hello and welcome to this special cube conversation i'm dave nicholson and this is part of our continuing coverage of google cloud next 2021 i have two very special guests with me and we are going to talk about the topic of security uh i have sunil potti who is vice president and general manager of google cloud security uh who in a previous life had senior leadership roles at nutanix and citrix along with lior div who is the ceo and co-founder of cyber reason lior was formerly a commander in the much famed unit 8200 uh part of the israeli defense forces uh where he was actually a medal of honor recipient uh very uh honored to have him here this morning sunil and lior welcome to the cube sunil welcome back to the cube yeah great to be here david and and to be in the presence of a medal of honor recipient by the way a good friend of mine leor so be here well good to have both of you here so uh i'm the kind of person who likes my dessert before my uh before my entree so why don't we just get right to it you're the two of you are here to announce something very very significant uh in the field of security uh sunil do you want to start us out what are we here to talk about yeah i mean i think maybe uh you know just to set this context um as as many of you know about a decade ago a nation's sponsored attack you know actually got into google plus a whole bunch of tech companies you know the project aurora was quite uh you know infamous for a certain period of time and actually google realized almost a decade ago that look you know security can't just be a side thing it has to be the primary thing including one of the co-founders becoming for lack of a better word the chief security officer for a while but one of the key takeaways from that whole incident was that look you have to be able to detect everything and trust nothing and and the underpinning for at least one of them led to this whole zero trust architectures that everybody now knows about but the other part which is not as popular at least in industry vernacular but in many ways equally important and some ways more important is the fact that you need to be able to detect everything so that you can actually respond and that led to the formation of you know a project internal to google to actually say that look let's democratize uh storage and make sure that nobody has to pay for capturing security events and that led to the formation of this uh new industry concept called a security data lake in chronicle was born and then as we started evolving that over into the enterprise segment partnering with you know cyber reason on one hand created a one plus one equals three synergy between say the presence around what do you detect from the end point but also generally just so happens that as lior will tell you the cyber reason technology happens to start with endpoint but it's actually the core tech is around detecting events but doing it in a smart way to actually respond to them in much more of a contextual manner but beyond just that you know synergy between uh you know a world-class planet scale you know security data like forming the foundation and integrating you know in a much more cohesive way with uh cyber reasons detection response offering the spirit was actually that this is the first step of a long journey to really hit the reset button in terms of going from reactive mode of security to a proactive mode of security especially in a nation-state-sponsored attack vector so maybe leo you can speak a few minutes on that as well absolutely so um as you said i'm coming from a background of uh nation state hacking so for us at cyberism it's uh not is foreign uh what the chinese are doing uh on a daily basis and the growing uh ransomware cartel that's happening right now in russia um when we looked at it we said then uh cyberism is very famous by our endpoint detection and response capability but when we establish cyber reason we establish the cyberism on a core or almost fundamental idea of finding malicious operation we call it the male idea so basically instead of looking for alerts or instead of looking for just pieces of data we want to find the hackers we want to find the attack we want to be able to tell basically the full story of what's going on uh in order to do that we build the inside cyberism basically from day one the ability to analyze any data in real time in order to stitch it into the story of the male the malicious operation but what we realize very quickly that while our solution can process more than 27 trillion events a week we cannot feed it fast enough just from end point and we are kind of blind when it comes to the rest of the attack surface so we were looking uh to be honest quite a while for the best technology that can feed this engine and to as sunil said the one plus one equal three or four or five to be able to fight against those hackers so in this journey uh we we found basically chronicle and the combination of the scale that chronicle bringing the ability to feed the engine and together basically to be able to find those hackers in real time and real time is very very important and then to response to those type of attack so basically what is uh exciting here we created a solution that is five times faster than any solution that exists right now in the market and most importantly it enables us to reverse the atmospheric advantage and basically to find them and to push them out so we're moving from hey just to tell you a story to actually prevent hackers to being in your environment so leor can you i want to double click on that just just a little bit um can you give give us a kind of a concrete example of this difference between simply receiving alerts and uh and actually um you know taking taking uh uh correlating creating correlations and uh and actually creating actionable proactive intelligence can you give us an example of that working in in the real world yeah absolutely we can start from a simple example of ransomware by the time that i will tell you that there is a ransomware your environment and i will send an alert uh it will be five computers that are encrypted and by the time that you gonna look at the alert it's gonna be five thousand uh basically machines that are encrypted and by the time that you will do something it's going to be already too little too late and this is just a simple example so preventing that thing from happening this is critical and very timely manner in order to prevent the damage of ransomware but if you go aside from ransomware and you look for example of the attack like solarwind basically the purpose of this attack was not to create damage it was espionage the russian wanted to collect data on our government and this is kind of uh the main purpose that they did this attack so the ability to be able to say hey right now there is a penetration this is the step that they are doing and there is five ways to push them out of the environment and actually doing it this is something that today it's done manually and with the power of chronicle and cyberism we can do it automatically and that's the massive difference sunil are there specific industries that should be really interested in this or is this a is this a broad set of folks that should be impacted no you know in some ways uh you know the the the saying these days to learn's point on ransomware is that you know if if a customer or an enterprise has a reasonable top-line revenue you're a target you know you're a target to some extent so in that sense especially given that this has moved from pure espionage or you know whether it be you know government oriented or industrial espionage to a financial fraud then at that point in time it applies to pretty much a wide gamut of industries not just financial services or you know critical infrastructure companies like oil and gas pipeline or whatever it could be like any company that has any sort of ip that they feel drives their top line business is now a target for such attacks so when you talk about the idea of partnership and creating something out of a collaboration what's the meat behind this what what what do you what are you guys doing beyond saying you know hey sunil lior these guys really like each other and they respect what the other is doing what's going on behind the scenes what are you actually implementing here moving forward so every partnership is starting with love so it's good [Laughter] but then it need to translate to to really kind of pure value to our customers and pure value coming from a deep integration when it's come to the product so basically uh what will happen is every piece of data that we can collect at cyber is in uh from endpoint any piece of data that the chronicle can collect from any log that exists in the world so basically this is kind of covering the whole attack surface so first we have access to every piece of information across the full attack surface then the main question is okay once you collect all this data what you're gonna do with it and most of companies or all the companies today they don't have an answer they're saying oh we're gonna issue an alert and we hope that there is a smart person behind the keyboard that can understand what just happened and make a decision and with this partnership and with this integration basically we're not asking and outsourcing the question what to do to the user we're giving them the answer we're telling them hey this is the story of the attack this is all the pieces that's going on right now and in most cases we're gonna say hey and by the way we just stopped it so you can prevent it from the future when will people be able to leverage this capability in an integrated way and and and by the way restate how this is going to market as an integrated solution what is what is the what is what are we going to call this moving forward so basically this is the cyber reason xdr uh powered by chronicle and we are very very um uh happy about it yeah and i think just to add to that i would say look the the meta strategy here and the way it'll manifest is in this offering that comes out in early 2022 um is that if you think about it today you know a classical quote-unquote security pipeline is to detect you know analyze and then respond obviously you know just just doing those three in a good way is hard doing it in real time at scale is even harder so just that itself was where cyber reason and chronicle would add real value where we are able to collect a lot of events react in real time but a couple of things that i think that you know to your original point of why this is probably going to be a little for game changer in the years to come is we're trying to change that from detect analyze respond to detect understand and anticipate so because ultimately that's really how we can change you know the profile from being reactive in a world of ransomware or anything else to being proactive against a nation sponsored or nation's influenced attacks because they're not going to stop right so the only way to do this is to rather than just go back up the hatches is just really you know change change the profile of how you'll actually anticipate what they were probably going to do in 6 months or 12 months and so the the graph technology that powers the heart of you know cyber reason is going to be intricately woven in with the contextual information that chronicle can get so that the intermediate step is not just about analysis but it's about truly understanding the overall strategy that has been employed in the past to predict what could happen in the future so therefore then actions could be taken downstream that you can now say hey most likely this these five buckets have this kind of personal information data there's a reasonable chance that you know if they're exposed to the internet then as you create more such buckets in that project you're going to be susceptible to more ransomware attacks or some other attacks right and that's the the the kind of thinking or the transformation that we're trying to bring out with this joint office so lior uh this this concept of uh of mallops and uh cyber reason itself you weren't just born yesterday you've been you've been uh you have thousands of customers around the globe he does look like he was born i i know i know i know well you you know it used to be that the ideal candidate for ceo of a startup company was someone who dropped out of stanford i think it's getting to the point where it's people who refused admission to stanford so uh the the dawn of the 14 year old ceo it's just it's just around the corner but uh but lior do you get frustrated when you see um you know when you become aware of circumstances that would not have happened had they implemented your technology as it exists today yeah we have a for this year it was a really frustrating year that starting with solarwind if you analyze the code of solarwind and we did it but other did it as well basically the russians were checking if cyberism is installed on the machine and if we were installed on the machine they decided to stop the attack this is something that first it was a great compliment for us from you know our not friend from the other side that decided to stop the attack but on a serious note it's like we were pissed because if people were using this technology we know that they are not going to be attacked when we analyze it we realize that we have three different ways to find the solar wind hackers in a three different way so this is just one example and then the next example in the colonial pipeline hack we were the one that found darkseid as a group that we were hacking we were the first one that released a research on them and we showed how we can prevent the basically what they are doing with our technology so when you see kind of those type of just two examples and we have many of them on a daily basis we just know that we have the technology in order to do that now when we're combining uh the chronicle technology into the the technology that we already have we basically can reverse the adversary advantage this is something that you're not doing in a single day but this is something that really give power to the defenders to the communities of siso that exist kind of across the us um and i believe that if we're going to join forces and lean into this community and and basically push the solution out the ability for us to fight against those cartels specifically the ransomware cartels is going to be massive sunil this time next year when we are in uh google cloud next 2022 um are you guys going to come back on and offer up the we told you so awards because once this is actually out there and readily available the combination of chronicle and cyber reasons technology um it's going to be hard for some csos to have an excuse uh it may be it may be a uncomfortable to know that uh they could have kept the door secure uh but didn't yeah where's that bad business is that bad business to uh hand out awards for doing dumb things i don't know about uh you know a version of darwin awards probably don't make sense but but but generally speaking so i do think uh you know we're all like as citizens in this right because you know we talk about customers i mean you know alphabet and google is a customer in some ways cyber reason is a customer the cube is a customer right so i think i think the robot hitting the road a year from now will be we should we should do this where i don't know if the cube does more than two folks at the same time david but we should i mean i'm sure we'll have enough to have at least a half a dozen in in the room to kind of talk about the solution because i think the the you know as you can imagine this thing didn't materialize i mean it's been being cooked for a while between your team and our team and in fact it was inspired by feedback from some joint customers out in the market and all that good stuff so so a year from now i think the best thing would be not just having customers to talk about the solution but to really talk about that transformation from respond to anticipate and do they feel better on their security posture in a world that they know like and leo should probably spend a few minutes on this is i think we're on the tip of the sphere of this nation-state era and what we've just seen in the last few years is what maybe the nation-states have seen over two decades ago and they're going to run those playbooks on the enterprise for the next decade or so yeah leor talk about that for a minute yeah it's it's really you know just to continue the sunil thought it's it's really about finding the unknown because what's happening on the other side it's like specifically china and russia and lately we saw iran starting to gain uh power um basically their job is to become better and better and to basically innovate and create a new type of attack on a daily basis as technology has evolved so basically there is a very simple equation as we're using more technology and relying more on technology the other side is going to exploit it in order to gain more power espionage and create financial damage but it's important to say that this evolution it's not going to stop this is just the beginning and a lot of the data that was belong just to government against government fight basically linked in the past few years now criminals starting to use it as well so in a sense if you think about it what's happening right now there is basically a cold war that nobody is talking about it between kind of the giant that everybody is hacking everybody and in the crossfire we see all of those enterprises across the world it was not a surprise that um you know after the biden and putin uh meeting suddenly it was a quiet it was no ransomware for six weeks and after something changing the politics suddenly we can see a a groin kind of attack when it's come to ransomware that we know that was directed from russia in order to create pressure on the u.s economy sunil wrap us up what are your f what are what are your final thoughts and uh what's what's the what's the big takeaway here no i think you know i i think the key thing for everyone to know is look i think we are going into an era of state-sponsored uh not espionage as much as threat vectors that affect every business and so in many ways the chiefs the chief information security officer the chief risk officer in many ways the ceo and the board now have to pay attention to this topic much like they paid attention to mobile 15 years ago as a transformation thing or maybe cloud 10 years ago i think cyber has been one of those it's sort of like the wireless error david like it existed in the 90s but didn't really break around until iphone hit or the world of consumerization really took off right and i think we're at the tip of the spear of that cyber really becoming like the era of mobile for 15 years ago and so i think that's the if there's like a big takeaway i think yes there's lots of solutions the good news is great innovations are coming through companies like cyber reason working with you know proven providers like google and so forth and so there's a lot of like support in the ecosystem but i think if there was one takeaway that was that everybody should just be ready internalized we don't have to be paranoid about it but we anticipate that this is going to be a long game that we'll have to play together well with that uh taking off my journalist hat for a moment and putting on my citizen hat uh it's reassuring to know that we have really smart people working on this uh because when we talk about critical infrastructure control systems and things like that being under threat um that's more significant than simply having your social security number stolen in a in a data breach so um with that uh i'd like to thank you sunil leor thank you so much for joining us on this special cube conversation this is dave nicholson signing off from our continuing coverage of google cloud next 2021 [Music] you

>> Announcer: Live from Las Vegas, it's The Cube covering AWS re:Invent 2017. Presented by AWS, Intel, and our ecosystem of partners. >> Hey, welcome back to The Cube. Continuing live coverage on day three of AWS re:Invent 2017. We have had three days of great coverage, 44,000 or plus people at this event, lots of great announcements from AWS, from their partners, and we're very excited to be joined by our next guest, Christoph Pfister, the Executive Vice President of products from SolarWinds. Thanks for stopping by and chatting with Justin and me today. >> Thank you for having me. >> So tell us, what's going on at SolarWinds? What are some of the cool things that you're here to announce? >> Right, so first of all, great show, isn't it? >> Justin: Amazing. >> Lisa: Very (mumbles). Yes. (Christoph laughs) >> And it's a great show for us because we've announced a few new products and initiatives, and amongst them, the first product that provides both powerful and affordable full-stack monitoring for DevOps people. And so we'll talk hopefully a little bit more about that in a few minutes, but that's really the heritage of SolarWinds. We provide software that's simple, yet powerful and affordable, and we've been doing that since about 1999, when the company was founded in Austin, Texas. And the big thing about this is that we build software that IT professionals love, and they love it because it's simple, approachable, affordable, yet powerful, and that has propelled us to a leadership position in Network Management, Network Monitoring. So, SolarWinds is the number one by market share in that space, and we're now aiming to bring that to the... That simplicity, that power to cloud monitoring as well. >> So, you have a great community of people-- >> Yes, huge community. >> Who love SolarWinds. Massive community, the ThWACK community, and everything that people talk about online-- >> You know the company well. That's good. >> I know the company well. I've been to Austin many times, I've been to the campus. It's a great company. So, people know those tools really well. As you say, you're very, very strong in network monitoring, so tell us a bit more about this full-stack monitoring that you're doing. What do you mean by "full-stack"? >> Yes, so if you think about some of the key trends we see in the market... Let's go top to bottom. AWS announcing all these services here at the event, machine learning services, (mumbles) services, new database stuff... Amazing. And so, all of these services gonna to make their way, eventually, into applications, into apps, right? So, there's going to be more and more apps, and these apps gonna deliver value to business, to consumers, and therefore need to run pretty much flawlessly, right? Yet, behind this usually simple user experience of these apps, these apps have become massively complex, right? So, back in the day, and I'm going to date myself a little bit now, when I started in monitoring, it was pretty simple. There was a (mumbles) server, three tiers, and the app was pretty static, right? So nowadays, it's all about microservices-- >> All those microservices. >> All these dependencies that exist, which means that if there's a failure, it may be cascading failure, and so it's much, much more difficult to figure out if your app is doing well or not. And so, monitoring becomes so much more important in that context. And by the way, here at the show, people talk about monitoring a lot, and maybe (mumbles) that I would have is that in the marketplace, one of the top eight categories that Dave (mumbles) mentioned on stage at the (mumbles) event was monitoring is the one thing in the marketplace that people just need and want, so monitoring is important, and so what we're announcing here at... What we've announced here at the show is a brand new product called AppOptics, and AppOptics converges traditional infrastructure and application performance management, and provides coverage for what we call "The Three Layers of Observability," which are metrics, logs, and transaction traces, because we think that without transaction traces in these microservices-type architectures, very, very difficult to get to the root cause of issues, and so, we aim to cover the three layers of, or the three pillars, of observability: metrics, logs and traces, with AppOptics, and do it in a way that is simple and approachable. >> What do you mean by... I think it was a press article that you were quoted in about "democratizing monitoring." What do you mean by-- >> Do you like that term? >> It's very cool. (Christoph laughs) But what does it mean? >> What does it mean? Alright, so if you think about companies with application portfolios, right, so large companies may have between 500 and 800 apps, but there's studies out there that say only about 10% to 15% are being monitored. And so, why is that? It's for two reasons in our view. One is that application performance monitoring has been very affordable, so it's a question of "If I need to buy... If you need to pay $100 a host to get application performance monitoring, then many companies are not going to do it. And second reason is approachability and simplicity, meaning if you have to instrument you app manually... And I know you guys had a guest the other day, who talked about the importance of instrumenting apps. That's totally true, but you have to make it approachable, meaning the instrumentation has to be automatic. And that's exactly what we provide. We provide automatic, one single line instrumentation for all these microservices' languages. So, we cover seven languages, we cover PHP, Python, Java, the .Net... And I'm forgetting a few, of course, and so making your application performance and infrastructure monitoring number one, cheaper... So, we start with AppOptics at $7.50 a host a month. If you compare that to the hundreds of bucks a host a month that are kind of common game in the industry right now, that's pretty disruptive. And we make it much, much quicker to instrument these apps. So, that's what we mean by democratizing application performanceand infrastructure management because we think many more companies will be able to afford it, and many more companies will be able to actually deploy this stuff in a timely manner. >> So once you've instrumented it, who's it targeted for? Because, developers love to live in code land and do everything through APIs, but operators do actually like to be able to see things in charts, and for me, I like living on the command line absolutely, but I enjoy a good picture as well, and sometimes it's much, much easier to see what's happening if I just draw a graph, rather than sitting there looking at streams of code flying by. >> Christopher: Absolutely. >> So, do you have both of those options available in a DevOps model or... >> Christoph: We totally (mumbles). Who are the people you target for? So, we target the DevOps engineers, sometimes called System Reliability Engineer, and so, we provide dashboards, like the metrics, of course, that you would traditionally want to see and see how things are going over time. We provide the traces, and also, that's very graphical, so you see how much time a transaction spends in each of the layers of the app in each of the microservices. >> Justin: Okay. >> And that's very visual as well. And then, of course, we provide RESTful APIs as well to a lot of developers to do stuff with it. >> Yeah. >> So, couple things that I heard you say in terms of the value preposition SolarWinds brings is being able to facilitate from 15% to hopefully 100% of applications being monitored. That price has really been-- >> 80% would be great. >> If we get to 80%, we'll be great. (Lisa laughs) >> Well, you said that price has been a really big inhibitor, so you guys do it for a lot less and faster. Can you give an example of a customer that you've really helped transform, so that they get much more visibility into upwards of 80% of their applications? >> Yeah, so I mean, AppOptics is just coming out, so we've announced it; it's a new product. And so, we've had tons (mumbles) in beta. The first thing that I would say is that all of them were up and running, and actually getting metrics into the dashboard in between three and five minutes, so very, very fast. (Mumbles) this one line... Auto-instrumentation really clicks. And so there's universities, there is smaller IT shops, there's big companies who are interested in that kind of stuff. In general, one of the things that people don't necessarily know about SolarWind's portfolio is we've started to invest in Cloud, in roughly 2014. We've acquired some premiere product and franchises, one of them being Pingdom, for digital experience monitoring. Another one being Papertrail, which is an amazing hosted log-management solution. And between these solutions, we have about... Slightly short of a million users already. >> Lisa: Wow. >> So, significant, significant footprint in the marketplace, and so, customers that are "cloud native," born in the cloud companies like GitHub, Spotify, AirBnb, and so... Uber, as an example... And you have the traditional companies: New York Times, BBC, packaging companies, smaller compa-- I mean, it really running the gammit of the space out there. >> What is digital experience monitoring, and how are you doing that? >> That's a great question. (Lisa laughs) >> So, we look at digital experience monitoring from two facets, really. The first facet is... So, I talked a lot about observability and sort of the white-box monitoring, where you gotta drill down into the code and the transaction, and so on, but typically one goal of monitoring is to be ahead of your consumers in terms of noticing problems. And so for that, the best way, is really, is to have synthetic transactions that simulate user behavior hitting your app. And so, that's one... Synthetic monitoring's one dimension of digital experience. But beyond that, and that's where we're investing very heavily with Pingdom is this notion of... Yeah, we talk a lot about apps, but there's lots of companies out there that are putting their stuff out on websites, right? So nowadays, if I go to the doctor and later on, I want to see my test results, it's on a website. If I go to take my car to the garage, they make appointments on a website. And many times, these people have no idea how their site is doing, what the response time is, all that kind of stuff. And that's what Pingdom provides, but what we're doing, taking it beyond the simple (mumbles) time and performance is we're marrying business metrics, like bounce rates... What's a bounce rate of the site? What's the revenue that's the site driving right now if it's a revenue-generating site, and correlating that with the performance aspects of the site. How are the transactions doing? How long does it take from the first click to the shopping cart? And so, that's what we think of as digital experience, and there's much, much more to do because, really, what you want to do at the end is to see how users flow through your webpage, and where they probably disengage, where they move somewhere else. You want to detect these spots and see if it has to do anything with the performance or the way you laid out the site. And so, digital experience monitoring, we think, is going to be huge. >> Lisa: Absolutely. Well, thank you so much for stopping by, Christoph, and speaking with Justin and me. We could keep going, but unfortunately-- >> Christoph: Yeah! >> We are out of time. >> It's so short. >> Exactly, but we look forward to having you back on the show next time. >> I'd be delighted. >> And we want to thank you for watching. I'm Lisa Martin for my co-host, Justin Warren. You're watching The Cube live from day three at AWS re:Invent 2017. Stick around, we'll be right back.