's right. >> And aligning with them and connecting with them rather than trying to sell against it. >> Exactly. It's the end story with everyone. I say stop competing. So people used to think Tanzu is Kubernetes. It's really Tanzu is the modern application platform that runs on any Kubernetes. So I've changed the narrative. When Heptio was here, we were trying to be a Kubernetes player. I'm like, Kubernetes is just another dial tone. You can use mine, you can use OpenShift. So this week we announced support for OpenShift by Tanzu application platform. The values moving up, it's around outcomes. So industry standards, taking lead and solving the problem. >> You know, we had a panel at super cloud. Dave, I know you got a question. I'll get to you in a second. But the panel was the innovator's dilemma. And then during the event, one of the panelists, Chris Hoff knows VMware very well, Beaker on Twitter, said it should be called the integrators dilemma. Because the innovations here, >> How do you put it all together? >> But the integration of the, putting the piece parts together, building the thing is the innovation. >> And we come back and say, it's a secure software supply chain. It starts with great content. Did you know, I published most of the open source content on every hyperscaler through my Bitnami acquisition. So I start with great content that's curated. Then I allow you to create your own golden images. Then I have a build service that secures and so on and so forth and we bring the part. So, that opinionated solution, but batteries included but you can change it is been one of our key differentiator. We recognize the roles is going to be modular, come back and solve for it. >> So I want to understand sort of relationship Tanzu and Aria, John was talking about, you know, super cloud before we had our event. We had an earlier session where we help people understand that Aria was not, you know, vRealize renamed. >> It's rebranded. >> And reason I bring that up is because we had said it around super cloud, that one of the defining characteristics was, sorry, super PaaS, which is a specific purpose built PaaS layer designed to support your objective for multi-cloud. And speaking to a lot of people this week, there's a federated architecture, there's graph relationships, there's real time ability to ingest and analyze. That's unique. And that's IP that is purpose built for what you're doing. >> Absolutely. When I think what came out of all that learning is after 20 years of Pivotal and BA and what we learned that you still need some abstraction layer. Kubernetes is too low level. So what are the developer problems? What are the delivery problems? What are the operations and management problems? Aria solves all the operations and management problem. Tanzu solves a super PaaS problems. >> Yes. Right. >> Of providing a consistent way to build great software and the secure software supply chain to run on any infrastructure. So the combination of Tanzu and Aria complete the value chain. >> And it's different. Again, we get a lot of heat for this, but we're saying, look, we're trying to describe, it's not just IAS, PaaS, and SaaS of last decade. There's something new that's happening. And we chose the name super cloud. >> And what's the difference? It's modular. It's pluggable. It fits into the way you operate. >> Whereas PaaS was very prescriptive. If you couldn't fit, you couldn't jump down to the next level. This is very much, you can stay at the abstraction level or go lower level. >> Oh, we got to add that to the attribute. >> We're recruiting him right now. (laughs) >> We'll give you credit. >> I mean, funny all the web service's background. Look at an app server. You well knew all about app servers. Basically the company is an app. So, if you believe that, say, Capital One is an application as a company and Amazon's providing all the CapEx, >> That's it. >> Okay. And they run all their quote, old IT spend millions, billions of dollars on operating expenses that's going to translate to the top line called the income statement. So, Dave always says, oh, it's on the balance sheet, but now they're going to go to the top line. So we're seeing dynamic. Ajay, I want to get your reaction to this where the business model shift if everything's tech enabled, the company is like an app server. >> Correct. >> So therefore, the revenue that's generated from the technology, making the app work has to get recognized in the income. Okay. But Amazon's doing all, or the cloud hyperscale is doing all the heavy lifting on the CapEx. So technically it's the cloud on top of a cloud. >> Yes and no. The way I look at it, >> I call that a super cloud. >> So I like the idea of super cloud, but I think we're mixing two different constructs. One is, the cloud is a new hardware, right? In terms of dynamic, elastic, always available, et cetera. And I believe when more and more customer I talk about, there's a service catalog of infrastructure services. That's emerging. This super cloud is the next set of PaaS super PaaS services. And the management service is to use the cloud. We spend so much time as VMware building clouds, the problem seems, how do you effectively use the cloud? What problems do we solve around digital where every company is a digital company and the product is this application, as you said. So everything starts with an application. And you look at from the lens of how you run the application, what it costs the application, what impact it's driving. And I think that's the change. So I agree with you in some way. That is a digital strategy. >> And that's the company. >> That's the company. The application is the company. >> That's the t-shirt. >> And API is the currency. >> So, Ajay, first of all, we love having you in theCube 'cause you're like a masterclass in multiple dimensions. So, I want to get your thoughts on the abstraction layer. 'Cause we were also talking earlier in theCube here as well as before. But abstraction layers happen when you have major movements in markets that are game changing or major inflection points because you've reached a complexity point where it's working so great, this new thing, that's too complex to reign it in. And we were quoting Andy Grove by saying, "let chaos reign then reign in the chaos". So, all major industry moments go back 30, 40 years happen with abstractions. So the question is is that, you can't be a vendor, we've observed you can't be a vendor and be the abstraction. Like, if Cisco's running routers, they can't be the abstraction layer. They have to be the benefit of the abstraction layer. And if you're on the other side of the abstraction layer, you can't be running that either. >> I like the way you're thinking about it. Yeah. Do you agree? >> I completely agree. And, you know, I'm an old middleware guy. And when I used to say this to my CEO, he's like, no, it's not middleware, it's just a new middleware. And what's middleware, right? It's a thing between app and infrastructure. You could define it whatever we want, right? And so this is the new distributed middleware. >> It's a metaphor and it's a good one because it does a purpose. >> It's a purpose. >> It creates a separation but then you have, it's like a DMZ zone or whatever you want to call it. It's an area that things happen. >> But the difference before last time was, you could always deploy it to a thing. The thing is now the cloud. The thing is a set of services. So now it's as much of a networking problem at the application layer is as much as security problem. It's how you build software, how we design. So APIs, become part of your development. You can't think of APIs after the fact, right? When you build an API, you got to publish API because the minute you publish it and if you change it, the API's out of. So you can't have it as a documentation process. So, the way you build software, you use software consume is all about it. So to me, digital product with an API as a currency is where we're headed towards. >> Yeah, that's a great observation. Want to make a mental note of that and make that a clip. I want to get your thoughts on software development. You mentioned that, obviously software development life cycles are changing. I'll say open sources now. I mean, it's unlimited codes, supply chain issue. What's in the code, I get that verified codes going to happen. Is software development coding as much or is coding changing the notion of writing code? Or is it more glue layer you're writing. >> I think you're onto something. I call software developments composition now. My son's at Facebook or Google. They have so many libraries. So you don't no longer start with the very similar primitive, you start with building blocks, components, services, libraries, open source technology. What are you really doing? You're composing these things from multiple artifacts. And how do you make sure those artifacts are good artifacts? So someone's not sticking in security in a vulnerability into it. So, the world is moving towards composition and there are few experts who build the core components. Most of the time we're just using those to build solutions. And so, the art here is, how do you provide that set of best practices? We call them patterns or building blocks or services that you can compose to build these next generation (indistinct) >> It's interesting. >> Cooking meals. >> I agree with you a hundred percent what you're thinking. I agree about that worldview. Here's a dilemma that I'm seeing. In the security world, you've got zero trust. You know, Which is, I don't know you, I don't trust you at all. And if you're going to go down this composed, we're going to have an orchestra of players with instruments, say to speak, Dave, metaphor. That's trust involved. >> Yes. >> So you have two spectrums of issues. >> Yes. >> If software's going trust and you're seeing Docker containers getting more verifications, software supply chain, and then you got hardware I call network guys, love zero trust. Where's the balance? How do you reconcile that? Is it just decoupled? Nuance? I mean, what's the point? >> No, no. I think it all comes together. And what I mean by that is, it starts with left shifting it all the way to hands of the developers, right? So, are you starting with good content? You have providence of the stuff you're using. Are you building it correctly? So you're not introducing bad things like solar winds along the process. Are you testing it along the way of the development process? And then once in production, do you know, half the time it's configurations of where you're running the stuff versus the software itself. So you can think of the two coming together. And the network security is protecting people from going laterally once they've got in there. So, a whole security solution requires all of the above, a secure software supply chain, the way to kind of monitor and look at configuration, we call posture management or workload management and the network security of SaaS-e for zero trust. That's a hard thing. And the boundary is the application. >> All right. >> So is it earned trust model sort of over time? >> No, it's designed in, it's been a thing. >> Okay. So it's not a, >> Because it developed. >> You can bolt in afterwards. >> Because the developers are driving it. They got to know what they're doing. >> And it's changing every week. If I'm putting a new code out every week. You can't, it can be changed to something else. >> Well, you guys got guardrails. The guardrails constant is a good example. >> It stops on the configuration side, but I also need the software. So, Tanzu is all about, the secure chain is about the development side of the house. Guardrails are on the operational side of the house. >> To make sure the developers don't stop. >> That's right. >> Things will always get out there. And I find out there's a CV that I use a library, I found after the fact. >> Okay. So again, while I got here again, this is great. I want to get test this thesis. So, we've been saying on theCube, talking about the new ops, the new kind of ops that emerging. DevOps, which we believe is cloud native. So DevOps moving infrastructure's code, that's happened, it's all good. Open source is growing. DevOps is done deal. It's done deal. Developers are doing that. That ops was IT. Then don't need the server, clouds my hardware. Check. That balances. The new ops is data and security which has to match up to the velocity of the developers. Do you believe that? >> Completely. That's why we call it DevSecOps. And the Sec is where all the action is. >> And data. And data too. >> And data is about making the data available where the app meets. So the problem was, you know, we had to move the logic to where the data is or you're going to move the data where the logic is. So data fabrics are going to become more and more interesting. I'll give you a simple example. I publish content today in a service catalog. My customer's saying, but my content catalog needs to be in 300 locations. How do I get the content to each of the repos that are running in 300 location? So I have a content distribution problem. So you call it a data problem. Yes, it's about getting the right data. Whether it's simple as even content, images available for use for deployment. >> So you think when I think about the application development stack and the analytics stack, the data stack, if I can call it that, they're separate, right? Are those worlds, I mean, people say, I want to inject data and AI intelligence into apps. Those worlds have deployment? I think about the insight from the historical being projected in the operational versus they all coming together. I have a Greenplum platform, it's a great analytics platform. I have a transactional platform. Do my customers buy the same? No, they're different buyers, they're different users. But the insight from that is being now plugged in so that at real time I can ask the question. So even this information is being made available on demand. So that's where I see it. And that's most coming together, but the insight is being incorporated in the operational use. So I can say, do I give the risk score? Do I give you credit? It's based on a whole bunch of historical analytics done. And at the real time, processing is happening, but the intelligence is behind it. >> It's a mind shift for sure because the old model was, I have a database, we're good. Now you have time series database, you got graphs. Each one has a role in the overall construct of the new thing. >> But it's about at the end. How do I make use of it? Someone built a smart AI model. I don't know how it was built, but I want to apply it for that particular purpose. >> Okay. So the final question for you, at least from my standpoint is, here at VMware Explore, you have a lot of the customers and so new people coming in that we've heard about, what's their core order of operations right now? Get on the bandwagon for modern apps. How do you see their world unfolding as they go back to the ranch, their places, and go back to their boss? Okay. We got the modern application. We're on the right track boss, full steam ahead. Or what change do they make? >> I think the biggest thing I saw was with some of the branding changes well and some of the new offerings. The same leader had two teams, the VMware team and the public cloud team. And they're saying, hey, maybe VMware's going to be the answer for both. And that's the world model. That's the biggest change I'm seeing. They were only thinking of us on the left column. Now they see us as a unifying player to play across cloud native and VMware, the uniquely set up to bring it all together. That's been really exciting this week. >> All right, Ajay, great to have you on. Great perspective. Worthy of great stuff. Congratulations on the success of all that investment coming to bear. >> Thank you. >> And on the new management platform. >> Yeah. Thank you. And thanks always for giving us all the support we need. It's always great. >> All right Cube coverage here. Getting all the data, getting inside the heads, getting all the specifics and all the new trends and actually connecting the dots here on theCube. I'm John Furrier with Dave Vellante. Stay tuned for more coverage from day two. Two sets, three days, Cube at VMware Explore. We'll be right back. (gentle music)