>>The cube presents Ignite 22, brought to you by Palo Alto Networks. >>Good morning. Live from the MGM Grand. It's the cube at Palo Alto Networks Ignite 2022. Lisa Martin here with Dave Valante, day two, Dave of our coverage, or last live day of the year, which I can't believe, lots of good news coming out from Palo Alto Networks. We're gonna sit down with its Chief product officer next and dissect all of that. >>Yeah. You know, oftentimes in, in events like this, day two is product day. And look, it's all about products and sales. Yeah, I mean those, that's the, the, the golden rule. Get the product right, get the sales right, and everything else will take care of itself. So let's talk product. >>Yeah, let's talk product. Lee Claridge joins us, the Chief Product Officer at Palo Alto Networks. Welcome Lee. Great to have >>You. Thank you so much. >>So we didn't get to see your keynote yesterday, but we heard one of the things, you know, we've been talking about the threat landscape, the challenges. We had Unit 42, Wendy on yesterday. We had Nash on and near talking about the massive challenges in the threat landscape. But we understand, despite that you are optimistic. I am. Talk about your optimism given the massive challenges that every organization is facing today. >>Look, cybersecurity's hard and often in cybersecurity in the industry, a lot of people get sort of really focused on what the threat actors are doing, why they're successful. We investigate breaches and we think of it, it just starts to feel somewhat overwhelming for a lot of folks. And I just happen to think a little bit differently. I, I look at it and I think it's actually a solvable problem. >>Talk about cyber resilience. How does Palo Alto Networks define that and how does it help customers achieve that? Cuz that's the, that's the holy grail these days. >>Yes. Look, the, the way I think about cyber resilience is basically in two pieces. One, it's all about how do we prevent the threat actors from actually being successful in the first place. Second, we also have to be prepared for what happens if they happen to find a way to get through, and how do we make sure that that happens? The blast radius is, is as narrowly contained as possible. And so the, the way that we approach this is, you know, I, I kind of think in terms of like threes three core principles. Number one, we have to have amazing technology and we have to constantly be, keep keeping up with and ideally ahead of what attackers are doing. It's a big part of my job as the chief product officer, right? Second is we, you know, one of the, the big transformations that's happened is the advent of, of AI and the opportunity, as long as we can do it, a great job of collecting great data, we can drive AI and machine learning models that can start to be used for our advantage as defenders, and then further use that to drive automation. >>So we take the human out of the response as much as possible. What that allows us to do is actually to start using AI and automation to disrupt attackers as it's happening. The third piece then becomes natively integrating these capabilities into a platform. And when we do that, what allows us to do is to make sure that we are consistently delivering cybersecurity everywhere that it needs to happen. That we don't have gaps. Yeah. So great tech AI and automation deliver natively integrated through platforms. This is how we achieve cyber resilience. >>So I like the positivity. In fact, Steven Schmidt, who's now the CSO of, of Amazon, you know, Steven, and it was the CSO at AWS at the time, the first reinforced, he stood up on stage and said, listen, this narrative that's all gloom and doom is not the right approach. We actually are doing a good job and we have the capability. So I was like, yeah, you know, okay. I'm, I'm down with that. Now when I, my question is around the, the portfolio. I, I was looking at, you know, some of your alternatives and options and the website. I mean, you got network security, cloud security, you got sassy, you got capp, you got endpoint, pretty much everything. You got cider security, which you just recently acquired for, you know, this whole shift left stuff, you know, nothing in there on identity yet. That's good. You partner for that, but, so could you describe sort of how you think about the portfolio from a product standpoint? How you continue to evolve it and what's the direction? Yes. >>So the, the, the cybersecurity industry has long had this, I'm gonna call it a major flaw. And the major flaw of the cybersecurity industry has been that every time there is a problem to be solved, there's another 10 or 20 startups that get funded to solve that problem. And so pretty soon what you have is you're, if you're a customer of this is you have 50, a hundred, the, the record is over 400 different cybersecurity products that as a customer you're trying to operationalize. >>It's not a good record to have. >>No, it's not a good record. No. This is, this is the opposite of Yes. Not a good personal best. So the, so the reason I start there in answering your question is the, the way that, so that's one end of the extreme, the other end of the extreme view to say, is there such a thing as a single platform that does everything? No, there's not. That would be nice. That was, that sounds nice. But the reality is that cybersecurity has to be much broader than any one single thing can do. And so the, the way that we approach this is, is three fundamental areas that, that we, Palo Alto Networks are going to be the best at. One is network security within network security. This includes hardware, NextGen, firewalls, software NextGen, firewalls, sassy, all the different security services that tie into that. All of that makes up our network security platforms. >>So everything to do with network security is integrated in that one place. Second is around cloud security. The shift to the cloud is happening is very real. That's where Prisma Cloud takes center stage. C a P is the industry acronym. If if five letters thrown together can be called an acronym. The, so cloud native application protection platform, right? So this is where we bring all of the different cloud security capabilities integrated together, delivered through one platform. And then security, security operations is the third for us. This is Cortex. And this is where we bring together endpoint security, edr, ndr, attack, surface management automation, all of this. And what we had, what we announced earlier this year is x Im, which is a Cortex product for actually integrating all of that together into one SOC transformation platform. So those are the three platforms, and that's how we deliver much, much, much greater levels of native integration of capabilities, but in a logical way where we're not trying to overdo it. >>And cider will fit into two or three >>Into Prisma cloud into the second cloud to two. Yeah. As part of the shift left strategy of how we secure makes sense applications in the cloud >>When you're in customer conversations. You mentioned the record of 400 different product. That's crazy. Nash was saying yesterday between 30 and 50 and we talked with him and near about what's realistic in terms of getting organizations to, to be able to consolidate. I'd love to understand what does cybersecurity transformation look like for the average organization that's running 30 to 50 point >>Solutions? Yeah, look, 30 to 50 is probably, maybe normal. A hundred is not unusual. Obviously 400 is the extreme example. But all of those are, those numbers are too big right now. I think, I think realistic is high. Single digits, low double digits is probably somewhat realistic for most organizations, the most complex organizations that might go a bit above that if we're really doing a good job. That's, that's what I think. Now second, I do really want to point out on, on the product guy. So, so maybe this is just my way of thinking, consolidation is an outcome of having more tightly and natively integrated capabilities. Got you. And the reason I flip that around is if I just went to you and say, Hey, would you like to consolidate? That just means maybe fewer vendors that that helps the procurement person. Yes. You know, have to negotiate with fewer companies. Yeah. Integration is actually a technology statement. It's delivering better outcomes because we've designed multiple capabilities to work together natively ourselves as the developers so that the customer doesn't have to figure out how to do it. It just happens that by, by doing that, the customer gets all this wonderful technical benefit. And then there's this outcome sitting there called, you've just consolidated your complexity. How >>Specialized is the customer? I think a data pipelines, and I think I have a data engineer, have a data scientists, a data analyst, but hyper specialized roles. If, if, let's say I have, you know, 30 or 40, and one of 'em is an SD wan, you know, security product. Yeah. I'm best of breed an SD wan. Okay, great. Palo Alto comes in as you, you pointed out, I'm gonna help you with your procurement side. Are there hyper specialized individuals that are aligned to that? And how that's kind of part A and B, how, assuming that's the case, how does that integration, you know, carry through to the business case? So >>Obviously there are specializations, this is the, and, and cybersecurity is really important. And so there, this is why there had, there's this tendency in the past to head toward, well I have this problem, so who's the best at solving this one problem? And if you only had one problem to solve, you would go find the specialist. The, the, the, the challenge becomes, well, what do you have a hundred problems to solve? I is the right answer, a hundred specialized solutions for your a hundred problems. And what what I think is missing in this approach is, is understanding that almost every problem that needs to be solved is interconnected with other problems to be solved. It's that interconnectedness of the problems where all of a sudden, so, so you mentioned SD wan. Okay, great. I have Estee wan, I need it. Well what are you connecting SD WAN to? >>Well, ideally our view is you would connect SD WAN and branch to the cloud. Well, would you run in the cloud? Well, in our case, we can take our SD wan, connect it to Prisma access, which is our cloud security solution, and we can natively integrate those two things together such that when you use 'em together, way easier. Right? All of a sudden we took what seemed like two separate problems. We said, no, actually these problems are related and we can deliver a solution where those, those things are actually brought together. And that's just one simple example, but you could, you could extend that across a lot of these other areas. And so that's the difference. And that's how the, the, the mindset shift that is happening. And, and I I was gonna say needs to happen, but it's starting to happen. I'm talking to customers where they're telling me this as opposed to me telling them. >>So when you walk around the floor here, there's a visual, it's called a day in the life of a fuel member. And basically what it has, it's got like, I dunno, six or seven different roles or personas, you know, one is management, one is a network engineer, one's a coder, and it gives you an X and an O. And it says, okay, put the X on things that you spend your time doing, put the o on things that you wanna spend your time doing a across all different sort of activities that a SecOps pro would do. There's Xs and O's in every one of 'em. You know, to your point, there's so much overlap going on. This was really difficult to discern, you know, any kind of consistent pattern because it, it, it, unlike the hyper specialization and data pipelines that I just described, it, it's, it's not, it, it, there's way more overlap between those, those specialization roles. >>And there's a, there's a second challenge that, that I've observed and that we are, we've, we've been trying to solve this and now I'd say we've become, started to become a lot more purposeful in, in, in trying to solve this, which is, I believe cybersecurity, in order for cyber security vendors to become partners, we actually have to start to become more opinionated. We actually have to start, guys >>Are pretty opinionated. >>Well, yes, but, but the industry large. So yes, we're opinionated. We build these products, but that have, that have our, I'll call our opinions built into it, and then we, we sell the, the product and then, and then what happens? Customer says, great, thank you for the product. I'm going to deploy it however I want to, which is fine. Obviously it's their choice at the end of the day, but we actually should start to exert an opinion to say, well, here's what we would recommend, here's why we would recommend that. Here's how we envisioned it providing the most value to you. And actually starting to build that into the products themselves so that they start to guide the customer toward these outcomes as opposed to just saying, here's a product, good luck. >>What's, what's the customer lifecycle, not lifecycle, but really kind of that, that collaboration, like it's one thing to, to have products that you're saying that have opinions to be able to inform customers how to deploy, how to use, but where is their feedback in this cycle of product development? >>Oh, look, my, this, this is, this is my life. I'm, this is, this is why I'm here. This is like, you know, all day long I'm meeting with customers and, and I share what we're doing. But, but it's, it's a, it's a 50 50, I'm half the time I'm listening as well to understand what they're trying to do, what they're trying to accomplish, and how, what they need us to do better in order to help them solve the problem. So the, the, and, and so my entire organization is oriented around not just telling customers, here's what we did, but listening and understanding and bringing that feedback in and constantly making the products better. That's, that's the, the main way in which we do this. Now there's a second way, which is we also allow our products to be customized. You know, I can say, here's our best practices, we see it, but then allowing our customer to, to customize that and tailor it to their environment, because there are going to be uniquenesses for different customers in parti, we need more complex environments. Explain >>Why fire firewalls won't go away >>From your perspective. Oh, Nikesh actually did a great job of explaining this yesterday, and although he gave me credit for it, so this is like a, a circular kind of reference here. But if you think about the firewalls slightly more abstract, and you basically say a NextGen firewalls job is to inspect every connection in order to make sure the connection should be allowed. And then if it is allowed to make sure that it's secure, >>Which that is the definition of an NextGen firewall, by the way, exactly what I just said. Now what you noticed is, I didn't describe it as a hardware device, right? It can be delivered in hardware because there are environments where you need super high throughput, low latency, guess what? Hardware is the best way of delivering that functionality. There's other use cases cloud where you can't, you, you can't ship hardware to a cloud provider and say, can you install this hardware in front of my cloud? No, no, no. You deployed in a software. So you take that same functionality, you instantly in a software, then you have other use cases, branch offices, remote workforce, et cetera, where you say, actually, I just want it delivered from the cloud. This is what sassy is. So when I, when I look at and say, the firewall's not going away, what, what, what I see is the functionality needed is not only not going away, it's actually expanding. But how we deliver it is going to be across these three form factors. And then the customer's going to decide how they need to intermix these form factors for their environment. >>We put forth this notion of super cloud a while about a year ago. And the idea being you're gonna leverage the hyperscale infrastructure and you're gonna build a, a, you're gonna solve a common problem across clouds and even on-prem, super cloud above the cloud. Not Superman, but super as in Latin. But it turned into this sort of, you know, superlative, which is fun. But the, my, my question to you is, is, is, is Palo Alto essentially building a common cross-cloud on-prem, presumably out to the edge consistent experience that we would call a super cloud? >>Yeah, I don't know that we've ever used the term surfer cloud to describe it. Oh, you don't have to, but yeah. But yes, based on how you describe it, absolutely. And it has three main benefits that I describe to customers all the time. The first is the end user experience. So imagine your employee, and you might work from the office, you might work from home, you might work while from, from traveling and hotels and conferences. And, and by the way, in one day you might actually work from all of those places. So, so the first part is the end user experience becomes way better when it doesn't matter where they're working from. They always get the same experience, huge benefit from productivity perspective, no second benefit security operations. You think about the, the people who are actually administering these policies and analyzing the security events. >>Imagine how much better it is for them when it's all common and consistent across everywhere that has to happen. Cloud, on-prem branch, remote workforce, et cetera. So there's a operational benefit that is super valuable. Third, security benefit. Imagine if in this, this platform-based approach, if we come out with some new amazing innovation that is able to detect and block, you know, new types of attacks, guess what, we can deliver that across hardware, software, and sassi uniformly and keep it all up to date. So from a security perspective, way better than trying to figure out, okay, there's some new technology, you know, does my hardware provider have that technology or not? Does my soft provider? So it's bringing that in to one place. >>From a developer perspective, is there a, a, a PAs layer, forgive me super PAs, that a allows the developers to have a common experience across irrespective of physical location with the explicit purpose of serving the objective of your platform. >>So normally when I think of the context of developers, I'm thinking of the context of, of the people who are building the applications that are being deployed. And those applications may be deployed in a data center, increasing the data centers, depending private clouds might be deployed into, into public cloud. It might even be hybrid in nature. And so if you think about what the developer wants, the developer actually wants to not have to think about security, quite frankly. Yeah. They want to think about how do I develop the functionality I need as quickly as possible with the highest quality >>Possible, but they are being forced to think about it more and more. Well, but anyway, I didn't mean to >>Interrupt you. No, it's a, it is a good, it's a, it's, it's a great point. The >>Well we're trying to do is we're trying to enable our security capabilities to work in a way that actually enables what the developer wants that actually allows them to develop faster that actually allows them to focus on the things they want to focus. And, and the way we do that is by actually surfacing the security information that they need to know in the tools that they use as opposed to trying to bring them to our tools. So you think about this, so our customer is a security customer. Yet in the application development lifecycle, the developer is often the user. So we, we we're selling, we're so providing a solution to security and then we're enabling them to surface it in the developer tools. And by, by doing this, we actually make life easier for the developers such that they're not actually thinking about security so much as they're just saying, oh, I pulled down the wrong open source package, it's outdated, it has vulnerabilities. I was notified the second I did it, and I was told which one I should pull down. So I pulled down the right one. Now, if you're a developer, do you think that's security getting your way? Not at all. No. If you're a developer, you're thinking, thank god, thank you, thank, thank you. Yeah. You told me at a point where it was easy as opposed to waiting a week or two and then telling me where it's gonna be really hard to fix it. Yeah. Nothing >>More than, so maybe be talking to Terraform or some other hash corp, you know, environment. I got it. Okay. >>Absolutely. >>We're 30 seconds. We're almost out of time. Sure. But I'd love to get your snapshot. Here we are at the end of calendar 2022. What are you, we know you're optimistic in this threat landscape, which we're gonna see obviously more dynamics next year. What kind of nuggets can you drop about what we might hear and see in 23? >>You're gonna see across everything. We do a lot more focus on the use of AI and machine learning to drive automated outcomes for our customers. And you're gonna see us across everything we do. And that's going to be the big transformation. It'll be a multi-year transformation, but you're gonna see significant progress in the next 12 months. All >>Right, well >>What will be the sign of that progress? If I had to make a prediction, which >>I'm better security with less effort. >>Okay, great. I feel like that's, we can measure that. I >>Feel, I feel like that's a mic drop moment. Lee, it's been great having you on the program. Thank you for walking us through such great detail. What's going on in the organization, what you're doing for customers, where you're meeting, how you're meeting the developers, where they are. We'll have to have you back. There's just, just too much to unpack. Thank you both so much. Actually, our pleasure for Lee Cler and Dave Valante. I'm Lisa Martin. You're watching The Cube Live from Palo Alto Networks Ignite 22, the Cube, the leader in live, emerging and enterprise tech coverage.

>>Hello and welcome back to the Cube's coverage of AWS Reinvent 2022. I'm John Furrier, host of the Cube. We got a great conversation with Patrick Kauflin, vice president of Go to Market Strategy and specialization at Splunk. We're talking about the open cybersecurity scheme of framework, also known as the O C sf, a joint strategic collaboration between Splunk and aws. It's got a lot of traction momentum. Patrick, thanks for coming on the cube for reinvent coverage. >>John, great to be here. I'm excited for this. >>You know, I love this open source movement and open source and continues to add value, almost sets the standards. You know, we were talking at the CNCF Linux Foundation this past fall about how standards are coming outta open source. Not so much the the classic standards groups, but you start to see the developers voting with their code groups deciding what to adopt de facto standards and security is a real key part of that where data becomes key for resilience. And this has been the top conversation at reinvent and all around the industry, is how to make data a key part of building into cyber resilience. So I wanna get your thoughts about the problem that you see that's emerging that you guys are solving with this group kind of collaboration around the ocs f >>Yeah, well look, John, I I think, I think you, you've already, you've already hit the high notes there. Data is proliferating across the enterprise. The attack surface area is rapidly expanding. The threat landscape is ever changing. You know, we, we just had a, a lot of scares around open SSL before that we had vulnerabilities and, and Confluence and Atlassian, and you go back to log four J and SolarWinds before that and, and challenges with the supply chain. In this year in particular, we've had a, a huge acceleration in, in concerns and threat vectors around operational technology. In our customer base alone, we saw a huge uptake, you know, and double digit percentage of customers that we're concerned about the traditional vectors like, like ransomware, like business email compromise, phishing, but also from insider threat and others. So you've got this, this highly complex environment where data continues to proliferate and flow through new applications, new infrastructure, new services, driving different types of outcomes in the digitally transformed enterprise of today. >>And, and what happens there is, is our customers, particularly in security, are, are left with having to stitch all of this together. And they're trying to get visibility across multiple different services, infrastructure applications across a number of different point solutions that they've bought to help them protect, defend, detect, and respond better. And it's a massive challenge. And you know, when our, when our customers come to us, they are often looking for ways to drive more consolidation across a variety of different solutions. They're looking to drive better outcomes in terms of speed to detection. How do I detect faster? How do I bind the thing that when bang in the night faster? How do I then fix it quickly? And then how do I layer in some automation so hopefully I don't have to do it again? Now, the challenge there that really OCF Ocsf helps to, to solve is to do that effectively, to detect and to respond at the speed at which attackers are demanding. >>Today we have to have normalization of data across this entire landscape of tools, infrastructure, services. We have to have integration to have visibility, and these tools have to work together. But the biggest barrier to that is often data is stored in different structures and in different formats across different solution providers, across different tools that are, that are, that our customers are using. And that that lack of data, normalization, chokes the integration problem. And so, you know, several years ago, a number of very smart people, and this was, this was a initiative s started by Splunk and AWS came together and said, look, we as an industry have to solve this for our customers. We have to start to shoulder this burden for our customers. We can't, we can't make our customers have to be systems integrators. That's not their job. Our job is to help make this easier for them. And so OCS was born and over the last couple of years we've built out this, this collaboration to not just be AWS and Splunk, but over 50 different organizations, cloud service providers, solution providers in the cybersecurity space have come together and said, let's decide on a single unified schema for how we're gonna represent event data in this industry. And I'm very proud to be here today to say that we've launched it and, and I can't wait to see where we go next. >>Yeah, I mean, this is really compelling. I mean, it's so much packed in that, in that statement, I mean, data normalization, you mentioned chokes, this the, the solution and integration as you call it. But really also it's like data's not just stored in silos. It may not even be available, right? So if you don't have availability of data, that's an important point. Number two, you mentioned supply chain, there's physical supply chain that's coming up big time at reinvent this time as well as in open source, the software supply chain. So you now have the perimeter's been dead for multiple years. We've been talking with that for years, everybody knows that. But now combined with the supply chain problem, both physical and software, there's so much more to go on. And so, you know, the leaders in the industry, they're not sitting on their hands. They know this, but they're just overloaded. So, so how do leaders deal with this right now before we get into the ocs f I wanna just get your thoughts on what's the psychology of the, of the business leader who's facing this landscape? >>Yeah, well, I mean unfortunately too many leaders feel like they have to face these trade offs between, you know, how and where they are really focusing cyber resilience investments in the business. And, and often there is a siloed approach across security, IT developer operations or engineering rather than the ability to kind of drive visibility integration and, and connection of outcomes across those different functions. I mean, the truth is the telemetry that, that you get from an application for application performance monitoring or infrastructure monitoring is often incredibly valuable when there's a security incident and vice versa. Some of the security data that, that you may see in a security operation center can be incredibly valuable in trying to investigate a, a performance degradation in an application and understanding where that may come from. And so what we're seeing is this data layer is collapsing faster than the org charts are or the budget line items are in the enterprise. And so at Splunk here, you know, we believe security resilience is, is fundamentally a data problem. And one of the things that we do often is, is actually help connect the dots for our customers and bring our customers together across the silos they may have internally so that they can start to see a holistic picture of what resilience means for their enterprise and how they can drive faster detection outcomes and more automation coverage. >>You know, we recently had an event called Super Cloud, we're going into the next gen kind of a cloud, how data and security are all kind of part of this NextGen application. It's not just us. And we had a panel that was titled The Innovators Dilemma, kind of talk about you some of the challenges. And one of the panelists said, it's not the innovator's dilemma, it's the integrator's dilemma. And you mentioned that earlier, and I think this a key point right now into integration is so critical, not having the data and putting pieces together now open source is becoming a composability market. And I think having things snap together and work well, it's a platform system conversation, not a tool conversation. So I really wanna get into where the OCS f kind of intersects with this area people are working on. It's not just solution architects or cloud cloud native SREs, especially where DevSecOps is. So this that's right, this intersection is critical. How does Ocsf integrate into that integration of the data making that available to make machine learning and automation smarter and more relevant? >>Right, right. Well look, I mean, I I think that's a fantastic question because, you know, we talk about, we use Bud buzzwords like machine learning and, and AI all the time. And you know, I know they're all over the place here at Reinvent and, and the, there's so much promise and hope out there around these technologies and these innovations. However, machine learning AI is only as effective as the data is clean and normalized. And, and we will not realize the promise of these technologies for outcomes in resilience unless we have better ways to normalize data upstream and better ways to integrate that data to the downstream tools where detection and response is happening. And so Ocsf was really about the industry coming together and saying, this is no longer the job of our customers. We are going to create a unified schema that represents the, an event that we will all bite down on. >>Even some of us are competitors, you know, this is, this is that, that no longer matters because at the point, the point is how do we take this burden off of our customers and how do we make the industry safer together? And so 15 initial members came together along with AWS and Splunk to, to start to create that, that initial schema and standardize it. And if you've ever, you know, if you've ever worked with a bunch of technical grumpy security people, it's kind of hard to drive consensus about around just about anything. But, but I, I'm really happy to see how quickly this, this organization has come together, has open sourced the schema, and, and, and just as you said, like I think this, this unlocks the potential for real innovation that's gonna be required to keep up with the bad guys. But right now is getting stymied and held back by the lack of normalization and the lack of integration. >>I've always said Splunk was a, it eats data for breakfast, lunch, and dinner and turns it into insights. And I think you bring up the silo thing. What's interesting is the cross company sharing, I think this hits point on, so I see this as a valuable opportunity for the industry. What's the traction on that? Because, you know, to succeed it does take a village, it takes a community of security practitioners and, and, and architects and developers to kind of coalesce around this defacto movement has been, has been the uptake been good? How's traction? Can you share your thoughts on how this is translating across companies? >>Yeah, absolutely. I mean, look, I, I think cybersecurity has a, has a long track record of, of, of standards development. There's been some fantastic standards recently. Things like sticks and taxi for threat intelligence. There's been things like the, you know, the Mir attack framework coming outta mi mir and, and, and the adoption, the traction that we've seen with Attack in particular has been amazing to, to watch how that has kind of roared onto the scene in the last couple of years and has become table stakes for how you do security operations and incident response. And, you know, I think with ocs f we're gonna see something similar here, but, you know, we are in literally the first innings of, of this. So right now, you know, we're architecting this into our, into every part of our sort of backend systems here at Polan. I know our our collaborators at AWS and elsewhere are doing it too. >>And so I think it starts with bringing this standard now that the standard exists on a, you know, in schema format and there, there's, you know, confluence and Jira tickets around it, how do we then sort of build this into the code of, of the, the collaborators that have been leading the way on this? And you know, it's not gonna happen overnight, but I think in the coming quarters you'll start to see this schema be the standard across the leaders in this space. Companies like Splunk and AWS and others who are leading the way. And often that's what helps drive adoption of a standard is if you can get the, the big dogs, so to speak, to, to, to embrace it. And, and, you know, there's no bigger one than aws and I think there's no, no more important one than Splunk in the cybersecurity space. And so as we adopt this, we hope others will follow. And, and like I said, we've got over 50 organizations contributing to it today. And so I think we're off to a running >>Start. You know, it's interesting, choking innovation or having things kind of get, get slowed down has really been a problem. We've seen successes recently over the past few years. Like Kubernetes has really unlocked and accelerated the cloud native worlds of runtime with containers to, to kind of have the consensus of the community to say, Hey, if we just do this, it gets better. I think this is really compelling with the o the ocs F because if people can come together around this and get unified as well as all the other official standards, things can go highly accelerated. So I think, I think it looks really good and I think it's great initiative and I really appreciate your insight on that, on, on your relationship with Amazon. Okay. It's not just a partnership, it's a strategic collaboration. Could you share that relationship dynamic, how to start, how's it going, what's strategic about it? Share to the audience kind of the relationship between Splunk and a on this important OCS ocsf initiative. >>Look, I, I mean I think this, this year marks the, the 10th year anniversary that, that Splunk and AWS have been collaborating in a variety of different ways. I, I think our, our companies have a fantastic and, and long standing relationship and we've, we've partnered on a number of really important projects together that bring value obviously to our individual companies, but also to our shared customers. When I think about some of the most important customers at Splunk that I spend a significant amount of time with, I I I know how many of those are, are AWS customers as well, and I know how important AWS is to them. So I think it's, it's a, it's a collaboration that is rooted in, in a respect for each other's technologies and innovation, but also in a recognition that, that our shared customers want to see us work better together over time. And it's not, it's not two companies that have kind of decided in a back room that they should work together. It's actually our customers that are, that are pushing us. And I think we're, we're both very customer centric organizations and I think that has helped us actually be better collaborators and better partners together because we're, we're working back backwards from our customers >>As security becomes a physical and software approach. We've seen the trend where even Steven Schmidt at Amazon Web Services is, is the cso, he is not the CSO anymore. So, and I asked him why, he says, well, security's also physical stuff too. So, so he's that's right. Whole lens is now expanded. You mentioned supply chain, physical, digital, this is an important inflection point. Can you summarize in your mind why open cybersecurity schema for is important? I know the unification, but beyond that, what, why is this so important? Why should people pay attention to this? >>You know, I, if, if you'll let me be just a little abstract in meta for a second. I think what's, what's really meaningful at the highest level about the O C S F initiative, and that goes beyond, I think, the tactical value it will provide to, to organizations and to customers in terms of making them safer over the coming years and, and decades. I think what's more important than that is it's really the, one of the first times that you've seen the industry come together and say, we got a problem. We need to solve. That, you know, doesn't really have anything to do with, with our own economics. Our customers are, are hurt. And yeah, some of us may be competitors, you know, we got different cloud service providers that are participating in this along with aws. We got different cybersecurity solution providers participating in this along with Splunk. >>But, but folks who've come together and say, we can actually solve this problem if, if we're able to kind of put aside our competitive differences in the markets and approach this from the perspective of what's best for information security as a whole. And, and I think that's what I'm most proud of and, and what I hope we can do more of in other places in this industry, because I think that kind of collaboration from real market leaders can actually change markets. It can change the, the, the trend lines in terms of how we are keeping up with the bad guys. And, and I'd like to see a lot more of >>That. And we're seeing a lot more new kind of things emerging in the cloud next kind of this next generation architecture and outcomes are happening. I think it's interesting, you know, we always talk about sustainability, supply chain sustainability about making the earth a better place. But you're hitting on this, this meta point about businesses are under threat of going under. I mean, we want to keep businesses to businesses to be sustainable, not just, you know, the, the environment. So if a business goes outta business business, which they, their threats here are, can be catastrophic for companies. I mean, there is, there is a community responsibility to protect businesses so they can sustain and and stay Yeah. Stay producing. This is a real key point. >>Yeah. Yeah. I mean, look, I think, I think one of the things that, you know, we, we, we complain a lot of in, in cyber security about the lack of, of talent, the talent shortage in cyber security. And every year we kinda, we kind of whack ourselves over the head about how hard it is to bring people into this industry. And it's true. But one of the things that I think we forget, John, is, is how important mission is to so many people in what they do for a living and how they work. And I think one of the things that cybersecurity is strongest in information Security General and has been for decades is this sense of mission and people work in this industry be not because it's, it's, it's always the, the, the most lucrative, but because it, it really drives a sense of safety and security in the enterprises and the fabric of the economy that we use every day to go through our lives. And when I think about the spun customers and AWS customers, I think about the, the different products and tools that power my life and, and we need to secure them. And, and sometimes that means coming to work every day at that company and, and doing your job. And sometimes that means working with others better, faster, and stronger to help drive that level of, of, of maturity and security that this industry >>Needs. It's a human, is a human opportunity, human problem and, and challenge. That's a whole nother segment. The role of the talent and the human machines and with scale. Patrick, thanks so much for sharing the information and the insight on the Open cybersecurity schema frame and what it means and why it's important. Thanks for sharing on the Cube, really appreciate it. >>Thanks for having me, John. >>Okay, this is AWS Reinvent 2022 coverage here on the Cube. I'm John Furry, you're the host. Thanks for watching.

>>Hello everyone. Welcome back to the Cube's Live coverage. I'm John Fur, host of the Cube. We got two sets here, three sets total. Another one in the executive center. It's our 10th year covering AWS Reinvent. I remember 2013 like it was yesterday. You know, now it's a massive of people buying out restaurants. 35,000 people now it's 55,000, soon to be 70,000 back. Great event. Continuing to set the standard in the industry. We had an amazing guest here, Leah Bibo, vice President of Product Marketing. She's in charge of the messaging, the product, overseeing how these products gonna market. Leah, great to see you. Thanks for joining me on the Cube today. >>Absolutely. It's great to be here. It's also my 10 reinvent, so it's, it's been a wild ride. >>Absolutely. Yeah. You and I were talking before we came on camera, how much we love products and yes, this is a product-centric company, has been from day one and you know, over the years watching the announcements, the tsunami of announcements, just all the innovation that's come out from AWS over the years has been staggering to say the least. Everyone always jokes about, oh my God, 5,000 new announcements, over 200 services you're managing and you're marketing them. It's pretty crazy right now. And Adam, as he comes on, as I called them, the solutions CEO on my piece I wrote on Friday, we're in an era where solutions, the products are enabling more solutions. Unpack the messaging around this cuz this is really big moment for aws. >>Absolutely. Well, I'll say first of all that we are a customer focused company that happens to be really good at innovating incredible products and services for our customers. So today the, the energy in the room and what Adam talked about, I think is focused on a few great things for customers that are really important for transformation. So we talked a lot about best price performance for workloads and we talked about extreme workloads, but if you think about the work that we've been doing to innovate on the silicon side, we're really talking about with Graviton all your workloads and getting really great price performance for all of them. You know, we came out with graviton three 25% faster than graviton two, also 60% more energy efficient. We talked about something that is emerging that I think is gonna be really big, which is simulation and really the ability to model these complex worlds and all the little interactions, which I think, you know, in the future as we have more complex environments like 3D simulation is gonna be a bigger part of every, every business's >>Business. You know, just as an aside, we were talking on the analyst segment that speeds and feeds are back and the old days and the data center days was like, we don't wanna talk about speeds and feeds about solutions and you know, the outcomes when you get the cloud, it was like, okay, get the workloads over there, but people want faster and lower cost performance workloads gotta be running at at high performance. And, and there's a real discussion around those. Let's unpack security data performance. What, what does that mean for customers? Because again, I get the workloads run fast. That's great. What else is behind the curtain, so to speak from a customer standpoint? >>Absolutely. Well I think if you're gonna move all your workloads to the cloud, you know, security is a really big area that's important. It's important to every one of our enterprise companies customers. Actually it's important to all of our customers and we've been working, you know, since the beginning of AWS to really create and build the most secure global infrastructure. And you know, as our customers have moved mission critical workloads, we've built out a lot more capabilities and now we have a whole portfolio of security services. And what we announced today is kind of game changing. The service called Security Lake, which brings together, you know, an ecosystem of security data in a format that's open. So you can share data between all of these sources and it's gonna give folks the opportunity to really be able to analyze data, find threats faster, and just kind of know their security posture. And I think, you know, as we talked about today, you don't wanna think about the cloud as unfathomable, the unfathomable, you really need to know that security. And I think that like a lot of things we discussed, security is a data opportunity, right? And I think we, we had a section on on data, but really if you look at the keynote across security, across solutions, across the purpose built things we made, it's all, it all comes down to data and it's really the, the transformational element that our customers >>Are. I mean the data secured is very integral part good call out there. And I, I wanna just double down on that real quick because I remember in 2014 I interviewed Steven Schmidt when he was the CSOs and back then in 2014, if you remember the conversation was this, the clouds not secure, gotta be on premises. Now in today's keynote, Adam says, and he laid out the whole global security footprint. There's a lot going on that Amazon has now become more secure than on-prem. He actually made that statement. So, and then plus you got thousands of security partners, third party partners, you got the open cyber security framework which you guys co-found with all the other, so you got securities not as a team sport, this is what they, they said yes, yes. What does that mean for customers? Because now this is a big deal. >>Well I think for customers, I mean it means nothing but goodness, right? But all of these thousands of security partners have really innovated and created solutions that our customers are using. But they all have different types of data in different silos. And to really get a full picture bringing all that data together is really important. And it's not easy today. You know, log data from different sources, data from detection services and really what customers want is an easier way to get it all together. Which is why we have the open OCS F and really analyze using the tools of their choice. And whether that's AWS tools for analytics or it's tools from our partners, customers need to be able to make that choice so that they can feel like their applications and their workloads are the most secure on aws. >>You know, I've been very impressed with guard duty and I've been following Merit Bear's blogs on online. She's in the security team, she's amazing. Shout out to her. She's been pushing guard duty for a long time now there's big news around guard duty. So you got EKS protection, you know, at Coan this was the biggest cloud native issue, the runtime of Kubernetes and inside the container and outside the container detection of threats, right? As a real software supply chain concern. How are you guys marketing that? This is a huge announcement. EKS protection I know is very nuanced but it's pretty big deal. >>It is a big deal. It is a big deal. And guard duty has been kind of like a quiet service that maybe you don't hear a lot about, but has been really, really popular with our customers. Adam mentioned that 85% of, you know, our top 2000 customers are using guard duty today. And it was a big moment. We launched EKS protection, you know, a little bit earlier and the customer uptake on that has been really incredible. And it is because you can protect your Kubernetes cluster, which is really important because so many customers are, you know, part of their migration to the cloud is containers. Yeah. And so we're pretty excited that now we can answer that question of what's going on inside the container. And so you have both, yeah, right. You know that your Kubernetes pluses are good and you know what's going on inside the container and it's just more threats that you can detect and protect >>Yourself from. You know, as an aside, I'm sure you're watching this, but you know, we go to a lot of events, you know, the C I C D pipeline as developers are getting higher velocity coding, it has moved in because of DevOps on the cloud into the C I C D pipeline. So you're seeing that developer takes some of those IT roles in the coding workflow, hence the, the shift left and or container security, which you guys now, now and are driving towards. But the security and the data teams are emerging as a very key element inside the organizational structure. When I sat down with Adam, one of the things he was very adamant about in my conversation was not just digital transformation, business transformation, structural organizational moves are making where it's not a department anymore, it is the company, a technology is the company when you transform. Absolutely. So digital is the process, business is the outcome. This is a really huge message. What's your reaction to that? What's, what can you share extra cuz that's, this is a big part of the thing. He hit it right outta the gate on the front end of the keynote. >>Absolutely. Absolutely. I mean I think, you know, companies have been migrating to the cloud for a while, but I think that this time that we're going through has really accelerated that migration And as part of that, you know, digital transformation has become real for a lot of companies. And it is true what Adam said there is technology transformation involved, there's data transformation involved, but it, it is transforming businesses. And I think if you look at some of the things that Adam talked about, you know, aws, supply chain, security Lake, aws clean rooms, and Omic, aws, omic, you know, those are all examples of data and the ability to work with data transforming different lines of business within a company, transforming horizontal processes like contact centers and like supply chain and also, you know, going into vertical specific solutions. So what it means is that as technology becomes more pervasive, as data becomes more pervasive, businesses are transforming and that means that a lot more people are going to use the cloud and interact with the cloud and they might not want to or be able to kind of use our building blocks. And so what's really exciting that what we're able to do is make cloud more accessible to lines of business folks to analysts, to security folks. So >>It's, yeah, and that's, and that's why I was calling my this this new trend I see as Amazon Classic, my words, not your words, I call the, hey there was classic cloud and then you got the next gen clown, the new next generation. And I was talking with Adrian Cockcroft, former aws, so he's now retired, he's gonna come on later today. He and I were talking, he use this thing of you got a bag of Legos aka primitives or a toy that's been assembled for you glued together, ones out of the box, but they're not mutually exclusive. You can build a durable application and foundation with the building blocks more durable. You can manage it, refine it, but you got the solution that breaks. You don't have as much flexibility but you gotta replace it. That's okay too. So like this is now kind of a new portfolio approach to the cloud. It's very interesting and I think, I think, I think that's what I took away from the keynote is that you can have both. >>Yes, absolutely. You can do both. I mean, we're gonna go full throttle on releasing innovations and pushing the envelope on compute and storage and databases and our core services because they matter. And having, you know, the choice to choose from a wide range of options. I mean that's what, that's what customers need. You know, if you're gonna run hpc, you're gonna run machine learning and you're gonna run your SAP applications or your Windows applications, you need choice of what you know, specific type of instance and compute capabilities. You need to get the price performance. It's, it's definitely not a one size fits all. It's a 600 instance type. Size fits all maybe. >>Exactly. And you got a lot of instance and we'll get to that in a second. Yeah, I love the themes. I love this keynote themes you had like at first space, but I get the whole data, then you look at it, you can look at it differently. Really good metaphor, the ocean one I love with the security because he mentioned you can have the confidence to explore go deep snorkeling versus scuba and knowing how much oxygen you have. I mean, so really cool metaphor made me think very provocative. So again, this is kind of why people go to AWS because you now have these, these abilities to do things differently, depend on the context of what products you're working with. Yes. Explain why that was the core theme. Was there any rationale behind that? Was it just how you guys saw it? I mean that was pretty clever. >>Well, I think that, you know, we're, we're talking about environments and I think in this world, you know, there's uncertainty in a lot of places and we really feel like all of us need to be prepared for different types of environments. And so we wanted to explore what that could look like. And I think, you know, we're fascinated by space and the vastness and it is very much like the world of data. I don't know about you, but I actually scuba dive. So I love the depths of the ocean. I loved working on that part. There's extremes, extreme workloads like hpc, extreme workloads like machine learning with the growing models and there's an imagination, which is also one of my favorite areas to explore. >>Yeah. And you use the Antarctica one for about the whole environment and extreme conditions. That's good in the performance. And I love that piece of it. And I want to get into the, some of the things I love the speeds and fee. I think the, the big innovation with the silicon we've been covering as, you know, like a blanket. The, he's got the GRAVITON three 25% faster than GRAVITON two, the C seven GN network intense workloads. This is kind of a big deal. I mean this is one of those things where it might not get picked up in the major press, but the network use cases are significant. Nira has been successful. Share your thoughts on these kinds of innovations because they look kind of small, but they're not, they're >>Big, they're not small for sure, especially at the scale that our customers are, are, are running their applications. Like every little optimization that you can get really makes a huge difference. And I think it's exciting. I mean you hit on, you kind of hit on it when we've been working on silicon for a while now we know that, you know, if we're gonna keep pushing the element, the envelope in these areas, we had to, we had to go down to the silicon. And I think that Nitro has really been what's kind of been a breakthrough for us. You know, reinventing that virtualization layer, offloading security and storage and networking to special purpose chips. And I think that it's not just in the area of network optimization, right? You saw training optimized instances and inference optimized instances and HPC optimized instances. So yeah, we are kind of looking at all the extremes of, of what customers want to do. >>I know you can't talk about the future, but I can almost connect the dots as you're talking. It's like, hmm, specialized instances, specialized chips, maybe programmability of workload, smart intelligence, generative AI, weaving in there. A lot of kind of cool things I can see around the corner around generative AI automation. Hey, go to this instance with that go here. This is kind of what I see kind of coming around the corner. >>And we have some of that with our instance optimizers, our cost optimizer products where, you know, we wanna help customers find the best instance for their workload, get the best utilization they possibly can, you know, cut costs, but still have the great performance. So I don't, I don't know about your future, John, it sounds great, but we have, you know, we're taking steps in that direction today. >>Still look in this code that's gonna be on this code. Okay. Any, okay, I wanna give you one final question. Well, well two questions. One was a comment Adam made, I'd love to get your reaction if you want to tighten your bell, come to the cloud. I thought that was a very interesting nuance. A lot of economic pressure. Cloud is an opportunity to get agile, time to value faster. We had Zs carve cube analyst who's with us earlier said, the more you spend on the cloud, the more you save. That was his line, which I thought was very smart. Spending more doesn't mean you're gonna lose money, means you can save money too. So a lot of cost optimization discussions. Absolutely. Hey, your belt come to the cloud. What does he mean by that? >>Well I think that in, in times where, you know, there's uncertainty and economic conditions, it is, it's really, you know, you sometimes wanna pull back kind of, you know, batten down the hatches. But the cloud really, and we saw this with C you know, if you, if you move to the cloud, not only can you cut costs, but you put yourself in this position where you can continue to innovate and you can be agile and you can be prepared for whatever environment you're in so that you know when things go back or you have a customer needs that and innovation that goes off like you, you can accelerate back up really, really quickly. And I think we talked about Airbnb, that example of how, you know, in, in that really tough time of covid when travel industry wasn't happening so much, you know, they were able to scale back and save money. And then at the same time when, you know, Airbnb's kind of once again travel came back, they were in a position to really, really quickly change with the, the customer needs. >>You know, Lee, it's always great talking with you. You got a lot of energy, you're so smart and we both love products and you're leading the product marketing. We have an Instagram challenge here on the cube. I'm gonna put you on the spot here. Oh my gosh. It's called Instagram. We called a bumper sticker section. We used to call it what's the bumper sticker for reinvent. But we kind of modernized that. If you were gonna do an Instagram reel right now, what would be the Instagram reel for reinvent Keynote day one. As we look for, we got Verner, we'll probably talk about productivity with developers. What's the Instagram reel for reinvent? >>Wow. That means I have to get short with it, right? I am, I'm not always, that's still wrong answer. Yeah, well I think, you know, this is really big day one, so it's excitement, it's, we're glad to be here. We have a lot coming for you. We're super excited. And if you think about it, it's price, performance, it's data, it's security and it's solutions for purpose-built use cases. >>Great job. Congratulations. I love the message. I love how you guys had the theme. I thought it was great. And it's great to see Amazon continue to innovate with, with the, with the, with the innovation on the product side. But as we get into transformation, starting to see these solutions and the ecosystem is thriving and looking forward to hearing the, the new partner, chief Aruba tomorrow. Absolutely. See what she's got a new plan apparently unveiling. So exciting. Everyone's pretty excited. Thanks for coming >>On. Great. Great. Thanks for having >>Me. All right. Leah, here in the cube. You are the cube, the leader in tech coverage. I'm John Fur, your host. More live coverage after the short break. We'll be right back here. Day two of the cube, day one of reinvent. Lot of great action. Three, four days of wall to wall coverage. We'll be right back.

>>Good afternoon and welcome back to the Classiest Show in Technology. This is the Cube we are at AWS Reinvent 2022 in Fabulous Sin City. That's why I've got my sequence on. We love a little Vegas, don't we? I'm joined by John Farer, another, another Vegas >>Fan. I don't have my sequence, I left it in my room. We're >>Gonna have to figure out how to get us 20 as soon as possible. What's been your biggest shock for you at the show so far? >>Well, I think the data story and security is so awesome. I love how that's front and center. If you look at the minutes of the keynote of Adamski, the CEO on day one, it's all bulked into data and security. All worked hand in hand. That's on top of already the innovation of their infrastructure. So I think you're gonna see a lot of interplay going on in this next segment. It's gonna tell a lot of that innovation story that's coming next. It's pretty awesome. >>It is pretty awesome, and I'm super excited. It's not only what we do here on the Cube, it's also in my show notes. We are gonna be geeking out for the next segment. Please welcome Paul and Puja. Wonderful to have you both here. Paul from Amazon, s3, glacier, and Pujan, CEO of kuo. I wanna turn to you Pujan, to start us off, just in case the audience isn't familiar, give us the Kuo pitch. >>Yeah, so basically Kuo is a, a backup as a service offering, right? Built in AWS four aws, right? And effectively going after, you know, any service that a customer uses on top of aws, right? And so a lot of the data sitting on s3, right? So that's been like our, our big use case going and basically building backup and air gap protection for, for s3. But we basically go to every other service, e c two, ebs, dynamo, you know, you name it, right? So basically do the whole thing >>And the relationship with aws. Can you guys share, I mean, you got you here together. You guys are a great partnership. Born in the cloud, operation in the cloud. Absolutely. I think talk about the partnership with aws. >>Absolutely. I think the last five years of building on AWS has been phenomenal, right? And I love the platform. It's, it's a very pure platform for us. You know, the APIs and, and the access you get and access you get to the service teams like Paul sitting here and the other teams you have gotten access to, I think has been phenomenal. But we also have, I would say, pushed the envelope in terms of how innovative we have been and how aggressive we have been in utilizing all the innovation that AWS has built in over the last few years. But it would not have happened without the fantastic partnership with the service teams. >>Paul, talk about the, AM the S3 part of this. What's the story there? >>Well, it's been great working with the CUO team over the course of the last few years. We were just upstairs diving deep into the, to the features that they're taking advantage of. They really push us hard on behalf of customers, and it's been a, it's just been a great relationship over the last years. >>That's awesome. And the ecosystem at such a, we're gonna hear tomorrow, the keynote on the, from Aruba who's gonna tend over the ecosystem. You guys are working together. There's a lot of strategic partnerships, so much collaboration between you guys that makes it very, this is the next gen cloud of cloud environment we're seeing. And you heard the, the economies around the corner. It's still gonna be challenging, but still there's more growth in the cloud. This is not stopping. This is impacts the customers. What are the customers saying to you guys when you work backwards from their needs? They want it faster, easier, cheaper. They want it more integrated. What are some of the things, all those you guys hearing from customers? >>So for us, you know, if you think about it, like, you know, as people are moving to the cloud, especially like take a use case like s3, right? So much of critical data sitting on top of S3 today. And so what folks have realized that as they're, you know, putting all of those, you know, what, over two 50 trillion objects, you know, sitting on s3, a lot of them need backup and data protection because there could be accidental deletions, there could be software bugs, there could be a ransomware type event due to which you need a second copy of the data that is outside of your security domain, right? But again, that needs to get be done at the, at the right price point, right? And that's where like a technology like Columbia comes in because since we've been built on the cloud, we've optimized it correctly. So especially for folks who are very cost conscious, given the macroeconomic conditions, we are heading into a technology that's built correctly so that, you know, you get the right architecture and the right solution at the right price point and the scale, right? Talking about trillions of objects, billions of objects within a single customer, within a single bucket sometimes. And that's where Columbia comes in. Cause we basically do that at scale without, again, impacting the, the customer's wallet more than it needs to. >>The porridge has to be the right temperature and the right size bowl. With the right spoon. You've got a lot of complexity when it comes to solving those customer challenges. You have a couple customer story examples you're allowed to share with us. Correct? Paul, do you want to kick one off? Go ahead. Oh, puja. All right. >>No, absolutely. I think there's a ton of them. I, I'll talk about, you know, want to begin with like Cox Automotive, right? A phenomenal customer that we, all of us have worked together with them. And again, looking for a solution to backup S3 to essentially go air gap protection outside of their account, right? They looked at doing it themselves, right? They thought they'll go and basically do it themselves. And then they fortunately bumped into Columbia, they looked at our architecture, looked at what it would really go and take to build it. And guess what, sitting in 2022, getting 23 right now, nobody wants to go and build this themselves. They actually want a turnkey solution that just does it, right? And so, again, we are a phenomenal joint customer of ours doing this at a pretty massive scale, right? And there are many more like that. There's Warner Brothers that are essentially going into the cloud from on premises, right? And they're going really fast accelerating the usage on aws again, looking at, you know, backup and data protection and using clum because of our extreme simplicity that we provide. >>Yeah, I think it's, you've got a, a lot of different people solving different problems that you're working with all the time. Millions of customers. Well, how do you prioritize? >>Well, for us, it really all comes down to fundamentals, right? So Amazon, s3 s unique distributed architecture delivers industry leading durability, availability, performance and security at virtually unlimited scale, right? And it's really been delivering on the fundamentals that has earned the trust of so many customers of all sizes and industries over the course of over 16 years. Now, in terms of how we prioritize on behalf of those customers, we always say that 90% of our roadmap comes directly from what customers are telling us is important. And a large number of our customers now are using S3 through lumino, which is why the relationship is so important. We're here talking about customer use cases here at the show, and we do that regularly throughout the year as well. And that's, that's how we land on a road. >>And what are the, what are the top stories from customers? What, what are they telling you? What's the number one top three things you're hearing? >>I tell you, like, again, it just comes down to the fundamentals, right? Of security, availability, durability and performance at virtually unlimited scale. Like that is the first customer first discussions that we have with customers talking about durable storage, for >>Sure. What I find interesting in, you mentioned scale, right? That comes up a lot scale with data. Yeah. That we heard data. The big theme here, security, what's in my S3 bucket? Can you find out what's in there? Is it backed up properly? How do I get it back? Where's the ransomware? Why not just target the ransomware? So how do you navigate the, the security challenges, the, the need to store all that scale data? What's the secret sauce? >>Yeah, so I think the, the big thing is we'll start with the, you know, how we have architected the product, right? If you think about it, this, you're dealing with a lot of scale, right? You get to a hundred million, a billion and billions very fast on S3 few, especially on a cloud native application. So it starts with the visibility, right? It's basically about, like we have things where you do, where you create a subset of your buckets called protection groups that you can essentially, you know, do it based on prefixes. So now you can essentially figure out what prefix you want to back up and what you don't want to back up. Maybe there's log data that you don't care about, so you don't back that up, right? And it all starts with that visibility that you give. And the prefix level data protection then comes the scale, which is where I was telling you, right? We have basically built an orchestration engine, right? It's like we call the ES for Lambdas, right? So we have a internal orchestration engine and essentially what what we have done is we have our own language internally that spawns off these lambdas, right? And they go after these S3 partitions do the right things and then you basically reel them back. So things like that that we do that are not possible if you're not built on the >>Clock. Well also, I mean, just mind blowing and go back 10 years. Yeah. I mean you got Lambda. What you're talking about here is the gift of the cloud innovation. Yeah. So the benefit of S3 is now accelerated. This is the story this year. Yeah. I mean they're highlighting it at scale, not just in the data, but like what we knew when Lambda came out and what S3 could do. But now mainstream solutions are coming in. Does that change your backup plans? Because we're gonna see a lot more end to end, lot more solutions. We heard that on the keynote. Some are saying it's more complexity. Of course it might, but you can abstract another way with the cloud that's the best part of the cloud. So these abstraction leads. So what's your view on that? But I wanna get your thoughts because you guys are perfectly positioned for this scale, but there's more coming. Yes. Yes. Exactly. What, how are you looking at that? >>So again, I think the, you know, obviously the, the S3 teams and every team in AWS is basically pushing the envelope in terms of innovation. But the key for a partner like us is to go and take that innovation. A lot of complex architectures behind the scene. But what you deliver to the customer is simple. I'll give you one more example. One of the things we launched that, you know, Paul and others are very excited about, is this ability to do instant access on the backup, right? So you could have billions of objects that you backed up. Maybe you need just 10,000 of them for a DR test. And we can basically create like an instant virtual bucket on top of that backup that you can instantly restore >>Spinning up a sandbox of temporary data to go check it >>Out. Exactly. Offer an inte application. >>Think we're geeking out right now. >>Yeah, I know. Brought that part of the segment, John. Don't worry, we're safely there. But, >>But that's the thing, right? That all that is possible because of all the, the scale and innovation and all the APIs and everything that, you know, Paul and the team gives us that we go and build on top of >>Paul, geek out on with us on this. We >>Are super excited for instant restore >>For store. I mean, automation programmability. >>It is, I mean it's the logical next step for backup in the cloud. Exactly. Yeah. But it's a super hard engineering problem to go solve for customers. I mean, the RTO benefits alone are super compelling, but then there's a cost element as well of not having to bring back all that stuff for a test restore, for example. And so it's, it's been really great to, to work with the team on that. We have some ideas on how we may help solve it from our side, and we're looking forward to collaborating on it. >>This is a great illustration of what I was writing about this week around the classic cloud, which is great. And as Adam said, and used like to use the word and, and you got this new functionality we're seeing emerge from the growth. Yes. From the companies that are built on Amazon web services that are growing. You're a partner, they have a lot of other partners and people are taking over restaurant here off action. I mean, there's real growth and new functionality on top of aws. You guys are no different. What's, are you prepared for that? Are you ready to go? >>Yeah, no, absolutely. And I think if you think about, if you think about it, right, I think it's also about doing this without impacting the primary application. Like if the customer is running a primary application at scale on s3, a backup application like ours can't come in and really mess with that. So I think being able to do things where, and this is where you solve really hard computer science problems, right? Where you're bottling yourself. If you are essentially seeing any kind of, you know, interfering with the primary, you're going to cut yourself down. You're gonna go after a different partition. So there are a lot of things you need to do behind the scenes, which is again, all the complexity, all of that, but deliver the, to the customer a very, very simple thing. >>You know, Paul, I wanna get your thoughts and I want you to chime in. Yeah. In 2014, I interviewed Steven Schmidt, my first interview with the, he was the CISO then, and now he's a CSO and, and former ciso, he's back at that time, the word was the cloud's not secure. Now we're talking about security. Just in the complexity of how you're partitioning and managing your sub portions, how you explained it, it's harder for the attackers. The cloud in its in its architecture has become a more secure environment. Yeah. Well, and getting more secure as you have laying out this, this is a new dynamic. This is good. Can you explain the, >>I mean, I, I can just tell you that at AWS security is job zero and that it will always be our number one priority, right? We have a, an infrastructure with under AWS that is vetted and approved to run even top secret workloads, which benefits all customers in all regions. >>And your, your security posture is embedded on top of that. And you got your own stuff. >>Yeah. And if you think of it as a shared responsibility model, so security of the cloud is the responsibility of the cloud provider, but then security of the data on top of it. Like you, you go and delete stuff, your software goes and does something that resiliency, the integrity of the data is your responsibility as a customer. And that's where, you know, we come in. Who >>Shared responsibility has been such a hot topic all week. Yeah. >>I gotta ask him one more question. Cause this is fascinating. And we are talking about on the cube all day today after we saw the announcement and Adam's comment on the cube, Adams LE's comment on the keynote. I mean, he said, if you're gonna tighten your belt, meaning economic cost recovery, re right sizing. If you want to tighten your belt, come to the cloud. So I have to ask you guys, Puja, if you can comment, that'd be great. There's a lot of other competitors out there that aren't born on aws. What is the customer gonna do when they tighten the build? What does that mean? They're gonna go to, to the individual contracts. They're gonna work in the marketplace. I mean this, there's a new dynamic in town. It's called AWS 2022. They weren't really around much in the recession of 2008. They were just starting to grow. Now they're an economic force. People like yourselves have embedded in there. There's a lot of competition. What's gonna happen? >>I think people are gonna just go to a place like, you know, AWS marketplace. You're going to essentially look for solutions and essentially like, and, and the right solutions built in are going to be self-service like aws. It's a very self-service thing. A hundred percent. So you go and do self-service, you figure out what's working, what's not working. Also, the model has to be consumption oriented. No longer can you expect the customer to go and pay a bunch of money for shelfware, right? It's like, like how we charge how AWS charges, which is you pay for what you consume. That and all has to be front and center, >>Right? I think that's a really, I think that's a really important >>Point. It's time >>And I think it's time. So we have a new challenge on the cube. We give you 30 seconds roughly to give us your extraordinarily hot take your shining thought leadership moment and, and highlight what you think is the most important takeaway from the show. The biggest soundbite, the juiciest announcement. Paul, I'll >>Start with an Instagram. Real basically. Yeah. Okay. >>Yeah. Hi. Go. I would just say from an S3 perspective, over the course of the last several years, we've really seen workloads shift from just backup and recovery and static images on websites to data lake analytics applications. And you continue to see that here. And I can tell you that some of these scaled applications are running at enormous mind blowing scale, right? And so, so every year we come here, we talk to customers, and it's just every year it sort of blows me away. And I've been in the storage industry for a long time and it's just is, it blows me away. Just the scale at customers are running in >>And >>Blowing scale. And when it comes to backup, let me just say that it's easy to back up and recover a single object, but doing an easy thing, a billion or 10 billion times over, that's actually quite hard. >>And just to, just to bold that a little bit, just pull out my highlighter. S3 now has over 280 trillion objects. That's a lot. >>That's a lot of objects. >>Yeah. You are not, you are not kidding. When you talk about scale, I mean, this is the most scalable. >>That's not solution's not there. Yeah. That, that's right. And we wake up every, we have a culture of durability and we wake up every single day to raise the bar on the fundamentals and make sure that every single one of those objects is protected and safe. >>Okay. You, I, >>I can't imagine worrying about two, two 80 trillion different things. >>Let's go. You're Instagram real >>For me again, you know, between S3 and us, we are two players out there that are really, you know, processing the data at the end of the day, right? And so I'm very excited about, you know, what we are going to do more and more with the instant restore capability where we can integrate third party services on top of it that can do more things with the data that is not, not passively sitting, but now becomes active data that you can analyze and do things with. So that's something where we take this to the next level is something that I'm super excited about. >>There's a lot to be excited about and, and we're excited to have you. We're excited to hear what happens next. Excited to see more collaboration like this. Paul Pon, thank you so much for joining us here on the show. Thank all of you from for tuning into our continuous wall to wall super thrilling live coverage of AWS reinvent here in fabulous Las Vegas, Nevada, with John Furrier. I'm Savannah Peterson. We're the cube, the leading source for high tech coverage.

foreign welcome back to thecube's coverage of AWS re invent 2022 I'm John Furrier host of thecube we've got a great conversation with Patrick Coughlin vice president of go to market strategy and specialization at Splunk we're talking about the open cyber security schema framework also known as the ocsf a joint strategic collaboration between Splunk and AWS it's got a lot of traction momentum Patrick thanks for coming on thecube for reinvent coverage John great to be here I'm excited for this you know I love this open source movement and open source continues to add value almost sets the standards you know we were talking at the cncf Linux Foundation this past fall about how standards are coming out of Open Source not so much the the classic standards groups but you start to see the developers voting with their code groups deciding what to adopt to fact those standards and security is a real key part of that where data becomes key for resilience and this has been the top conversation at re invent and all around the industry is how to make data a key part of building into cyber resilience so I want to get your thoughts about the problem that you see that's emerging that you guys are solving with this group kind of collaboration around the ocsf yeah well look John I I think I think you you've already you've already hit the high notes there uh data is proliferating across the Enterprise uh the attack surface area is rapidly expanding the threat landscape is Ever Changing uh you know we we just had a a lot of uh uh scares around openssl before that we had vulnerabilities and Confluence in atlassian and you go back to log 4J and solarwinds before that um and challenges with the supply chain uh in this year in particular we've had a huge acceleration in in concerns and threat vectors around uh operational technology in our customer base alone we saw a huge uptick you know in double digit percentage of customers that we're concerned about the traditional vectors like like ransomware uh like business email compromise phishing but also from Insider threat and others um so you've got this this highly complex Flex environment where data continues to proliferate and flow through new applications new infrastructure new Services driving different types of outcomes in the digitally transformed Enterprise of today and and what happens there is is our customers particularly in security are left with having to stitch all of this together and they're trying to get visibility across multiple different Services infrastructure applications across a number of different point solutions that they've bought to help them protect defend detect and respond better and it's a massive Challenge and uh you know when our when our customers come to us they are often looking for ways to drive more consolidation uh across a variety of different solutions they're looking to drive better outcomes in terms of speed to detection how do I detect faster how do I find the thing that when banging in the night faster um how do I then fix it quickly and then how do I layer in some automation so hopefully I don't have to do it again now the Challenger that really ocf ocsf helps to to solve is to do that effectively to detect and to respond to the speed at which attackers are demanding today we have to have normalization of data across this entire landscape of tools infrastructure Services we have to have integration to have visibility um and these tools have to work together but the biggest barrier to that is often data is stored in different structures and in different formats across different solution providers across different tools that are that are that our customers are using um and that that lack of data normalization chokes the integration problem and so um you know several years ago a number of very smart people in this position this was a initiative started by Splunk and AWS came together and said look we as an industry have to solve this for our customers we have to start to shoulder this burden for our customers we can't we can't make our customers have to be systems integrators that's not their job our job is to help make this easier for them and so ocsf was born and over the last couple of years um we've built out this this collaboration to not just be AWS and Splunk uh but over uh 50 different organizations um uh um cloud service providers solution providers in the cyber security space have come together and said let's decide on a single unified schema for how we're going to represent event data in this industry um and uh I'm very proud to be here today to say that we've launched it and and um uh I can't wait to see where we go next yeah I mean this is really compelling I mean there's so much packed in that in that statement I mean data normalization you mentioned chokes this the the solution and the integration as you call it but really also it's like data is not just stored in silos it may not even be available right so if you don't have availability of data that's an important Point number two you mentioned supply chain there's physical supply chain is coming up big time at re invent this time as well as in open source the software supply chain so you now have the perimeter has been dead for multiple years we've been talking about that for years everybody knows that but now combined with the supply chain problem both physical and software there's so much more to go on and so you know the leaders in the industry they're not sitting on their hands they know this but they're just overloaded so so how do leaders deal with this right now before we get into the ocsf I want to just get your thoughts on what's the psychology of the of the business leader who's facing this landscape yeah well I mean unfortunately too many leaders feel like they have to face these trade-offs between you know how and where they are really focusing cyber resilience investments in the business um and and often there is a siled approach across security I.T developer operations or engineering rather than the ability to kind of Drive visibility integration and and connection of outcomes across those different functions I mean the truth is the Telemetry that that you get from an application for application performance monitoring or infrastructure monitoring is often incredibly valuable when there's a security incident and vice versa some of the security data um that you may see in a security operations center can be incredibly valuable when trying to investigate a performance degradation in an application and understanding where that may come from and so what we're seeing is this data layer is collapsing faster than the org charts are or the budget line items are in the Enterprise and so at Splunk here you know we believe security resilience is is fundamentally a data problem and one of the things that we do often is is actually help connect the dots for our customers and bring our customers together across the silos they may have internally so that they can start to see a holistic picture of what resilience means for their Enterprise and how they can drive faster detection outcomes and more automation coverage you know we recently had an event called super cloud we're going into the next gen kind of a cloud how data and security are all kind of part of this next-gen applications not just SAS and we had a panel that was titled the innovators dilemma kind of talk about getting some of the challenges and one of the panelists said it's not the innovators dilemma it's the integrators dilemma and you mentioned that earlier I think this is a key point right now integration is so critical not having the data and putting pieces together and now open source is becoming a composability market and I think having things snap together and work well it's a platform system conversation not a tool conversation so I really want to get into where the ocsf kind of intersects with this area people are working on it's not just solution Architects or cloud cloud native sres especially where devsecops is so this this intersection is critical how does ocsf integrate into that integration of the data making that available to make machine learning and automation smarter and more relevant right right well look I mean I I think that's a fantastic question because you know we talk about we use buzzwords like machine learning and AI all the time and you know I I know they're all over the place here at reinvented and and um there's so much promise and hope out there around these Technologies and these Innovations however uh machine learning AI is only as effective as the data is clean and normalized uh and and we will not realize the promise of these Technologies for outcomes in resilience unless we have better ways to normalize data upstream and better ways to integrate that data to the downstream tools where detection and response is happening and so ocsf was really about the industry coming together and saying this is no longer the job of our customers we are going to create a unified schema that represents the an event that we will all bite down on even some of us are competitors you know this is this is that that no longer matters because at the point the point is how do we take this burden off of our customers and how do we make the industry safer together um and so 15 initial members came together um along with AWS and Splunk to to start to create that uh that initial schema and standardize it and if you've ever you know if you ever worked with a bunch of technical grumpy security people it's kind of hard to drive consensus about around just about anything but uh um but I'm really happy to see how quickly this this organization Has Come Together has open sourced the schema um and and just as you said like I think this this unlocks the potential for real Innovation that's going to be required to keep up with the bad guys but right now is getting stymied and held back by the lack of normalization and the lack of integration I've always said Splunk was a it's AIDS data for breakfast lunch and dinner and turns it into insights and I think you bring up The Silo thing what's interesting is the cross company sharing I think this hits point on so I see this as a valuable opportunity for the industry what's the traction on that because you know to succeed it does take a village takes a community of security practitioners and and Architects and developers to kind of coalesce around this de facto movement has been has been uptake been good that's attraction can you share your thoughts on how this is translating across companies yeah absolutely I mean look I I think um cyber security has a long track record of of Standards development um there's been some fantastic standards recently things like um sticks and taxi for threat intelligence there's been things like the you know the minor attack framework coming out of my miter and and the adoption the traction that we've seen with attack in particular has been amazing to watch how that has kind of roared onto the scene in the last couple of years and has become table Stakes for um how you do security operations and incident response um and you know I think with ocsf we're going to see something similar here but you know we are in literally the first Innings of of this um so right now you know we're architecting this into our um into every part of our sort of back end systems here at spelunk I know um our collaborators at AWS and elsewhere are doing it too and so I think it starts with bringing this standard now the standard exists on a uh you know in schema format um and there's you know Confluence and jira tickets around it how do we then sort of build this into the code of of the the collaborators that have been leading the way on this and you know it's not going to happen overnight but I think in the coming quarters you'll start to see this schema um be the standard um across the leaders in this space companies like Splunk and AWS and others who are leading the way and often that's what helps Drive adoption of a standard is if you can get the big dogs so to speak to to embrace it and you know there's no bigger one than AWS and I think there's no no more important one than Splunk in the cyber security space and so as we adopt this we hope others will follow and like I said we've got over 50 organizations contributing to it today and so um I think we're off to a running start you know it's interesting choking Innovation or having things kind of get get slowed down has really been a problem we've seen successes recently over the past few years like kubernetes has really unlocked and accelerated the cloud native worlds of runtime with containers to kind of have the consensus of the community say hey if you we just do this it gets better I think this is really compelling with the ocsf because if people can come together around this and get unified as well as other the other official standards things can go highly accelerated so I think I think it looks really good and I think it's great initiative and I really appreciate your Insight on that on on your relationship with Amazon okay it's not just the Partnerships it's a strategic collaboration could you share that uh relationship Dynamic how to start how's it going what's strategic about it share to the audience kind of the relationship between Splunk and natives on this important ocsf initiative look I I mean I think this this year marks the the 10th year anniversary that that Splunk and AWS have been collaborating in a variety of different ways um I I think our our companies have um a fantastic and long-standing relationship and we've we've partnered on a number of really important projects together that bring value um obviously to our individual companies uh but also to our shared customers um uh when I think about some of the most important customers at Splunk that I spend a significant amount of time with um uh I I know how many of those are our AWS customers as well and I know how important AWS is to them so I think it's it's a it's a collaboration that is rooted in in a respect for each other's Technologies um and Innovation but also in a recognition that that our shared customers want to see us work better together over time and it's not it's not two companies that have kind of decided in a back room that they should work together it's actually our customers that are that are pushing us and I think we're both very customer-centric organizations and I think that has helped us actually be better collaborators and better Partners together um because we're working back backwards from our customers as security becomes a physical and software approach we've seen the trend where even Steven Schmidt at Amazon web services is the CSO he's not the CSO anymore so why he says well security is also physical stuff too so so lens is now expanded you mentioned supply chain physical digital this is an important inflection point can you summarize in your mind why open cyber security scheme information is important I know the unification but beyond that what why is this so important why should people pay attention to this you know I if if you'll let me be just a little abstract and meta for a second yeah I think what's what's really meaningful at the highest level about the ocsf initiative um and then it goes beyond I think the Tactical value it will provide to to organizations and to customers in terms of making them safer um over the coming years and and decades I think what's more important than that is it's really the one of the first times that you've seen um the industry come together and say we got a problem we need to solve that you know doesn't really have anything to do with with our own economics um our customers are are hurting and yeah some of us may be competitors um uh you know we got different cloud service providers that are participating in this along with AWS we've got different cyber security solution providers participating in this along with spelunk um but but folks have come together and say we can actually solve this problem um if if we're able to kind of put aside our competitive differences in the markets and approach this from the perspective of what's best for information security as a whole um and and I think that's what I'm most proud of uh and and what I hope we can do more of in other places in this industry because I think that kind of collaboration from real Market leaders can actually um change markets it can change the the the trend lines in terms of how we are keeping up with the bad guys and and I'd like to see a lot more of that and we're seeing a lot more new kind of things emerging in the cloud next kind of this next Generation architecture and alcohol thumbs are happening I think it's interesting you know we always talk about sustainability supply chain sustainability about making the earth a better place but you're hitting on this this meta point about businesses are under threat of going under I mean we want to keep businesses to businesses to be sustainable not just you know the the environment so if a business goes out of business which the threats here are can be catastrophic for companies I mean there is there is a community responsibility to protect businesses so they can sustain and stay stay producing this is a real key point yeah yeah I mean look I think I think one of the things that you know we We complain a lot in in cyber security about the lack of of talent the talent shortage and cyber security and every year we kind of we kind of uh whack ourselves over the head about how hard it is to bring people into this industry and it's true um but one of the things that I think we forget John is is how important mission is to so many people in what they do for a living and how they work and I think one of the things that cyber security is strongest in information security General and has been for decades is this sense of mission and people work in this industry not because it's it's it's always the the the most lucrative but because it really drives a sense of um Safety and Security in the Enterprises and the fabric of the economy that we use every day to go through our lives and when I think about the sport customers and AWS customers I think about um um the the different products and tools that power my life and and we need to secure them and and sometimes that means coming to work every day at that company and doing your job and sometimes that means working with others better faster and stronger to help drive that level of of maturity and security that this industry needs it's a human it's a human opportunity human problem and and challenge that's a whole other segment the role of the talent and the human machines and with scale Patrick thanks so much for sharing the information and the Insight on the open cyber security schema frame and what it means and why it's important thanks for sharing on thecube really appreciate it thanks for having me John okay this is AWS re invent 2022 coverage here on thecube I'm John Furrier the host thanks for watching foreign [Music]

(upbeat music) >> Hello everyone, welcome to this CUBE Showcase, accelerating business transformation with VMware Cloud on AWS. It's a solution innovation conversation with two great guests, Fred Wurden, VP of Commercial Services at AWS and Narayan Bharadwaj, who's the VP and General Manager of Cloud Solutions at VMware. Gentlemen, thanks for joining me on the showcase. >> Great to be here. >> Great. Thanks for having us on. It's a great topic. >> We've been covering this VMware cloud on AWS since the launch going back and it's been amazing to watch the evolution from people saying, Oh, it's the worst thing I've ever seen. What's this mean? And the press were not really on board with the vision, but as it played out as you guys had announced together, it did work out great for VMware. It did work out great for AWS and it continues two years later and I want to just get an update from you guys on where you guys see this has been going. I'll see multiple years. Where is the evolution of the solution as we are right now coming off VMware explorer just recently and going in to re:Invent, which is only a couple weeks away Feels like tomorrow. But as we prepare, a lot going on. Where are we with the evolution of the solution? >> I mean, first thing I want to say is October 2016 was a seminal moment in the history of IT. When Pat Gelsinger and Andy Jassy came together to announce this. And I think John, you were there at the time I was there. It was a great, great moment. We launched the solution in 2017 year after that at VMworld, back when we called it VMworld. I think we have gone from strength to strength. One of the things that has really mattered to us is we've learned from AWS also in the processes, this notion of working backwards. So we really, really focused on customer feedback as we built a service offering now five years old. Pretty remarkable journey. In the first years we tried to get across all the regions, that was a big focus because there was so much demand for it. In the second year, we started going really on enterprise great features. We invented this pretty awesome feature called Stretched Clusters, where you could stretch a vSphere cluster using vSAN and NSX-T across to AZs in the same region. Pretty phenomenal four nines of availability that applications started to get with that particular feature. And we kept moving forward, all kinds of integration with AWS Direct Connect, Transit Gateways with our own advanced networking capabilities. Along the way, Disaster Recovery, we punched out two new services just focused on that. And then more recently we launched our Outposts partnership. We were up on stage at re:Invent, again, with Pat and Andy announcing AWS Outposts and the VMware flavor of that, VMware Cloud and AWS Outposts. I think it's been significant growth in our federal sector as well with our federal and high certification more recently. So all in all, we are super excited. We're five years old. The customer momentum is really, really strong and we are scaling the service massively across all geos and industries. >> That's great, great update. And I think one of the things that you mentioned was how the advantages you guys got from that relationship. And this has been the theme for AWS, man, since I can remember from day one, Fred. You guys do the heavy lifting as you always say for the customers. Here, VMware comes on board. Takes advantage of the AWS and just doesn't miss a beat. Continues to move their workloads that everyone's using, vSphere, and these are big workloads on AWS. What's the AWS perspective on this? How do you see it? >> Yeah, it's pretty fascinating to watch how fast customers can actually transform and move when you take the skill set that they're familiar with and the advanced capabilities that they've been using on-prem and then overlay it on top of the AWS infrastructure that's evolving quickly and building out new hardware and new instances we'll talk about. But that combined experience between both of us on a jointly engineered solution to bring the best security and the best features that really matter for those workloads drive a lot of efficiency and speed for the customers. So it's been well received and the partnership is stronger than ever from an engineering standpoint, from a business standpoint. And obviously it's been very interesting to look at just how we stay day one in terms of looking at new features and work and responding to what customers want. So pretty excited about just seeing the transformation and the speed that which customers can move to while at VMC. >> That's a great value proposition. We've been talking about that in context to anyone building on top of the cloud. They can have their own supercloud, as we call it, if you take advantage of all the CapEx and investment Amazon's made and AWS has made and continues to make in performance IaaS and PaaS, all great stuff. I have to ask you guys both as you guys see this going to the next level, what are some of the differentiations you see around the service compared to other options in the market? What makes it different? What's the combination? You mentioned jointly engineered. What are some of the key differentiators of the service compared to others? >> Yeah. I think one of the key things Fred talked about is this jointly engineered notion. Right from day one we were the early adopters of the AWS Nitro platform. The reinvention of EC2 back five years ago. And so we have been having a very, very strong engineering partnership at that level. I think from a VMware customer standpoint, you get the full software-defined data center, compute storage networking on EC2, bare metal across all regions. You can scale that elastically up and down. It's pretty phenomenal just having that consistency globally on AWS EC2 global regions. Now the other thing that's a real differentiator for us, what customers tell us about is this whole notion of a managed service. And this was somewhat new to VMware. But we took away the pain of this undifferentiated heavy lifting where customers had to provision rack stack hardware, configure the software on top, and then upgrade the software and the security patches on top. So we took away all of that pain as customers transitioned to VMware cloud in AWS. In fact, my favorite story from last year when we were all going through the Log4j debacle. Industry was just going through that. Favorite proof point from customers was before they could even race this issue to us, we sent them a notification saying, we already patched all of your systems, no action from you. The customers were super thrilled. I mean, these are large banks. Many other customers around the world were super thrilled they had to take no action, but a pretty incredible industry challenge that we were all facing. >> Narayan, that's a great point. The whole managed service piece brings up the security. You kind of teasing at it, but there's always vulnerabilities that emerge when you are doing complex logic. And as you grow your solutions, there's more bits. Fred, we were commenting before we came on camera more bits than ever before and at the physics layer too, as well as the software. So you never know when there's going to be a zero-day vulnerability out there. It happens. We saw one with Fortinet this week. This came out of the woodwork. But moving fast on those patches, it's huge. This brings up the whole support angle. I wanted to ask you about how you guys are doing that as well, because to me, we see the value when we talk to customers on theCUBE about this. It was a real easy understanding of what the cloud means to them with VMware now with the AWS. But the question that comes up that we want to get more clarity on is how do you guys handle support together? >> Well, what's interesting about this is that it's done mutually. We have dedicated support teams on both sides that work together pretty seamlessly to make sure that whether there's a issue at any layer, including all the way up into the app layer, as you think about some of the other workloads like SAP, we'll go end-to-end and make sure that we support the customer regardless of where the particular issue might be for them. And on top of that, we look at where we're improving reliability in as a first order of principle between both companies. So from availability and reliability standpoint, it's top of mind and no matter where the particular item might land, we're going to go help the customer resolve that. It works really well. >> On the VMware side, what's been the feedback there? What are some of the updates? >> Yeah, I think, look, I mean, VMware owns and operates the service, but we work phenomenal backend relationship with AWS. Customers call VMware for the service or any issues. And then we have a awesome relationship with AWS on the backend for support issues or any hardware issues. The key management that we jointly do. All of the hard problems that customers don't have to worry about. I think on the front end, we also have a really good group of solution architects across the companies that help to really explain the solution, do complex things like cloud migration, which is much, much easier with the VMware Cloud in AWS. We're presenting that easy button to the public cloud in many ways. And so we have a whole technical audience across the two companies that are working with customers every single day. >> You had mentioned, I've got list here of some of the innovations. You mentioned the stretch clustering, getting the geos working, advanced network, Disaster Recovery, FedRAMP, public sector certifications, Outposts. All good, you guys are checking the boxes every year. You got a good accomplishments list there on the VMware AWS side here in this relationship. The question that I'm interested in is what's next? What recent innovations are you doing? Are you making investments in? What's on the list this year? What items will be next year? How do you see the new things, the list of accomplishments? People want to know what's next. They don't want to see stagnant growth here. They want to see more action as cloud continues to scale and modern applications cloud native. You're seeing more and more containers, more and more CI/CD pipelining with modern apps, put more pressure on the system. What's new? What's the new innovations? >> Absolutely. And I think as a five year old service offering, innovation is top of mind for us every single day. So just to call out a few recent innovations that we announced in San Francisco at VMware Explore. First of all, our new platform i4i.metal. It's isolate based. It's pretty awesome. It's the latest and greatest, all the speeds and feeds that we would expect from VMware and AWS at this point in our relationship. We announced two different storage options. This notion of working from customer feedback, allowing customers even more price reductions, really take off that storage and park it externally and separate that from compute. So two different storage offerings there. One is with AWS FSx with NetApp ONTAP, which brings in our NetApp partnership as well into the equation and really get that NetApp based really excited about this offering as well. And the second storage offering called VMware Cloud Flex Storage. VMware's own managed storage offering. Beyond that, we have done a lot of other innovations as well. I really wanted to talk about VMware Cloud Flex Compute where previously customers could only scale by hosts and a host is 36 to 48 cores, give or take. But with VMware Cloud Flex Compute, we are now allowing this notion of a resource defined compute model where customers can just get exactly the vCPU memory and storage that maps to the applications, however small they might be. So this notion of granularity is really a big innovation that we are launching in the market this year. And then last but not least, top of ransomware. Of course it's a hot topic in the industry. We are seeing many, many customers ask for this. We are happy to announce a new ransomware recovery with our VMware Cloud DR solution. A lot of innovation there and the way we are able to do machine learning and make sure the workloads that are covered from snapshots and backups are actually safe to use. So there's a lot of differentiation on that front as well. A lot of networking innovations with Project Northstar. Our ability to have layer four through layer seven, new SaaS services in that area as well. Keep in mind that the service already supports managed Kubernetes for containers. It's built in to the same clusters that have virtual machines. And so this notion of a single service with a great TCO for VMs and containers is sort at the heart of our (faintly speaking). >> The networking side certainly is a hot area to keep innovating on. Every year it's the same, same conversation, get better faster, networking more options there. The Flex Compute is interesting. If you don't mind me getting a quick clarification, could you explain the resource-defined versus hardware-defined? Because this is what we had saw at Explore coming out, that notion of resource-defined versus hardware-defined. What does that mean? >> Yeah, I mean I think we have been super successful in this hardware-defined notion. We we're scaling by the hardware unit that we present as software-defined data centers. And so that's been super successful. But customers wanted more, especially customers in different parts of the world wanted to start even smaller and grow even more incrementally. Lower the cost even more. And so this is the part where resource-defined starts to be very, very interesting as a way to think about, here's my bag of resources exactly based on what the customers request before fiber machines, five containers. It's size exactly for that. And then as utilization grows, we elastically behind the scenes, we're able to grow it through policies. So that's a whole different dimension. That's a whole different service offering that adds value and customers are comfortable. They can go from one to the other. They can go back to that host based model if they so choose to. And there's a jump off point across these two different economic models. >> It's cloud flexibility right there. I like the name. Fred, let's get into some of the examples of customers, if you don't mind, let's get into some of the, we have some time. I want to unpack a little bit of what's going on with the customer deployments. One of the things we've heard again on theCUBE is from customers is they like the clarity of the relationship, they love the cloud positioning of it. And then what happens is they lift and shift the workloads and it's like feels great. It's just like we're running VMware on AWS and then they start consuming higher level services. That adoption next level happens and because it's in the cloud. So can you guys take us through some recent examples of customer wins or deployments where they're using VMware cloud on AWS on getting started and then how do they progress once they're there? How does it evolve? Can you just walk us through a couple use cases? >> Sure. Well, there's a couple. One, it's pretty interesting that like you said, as there's more and more bits, you need better and better hardware and networking. And we're super excited about the i4 and the capabilities there in terms of doubling and or tripling what we're doing around lower variability on latency and just improving all the speeds. But what customers are doing with it, like the college in New Jersey, they're accelerating their deployment on onboarding over like 7,400 students over a six to eight month period. And they've really realized a ton of savings. But what's interesting is where and how they can actually grow onto additional native services too. So connectivity to any other services is available as they start to move and migrate into this. The options there obviously are tied to all the innovation that we have across any services, whether it's containerized and with what they're doing with Tanzu or with any other container and or services within AWS. So there's some pretty interesting scenarios where that data and or the processing, which is moved quickly with full compliance, whether it's in like healthcare or regulatory business is allowed to then consume and use things, for example, with Textract or any other really cool service that has monthly and quarterly innovations. So there's things that you just could not do before that are coming out and saving customers money and building innovative applications on top of their current app base in a rapid fashion. So pretty excited about it. There's a lot of examples. I think I probably don't have time to go into too many here. But that's actually the best part is listening to customers and seeing how many net new services and new applications are they actually building on top of this platform. >> Narayan, what's your perspective from the VMware side? 'Cause you guys have now a lot of headroom to offer customers with Amazon's higher level services and or whatever's homegrown where it's being rolled out 'cause you now have a lot of hybrid too. So what's your take on what's happening in with customers? >> I mean, it's been phenomenal. The customer adoption of this and banks and many other highly sensitive verticals are running production-grade applications, tier one applications on the service over the last five years. And so I have a couple of really good examples. S&P Global is one of my favorite examples. Large bank, they merge with IHS Markit, big conglomeration now. Both customers were using VMware Cloud and AWS in different ways. And with the use case, one of their use cases was how do I just respond to these global opportunities without having to invest in physical data centers? And then how do I migrate and consolidate all my data centers across the global, which there were many. And so one specific example for this company was how they migrated 1000 workloads to VMware Cloud and AWS in just six weeks. Pretty phenomenal if you think about everything that goes into a cloud migration process, people process technology. And the beauty of the technology going from VMware point A to VMware point B. The lowest cost, lowest risk approach to adopting VMware Cloud and AWS. So that's one of my favorite examples. There are many other examples across other verticals that we continue to see. The good thing is we are seeing rapid expansion across the globe, but constantly entering new markets with a limited number of regions and progressing our roadmap. >> It's great to see. I mean, the data center migrations go from months, many, many months to weeks. It's interesting to see some of those success stories. Congratulations. >> One of the other interesting fascinating benefits is the sustainability improvement in terms of being green. So the efficiency gains that we have both in current generation and new generation processors and everything that we're doing to make sure that when a customer can be elastic, they're also saving power, which is really critical in a lot of regions worldwide at this point in time. They're seeing those benefits. If you're running really inefficiently in your own data center, that is not a great use of power. So the actual calculators and the benefits to these workloads are pretty phenomenal just in being more green, which I like. We just all need to do our part there and this is a big part of it here. >> It's a huge point about the sustainability. Fred, I'm glad you called that out. The other one I would say is supply chain issue is another one. You see that constraints. I can't buy hardware. And the third one is really obvious, but no one really talks about it. It's security. I mean, I remember interviewing Steven Schmidt with that AWS and many years ago, this is like 2013 and at that time people were saying, the cloud's not secure. And he's like, listen, it's more secure in the cloud on-premise. And if you look at the security breaches, it's all about the on-premise data center vulnerabilities, not so much hardware. So there's a lot, the stay current on the isolation there is hard. So I think the security and supply chain, Fred, is another one. Do you agree? >> I absolutely agree. It's hard to manage supply chain nowadays. We put a lot of effort into that and I think we have a great ability to forecast and make sure that we can lean in and have the resources that are available and run them more efficiently. And then like you said on the security point, security is job one. It is the only P1. And if you think of how we build our infrastructure from Nitro all the way up and how we respond and work with our partners and our customers, there's nothing more important. >> And Narayan, your point earlier about the managed service patching and being on top of things is really going to get better. All right, final question. I really want to thank you for your time on this showcase. It's really been a great conversation. Fred, you had made a comment earlier. I want to end with a curve ball and put you eyes on the spot. We're talking about a new modern shift. We're seeing another inflection point. We've been documenting it. It's almost like cloud hitting another inflection point with application and open source growth significantly at the app layer. Continue to put a lot of pressure and innovation in the infrastructure side. So the question is for you guys each to answer is, what's the same and what's different in today's market? So it's like we want more of the same here, but also things have changed radically and better here. What's changed for the better and what's still the same thing hanging around that people are focused on? Can you share your perspective? >> I'll tackle it. Businesses are complex and they're often unique, that's the same. What's changed is how fast you can innovate. The ability to combine managed services and new innovative services and build new applications is so much faster today. Leveraging world class hardware that you don't have to worry about, that's elastic. You could not do that even five, 10 years ago to the degree you can today, especially with innovation. So innovation is accelerating at a rate that most people can't even comprehend and understand the set of services that are available to them. It's really fascinating to see what a one pizza team of engineers can go actually develop in a week. It is phenomenal. So super excited about this space and it's only going to continue to accelerate that. That's my take, Narayan. >> You got a lot of platform to compete on. With Amazon, you got a lot to build on. Narayan, your side. What's your answer to that question? >> I think we are seeing a lot of innovation with new applications that customers are constantly (faintly speaking). I think what we see is this whole notion of how do you go from desktop to production to the secure supply chain and how can we truly build on the agility that developers desire and build all the security and the pipelines to energize that production quickly and efficiently. I think we are seeing, we are at the very start of that sort of journey. Of course, we have invested in Kubernetes, the means to an end, but we're so much more beyond that's happening in industry and I think we're at the very, very beginning of this transformations, enterprise transformation that many of our customers are going through and we are inherently part of it. >> Well, gentlemen, I really appreciate that we're seeing the same thing. It's more the same here on solving these complexities with distractions, whether it's higher level services with large scale infrastructure. At your fingertips, infrastructure as code, infrastructure to be provisioned, serverless, all the good stuff happen and Fred with AWS on your side. And we're seeing customers resonate with this idea of being an operator again, being a cloud operator and developer. So the developer ops is kind of, DevOps is changing too. So all for the better. Thank you for spending the time and we're seeing again that traction with the VMware customer base and AWS getting along great together. So thanks for sharing your perspectives. >> We appreciate it. Thank you so much. >> Thank you John. >> This is theCUBE and AWS VMware showcase accelerating business transformation, VMware Cloud on AWS. Jointly engineered solution bringing innovation to the VMware customer base, going to the cloud and beyond. I'm John Furrier, your host. Thanks for watching. (gentle music)

foreign [Music] welcome to this Cube showcase accelerating business transformation with VMware Cloud on aw it's a solution Innovation conversation with two great guests Fred Ward and VP of Commercial Services at AWS and Narayan bardawaj who's the VP and general manager of cloud Solutions at VMware gentlemen thanks for uh joining me on the Showcase great to be here hey thanks for having us on it's a great topic you know we we've been covering this VMware Cloud on AWS since since the launch going back and it's been amazing to watch The Evolution from people saying oh it's the worst thing I've ever seen what's this mean uh and depressed we're we're kind of not really on board with kind of the vision but as it played out as you guys had announced together it did work out great for VMware it did work out great for a divs and it continues two years later and I want to just get an update from you guys on where you guys see this has been going obviously multiple years where is the evolution of the solution as we are right now coming off VMware Explorer just recently and going in to reinvent uh which is only a couple weeks away uh this feels like tomorrow but you know as we prepare a lot going on where are we with the evolution of the solution I mean the first thing I want to say is you know October 2016 was a seminal moment in the history of I.T right when bad girls singer and Andy jassy came together to announce this and I think John you were there at the time I was there it was a great great moment we launched the solution in 2017 the year after that at vmworld back when we called it vmworld I think we've gone from strength to strength one of the things that has really mattered to us is we've learned from AWS also and the process is this notion of working backwards so we're really really focused on customer feedback as we build the service offering now five years old pretty remarkable Journey uh you know in the first years we tried to get across all the regions you know that was a big Focus because there was so much demand for it in the second year we started going really on Enterprise great features we invented this pretty awesome feature called stretch clusters where you could stretch a vsphere cluster using vsan NSX across two azs in the same region pretty phenomenal for lines of availability that applications start started to get with that particular feature and we kept moving forward all kinds of integration with AWS direct connect Transit gateways with our own Advanced networking capabilities uh you know along the way Disaster Recovery we punched out you need two new Services just focused on that and then more recently we launched our outposts partnership we were up on the stage at reinvent again with Pat and Andy announcing AWS outposts and the VMware flavor of that VMware cloud and AWS outposts I think it's been significant growth in our federal sector as well the federal Empire certification more recently so all in all we're super excited we're five years old the customer momentum is really really strong we are scaling the service massively across all GEOS and industries that's great great update and I think one of the things that you mentioned was how the advantages you guys got from that relationship and this has kind of been the theme for AWS man since I can remember from day one Fred you guys do the heavy lifting as as it's always say for the customers here VMware comes on board takes advantage of the AWS and kind of just doesn't miss a beat continues to move their workloads that everyone's using you know vsphere and these are these are Big workloads on AWS what's the AWS perspective on this how do you see it yeah uh it's pretty fascinating to watch how fast customers can actually transform and move when you take the the skill set that they're familiar with and the advanced capabilities that they've been using on-prem and then overlay it on top of the AWS infrastructure that's that's evolving quickly and and building out new hardware and new instances we'll talk about uh but that combined experience between both of us on a jointly engineered solution uh to bring the best security and the best features that really matter for those workloads uh drive a lot of efficiency and speed for the for the customer so it's been well received and the partnership is stronger than ever from an engineering standpoint from a business standpoint and obviously it's been very interesting to look at just how we stay day one in terms of looking at new features and work and and responding to what customers want so pretty pretty excited about just seeing the transformation and the speed that which customers can move to uh BMC yeah that's a great value probably we've been talking about that in context to anyone building on top of the cloud they can have their own super cloud as we call it if you take advantage of all the capex and investment Amazon's made and AWS is made and and continues to make in performance I as and pass all great stuff I have to ask you guys both as you guys see this going to the next level what are some of the differentiations you see around the service compared to other options on the market what makes it different what's the combination you mentioned jointly engineered what are some of the key differentias of the service compared to others yeah I think one of the key things red talked about is this jointly engineered notion right from day one we were the earlier doctors of the AWS Nitro platform right the reinvention of ec2 back five years ago and so we've been you know having a very very strong engineering partnership at that level I think from uh we have a customer standpoint you get the full software-defined data center compute storage networking on ec2 bare metal across all regions you can scale that elastically up and down it's pretty phenomenal just having that consistency Global right on AWS ec2 Global regions now the other thing that's a real differentiator for us customers tell us about is this whole notion of a managed service right and this was somewhat new to VMware this undifferentiated heavy lifting where customers are to provision rack stack Hardware configure the software on top and then upgrade the software and the security patches on top so we took away all of that pain as customers transition to VMware cloud and AWS in fact my favorite story from last year when we were all going through the lock for Jay debacle the industry was just going through that right favorite proof point from customers was before they could even race uh this issue to us we sent them a notification saying uh we already patched all of your systems no action from you the customers were super thrilled I mean these are large Banks many other customers around the world super thrill they had to take no action for a pretty incredible industry challenge that we were all facing that's a great point you know the whole managed service piece brings up the security and you're kind of teasing at it but you know there's always vulnerabilities that emerge when you're doing complex logic and as you grow your Solutions there's more bits you know Fred we were commenting before we came on cameras more bits than ever before and and at the physics layer too as well as the software so you never know when there's going to be a zero day vulnerability out there just it happens we saw one with Fortinet this week um this came out of the woodwork but moving fast on those patches is huge this brings up the whole support angle I wanted to ask you about how you guys are doing that as well because to me we see the value when we when we talk to customers on the cube about this you know it was a real real easy understanding of how what the cloud means to them with VMware now with the AWS but the question that comes up that we want to get more clarity on is how do you guys handle the support together well what's interesting about this is that it's it's done mutually we have dedicated support teams on both sides that work together pretty seamlessly to make sure that whether there's a issue at any layer including all the way up into the app layer as you think about some of the other workloads like sap we'll go end to end and make sure that we support the customer regardless of where the particular issue might be for them uh and on top of that we look at where where we're improving reliability in as a first order of principle between both companies so from an availability and reliability standpoint it's it's top of mind and no matter where the particular item might land we're going to go help the customer resolve that works really well on the VMware side let's spend the feedback there what's the what's some of the updates same scene yeah yeah I think uh look I mean VMware owns and operates the service will be a phenomenal back in relationship with AWS customers call VMware for the service for any issues and then we have a awesome relationship with AWS in the back end for support issues for any hardware issues capacity management that we jointly do right all the hard problems that customers don't have to worry about uh I think on the front end we also have a really good group of solution Architects across the companies that help to really explain the solution do complex things like Cloud migration which is much much easier with VMware on AWS we're presenting that easy button to the public cloud in many ways and so we have a whole technical audience across the two companies that are working with customers every single day you know you had mentioned a list here some of the Innovations the you mentioned the stretch clustering you know getting the GEOS working Advanced Network disaster recovery um you know fed fed ramp public sector certifications outposts all good you guys are checking the boxes every year you got a good good accomplishments list there on the VMware AWS side here in this relationship the question that I'm interested in is what's next what uh recent Innovations are you doing are you making investments in what's on the list this year what items will be next year how do you see the the new things the list of the cosmos people want to know what's next they don't want to see stagnant uh growth here they want to see more action you know as as uh Cloud kind of continues to scale and modern applications Cloud native you're seeing more and more containers more and more you know more CF CI CD pipelining with with modern apps putting more pressure on the system what's new what's the new Innovations absolutely and I think as a five-year-old service offering uh Innovation is top of mind for us every single day so just to call out a few recent innovations that we announced in San Francisco at VMware Explorer um first of all uh our new platform i4i dot metal it's isolate based it's pretty awesome it's the latest and greatest uh all the speeds and beats that you would expect from VMware and AWS at this point in our relationship we announced two different storage options this notion of working from customer feedback allowing customers even more price reductions really take off that storage and park it externally right and you know separate that from compute so two different storage offerings there one is with AWS FSX NetApp on tap which brings in our NetApp partnership as well into the equation and really get that NetApp based really excited about this offering as well and the second storage offering called VMware Cloud Flex story vmware's own managed storage offering beyond that we've done a lot of other Innovations as well I really wanted to talk about VMware Cloud Flex compute where previously customers could only scale by hosts you know host is 36 to 48 cores give or take but with VMware cloudflex compute we are now allowing this notion of a resource defined compute model where customers can just get exactly the vcpu memory and storage that maps to the applications however small they might be so this notion of granularity is really a big innovation that that we are launching in the market this year and then last but not least topper ransomware of course it's a Hot Topic in the industry we are seeing many many customers ask for this we are happy to announce a new ransomware recovery with our VMware Cloud VR solution a lot of innovation there and the way we are able to do machine learning and make sure the workloads that are covered from snapshots backups are actually safe to use so there's a lot of differentiation on that front as well a lot of networking Innovations with project North Star the ability to have layer 4 through layer seven uh you know new SAS services in that area as well keep in mind that the service already supports managed kubernetes for containers it's built in to the same clusters that have virtual machines and so this notion of a single service with a great TCO for VMS and containers is sort of at the heart of our option the networking side certainly is a hot area to keep innovating on every year it's the same same conversation get better faster networking more more options there the flex computes interesting if you don't mind me getting a quick clarification could you explain the address between resource defined versus Hardware defined because this is kind of what we had saw at explore coming out that notion of resource defined versus Hardware defined what's that what does that mean yeah I mean I think we've been super successful in this Hardware defined notion where we're scaling by the hardware unit uh that we present as software-defined data centers right so that's been super successful but we you know customers wanted more especially customers in different parts of the world wanted to start even smaller and grow even more incrementally right lower the cost even more and so this is the part where resource defined starts to be very very interesting as a way to think about you know here's my bag of resources exactly based on what the customer's requested it would be for fiber machines five containers its size exactly for that and then as utilization grows we elastically behind the scenes were able to grow it through policies so that's a whole different dimension it's a whole different service offering that adds value when customers are comfortable they can go from one to the other they can go back to that post-based model if they so choose to and there's a jump off point across these two different economic models it's kind of cloud flexibility right there I like the name Fred let's get into some of the uh examples of customers if you don't mind let's get into some of these we have some time I want to unpack a little bit of what's going on with the customer deployments one of the things we've heard again on the cube is from customers is they like the clarity of the relationship they love the cloud positioning of it and then what happens is they lift and shift the workloads and it's like feels great it's just like we're running VMware on AWS and then they start consuming higher level Services kind of that adoption Next Level happens um and because it's in the cloud so so can you guys take us through some recent examples of customer wins or deployments where they're using VMware Cloud on AWS on getting started and then how do they progress once they're there how does it evolve can you just walk us through a couple use cases sure um there's a well there's a couple one it's pretty interesting that you know like you said as there's more and more bids you need better and better hardware and networking and we're super excited about the I-4 uh and the capabilities there in terms of doubling and or tripling what we're doing around a lower variability on latency and just improving all the speeds but what customers are doing with it like the college in New Jersey they're accelerating their deployment on a on onboarding over like 7 400 students over a six to eight month period and they've really realized a ton of savings but what's interesting is where and how they can actually grow onto additional native Services too so connectivity to any other services is available as they start to move and migrate into this um the the options there obviously are tied to all the Innovation that we have across any Services whether it's containerized and with what they're doing with tanzu or with any other container and or services within AWS so so there's there's some pretty interesting scenarios where that data and or the processing which is moved quickly with full compliance whether it's in like health care or regulatory business is is allowed to then consume and use things for example with text extract or any other really cool service that has you know monthly and quarterly Innovations so there's things that you just can't could not do before that are coming out uh and saving customers money and building Innovative applications on top of their uh their current uh app base in in a rapid fashion so pretty excited about it there's a lot of examples I think I probably don't have time to go into too many here yeah but that's actually the best part is listening to customers and seeing how many net new services and new applications are they actually building on top of this platform now Ryan what's your perspective from the VMware psychics you know you guys have now a lot of head room to offer customers with Amazon's you know higher level services and or whatever's homegrown what is being rolled out because you now have a lot of hybrid too so so what's your what's your take on what what's happening and with customers I mean it's been phenomenal the customer adoption of this and you know Banks and many other highly sensitive verticals are running production grade applications tier one applications on the service over the last five years and so you know I have a couple of really good examples SNP Global is one of my favorite examples large Bank the merch with IHS Market big sort of conglomeration now both customers were using VMware cloud and AWS in different ways and with the uh with the use case one of their use cases was how do I just respond to these Global opportunities without having to invest in physical data centers and then how do I migrate and consolidate all my data centers across the globe of which there were many and so one specific example for this company was how they migrated thousand one thousand workloads to VMware cloud and AWS in just six weeks pretty phenomenal if you think about everything that goes into a cloud migration process people process technology and the beauty of the technology going from VMware point a to VMware point B the the lowest cost lowest risk approach to adopting we have our cloud in AWS so that's uh you know one of my favorite examples there are many other examples across other verticals that we continue to see the good thing is we're seeing rapid expansion across the globe we're constantly entering new markets uh with a limited number of regions and progressing our roadmap it's great to see I mean the data center migrations go from months many many months to weeks it's interesting to see some of those success stories so congratulations another one of the other uh interesting uh and fascinating uh uh benefits is the sustainability Improvement in terms of being green so the efficiency gains that we have both in current uh generation and New Generation processors and everything that we're doing to make sure that when a customer can be elastic they're also saving power which is really critical in a lot of regions worldwide at this point in time they're they're seeing those benefits if you're running really inefficiently in your own data center that is just a not a great use of power so the actual calculators and the benefits to these workloads is are pretty phenomenal just in being more green which I like we just all need to do our part there and and this is a big part of it here it's a huge it's a huge point about sustainability for everyone glad you called that out the other one I would say is supply chain issues another one you see that constrains I can't buy hardware and the third one is really obvious but no one really talks about it it's security right I mean um I remember interviewing Steven Schmidt with that AWS and many years ago this is like 2013 and um you know at that time people saying the Cloud's not secure and he's like listen it's more secure in the cloud than on premise and if you look at the security breaches it's all about the on-premise data center vulnerabilities not so much Hardware so there's a lot you gotta the the stay current on on the isolation there is hard so I think I think the security and supply chain threat is another one do you agree I I absolutely agree uh it's it's hard to manage supply chain nowadays we put a lot of effort into that and I think we have a great ability to forecast and make sure that we can lean in and have the resources that are available and run them run them more efficiently yeah and then like you said on the security Point Security is job one it is it is the only P1 and if you think of how we build our infrastructure from Nitro all the way up and how we respond and work with our partners and our customers there's nothing more important and Narayan your point earlier about the managed service patching and being on top of things is really going to get better all right final question I really want to thank you for your time on this showcase it's really been a great conversation uh Fred you had made a comment earlier I want to kind of end with the kind of a curveball and put you guys on the spot we're talking about a modern a new modern shift it's another we're seeing another inflection point we've been documenting it it's almost like Cloud hitting another inflection point um with application and open source growth significantly at the app layer continue to put a lot of pressure and innovation in the infrastructure side so the question is for you guys each to answer is what's the same and what's different in today's market so it's kind of like we want more of the same here but also things have changed radically and better here what are the what's what's changed for better and where what's still the same kind of thing hanging around that people are focused on can you share your perspective I'll I'll tackle it um you know uh businesses are complex and they're often unique uh that that's the same uh what's changed is how fast you can innovate the ability to combine manage services and new Innovative services and build new applications is so much faster today leveraging world-class Hardware uh that you don't have to worry about that's elastic you could not do that even five ten years ago to the degree you can today especially with the Innovation so Innovation is accelerating uh at a rate that most people can't even comprehend and understand the the set of services that are available to them it's really fascinating to see what a one pizza team of of Engineers can go actually develop in a week it is phenomenal so super excited about this space and it's only going to continue to accelerate that that's my take there I am you got a lot of platform to compete on with Amazon I got a lot to build on the memory which then you're right on your side what's your what's your answer to that question I think we're seeing a lot of innovation with new applications that customers [Music] I think uh what we see is this whole notion of how do you go from desktop to production to the secure supply chain and how can we truly uh you know build on the agility that developers desire and build all the security and the pipelines to energize that motor production quickly and efficiently I think we are seeing uh you know we're at the very start of that sort of uh of Journey um of course we have invested in kubernetes means to an end but it's so much more Beyond that's happening in the industry and I think we're at the very very beginning of this Transformations Enterprise transformation that many of our customers are going through and we're inherently part of it yeah well gentlemen I really appreciate that we're seeing the same things more the same here on you know solving these complexities with abstractions whether it's you know higher level services with large-scale infrastructure um at your fingertips infrastructure is code infrastructure to be provisioned serverless all the good stuff happening Fred with AWS on your side and we're seeing customers resonate with this idea of being an operator again being a cloud operator and developer so the developer Ops is kind of devops is kind of changing too so all for the better thank you for spending the time we're seeing again that traction with the VMware customer base and it was getting getting along great together so thanks for sharing your perspectives they appreciate it thank you so much okay thank you John okay this is thecube and AWS VMware showcase accelerating business transformation VMware Cloud on AWS jointly engineered solution bringing Innovation to the VMware customer base going to the cloud and Beyond I'm John Furrier your host thanks for watching [Music]

>>Welcome back to the aria in Las Vegas, Dave Valante with Dave Nicholson, Falcon 22, the Cube's continuous coverage. Sean Henry is here. He's the president of the services division and he's the chief security officer at CrowdStrike. And he's joined by Kevin mania, CEO of Mandy. Now part of Google Jens. Welcome to the cube. Thank you. Congrats on closing the Google deal. Thank you. That's great. New chapter, >>New >>Chapter coming fresh off the keynote, you and George. I really en enjoyed that. Let's start there. One of the things you talked about was the changes you've been, you've been in this business for a while. I think you were talking about, you know, doing some of these early stuff in the nineties. Wow. Things have changed a lot the queen, right? Right. You used to put the perimeter around the queen. Yeah. Build the Mo the Queen's left or castle new ballgame. But you were talking about the board level knowledge of security in the organization. Talk about that change. That's occurred in the last >>Decade. You know, boards are all about governance, right? Making sure everybody's doing the right things. And they've kind of had a haul pass on cybersecurity for a long time. Like we expect them to be great at financial diligence, they understand the financials of an organization. You're gonna see a maturity, I think in cybersecurity where I think board members all know, Hey, there's risk out there. And we're on our own to kind of defend ourselves from it, but they don't know how to quantify it. And they don't know how to express it. So bottom line boards are interested in cyber and we just have to mature as an industry to give them the tools they need to measure it appropriately. >>Sean, one of the things I wanted to ask you. So Steven Schmidt, I noticed changed his title from CISOs chief inf information security officer, the chief security officer. Your title is chief security officer. Is that a nuance that has meaning to you or is it just less acronym? >>It depends on the organization that you're in, in our organization, the chief security officer owns all risks. So I have a CISO that comes underneath me. Yep. And I've got a security folks that are handling our facilities, our personnel, those sorts of things, all, all of our offices around the globe. So it's all things security. One of the things that we've found and Kevin and I were actually talking about this earlier is this intersection between the physical world and the virtual world. And if you've got adversaries that want gain access to your organization, they might do it remotely by trying to hack into your network. But they also might try to get one of your employees to take an action on their behalf, or they might try to get somebody hired into your company to take some nefarious acts. So from a security perspective, it's about building an envelope around all things valuable and then working it in a collaborative way. So there's a lot of interface, a lot of interaction and a lot of value in putting those things together. And, >>And you're also president of the services division. Is that a P and L role or >>It is, we have a it's P P O P and L. And we have an entire organization that's doing incident response and it's a lot of the work that we're doing with, with Kevin's folks now. So I've got both of those hats today. >>Okay. So self-funded so in a way, okay. Where are companies most at risk today? >>Huh? You wanna go on that one first? Sean, you talk fast than me. So it's bigger bang for the buck. If >>You >>Talk, you know, when I, when I think about, about companies in terms of, of their risk, it's a lot of it has to do with the expansion of the network. Companies are adding new applications, new devices, they're expanding into new areas. There are new technologies that are being developed every day and that are being embraced every day. And all of those technologies, all of those applications, all of that hardware is susceptible to attack. Adversaries are looking for the vulnerabilities they can exploit. And I think just kind of that sprawl is something that is, is disconcerting to me from a security perspective, we need to know where our assets are, where the vulnerabilities lie, how do we plug the holes? And having that visibility is really critical to ensure that you're you're in, involved in mitigating that, that new architecture, >>Anything you >>Did. Yeah. I would like when I, so I can just tell you what I'm hearing from CISOs out there. They're worried about identity, the lateral movement. That's been kind of part of every impactful breach. So in identity's kind of top three of mind, I would say zero trust, whatever that means. And we all have our own definitions of migration to zero trust and supply chain risk. You know, whether they're the supplier, they wanna make sure they can prove to their customers, they have great security practices. Or if they're a consumer of a supply chain, you need to understand who's in their supply chain. What are their dependencies? How secure are they? Those are just three topics that come up all the time. >>As we extend, you know, talking about XDR the X being extend. Do you see physical security as something that's being extended into? Or is it, or is it already kind of readily accepted that physical security goes hand in hand with information security? >>I, I don't think a lot of people think that way there certainly are some and Dave mentions Amazon and Steve Schmidt as a CSO, right? There's a CSO that works for him as well. CJ's clear integration. There's an intelligence component to that. And I think that there are certain organizations that are starting to recognize and understand that when we say there's no real perimeter, it, it expands the network expands into the physical space. And if you're not protecting that, you know, if you don't protect the, the server room and somebody can actually walk in the doors unlocked, you've got a vulnerability that might be exploited. So I think to, to recognize the value of that integration from a security perspective, to be holistic and for organizations to adopt a security first philosophy that all the employees recognize they're, they're the, the first line of defense. Oftentimes not just from a fish, but by somebody catching up with them and handing 'em a thumb drive, Hey, can you take a look at this document? For me, that's a potential vulnerability as well. So those things need to be integrated. >>I thought the most interesting part of the keynote this morning is when George asked you about election security and you immediately went to the election infrastructure. I was like, yeah. Okay. Yeah. But then I was so happy to hear you. You went to the disinformation, I learned something there about your monitoring, the network effects. Sure. And, and actually there's a career stream around that. Right. The reason I had so years ago I interviewed was like, this was 2016, Robert Gates. Okay. Former defense. And I, I said, yeah, but don't we have the best cyber can't we go on the offense. He said, wait a minute, we have the most to lose. Right. But, but you gave an example where you can identify the bots. Like let's say there's disinformation out there. You could actually use bots in a positive way to disseminate the, the truth in theory. Good. Is, is that something that's actually happening >>Out there? Well, I think we're all still learning. You know, you can have deep fakes, both audible files or visual files, right. And images. And there's no question. The next generation, you do have to professionalize the news that you consume. And we're probably gonna have to professionalize the other side critical thinking because we are a marketplace of ideas in an open society. And it's hard to tell where's the line between someone's opinion and intentional deception, you know, and sometimes it could be the source, a foreign threat, trying to influence the hearts and minds of citizens, but there's gonna be an internal threat or domestic threat as well to people that have certain ideas and concepts that they're zealots about. >>Is it enough to, is it enough to simply expose where the information is coming from? Because, you know, look, I, I could make the case that the red Sox, right. Or a horrible baseball team, and you should never go to Fenway >>And your Yankees Jersey. >>Right. Right. So is that disinformation, is that misinformation? He'd say yes. Someone else would say no, but it would be good to know that a thousand bots from some troll farm, right. Are behind us. >>There's, it's helpful to know if something can be tied to identity or is totally anonymous. Start just there. Yeah. Yeah. You can still protect the identity over time. I think all of us, if you're gonna trust the source, you actually know the source. Right. So I do believe, and, and by the way, much longer conversation about anonymity versus privacy and then trust, right. And all three, you could spend this whole interview on, but we have to have a trustworthy internet as well. And that's not just in the tech and the security of it, but over time it could very well be how we're being manipulated as citizens and people. >>When you guys talk to customers and, and peers, when somebody gets breached, what's the number one thing that you hear that they wished they'd done that they didn't. >>I think we talked about this earlier, and I think identity is something that we're talking about here. How are you, how are you protecting your assets? How do you know who's authorized to have access? How do you contain the, the access that they have? And the, the area we see with, with these malware free attacks, where adversaries are using the existing capabilities, the operating system to move laterally through the network. I mean, Kevin's folks, my folks, when we respond to an incident, it's about looking at that lateral movement to try and get a full understanding of where the adversary's been, where they're going, what they're doing, and to try to, to find a root cause analysis. And it really is a, a critical part. >>So part of the reason I was asking you about, was it a P and L cuz you, you wear two hats, right? You've got revenue generation on one side and then you've got you protect, you know, the company and you've got peer relationships. So the reason I bring this up is I felt like when stucks net occurred, there was a lot of lip service around, Hey, we, as an industry are gonna work together. And then what you saw was a lot of attempts to monetize, you know, private data, sell private reports and things of that nature you were referencing today, Kevin, that you think the industry's doing a much better job of, of collaboration. Is it, can you talk about that and maybe give some examples? >>Absolutely. I mean, you know, I lived through it as a victim of a breach couple years ago. If you see something new and novel, I, I just can't imagine you getting away with keeping it a secret. I mean, I would even go, what are you doing? Harboring that if you have it, that doesn't mean you tell the whole world, you don't come on your show and say, Hey, we got something new novel, everybody panic, you start contacting the people that are most germane to fixing the problem before you tell the world. So if I see something that's new in novel, certainly con Sean and the team at CrowdStrike saying, Hey, there's because they protect so many endpoints and they defend nations and you gotta get to Microsoft. You have to talk to pan. You have to get to the companies that have a large capability to do shields up. And I think you do that immediately. You can't sit on new and novel. You get to the vendor where the vulnerability is, all these things have to happen at a great rate to speak. >>So you guys probably won't comment, but I'm betting dollars to donuts. This Uber lapses hack you guys knew about. >>I turned to you. >>No comment. I'm guessing. I'm guessing that the, that wasn't novel. My point being, let me, let me ask it in a more generic fashion that you can maybe comment you you're. I think you're my, my inference is we're com the industry is compressing the time between a zero day and a fix. Absolutely. Absolutely. Like dramatically. >>Yes. Oh, awareness of it and AIX. Yes. Yeah. >>Okay. Yeah. And a lot of the hacks that we see as lay people in the media you've known about for quite some time, is that fair or no, not necessarily. >>It's, you know, it's harder to handle an intrusion quietly and discreetly these days, especially with what you're up against and, and most CEOs, by the way, their intent isn't, let's handle it quietly and discreetly it's what do we do about it? And what's the right way to handle it. And they wanna inform their customers and they wanna inform people that might be impacted. I wouldn't say we know it all that far ahead of time >>And, and depends. And, and I, I think companies don't know it. Yeah. Companies don't know they've been breached for weeks or months or years in some cases. Right. Which talks about a couple things, first of all, some of the sophistication of the adversaries, but it also talks about the inability of companies to often detect this type of activity when we're brought in. It's typically very quickly after the company finds out because they recognize they've gotta take action. They've got liability, they've got brand protection. There, whole sorts of, of things they need to take care of. And we're brought in it may or may not be, become public, but >>CrowdStrike was founded on the premise that the unstoppable breach is a myth. Now that's a, that's a bold sort of vision. We're not there yet, obviously. And a and a, and a, a CSO can't, you know, accept that. Right. You've gotta always be vigilant, but is that something that is, that we're gonna actually see manifest, you know, in any, any time in the near term? I mean, thinking about the Falcon platform, you guys are users of that. I don't know if that is part of the answer, but part of it's technology, but without the cultural aspects, the people side of things, you're never gonna get there. >>I can tell you, I started Maning in 2004 at the premise security breaches are inevitable, far less marketable. Yeah. You know, stop breaches. >>So >>Yeah. I, I think you have to learn how to manage this, right? It's like healthcare, you're not gonna stop every disease, but there's a lot of things that you can do to mitigate the consequences of those things. The same thing with network security, there's a lot of actions that organizations can take to help protect them in a way that allows them to live and, and operate in a, in a, a strong position. If companies are lackadaisical that irresponsible, they don't care. Those are companies that are gonna suffer. But I think you can manage this if you're using the right technology, the right people, you've got the right philosophy security first >>In, in the culture. >>Well, I can tell you very quickly, three reasons why people think, why is there an intrusion? It should just go away. Well, wherever money goes, crime follows. We still have crime. So you're still gonna have intrusions, whether it has to be someone on the inside or faulty software and people being paid the right faulty software, you're gonna have war. That's gonna create war in the cyber domain. So information warriors are gonna try to have intrusions to get to command and control. So wherever you have command and control, you'll have a war fighter. And then wherever you have information, you have ESP Espino. So you're gonna have people trying to break in at all times. >>And, and to tie that up because everything Kevin said is absolutely right. And what he just said at the very end was people, there are human beings that are on the other side of every single attack. And think about this until you physically get physically get to the people that are doing it and stop them. Yes, this will go on forever because you can block them, but they're gonna move and you can block them again. They're gonna move their objectives. Don't change because the information you have, whether it's financial information, intellectual property, strategic military information, that's still there. They will always come at it, which is where that physical component comes in. If you're able to block well enough and they can't get you remotely, they might send somebody in. Well, >>I, in the keynote, I, I'm not kidding. I'm looking around the room and I'm thinking there's at least one person here that is here primarily to gather intelligence, to help them defeat. What's being talked about here. >>Well, you said it's, >>It's kind >>Of creepy. You said the adversary is, is very well equipped and motivated. Why do you Rob banks? Well, that's where the money is, but it's more than that. Now with state sponsored terrorism and, you know, exfiltration of state secrets, I mean, there's, it's high stake's games. You got, this >>Has become a tool of nation states in terms from a political perspective, from a military perspective, if you look at what happened with Ukraine and Russia, all the work that was done in advanced by the Russians to soften up the Ukrainians, not just collection of intelligence, not just denial of services, but then disruptive attacks to change the entire complexity of the battlefield. This, this is a, an area that's never going away. It's becoming ingrained in our lives. And it's gonna be utilized for nefarious acts for many, many decades to come. >>I mean, you're right, Sean, we're seeing the future of war right before us is, is there's. There is going to be, there is a cyber component now in war, >>I think it signals the cyber component signals the silent intention of nations period, the silent projection of power probably before you see kinetics. >>And this is where gates says we have a lot more to lose as a country. So it's hard for us to go on the offense. We have to be very careful about our offensive capabilities because >>Of one of the things that, that we do need to, to do though, is we need to define what the red lines are to adversaries. Because when you talk about human beings, you've gotta put a deterrent in place so that if the adversaries know that if you cross this line, this is what the response is going to be. It's the way things were done during nuclear proliferation, right? Right. During the cold war, here's what the actions are gonna be. It's gonna be, it's gonna be mutual destruction and you can't do it. And we didn't have a nuclear war. We're at a point now where adversaries are pushing the envelope constantly, where they're turning off the lights in certain countries where they're taking actions that are, are quite detrimental to the host governments and those red lines have to be very clear, very clearly defined and acted upon if they're >>Crossed as security experts. Can you always tie that signature back to say a particular country or a particular group? >>Absolutely. 100% every >>Time I know. Yeah. No, it it's. It's a great question. You, you need to get attribution right. To get to deterrence, right. And without attribution, where do you proportionate respond to whatever act you're responding to? So attribution's critical. Both our companies work hard at doing it and it, and that's why I think you're not gonna see too many false flag operations in cyberspace, but when you do and they're well crafted or one nation masquerades is another, it, it, it's one of the last rules of the playground I haven't seen broken yet. And that that'll be an unfortunate day. >>Yeah. Because that mutually assure destruction, a death spot like Putin can say, well, it wasn't wasn't me. Right. So, and ironically, >>It's human intelligence, right. That ultimately is gonna be the only way to uncover >>That human intelligence is a big component. >>For sure. Right. And, and David, like when you go back to, you were referring to Robert Gates, it's the asymmetry of cyberspace, right? One person in one nation. That's not a control by asset could still do an act. And it, it just adds to the complexity of, we have attribution it's from that nation, but was it in order? Was it done on behalf of that nation? Very complicated. >>So this is an industry of superheroes. Thank you guys for all you do and appreciate you coming on the cube. Wow. >>I love your Cape. >>Thank all right. Keep it right there. Dave Nicholson and Dave ante be right back from Falcon 22 from the area you watching the cue.

(upbeat music) >> Hello everyone, and welcome to Fal.Con 2022, CrowdStrike's big user conference. You're watching the Cube. My name is Dave Vallante. I'm here with my co-host David Nicholson. CrowdStrike is a company that was founded over 10 years ago. This is about 11 years, almost to the day. They're 2 billion company in revenue terms. They're growing at about 60% a year. They've got a path they've committed to wall street. They've got a path to $5 billion by mid decade. They got a $40 billion market cap. They're free, free cash flow positive and trying to build essentially a generational company with a very growing Tam and a modern platform. CrowdStrike has the fundamental belief that the unstoppable breach is a myth. David Nicholson, even though CSOs don't believe that, CrowdStrike is on a mission. Right? >> I didn't hear the phrase. Zero trust mentioned in the keynote >> Right. >> What was mentioned was this idea that CrowdStrike isn't simply a tool, it's a platform. And obviously it takes a platform to get to 5 billion. >> Yeah. So let's talk about the keynote. George Kurtz, the CEO came on. I thought the keynote was, was measured, but very substantive. It was not a lot of hype in there. Most security conferences, the two exceptions are this one and Reinforce, Amazon's big security conference. Steven Schmidt. The first time I was at a Reinforce said "All this narrative about security is such a bad industry" and "We're not doing a great job." And "It's so scary." That doesn't help the industry. George Kurtz sort of took a similar message. And you know what, Dave? When I think of security outside the context of IT I think of like security guards >> Right. >> Like protecting the billionaires. Right? That's a powerful, you know, positive thing. It's not really a defensive movement even though it is defensive but so that was kind of his posture there. But he talked about essentially what I call, not his words permanent changes in the, in the in the cyber defense industry, subsequent to the pandemic. Again, he didn't specifically mention the pandemic but he alluded to, you know, this new world that we live in. Fal.Con is a hundred sessions, eight tracks. And really his contention is we're in the early innings. These guys got 20,000 customers. And I think they got the potential to have hundreds of thousands. >> Yeah. Yeah. So, if I'm working with a security company I want them to be measured. I'm not looking for hype. I don't want those. I don't want those guards to be in disco shirts. I want them in black suits. So, you know, so the, the, the point about measured is is I think a positive one. I was struck by the competence of the people who were on stage today. I have seen very very large companies become kind of bureaucratic. And sometimes you don't get the best of the best up on stage. And we saw a lot of impressive folks. >> Yeah. Michael Santonis get up, but before we get to him. So, a couple points that Kurtz made he said, "digital transformation is needed to bring modern architectures to IT. And that brings modern security." And he laid out that whole sort of old way, new way very Andy Jassy-like old guard, new guard. He didn't hit on it that hard but he basically said "security is all about mitigating risk." And he mentioned that the the CSO I say CSO, he says CSO or CSO has a seat at the board. Now, many CSOs are board level participants. And then he went into the sort of four pillars of, of workload, and the areas that they focus on. So workload to them is end point, identity, and then data. They don't touch network security. That's where they partner with the likes of Cisco, >> Right. >> And Palo Alto networks. But then they went deep into identity threat protection, data, which is their observability platform from an acquisition called Humio. And then they went big time into XDR. We're going to talk about all this stuff. He said, "data is the new digital currency." Talked a lot about how they're now renaming, Humio, Log Scale. That's their Splunk killer. We're going to talk about that all week. And he talked a little bit about the single agent architecture. That is kind of the linchpin of CrowdStrike's architecture. And then Michael Santonis, the CTO came on and did a deep dive into each of those, and really went deep into XDR extended, right? Detection and response. XDR building on EDR. >> Yeah. I think the subject of XDR is something we'll be, we'll be touching on a lot. I think in the next two days. I thought the extension into observability was very, very interesting. When you look at performance metrics, where things are gathering those things in and being able to use a single agent to do so. That speaks to this idea that they are a platform and not just a tool. It's easy to say that you aspire to be a platform. I think that's a proof point. On the subject, by the way of their fundamental architecture. Over the years, there have been times when saying that your infrastructure requires an agent that would've been a deal killer. People say "No agents!" They've stuck to their guns because they know that the best way to deliver what they deliver is to have an agent in the environment. And it has proven to be the right strategy. >> Well, this is one of the things I want to explore with the technical architects that come on here today is, how do you build a lightweight agent that can do everything that you say it's going to do? Because they started out at endpoint, and then they've extended it to all these other modules, you know, identity. They're now into observability. They've got this data platform. They just announced that acquisition of another company they bought Preempt, which is their identity. They announced Responsify, responsify? Reposify, which is sort of extends the observability and gives them visualization or visibility. And I'm like, how do you take? How do you keep an agent lightweight? That's one of the things I want to better understand. And then the other is, as you get into XDR I thought Michael Santonis was pretty interesting. He had black hat last month. He did a little video, you know. >> That was great >> Man in the street, what's XDR what's XDR what's XDR. I thought the best response was, somebody said "a holistic approach to end point security." And so it's really an evolution of, of EDR. So we're going to talk about that. But, how do you keep an agent lightweight and still support all these other capabilities? That's something I really want to dig into, you know, without getting bloated. >> Yeah, Yeah. I think it's all about the TLAs, Dave. It's about the S, it's about SDKs and APIs and having an ecosystem of partners that will look at the lightweight agent and then develop around it. Again, going back to the idea of platform, it's critical. If you're trying to do it all on your own, you get bloat. If you try to be all things to all people with your agent, if you try to reverse engineer every capability that's out there, it doesn't work. >> Well that's one of the things that, again I want to explore because CrowdStrike is trying to be a generational company. In the Breaking Analysis that we published this week. One of the things I said, "In order to be a generational company you have to have a strong ecosystem." Now the ecosystem here is respectable, you know, but it's obviously not AWS class. You know, I think Snowflake is a really good example, ServiceNow. This feels to me like ServiceNow circa 2013. >> Yeah. >> And we've seen how ServiceNow has evolved. You know, Okta, bought Off Zero to give them the developer angle. We heard a little bit about a developer platform today. I want to dig into that some more. And we heard a lot about everybody hates their DLP. I want to get rid of my DLP, data loss prevention. And so, and the same thing with the SIM. One of the ETR round table, Eric Bradley, our colleague at a round table said "If it weren't for the compliance requirements, I would replace my SIM with XDR." And so that's again, another interesting topic. CrowdStrike, cloud native, lightweight agent, you know, some really interesting tuck in acquisitions. Great go-to-market, you know, not super hype just product that works and gets stuff done, you know, seems to have a really good, bright future. >> Yeah, no, I would agree. Definitely. No hype necessary. Just constant execution moving forward. It's clearly something that will be increasingly in demand. Another subject that came up that I thought was interesting, in the keynote, was this idea of security for elections, extending into the realm of misinformation and disinformation which are both very very loaded terms. It'll be very interesting to see how security works its way into that realm in the future. >> Yeah, yeah, >> Yeah. >> Yeah, his guy, Kevin Mandia, who is the CEO of Mandiant, which just got acquired. Google just closed the deal for $5.4 billion. I thought that was kind of light, by the way, I thought Mandiant was worth more than that. Still a good number, but, and Kevin, you know was the founder and, >> Great guy. >> they were self-funded. >> Yeah, yeah impressive. >> So. But I thought he was really impressive. He talked about election security in terms of hardening you know, the election infrastructure, but then, boom he went right to what I see as the biggest issue, disinformation. And so I'm sitting there asking myself, okay how do you deal with that? And what he talked about was mapping network effects and monitoring network effects, >> Right. >> to see who's pumping the disinformation and building career streams to really monitor those network effects, positive, you know, factual or non-factual network or information. Because a lot of times, you know, networks will pump factual information to build credibility. Right? >> Right. >> And get street cred, earn that trust. You know, you talk about zero trust. And then pump disinformation into the network. So they've now got a track. We'll get, we have Kevin Mandia on later with Sean Henry who's the CSO yeah, the the CSO or C S O, chief security officer of CrowdStrike >> more TLA. Well, so, you can think of it as almost the modern equivalent of the political ad where the candidate at the end says I support this ad or I stand behind whatever's in this ad. Forget about trying to define what is dis or misinformation. What is opinion versus fact. Let's have a standard for finding, for exposing where the information is coming from. So if you could see, if you're reading something and there is something that is easily de-code able that says this information is coming from a troll farm of a thousand bots and you can sort of examine the underlying ethos behind where this information is coming from. And you can take that into consideration. Personally, I'm not a believer in trying to filter stuff out. Put the garbage out there, just make sure people know where the garbage is coming from so they can make decisions about it. >> So I got a thought on that because, Kevin Mandia touched on it. Again, I want to ask about this. He said, so this whole idea of these, you know detecting the bots and monitoring the networks. Then he said, you can I think he said something that's to the effect of. "You can go on the offensive." And I'm thinking, okay, what does that mean? So for instance, you see it all the time. Anytime I see some kind of fact put out there, I got to start reading the comments and like cause I like to see both sides, you know. I'm right down the middle. And you'll go down and like 40 comments down, you're like, oh this is, this is fake. This video was edited, >> Right. >> Da, da, da, da, and then a bunch of other people. But then the bots take over and that gets buried. So, maybe going on the offensive is to your point. Go ahead and put it out there. But then the bots, the positive bots say, okay, by the way, this is fake news. This is an edited video FYI. And this is who put it out and here's the bot graph or something like that. And then you attack the bots with more bots and then now everybody can sort of of see it, you know? And it's not like you don't have to, you know email your friend and saying, "Hey dude, this is fake news." >> Right, right. >> You know, Do some research. >> Yeah. >> Put the research out there in volume is what you're saying. >> Yeah. So, it's an, it's just I thought it was an interesting segue into another area of security under the heading of election security. That is fraught with a lot of danger if done wrong, if done incorrectly, you know, you you get into the realm of opinion making. And we should be free to see information, but we also should have access to information about where the information is coming from. >> The other narrative that you hear. So, everything's down today again and I haven't checked lately, but security generally, we wrote about this in our Breaking Analysis. Security, somewhat, has held up in the stock market better than the broad tech market. Why? And the premise is, George Kurt said this on the last conference call, earnings call, that "security is non-discretionary." At the same time he did say that sales cycles are getting a little longer, but we see this as a positive for CrowdStrike. Because CrowdStrike, their mission, or one of their missions is to consolidate all these point tools. We've talked many, many times in the Cube, and in Breaking Analysis and on Silicon Angle, and on Wikibon, how the the security business use too many point tools. You know this as a former CTO. And, now you've got all these stove pipes, the number one challenge the CSOs face is lack of talent. CrowdStrike's premise is they can consolidate that with the Fal.Con platform, and have a single point of control. "Single pane of glass" to use that bromide. So, the question is, is security really non-discretionary? My answer to that is yes and no. It is to a sense, because security is the number one priority. You can't be lax on security. But at the same time the CSO doesn't have an open checkbook, >> Right. >> He or she can't just say, okay, I need this. I need that. I need this. There's other competing initiatives that have to be taken in balance. And so, we've seen in the ETR spending data, you know. By the way, everything's up relative to where it was, pre you know, right at the pandemic, right when, pandemic year everything was flat to down. Everything's up, really up last year, I don't know 8 to 10%. It was expected to be up 8% this year, let's call it 6 to 7% in 21. We were calling for 7 to 8% this year. It's back down to like, you know, 4 or 5% now. It's still healthy, but it's softer. People are being more circumspect. People aren't sure about what the fed's going to do next. Interest rates, you know, loom large. A lot of uncertainty out here. So, in that sense, I would say security is not non-discretionary. Sorry for the double negative. What's your take? >> I think it's less discretionary. >> Okay. >> Food, water, air. Non-discretionary. (David laughing) And then you move away in sort of gradations from that point. I would say that yeah, it is, it falls into the category of less-discretionary. >> Alright. >> Which is a good place to be. >> Dave Nicholson and David Vallante here. Two days of wall to wall coverage of Fal.Con 2022, CrowdStrike's big user conference. We got some great guests. Keep it right there, we'll be right back, right after this short break. (upbeat music)

>>Hey everyone. Welcome to the cubes presentation of the AWS startup showcase. I'm your host, Lisa Martin. This is season two, episode four of our ongoing series. That's covering exciting startups from the AWS ecosystem. This episode, we're talking about cybersecurity detect and protect against threats. I've got two guests with me here from sun re security, please. Welcome Eric Krosky it's chief information security officer and Denise Haman. It's chief revenue officer, guys. Welcome to the program. >>Ah, thank you. >>And I should say, thank you, Lisa. Welcome back to Denise. You were on at reinforced, which was just about a month or so ago. And from reinforced Denise, we heard a lot about security challenges, expansion of risks. What do you think? And I wanna get Eric's perspective as well. What do you think are the biggest challenges that CSOs are currently facing regardless of industry? >>Mm, well, I'm, I'm gonna narrow that question down to public cloud and cloud security, right? Because that's what the conference was about and that's where we're focused. So I get to do that, but from that perspective, right, the, the CISOs that I speak with on the regular, it, it is it's it's so there's so much chaos out there, right? About what they're trying to deal with. They're they're trying to take a look at all of the operational policies and pieces that they had put together in their on-prem world and trying to figure out how do those same things apply in the cloud. So that gets down to things like, how do I, how do I operationalize it? How do I make this work in a new environment? What tools do I need? What processes do I need? What types of people do I need? Right. It just, it, it threw up everything in the air and said, let's start over. Right? Just chaos. And many of them are doing a really awesome job at getting their arms around it by, you know, really hiring in the right people and looking at the way that development has run, right. To figure out what's important to these people in, in their clouds. Right? Cause it depends on what the, their own missions are. >>And Eric adding on to that from your seat as a CSO, what are some of the biggest challenges that your peers across industries are tackling? Obviously there's a, the environment is chaotic and that's probably gonna persist. >>Yeah. I mean, Denise mentioned a few things, you know, the biggest thing I talk to CISOs about, and it's, it's nice when you can have that CSO to CISO discussion, cuz they tend to open up a little bit more and you can, you can tell the stories and, and show the scars. And, and one of the things I hear a lot of is that, you know, the scale and the speed at which the cloud operates and how to operationalize security within that context is a big challenge that they're struggling with. And you know, not to mention the new paradigms and how they've sort of shifted from the data center into the, into the cloud world and you know, sometimes a lift and shift of your process or of your way that you did something before in the data center just doesn't work in the cloud. So helping them understand that. And then the big thing is it's almost like focus, you know, it's, there's a huge scale. It moves very quickly, but you really need to focus on what's most important. And that's really by putting like data security and identity security at the center of your cloud security strategy. That's one of the biggest things that I talk to a lot of CISOs about. >>So then Eric, how do you advise CISOs to think about cloud risks or to really be able to stack rank and adjust their security priorities as the environment is so dynamic? >>Well, it comes back to this, you know, CSOs are looking to protect or minimize risk to their organizations with their most valuable assets in this day and age that's data. And that starts with understanding not only where all of the data is in your cloud, but more importantly, understanding where the sensitive data is in your cloud, because you could spend a lot of time resource money, which nobody has an infinite supply of doing the wrong thing. So it's really targeting on where is my most sensitive data and then start wrapping security around that. And I talk about it as like the dual side of the coin. The other side of the coin is the identities, you know, in the data center days, we built networks and those became our security boundaries. And we put our tools at those boundaries and we watched what went in and out and we put our controls there that doesn't really exist in the cloud. So identities really have become those security boundaries. And so that's when I say put identity and data security at the heart of your strategy, that's what I'm talking about. You know, find your data, classify your data and then determine what has access to it. And then what are they doing with it? And if you start there, you've got a very focused view, but in a very important way, >>Denise ki, what are you hearing from customers as if, as Eric was saying, you know, he says, put data and identity at the center of your strategy. What are you hearing from customers in terms of their concerns? Where are they in terms of actually being able to make that happen? >>Yeah. I mean, this is every single one of them is struggling with this, right? They are, there's, there's just a staggering amount of things and data and processes that they need to figure out. Many of them in multi-cloud environments, sorry, AWS, but like not everyone is just AWS anymore and they have to protect, you know, workloads and services and people, identities, and non people identities. Right. Which is why we talk about it from the standpoint of like, you can look at it from the outside in, or you look, you can look at it from the inside out. Right. So looking and our belief is that starting with the data and the identity pieces is the most important because, you know, I heard an analogy now this is maybe an old analogy a while ago. Right. But back in the day when there were bank robbers, you know, the, the bank robbers targeted those banks that had money that had lots of money in the Coffs, right. >>They weren't going after regular apartment buildings or, you know, seven elevens at the time. Right. They were going after where there was the most to lose. Right? So if you, if you take that same analogy and say out of all of this chaos, that there is out there and trying to figure out where to start, start by protecting the most sensitive pieces of your information, whether it's personal data, whether it's things that are critical to, you know, your crown jewels of your company, but starting there and then working outwards is the way that we address and advise all of our customers to start. >>Do you have a, a magic list of best practices? This is actually a question for both of you when you're in customer conversations that say, obviously protecting them in sensitive data, start making those important points kind of stacked rank. But do you, do you have any best practices that you share in terms of how they can actually make identity and data core to a cloud strategy in a timely fashion? Eric, we'll start with you. >>Yeah. I mean, this is one that, that really hits home to me and, and it goes like this. I'd like to break it down really simply. Number one, you need to understand where all of the data is in your cloud and it might sound easy, but it is not because data is everywhere. And there's so many fingers in the pie these days. Number two is classify your data, classify and tag your data. Again, it comes back to, there could be lots of data, but you need to find the stuff that's really, really important to you. So classify it, identify it, tag it. So you know, where it is. Number three is understand who or what can potentially access your data and what they can do with your data. So now we start to tie in the identities and then number four is you need to be continuously monitoring to understand what they're doing with that access. >>You know, Lisa might have the ability to access a piece of really sensitive data, but she might not even know that through, you know, a hop and a step and a lateral movement and this and that. But what happens if she does, someone's gotta be watching for that as well. And then again, it's that double sided coin. When you flip that over and look at the identity perspective, you need to understand what the identities are in your cloud and not just your users, which is your typical way of looking at it. You really have to understand your users, but your non people identities as well. And interesting fact is your non people identities. And in all of the customers that I see large and small, you know, fortune five to a startup in the cloud, their non-people identities outnumber their people identities by 10, 20, 30 times the number, but guess what not, everybody's looking at those. So identify them again, calculate their, their permissions, what they can do, understand what data they can access. And then it comes right back to where they kind of merge together. What are they doing with that access? And those are the, you know, the four steps on either side of the coin that we recommend to all of our customers and, and focusing into to protect their data in their cloud. >>And, and the only thing that I would add, the only thing I would add to that is we talk a lot about automation with our customers, right? Especially around remediation, right? Anything that you can automate from a remediation perspective or a discovery perspective or a monitoring perspective. Absolutely do it because the, you know, the clouds and privileges, right. What did we estimate there are, I think 35,000 privileges out there across the three clouds right now. And they're growing somewhere between 20 and 40 a day. So if you're not automated, right, you're trying to keep it up on your whiteboard or in a spreadsheet like you're behind the moment that you put it in there. So we recommend automating and especially around remediation, anything that you can automate is absolutely the way to go. >>Let's talk about now, the, the benefits in it for me, for if I'm an AWS customer, we mentioned at the beginning of the segment, Denise, you were on the cube at reinforced, which was just last month or so it's chief security officer, Steven Schmidt says, and he said this at reinforced, we're stronger together from an ecosystem perspective. Talk to me, Denise will get your perspective first on the Eric, yours SUNY, AWS, better together. What does that mean? What's in it for customers? >>Oh gosh. So first of all, we love our partnership with AWS and, and that's not just because we're on here because we are engaged with all different layers within AWS. And we love their culture, their drive on customers, like everything that they do to make sure that their customers are satisfied. It's just, it's a, it's an amazing place to follow along. Right. And the, the thing that we love about working on customers together is that they, you know, that their mission right, is to make the cloud accessible to everybody, right. And, and do it in an easy way. And our mission is to make sure that it's secure. So it's very compatible in terms of how we work together and they, because of their depth from a technical perspective, they totally understand what we do and how important it is. Right. And they, again, their customer obsessed. So they make sure that their customers get the best things available to them, which is why they bring us to the table. So we, you know, we love that about them. It's a, it's a, just a fantastic partnership. >>Sounds like Denise, that SUNY and AWS share this passion for customer obsession, >>I would say so. Yes, >>Eric, from your seat as the CISO SUNY plus AWS, better together, how does that enable you to do your job and, and take the steps that you said would advise other CISOs to do? >>I think there's a number of ways to do this. If I put on sort of my business hat here for a second, you know, the way that they talk about security as a risk is part of the business. They really are trying to bring it to the forefront. That it's not just some it technical thing off in the corner that, that you have to think about that it is a business risk. So they're really big at, at promoting that and talking about that, they're also really big at helping CISOs and security leaders get there. You know, a lot of security leaders and CISOs came up through the technical ranks and, but getting that seat at the table and we're hearing about how CISO should be on boards and all these other things. And, and they're, they're big at that. And then of course from the technology perspective, I think I've, you know, I've said it already is that speed and scale, you know, what is AWS brought to the world? >>It's the speed and the scale of releasing solutions to the market, to customers, and then delivering them faster and better and better every single day, every single week. And, and what have you. And so it's also about doing security at speed and scale, and they're enabling organizations like SUNY to do that. So Denise talked about using automations and workflows. That's critical to solving the security challenges in the cloud. And Amazon really provides a platform on which, you know, tools like ourselves or individuals can go out and do that. And again, solve their security challenges at speed and scale, to be able to keep up with the, with the pace of the cloud, >>Absolutely critical to solve those security challenges at speed and scale. Of course, it's, it's so much more challenging and it sounds easier, sad than done, but to Denise, I'd love for you to share a customer story that you think really demonstrates the value that SUNY and AWS are delivering to customers. And then maybe comment on maybe from a target market perspective, what are some particular organizations that could benefit from the partnership with AWS, the integrations? What are your thoughts? >>Yeah, sure. So gosh, lots of customers that are in the midst of this transition, right? We, we see a lot of customers who are Eric and I were talking about talking about this actually right before we started, because every single customer seems to have a different use case, right. Everyone is going about it, you know, at a, at, from a different place or a different scenario, but lots of them moving from data center to cloud, as you might imagine, right. That is a, that is a key use case. The other thing that we're seeing in a lot of financial customers is that they, you know, when, when cloud first became available, a lot of them went private cloud, right. And they, they went about it from the standpoint of like, let's just take the same controls, right. And get our arms around it from a private perspective and now via acquisitions or via workloads that they need in the cloud, they are actually moving to the public cloud in many, many cases. >>So where we have the strong partnership around financials, especially right. Because they know that if those customers don't see security on the way in to the cloud, that they will never expand. Right. Because it's just, it's a part of their DNA, right. That they, they have to make sure that there's their sensitive information is, is taken care of. So we have a, I mean, just a breadth of customers across manufacturing and airlines and financials and insurance. Like if you're moving to the cloud, you need to make sure that you're protecting it in the right way >>Across industries. This is a pan industry problem. Every customer, regardless of location has to address us. Have you seen Denise sticking with you, the acceleration of the, the cloud adoption and migration we've seen the last couple of years? Have you seen any industries in particular, you mentioned financial services. I kind think of healthcare manufacturing as some industries that really are prime for coming to sun, help us figure this out. We're losing time. >>You know, I, I can't limit myself to any industry. Cause I mean, seriously that I know that sounds like a silly answer, but from the standpoint of what's going on out there, that I, I mean, every industry that is moving to the public cloud needs to be looking at this, the ones that, you know, again, I mentioned those ones that are going through transitions. We, we also see obviously software companies or companies that were built in the cloud, right. Are just, they're just at this point now where they're understanding, gosh, you know, we need to be well, like, you know, we've kind of got this hardened environment and we've got our policies and procedures down. Now they're worried about things like exfiltration of the cloud, or they're worried about lateral movement, right. Where, you know, somebody could get access to a role or a privilege and then move within the organization. >>So they're, they're looking at it at a deeper, more advanced level, which we love working with them on that. Like I said, the financials kind of moving from private to public now is the perfect time to, to build it in alongside us healthcare. We've seen a recent increase of healthcare, which sort of surprised me. I, I've not seen healthcare spending a lot of money in this particular area. And we've seen actually just in the last month or so a big uptick there, which is just interesting. We'll see, we'll see if it continues. You know, like I said, we see it across industries, not so much at the very, very low end, but we're seeing kind of mid-level enterprises and large enterprises >>And there's definite commonalities there. I'm sure across the folks that you speak to in terms of the challenges that they have, what they're looking to SUNY to help them resolve. Erica, do wanna ask you a question about, we talk about the cyber security skills gap. It's huge. It's not gonna go away overnight. A lot of organizations have different initiatives aimed at helping to reduce it. But talk to me about SUNY from a technology perspective, how will it help organizations to mitigate some of the risks that they face because of that skills gap? >>Yeah, absolutely. I mean, first and foremost, I gotta reiterate your point. It's not going away and it's not gonna be solved anytime soon. And then you talk about, we get right back to speed and the scale, the cloud moves very quickly and the scale increases over time and that's not going to stop as well. So it creates this perfect storm. And I'm gonna say a word again, that, that some people are probably gonna cringe at, but it comes back to automations and workflows. I know in the security industry, especially in rather large enterprises, sometimes they're a little bit hesitant to, to implement these tools because they're worried about what's going to happen. But the question I ask CISOs all the time is are you keeping up with it today? And the answer is no. So then I say, well, what are you what's going to happen if you don't do it. >>And that's what it comes down to. You're never gonna be able to find enough staff enough people in this area. So invest in automations and workflows in the areas that you're you're comfortable with. So that guess what somebody in your organization doesn't have to do that job anymore. And then that person can be trained and grow into the roles where you need them in these, in these more specific roles. And so that's how you need to do it. It's almost like investing in automation and workflows, just isn't making you more secure, which is your goal, but it's also helping to get your employees to where they need to be, to be more knowledgeable in the cloud. Because if they're only ever looking at very basic things and, and basically whacking it out and pulling whackable to solve basic problems, they are never gonna up their scales. And you can't just give your employees six months off to go become a cloud expert. So again, it comes back to, to stay with the speed and the scale of security in the cloud, it's automations and workflows, and you just have to get comfortable doing it. And if you're not, you really need to think about your strategy, cuz my opinion is you're doing it wrong. >>Wow. Those are some important words there Denise's last question for you with respect to what Eric just said about what companies need to be doing. The, you need to embrace automation. What are you hearing from customers, especially after they've deployed SUNY? What are they coming to you saying we had these challenges and thanks to SUNY we've. We are on our way to reducing a lot of the risks that were in our environment. >>Yeah. So not only are they reducing the risks, but they're able to do it with less people or put it this way, not adding additional people, which is the worry, right? Whenever you, whenever you bring on a new solution, the, the question is always, gosh, we're gonna need to hire a team to be able to manage this, or can we utilize the team that we have? So there's a, there's a huge ROI around bringing the summary solution in where they're, they are able to take advantage of resources that they currently have and just making them more productive. Again, we keep saying the same words, but remediation automation, operationalizing it, right? Creating these workflows is the key. And, and it's a key piece of what summary offers to them to make sure that they can take advantage of this. And, and I, I think that's, that's a really, really, really big statement because the, the, the way that I see this is the, the vision and the promise of what summary brings to the table is that security teams need us for an oversight perspective, but they're actually able to leverage their development teams to be able to do the fixes and the workflows and the operational pieces that we've been talking about. >>So you don't have to hire new people. You can take advantage of the resources that you have. Again, that's the, that's the promise of summary, >>A lot of efficiencies, operational, et cetera, that can be gained from what sun is able to deliver to customers. Thank you both so much for joining me today, talking about what it is that you're delivering, the challenges that you're helping, CISOs and security operations folks meet and, and mitigate with the solutions. We appreciate your insights and your time. Thank you, Lisa. Thanks, Lisa. My pleasure for Eric Krosky and Denise Haman, who we wanna thank for partnering with the cube for this season. We wanna thank you for watching season two, episode four of our ongoing series of the AWS startup showcase. Don't go away, keep it right here from more action on the cube, your leader in tech coverage.

>>Hello, everyone. Welcome to the AWS startup showcase. This is season two, episode four, the ongoing series covering exciting startups from the AWS ecosystem to talk about cybersecurity. I'm your host, John furrier. And today I'm excited for this keynote presentation and I'm joined by John Ramsey, vice president of AWS security, John, welcome to the cubes coverage of the startup community within AWS. And thanks for this keynote presentation, >>Happy to be here. >>So, John, what do you guys, what do you do at AWS? Take, take minutes to explain your role, cuz it's very comprehensive. We saw at AWS reinforce event recently in Boston, a broad coverage of topics from Steven Schmid CJ, a variety of the executives. What's your role in particular at AWS? >>If you look at AWS, there are, there is a shared security responsibility model and CJ, the C the CSO for AWS is responsible for securing the AWS portion of the shared security responsibility model. Our customers are responsible for securing their part of the shared security responsible, responsible model. For me, I provide services to those customers to help them secure their part of that model. And those services come in different different categories. The first category is threat detection with guard. We that does real time detection and alerting and detective is then used to investigate those alerts to determine if there is an incident vulnerability management, which is inspector, which looks for third party vulnerabilities and security hub, which looks for configuration vulnerabilities and then Macy, which does sensitive data discovery. So I have those sets of services underneath me to help provide, to help customers secure their part of their shared security responsibility model. >>Okay, well, thanks for the call out there. I want to get that out there because I think it's important to note that, you know, everyone talks inside out, outside in customer focus. 80 of us has always been customer focused. We've been covering you guys for a long time, but you do have to secure the core cloud that you provide and you got great infrastructure tools technology down to the, down to the chip level. So that's cool. You're on the customer side. And right now we're seeing from these startups that are serving them. We had interviewed here at the showcase. There's a huge security transformation going on within the security market. It's the plane at 35,000 feet. That's engines being pulled out and rechange, as they say, this is huge. And, and what, what's it take for your, at customers with the enterprises out there that are trying to be more cyber resilient from threats, but also at the same time, protect what they also got. They can't just do a wholesale change overnight. They gotta be, you know, reactive, but proactive. How does it, what, what do they need to do to be resilient? That's the >>Question? Yeah. So, so I, I think it's important to focus on spending your resources. Everyone has constrained security resources and you have to focus those resources in the areas and the ways that reduce the greatest amount of risk. So risk really can be summed up is assets that I have that are most valuable that have a vulnerability that a threat is going to attack in that world. Then you wanna mitigate the threat or mitigate the vulnerability to protect the asset. If you have an asset that's vulnerable, but a threat isn't going to attack, that's less risky, but that changes over time. The threat and vulnerability windows are continuously evolving as threats, developing trade craft as vulnerabilities are being discovered as new software is being released. So it's a continuous picture and it's an adaptive picture where you have to continuously monitor what's happening. You, if you like use the N framework cybersecurity framework, you identify what you have to protect. >>That's the asset parts. Then you have to protect it. That's putting controls in place so that you don't have an incident. Then you from a threat perspective, then you ha to de detect an incident or, or a breach or a, a compromise. And then you respond and then you remediate and you have to continuously do that cycle to be in a position to, to de to have cyber resiliency. And one of the powers of the cloud is if you're building your applications in a cloud native form, you, your ability to respond can be very surgical, which is very important because then you don't introduce risk when you're responding. And by design, the cloud was, is, is architected to be more resilient. So being able to stay cyber resilient in a cloud native architecture is, is important characteristic. >>Yeah. And I think that's, I mean, it sounds so easy. Just identify what's to be protected. You monitor it. You're protected. You remediate sounds easy, but there's a lot of change going on and you got the cloud scale. And so you got security, you got cloud, you guys's a lot of things going on there. How do you think about security and how does the cloud help customers? Because again, there's two things going on. There's a shared responsibility model. And at the end of the day, the customer's responsible on their side. That's right, right. So that's right. Cloud has some tools. How, how do you think about going about security and, and where cloud helps specifically? >>Yeah, so really it's about there, there's a model called observe, orient, decide an actor, the ULO and it was created by John Boyd. He was a fighter pilot in the Korean war. And he knew that if I could observe what the opponent is doing, orient myself to my goals and their goals, make a decision on what the next best action is, and then act, and then follow that UTI loop, or, or also said a sense sense, making, deciding, and acting. If I can do that faster than the, than the enemy, then I can, I will win every fight. So in the cyber world, being in a position where you are observing and that's where cloud can really help you, because you can interrogate the infrastructure, you can look at what's happening, you can build baselines from it. And then you can look at deviations from, from the norm. It's just one way to observe this orient yourself around. Does this represent something that increases risk? If it does, then what's the next best action that I need to take, make that decision and then act. And that's also where the cloud is really powerful, cuz there's this huge con control plane that lets you lets you enable or disable resources or reconfigure resources. And if you're in, in the, in the situation where you can continuously do that very, very rapidly, you can, you can outpace and out maneuver the adversary. >>Yeah. You know, I remember I interviewed Steven Schmidt in 2014 and at that time everybody was poo pooing. Oh man, the cloud is so unsecure. He made a statement to me and we wrote about this. The cloud is more secure and will be more secure because it can be complicated to the hacker, but also easy for the, for provisioning. So he kind of brought up this, this discussion around how cloud would be more secure turns out he's right. He was right now. People are saying, oh, the cloud's more secure than, than standalone. What's different John now than not even going back to 2014, just go back a few years. Cloud is helpful, is more interrogation. You mentioned, this is important. What's, what's changed in the cloud per se in AWS that enables customers and say third parties who are trying to comply and manage risk as well. So you have this shared back and forth. What's different in the cloud now than just a few years ago that that's helping security. >>Yeah. So if you look at the, the parts of the shared responsibility model, AWS is the further up the stack you go from just infrastructure to platforms, say containers up to serverless the, the, we are taking more of the responsibility of that, of that stack. And in the process, we are investing resources and capabilities. For example, guard duty takes an S audit feed for containers to be able to monitor what's happening from a container perspective. And then in server list, really the majority of what, what needs to be defended is, is part of our responsibility model. So that that's an important shift because in that world, we have a very large team in our world. We have a very large team who knows the infrastructure who knows the threat and who knows how to protect customers all the way up to the, to the, to the boundary. And so that, that's a really important consideration. When you think about how you design your design, your applications is you want the developers to focus on the business logic, the business value and let, but still, also the security of the code that they're writing, but let us take over the rest of it so that you don't have to worry about it. >>Great, good, good insight there. I want to get your thoughts too. On another trend here at the showcase, one of the things that's emerging besides the normal threat landscape and the compliance and whatnot is API protection. I mean APIs, that's what made the cloud great. Right? So, you know, and it's not going away, it's only gonna get better cuz we live in an interconnected digital world. So, you know, APIs are gonna be lingual Franko what they say here. Companies just can't sit back and expect third parties complying with cyber regulations and best practices. So how do security and organizations be proactive? Not just on API, it's just a, a signal in my mind of, of, of more connections. So you got shared responsibility, AWS, your customers and your customers, partners and customers of connection points. So we live in an interconnected world. How do security teams and organizations be proactive on the cyber risk management piece? >>Yeah. So when it comes to APIs, the, the thing you look for is the trust boundaries. Where are the trust boundaries in the system between the user and the, in the machine, the machine and another machine on the network, the API is a trust boundary. And it, it is a place where you need to facilitate some kind of some form of control because what you're, what could happen on the trust boundaries, it could be used to, to attack. Like I trust that someone's gonna give me something that is legitimate, but you don't know that that a actually is true. You should assume that the, the one side of the trust boundary is, is malicious and you have to validate it. And by default, make sure that you know, that what you're getting is actually trustworthy and, and valid. So think of an API is just a trust boundary and that whatever you're gonna receive at that boundary is not gonna be legitimate in that you need to validate, validate the contents of, of whatever you receive. >>You know, I was noticing online, I saw my land who runs S3 a us commenting about 10 years anniversary, 10, 10 year birthday of S3, Amazon simple storage service. A lot of the customers are using all their applications with S3 means it's file repository for their application, workflow ingesting literally thousands and trillions of objects from S3 today. You guys have about, I mean, trillions of objects on S3, this is big part of the application workflow. Data security has come up as a big discussion item. You got S3. I mean, forget about the misconfiguration about S3 buckets. That's kind of been reported on beyond that as application workflows, tap into S3 and data becomes the conversation around securing data. How do you talk to customers about that? Because that's also now part of the scaling of these modern cloud native applications, managing data on Preem cross in flight at rest in motion. What's your view on data security, John? >>Yeah. Data security is also a trust boundary. The thing that's going to access the data there, you have to validate it. The challenge with data security is, is customers don't really know where all their data is or even where their sensitive data is. And that continues to be a large problem. That's why we have services like Macy, which are whose job is to find in S3 the data that you need to protect the most because it's because it's sensitive. Getting the least privilege has always been the, the goal when it comes, when it comes to data security. The problem is, is least privilege is really, really hard to, to achieve because there's so many different common nations of roles and accounts and org orgs. And, and so there, there's also another technology called access analyzer that we have that helps customers figure out like this is this the right, if are my intended authorizations, the authorizations I have, are they the ones that are intended for that user? And you have to continuously review that as a, as a means to make sure that you're getting as close to least privilege as you possibly can. >>Well, one of the, the luxuries of having you here on the cube keynote for this showcase is that you also have the internal view at AWS, but also you have the external view with customers. So I have to ask you, as you talk to customers, obviously there's a lot of trends. We're seeing more managed services in areas where there's skill gaps, but teams are also overloaded too. We're hearing stories about security teams, overwhelmed by the solutions that they have to deploy quickly and scale up quickly cost effectively the need for in instrumentation. Sometimes it's intrusive. Sometimes it agentless sensors, OT. I mean, it's getting crazy at re Mars. We saw a bunch of stuff there. This is a reality, the teams aspect of it. Can you share your experiences and observations on how companies are organizing, how they're thinking about team formation, how they're thinking about all these new things coming at them, new environments, new scale choices. What, what do you seeing on, on the customer side relative to security team? Yeah. And their role and relationship to the cloud and, and the technologies. >>Yeah, yeah. A absolutely it. And we have to remember at the end of the day on one end of the wire is a black hat on the other end of the wire is a white hat. And so you need people and, and people are a critical component of being able to defend in the context of security operations alert. Fatigue is absolutely a problem. The, the alerts, the number of alerts, the volume of alerts is, is overwhelming. And so you have to have a means to effectively triage them and get the ones into investigation that, that you think will be the most, the, the most significant going back to the risk equation, you found, you find those alerts and events that are, are the ones that, that could harm you. The most. You'll also one common theme is threat hunting. And the concept behind threat hunting is, is I don't actually wait for an alert I lean in and I'm proactive instead of reactive. >>So I find the system that I at least want the hacker in. I go to that system and I look for any anomalies. I look for anything that might make me think that there is a, that there is a hacker there or a compromise or some unattended consequence. And the reason you do that is because it reduces your dwell time, time between you get compromised to the time detect something, which is you, which might be, you know, months, because there wasn't an alert trigger. So that that's also a very important aspect for, for AWS and our security services. We have a strategy across all of the security services that we call end to end, or how do we move from APIs? Because they're all API driven and security buyers generally not most do not ha have like a development team, like their security operators and they want a solution. And so we're moving more from APIs to outcomes. So how do we stitch all the services together in a way so that the time, the time that an analyst, the SOC analyst spends or someone doing investigation or someone doing incident response is the, is the most important time, most valuable time. And in the process of stitching this all together and helping our customers with alert, fatigue, we'll be doing things that will use sort of inference and machine learning to help prioritize the greatest risk for our customers. >>That's a great, that's a great call out. And that brings up the point of you get the frontline, so to speak and back office, front office kind of approach here. The threats are out there. There's a lot of leaning in, which is a great point. I think that's a good, good comment and insight there. The question I have for you is that everyone's kind of always talks about that, but there's the, the, I won't say boring, the important compliance aspect of things, you know, this has become huge, right? So there's a lot of blocking and tackling that's needed behind the scenes on the compliance side, as well as prevention, right? So can you take us through in your mind how customers are looking at the best strategies for compliance and security, because there's a lot of work you gotta get done and you gotta lay out everything as you mentioned, but compliance specifically to report is also a big thing for >>This. Yeah. Yeah. Compliance is interesting. I suggest taking a security approach to compliance instead of a compliance approach to security. If you're compliant, you may not be secure, but if you're secure, you'll be compliant. And the, the really interesting thing about compliance also is that as soon as something like a, a, a category of control is required in, in some form of compliance, compliance regime, the effectiveness of that control is reduced because the threats go well, I'm gonna presume that they have this control. I'm gonna presume cuz they're compliant. And so now I'm gonna change my tactic to evade the control. So if you only are ever following compliance, you're gonna miss a whole set of tactics that threats have developed because they presume you're compliant and you have those controls in place. So you wanna make sure you have something that's outside of the outside of the realm of compliance, because that's the thing that will trip them up. That's the thing that they're not expecting that threats not expecting and that that's what we'll be able to detect them. >>Yeah. And it almost becomes one of those things where it's his fault, right? So, you know, finger pointing with compliance, you get complacent. I can see that. Can you give an example? Cause I think that's probably something that people are really gonna want to know more about because it's common sense. But can you give an example of security driving compliance? Is there >>Yeah, sure. So there's there they're used just as an example, like multifactor authentication was used everywhere that for, for banks in high risk transactions, in real high risk transactions. And then that like that was a security approach to compliance. Like we said, that's a, that's a high net worth individual. We're gonna give them a token and that's how they're gonna authenticate. And there was no, no, the F F I C didn't say at the time that there needed to be multifactor authentication. And then after a period of time, when account takeover was, was on the rise, the F F I C the federally financial Institute examiner's council, something like that said, we, you need to do multifactor authentication. Multifactor authentication was now on every account. And then the threat went down to, okay, well, we're gonna do man in the browser attacks after the user authenticates, which now is a new tactic in that tactic for those high net worth individuals that had multifactor didn't exist before became commonplace. Yeah. And so that, that, that's a, that's an example of sort of the full life cycle and the important lesson there is that security controls. They have a diminishing halflife of effectiveness. They, they need to be continuous and adaptive or else the value of them is gonna decrease over time. >>Yeah. And I think that's a great call up because agility and speed is a big factor when he's merging threats. It's not a stable, mature hacker market. They're evolving too. All right. Great stuff. I know your time's very valuable, John. I really appreciate you coming on the queue. A couple more questions for you. We have 10 amazing startups here in the, a AWS ecosystem, all private looking grade performance wise, they're all got the kind of the same vibe of they're kind of on something new. They're doing something new and clever and different than what was, what was kind of done 10 years ago. And this is where the cloud advantage is coming in cloud scale. You mentioned that some of those things, data, so you start to see new things emerge. How, how would you talk to CSOs or CXOs that are watching about how to evaluate startups like these they're, they're, they're somewhat, still small relative to some of the bigger players, but they've got unique solutions and they're doing things a little bit differently. How should some, how should CSOs and Steve evaluate them? How can startups work with the CSOs? What's your advice to both the buyer and the startup to, to bring their product to the market. And what's the best way to do that? >>Yeah. So the first thing is when you talk to a CSO, be respected, be respectful of their time like that. Like, they'll appreciate that. I remember when I was very, when I just just started, I went to talk to one of the CISOs as one of the five major banks and he sat me down and he said, and I tried to tell him what I had. And he was like son. And he went through his book and he had, he had 10 of every, one thing that I had. And I realized that, and I, I was grateful for him giving me an explanation. And I said to him, I said, look, I'm sorry. I wasted your time. I will not do that again. I apologize. I, if I can't bring any value, I won't come back. But if I think I can bring you something of value now that I know what I know, please, will you take the meeting? >>He was like, of course. And so be respectful of their time. They know what the problem is. They know what the threat is. You be, be specific about how you're different right now. There is so much confusion in the market about what you do. Like if you're really have something that's differentiated, be very, very specific about it. And don't be afraid of it, like lean into it and explain the value to that. And that, that, that would, would save a, a lot of time and a lot and make the meeting more valuable for the CSO >>And the CISOs. Are they evaluate these startups? How should they look at them? What are some kind of markers that you would say would be good, kind of things to look for size of the team reviews technology, or is it doesn't matter? It's more of a everyone's environment's different. What >>Would your, yeah. And, you know, for me, I, I always look first to the security value. Cause if there isn't security value, nothing else matters. So there's gotta be some security value. Then I tend to look at the management team, quite frankly, what are, what are the, what are their experiences and what, what do they know that that has led them to do something different that is driving security value. And then after that, for me, I tend to look to, is this someone that I can have a long term relationship with? Is this someone that I can, you know, if I have a problem and I call them, are they gonna, you know, do this? Or are they gonna say, yes, we're in, we're in this together, we'll figure it out. And then finally, if, if for AWS, you know, scale is important. So we like to look at, at scale in terms of, is this a solution that I can, that I can, that I can get to, to the scale that I needed at >>Awesome. Awesome. John Ramsey, vice president of security here on the cubes. Keynote. John, thank you for your time. I really appreciate, I know how busy you are with that for the next minute, or so share a little bit of what you're up to. What's on your plate. What are you thinking about as you go out to the marketplace, talk to customers what's on your agenda. What's your talk track, put a plug in for what you're up to. >>Yeah. So for, for the services I have, we, we are, we are absolutely moving. As I mentioned earlier, from APIs to outcomes, we're moving up the stack to be able to defend both containers, as well as, as serverless we're, we're moving out in terms of we wanna get visibility and signal, not just from what we see in AWS, but from other places to inform how do we defend AWS? And then also across, across the N cybersecurity framework in terms of we're doing a lot of, we, we have amazing detection capability and we have this infrastructure that we could respond, do like micro responses to be able to, to interdict the threat. And so me moving across the N cybersecurity framework from detection to respond. >>All right, thanks for your insight and your time sharing in this keynote. We've got great 10 great, amazing startups. Congratulations for all your success at AWS. You guys doing a great job, shared responsibility that the threats are out there. The landscape is changing. The scale's increasing more data tsunamis coming every day, more integration, more interconnected, it's getting more complex. So you guys are doing a lot of great work there. Thanks for your time. Really appreciate >>It. Thank you, John. >>Okay. This is the AWS startup showcase. Season two, episode four of the ongoing series covering the exciting startups coming out of the, a AWS ecosystem. This episode's about cyber security and I'm your host, John furrier. Thanks for watching.

(bright music) >> Welcome back everyone. theCube's live coverage here. Day two, of two sets, three days of theCube coverage here at VMware Explore. This is our 12th year covering VMware's annual conference, formerly called VM World. I'm John Furrier, with Dave Vellante. We'd love seeing the progress and we've got great security comes Tom Gill, senior vices, president general manager, networking and advanced security business group at VMware. Great to see you. Thanks for coming on. >> Thanks. for having me. >> Yeah, really happy we could have you on. >> I think this is my sixth edition on the theCube. Do I get frequent flyer points or anything? >> Yeah. >> You first get the VIP badge. We'll make that happen. You can start getting credits. >> Okay, there we go. >> We won't interrupt you. Seriously, you got a great story in security here. The security story is kind of embedded everywhere, so it's not called out and blown up and talked specifically about on stage. It's kind of in all the narratives in the VM World for this year. But you guys have an amazing security story. So let's just step back and to set context. Tell us the security story for what's going on here at VMware and what that means to this supercloud, multi-cloud and ongoing innovation with VMware. >> Yeah, sure thing. So probably the first thing I'll point out is that security's not just built in at VMware. It's built differently. So, we're not just taking existing security controls and cut and pasting them into our software. But we can do things because of our platform, because of the virtualization layer that you really can't do with other security tools. And where we're very, very focused is what we call lateral security or East-West movement of an attacker. 'Cause frankly, that's the name of the game these days. Attackers, you've got to assume that they're already in your network. Already assume that they're there. Then how do we make it hard for them to get to the stuff that you really want? Which is the data that they're going after. And that's where we really should. >> All right. So we've been talking a lot, coming into VMware Explore, and here, the event. About two things. Security, as a state. >> Yeah. >> I'm secure right now. >> Yeah. >> Or I think I'm secure right now, even though someone might be in my network or in my environment. To the notion of being defensible. >> Yeah. >> Meaning I have to defend and be ready at a moment's notice to attack, fight, push back, red team, blue team. Whatever you're going to call it. But something's happening. I got to be able to defend. >> Yeah. So what you're talking about is the principle of Zero Trust. When I first started doing security, the model was we have a perimeter. And everything on one side of the perimeter is dirty, ugly, old internet. And everything on this side, known good, trusted. What could possibly go wrong. And I think we've seen that no matter how good you make that perimeter, bad guys find a way in. So Zero Trust says, you know what? Let's just assume they're already in. Let's assume they're there. How do we make it hard for them to move around within the infrastructure and get to the really valuable assets? 'Cause for example, if they bust into your laptop, you click on a link and they get code running on your machine. They might find some interesting things on your machine. But they're not going to find 250 million credit cards. >> Right. >> Or the script of a new movie or the super secret aircraft plans. That lives in a database somewhere. And so it's that movement from your laptop to that database. That's where the damage is done and that's where VMware shines. >> So if they don't have the right to get to that database, they're not in. >> And it's not even just the right. So they're so clever and so sneaky that they'll steal a credential off your machine, go to another machine, steal a credential off of that. So, it's like they have the key to unlock each one of these doors. And we've gotten good enough where we can look at that lateral movement, even though it has a credential and a key, we're like wait a minute. That's not a real CIS Admin making a change. That's ransomware. And that's where you. >> You have to earn your way in. >> That's right. That's right. Yeah. >> And we're all kinds of configuration errors. But also some user problems. I've heard one story where there's so many passwords and username and passwords and systems that the bad guys scour, the dark web for passwords that have been exposed. >> Correct. >> And go test them against different accounts. Oh one hit over here. >> Correct. >> And people don't change their passwords all the time. >> Correct. >> That's a known vector. >> Just the idea that users are going to be perfect and never make a mistake. How long have we been doing this? Humans are the weakest link. So people are going to make mistakes. Attackers are going to be in. Here's another way of thinking about it. Remember log4j? Remember that whole fiasco? Remember that was at Christmas time. That was nine months ago. And whoever came up with that vulnerability, they basically had a skeleton key that could access every network on the planet. I don't know if a single customer that said, "Oh yeah, I wasn't impacted by log4j." So here's some organized entity had access to every network on the planet. What was the big breach? What was that movie script that got stolen? So there wasn't one, right? We haven't heard anything. So the point is, the goal of attackers is to get in and stay in. Imagine someone breaks into your house, steals your laptop and runs. That's a breach. Imagine someone breaks into your house and stays for nine months. It's untenable, in the real world, right? >> Right. >> We don't know in there, hiding in the closet. >> They're still in. >> They're watching everything. >> Hiding in your closet, exactly. >> Moving around, nibbling on your cookies. >> Drinking your beer. >> Yeah. >> So let's talk about how this translates into the new reality of cloud-native. Because now you hear about automated pentesting is a new hot thing right now. You got antivirus on data is hot within APIs, for instance. >> Yeah. >> API security. So all kinds of new hot areas. Cloud-native is very iterative. You know, you can't do a pentest every week. >> Right. >> You got to do it every second. >> So this is where it's going. It's not so much simulation. It's actually real testing. >> Right. Right. >> How do you view that? How does that fit into this? 'cause that seems like a good direction to me. >> Yeah. If it's right in, and you were talking to my buddy, Ahjay, earlier about what VMware can do to help our customers build cloud native applications with Tanzu. My team is focused on how do we secure those applications? So where VMware wants to be the best in the world is securing these applications from within. Looking at the individual piece parts and how they talk to each other and figuring out, wait a minute, that should never happen. By almost having an x-ray machine on the innards of the application. So we do it for both for VMs and for container based applications. So traditional apps are VM based. Modern apps are container based. And we have a slightly different insertion mechanism. It's the same idea. So for VMs, we do it with a hypervisor with NSX. We see all the inner workings. In a container world we have this thing called a service mesh that lets us look at each little snippet of code and how they talk to each other. And once you can see that stuff, then you can actually apply. It's almost like common sense logic of like, wait a minute. This API is giving back credit card numbers and it gives five an hour. All of a sudden, it's now asking for 20,000 or a million credit cards. That doesn't make any sense. The anomalies stick out like a sore thumb. If you can see them. At VMware, our unique focus in the infrastructure is that we can see each one of these little transactions and understand the conversation. That's what makes us so good at that East-West or lateral security. >> You don't belong in this room, get out or that that's some weird call from an in memory database, something over here. >> Exactly. Where other security solutions won't even see that. It's not like there algorithms aren't as good as ours or better or worse. It's the access to the data. We see the inner plumbing of the app and therefore we can protect the app from. >> And there's another dimension that I want to get in the table here. 'Cause to my knowledge only AWS, Google, I believe Microsoft and Alibaba and VMware have this. >> Correct >> It's Nitro. The equivalent of a Nitro. >> Yes. >> Project Monterey. >> Yeah. >> That's unique. It's the future of computing architectures. Everybody needs a Nitro. I've written about this. >> Yeah. >> Right. So explain your version. >> Yeah. >> It's now real. >> Yeah. >> It's now in the market, right? >> Yeah. >> Or soon will be. >> Here's our mission. >> Salient aspects. >> Yeah. Here's our mission of VMware. Is that we want to make every one of our enterprise customers. We want their private cloud to be as nimble, as agile, as efficient as the public cloud. >> And secure. >> And secure. In fact, I'll argue, we can make it actually more secure because we're thinking about putting security everywhere in this infrastructure. Not just on the edges of it. Okay. How do we go on that journey? As you pointed out, the public cloud providers realized five years ago that the right way to build computers was not just a CPU and a graphics process unit, GPU. But there's this third thing that the industry's calling a DPU, data processing unit. And so there's kind of three pieces of a computer. And the DPU is sometimes called a Smartnic. It's the network interface card. It does all that network handling and analytics and it takes it off the CPU. So they've been building and deploying those systems themselves. That's what Nitro is. And so we have been working with the major Silicon vendors to bring that architecture to everybody. So with vSphere 8, we have the ability to take the network processing, that East-West inspection I talked about, take it off of the CPU and put it into this dedicated processing element called the DPU and free up the CPU to run the applications that Ahjay and team are building. >> So no performance degradation at all? >> Correct. To CPU offload. >> So even the opposite, right? I mean you're running it basically Bare Metal speeds. >> Yes, yes and yes. >> And you're also isolating the storage from the security, the management, and. >> There's an isolation angle to this, which is that firewall, that we're putting everywhere. Not just that the perimeter, but we put it in each little piece of the server is running when it runs on one of these DPUs it's a different memory space. So even if an attacker gets to root in the OS, they it's very, very, never say never, but it's very difficult. >> So who has access to that resource? >> Pretty much just the infrastructure layer, the cloud provider. So it's Amazon, Google, Microsoft, and the enterprise. >> Application can't get in. >> Can't get in there. Cause you would've to literally bridge from one memory space to another. Never say never, but it would be very. >> But it hasn't earned the trust to get. >> It's more than barbwire. It's multiple walls. >> Yes. And it's like an air gap. It puts an air gap in the server itself so that if the server is compromised, it's not going to get into the network. Really powerful. >> What's the big thing that you're seeing with this supercloud transition. We're seeing multi-cloud and this new, not just SaaS hosted on the cloud. >> Yeah. >> You're seeing a much different dynamic of, combination of large scale CapEx, cloud-native, and then now cloud-native drills on premises and edge. Kind of changing what a cloud looks like if the cloud's on a cloud. >> Yeah. >> So we're the customer, I'm building on a cloud and I have on premise stuff. So, I'm getting scale CapEx relief from the hyperscalers. >> I think there's an important nuance on what you're talking about. Which is in the early days of the cloud customers. Remember those first skepticism? Oh, it'll never work. Oh, that's consumer grade. Oh, that's not really going to work. Oh some people realize. >> It's not secure. >> Yeah. It's not secure. >> That one's like, no, no, no it's secure. It works. And it's good. So then there was this sort of over rush. Let's put everything on the cloud. And I had a lot of customers that took VM based applications said, I'm going to move those onto the cloud. You got to take them all apart, put them on the cloud and put them all back together again. And little tiny details like changing an IP address. It's actually much harder than it looks. So my argument is, for existing workloads for VM based workloads, we are VMware. We're so good at running VM based workloads. And now we run them on anybody's cloud. So whether it's your east coast data center, your west coast data center, Amazon, Google, Microsoft, Alibaba, IBM keep going. We pretty much every. >> And the benefit of the customer is what. >> You can literally VMotion and just pick it up and move it from private to public, public to private, private to public, Back and forth. >> Remember when we called Vmotion BS, years ago? >> Yeah. Yeah. >> VMotion is powerful. >> We were very skeptical. We're like, that'll never happen. I mean we were. This supposed to be pat ourselves on the back. >> Well because alchemy. It seems like what you can't possibly do that. And now we do it across clouds. So it's not quite VMotion, but it's the same idea. You can just move these things over. I have one customer that had a production data center in the Ukraine. Things got super tense, super fast and they had to go from their private cloud data center in the Ukraine, to a public cloud data center out of harm's way. They did it over a weekend. 48 hours. If you've ever migrated a data center, that's usually six months. Right. And a lot of heartburn and a lot of angst. Boop. They just drag and dropped and moved it on over. That's the power of what we call the cloud operating model. And you can only do this when all your infrastructures defined in software. If you're relying on hardware, load balancers, hardware, firewalls, you can't move those. They're like a boat anchor. You're stuck with them. And by the way, they're really, really expensive. And by the way, they eat a lot of power. So that was an architecture from the 90's. In the cloud operating model your data center. And this comes back to what you were talking about is just racks and racks of X86 with these magic DPUs, or smart nics, to make any individual node go blisteringly fast and do all the functions that you used to do in network appliances. >> We just had Ahjay taking us to school, and everyone else to school on applications, middleware, abstraction layer. And Kit Culbert was also talking about this across cloud. We're talking supercloud, super pass. If this continues to happen, which we would think it will happen. What does the security posture look like? It feels to me, and again, this is your wheelhouse. If supercloud happens with this kind of past layer where there's vMotioning going on. All kinds of spanning applications and data across environments. >> Yeah. Assume there's an operating system working on behind the scenes. >> Right. >> What's the security posture in all this? >> Yeah. So remember my narrative about the bad guys are getting in and they're moving around and they're so sneaky that they're using legitimate pathways. The only way to stop that stuff, is you've got to understand it at what we call Layer 7. At the application layer. Trying to do security to the infrastructure layer. It was interesting 20 years ago, kind of less interesting 10 years ago. And now it's becoming irrelevant because the infrastructure is oftentimes not even visible. It's buried in some cloud provider. So Layer 7 understanding, application awareness, understanding the APIs and reading the content. That's the name of the game in security. That's what we've been focused on. Nothing to do with the infrastructure. >> And where's the progress bar on that paradigm. One to ten. Ten being everyone's doing it. >> Right now. Well, okay. So we as a vendor can do this today. All the stuff I talked about, reading APIs, understanding the individual services looking at, Hey, wait a minute this credit card anomalies, that's all shipping production code. Where is it in customer adoption life cycle? Early days 10%. So there's a whole lot of headroom for people to understand, Hey, I can put these controls in place. They're software based. They don't require appliances. It's Layer 7, so it has contextual awareness and it's works on every single cloud. >> We talked about the pandemic being an accelerator. It really was a catalyst to really rethink. Remember we used to talk about Pat as a security do over. He's like, yes, if it's the last thing I do, I'm going to fix security. Well, he decided to go try to fix Intel instead. >> He's getting some help from the government. >> But it seems like CISOs have totally rethought their security strategy. And at least in part, as a function of the pandemic. >> When I started at VMware four years ago, Pat sat me down in his office and he said to me what he said to you, which is like, "Tom," he said, "I feel like we have fundamentally changed servers. We fundamentally change storage. We fundamentally change networking. The last piece of the puzzle of security. I want you to go fundamentally change it." And I'll argue that the work that we're doing with this horizontal security, understanding the lateral movement. East- West inspection. It fundamentally changes how security works. It's got nothing to do with firewalls. It's got nothing to do with Endpoint. It's a unique capability that VMware is uniquely suited to deliver on. And so Pat, thanks for the mission. We delivered it and it's available now. >> Those WET web applications firewall for instance are around, I mean. But to your point, the perimeter's gone. >> Exactly. >> And so you got to get, there's no perimeter. so it's a surface area problem. >> Correct. And access. And entry. >> Correct. >> They're entering here easy from some manual error, or misconfiguration or bad password that shouldn't be there. They're in. >> Think about it this way. You put the front door of your house, you put a big strong door and a big lock. That's a firewall. Bad guys come in the window. >> And then the windows open. With a ladder. >> Oh my God. Cause it's hot, bad user behavior trumps good security every time. >> And then they move around room to room. We're the room to room people. We see each little piece of the thing. Wait, that shouldn't happen. Right. >> I want to get you a question that we've been seeing and maybe we're early on this or it might be just a false data point. A lot of CSOs and we're talking to are, and people in industry in the customer environment are looking at CISOs and CSOs, two roles. Chief information security officer, and then chief security officer. Amazon, actually Steven Schmidt is now CSO at Reinforce. They actually called that out. And the interesting point that he made, we had some other situations that verified this, is that physical security is now tied to online, to your point about the service area. If I get a password, I still got the keys to the physical goods too. >> Right. So physical security, whether it's warehouse for them or store or retail. Digital is coming in there. >> Yeah. So is there a CISO anymore? Is it just CSO? What's the role? Or are there two roles you see that evolving? Or is that just circumstance. >> I think it's just one. And I think that the stakes are incredibly high in security. Just look at the impact that these security attacks are having on. Companies get taken down. Equifax market cap was cut 80% with a security breach. So security's gone from being sort of a nuisance to being something that can impact your whole kind of business operation. And then there's a whole nother domain where politics get involved. It determines the fate of nations. I know that sounds grand, but it's true. And so companies care so much about it they're looking for one leader, one throat to choke. One person that's going to lead security in the virtual domain, in the physical domain, in the cyber domain, in the actual. >> I mean, you mention that, but I mean, you look at Ukraine. I mean that cyber is a component of that war. I mean, it's very clear. I mean, that's new. We've never seen. this. >> And in my opinion, the stuff that we see happening in the Ukraine is small potatoes compared to what could happen. >> Yeah. >> So the US, we have a policy of strategic deterrence. Where we develop some of the most sophisticated cyber weapons in the world. We don't use them. And we hope never to use them. Because our adversaries, who could do stuff like, I don't know, wipe out every bank account in North America. Or turn off the lights in New York City. They know that if they were to do something like that, we could do something back. >> This is the red line conversation I want to go there. So, I had this discussion with Robert Gates in 2016 and he said, "We have a lot more to lose." Which is really your point. >> So this brand. >> I agree that there's to have freedom and liberty, you got to strike back with divorce. And that's been our way to balance things out. But with cyber, the red line, people are already in banks. So they're are operating below the red line line. Red line meaning before we know you're in there. So do we move the red line down because, hey, Sony got hacked. The movie. Because they don't have their own militia. >> Yeah. >> If their were physical troops on the shores of LA breaking into the file cabinets. The government would've intervened. >> I agree with you that it creates tension for us in the US because our adversaries don't have the clear delineation between public and private sector. Here you're very, very clear if you're working for the government. Or you work for an private entity. There's no ambiguity on that. >> Collaboration, Tom, and the vendor community. I mean, we've seen efforts to try to. >> That's a good question. >> Monetize private data and private reports. >> So at VMware, I'm very proud of the security capabilities we've built. But we also partner with people that I think of as direct competitors. We've got firewall vendors and Endpoint vendors that we work with and integrate. And so coopetition is something that exists. It's hard. Because when you have these kind of competing. So, could we do more? Of course we probably could. But I do think we've done a fair amount of cooperation, data sharing, product integration, et cetera. And as the threats get worse, you'll probably see us continue to do more. >> And the government is going to trying to force that too. >> And the government also drives standards. So let's talk about crypto. Okay. So there's a new form of encryption coming out called processing quantum. >> Quantum. Quantum computers have the potential to crack any crypto cipher we have today. That's bad. Okay. That's not good at all because our whole system is built around these private communications. So the industry is having conversations about crypto agility. How can we put in place the ability to rapidly iterate the ciphers in encryption. So, when the day quantum becomes available, we can change them and stay ahead of these quantum people. >> Well, didn't NIST just put out a quantum proof algo that's being tested right now by the community? >> There's a lot of work around that. Correct. And NIST is taking the lead on this, but Google's working on it. VMware's working on it. We're very, very active in how do we keep ahead of the attackers and the bad guys? Because this quantum thing is a, it's an x-ray machine. It's like a dilithium crystal that can power a whole ship. It's a really, really, really powerful tool. >> Bad things will happen. >> Bad things could happen. >> Well, Tom, great to have you on the theCube. Thanks for coming on. Take the last minute to just give a plug for what's going on for you here at VMWorld this year, just VMware Explore this year. >> Yeah. We announced a bunch of exciting things. We announced enhancements to our NSX family, with our advanced load balancer. With our edge firewall. And they're all in service of one thing, which is helping our customers make their private cloud like the public cloud. So I like to say 0, 0, 0. If you are in the cloud operating model, you have zero proprietary appliances. You have zero tickets to launch a workload. You have zero network taps and Zero Trust built into everything you do. And that's what we're working on. Pushing that further and further. >> Tom Gill, senior vices president, head of the networking at VMware. Thanks for coming on. We do appreciate it. >> Thanks for having us. >> Always getting the security data. That's killer data and security of the two ops that get the most conversations around DevOps and Cloud Native. This is The theCube bringing you all the action here in San Francisco for VMware Explore 2022. I'm John Furrier with Dave Vellante. Thanks for watching. (bright music)

>>Welcome back everyone Cube's live coverage here. Day two, two sets, three days of cube coverage here at VMware Explorer. This is our 12th year covering VMware's annual conference, formally called world I'm Jean Dave ante. We'd love seeing the progress and we've got great security comes Tom Gill, senior rights, president general manager, networking and advanced security business group at VMware. Great to see you. Thanks for coming on. Thanks >>For having me. Yeah, really happy we could have you on, you know, I think, I think this is my sixth edition on the cube. Like, do I get freaking flyer points or anything? >>Yeah, you get first get the VIP badge. We'll make that happen. You can start getting credits. >>Okay. There we go. >>We won't interrupt you. No, seriously, you got a great story in security here. The security story is kind of embedded everywhere, so it's not like called out and, and blown up and talked specifically about on stage. It's kind of in all the narratives in, in the VM world for this year. Yeah. But you guys have an amazing security story. So let's just step back into set context. Tell us the security story for what's going on here at VMware and what that means to this super cloud multi-cloud and ongoing innovation with VMware. Yeah, >>Sure thing. So, so probably the first thing I'll point out is that, that security's not just built in at VMware it's built differently, right? So we're not just taking existing security controls and cut and pasting them into, into our software. But we can do things because of our platform because of the virtualization layer that you really can't do with other security tools and where we're very, very focused is what we call lateral security or east west movement of an attacker. Cuz frankly, that's the name of the game these days. Right? Attackers, you gotta assume that they're already in your network. Okay. Already assume that they're there, then how do we make it hard for them to get to what the, the stuff that you really want, which is the data that they're, they're going after. Right. And that's where we, >>We really should. All right. So we've been talking a lot coming into world VMware Explorer and here the event about two things security as a state. Yeah. I'm secure right now. Yeah. Or I, I think I'm secure right now, even though someone might be in my network or in my environment to the notion of being defensible. Yeah. Meaning I have to defend and be ready at a moment's notice to attack, fight, push back red team, blue team, whatever you're gonna call it, but something's happening. I gotta be a to defend. Yeah. >>So you, what you're talking about is the principle of zero trust. So the, the, when we, when I first started doing security, the model was we have a perimeter and everything on one side of the perimeter is dirty, ugly, old internet and everything on this side known good, trusted what could possibly go wrong. And I think we've seen that no matter how good you make that perimeter, bad guys find a way in. So zero trust says, you know what? Let's just assume they're already in. Let's assume they're there. How do we make it hard for them to move around within the infrastructure and get to the really valuable assets? Cuz for example, if they bust into your laptop, you click on a link and they get code running on your machine. They might find some interesting things on your machine, but they're not gonna find 250 million credit cards. Right. Or the, the script of a new movie or the super secret aircraft plans, right. That lives in a database somewhere. And so it's that movement from your laptop to that database. That's where the damage is done. Yeah. And that's where VMware shines. If they don't >>Have the right to get to that database, they're >>Not >>In and it's not even just the right, like, so they're so clever. And so sneaky that they'll steal a credential off your machine, go to another machine, steal a credential off of that. So it's like they have the key to unlock each one of these doors and we've gotten good enough where we can look at that lateral movement, even though it has a credential and a key where like, wait a minute, that's not a real CIS admin making a change. That's ransomware. Yeah. Right. And that's, that's where we, you have to earn your way in. That's right. That's >>Right. Yeah. And we're all, there's all kinds of configuration errors. But also some, some I'll just user problems. I've heard one story where there's so many passwords and username and passwords and systems that the bad guy's scour, the dark web for passwords that have been exposed. Correct. And go test them against different accounts. Oh one hit over here. Correct. And people don't change their passwords all the time. Correct? Correct. That's a known, known vector. We, >>We just, the idea that users are gonna be perfect and never make mistake. Like how long have we been doing this? Like humans with the weakest link. Right. So, so, so people are gonna make mistakes. Attackers are gonna be in here's another way of thinking about it. Remember log for J. Remember that whole ago, remember that was a Christmas time. That was nine months ago. And whoever came up with that, that vulnerability, they basically had a skeleton key that could access every network on the planet. I don't know if a single customer that was said, oh yeah, I wasn't impacted by log for J. So seers, some organized entity had access to every network on the planet. What was the big breach? What was that movie script that got stolen? So there wasn't one. Right? We haven't heard anything. So the point is the goal of attackers is to get in and stay in. Imagine someone breaks into your house, steals your laptop and runs. That's a breach. Imagine someone breaks into your house and stays for nine months. Like it's untenable, the real world. Right, right. >>We don't even go in there. They're still in there >>Watching your closet. Exactly. Moving around, nibbling on your ni line, your cookies. You know what I mean? Drinking your beer. >>Yeah. So, so let's talk about how this translates into the new reality of cloud native, because now know you hear about, you know, automated pen testing is a, a new hot thing right now you got antivirus on data. Yeah. Is hot is hot within APIs, for instance. Yeah. API security. So all kinds of new hot areas, cloud native is very iterative. You know, you, you can't do a pen test every week. Right. You gotta do it every second. Right. So this is where it's going. It's not so much simulation. It's actually real testing. Right. Right. How do you view that? How does that fit into this? Cuz that seems like a good direction to me. >>Yeah. It, it, it fits right in. And you were talking to my buddy AJ earlier about what VMware can do to help our customers build cloud native applications with, with Zu, my team is focused on how do we secure those applications? So where VMware wants to be the best in the world is securing these applications from within looking at the individual piece parts and how they talk to each other and figuring out, wait a minute. That, that, that, that, that should never happen by like almost having an x-ray machine on the ins of the application. So we do it for both for VMs and for container based applications. So traditional apps are VM based. Modern apps are container based and we, and we have a slightly different insertion mechanism. It's the same idea. So for VMs, we do it with the hypervisor, with NSX, we see all the inner workings in a container world. >>We have this thing called a service me that lets us look at each little snippet of code and how they talk to each other. And once you can see that stuff, then you can actually apply. It's almost like common sense logic of like, wait a minute. You know, this API is giving back credit card numbers and it gives five an hour. All of a sudden, it's now asking for 20,000 or a million credit card that doesn't make any sense. Right? The anomalies stick out like a sore thumb. If you can see them. And VMware, our unique focus in the infrastructure is that we can see each one of these little transactions and understand the conversation. That's what makes us so good at that east west or lateral >>Security. Yeah. You don't belong in this room, get out or that that's right. Some weird call from an in-memory database, something over >>Here. Exactly. Where other, other security solutions won't even see that. Right. It's not like there algorithms aren't as good as ours or, or better or worse. It's that, it's the access to the data. We see the, the, the, the inner plumbing of the app. And therefore we can protect >>The app from, and there's another dimension that I wanna get in the table here, cuz to my knowledge only AWS, Google, I, I believe Microsoft and Alibaba and VMware have this, it nitro the equivalent of a nitro. Yes. Project Monterey. Yeah. That's unique. It's the future of computing architectures. Everybody needs a nitro. I've I've written about this. Yeah. Right. So explain your version. Yeah. Project. It's now real. It's now in the market right. Or soon will be. Yeah. Here. Here's our mission salient aspects. Yeah. >>Here's our mission of VMware is that we wanna make every one of our enterprise customers. We want their private cloud to be as nimble, as agile, as efficient as the public cloud >>And secure >>And secure. In fact, I'll argue, we can make it actually more secure because we're thinking about putting security everywhere in this infrastructure. Right. Not just on the edges of it. So, so, so, okay. How do we go on that journey? As you pointed out, the public cloud providers realized, you know, five years ago that the right way to build computers was not just a CPU and a GPU graphics process, unit GPU, but there's this third thing that the industry's calling a DPU data processing unit. So there's kind of three pieces of a computer. And the DPU is sometimes called a smart Nick it's the network interface card. It does all that network handling and analytics and it takes it off the CPU. So they've been building and deploying those systems themselves. That's what nitro is. And so we have been working with the major Silicon vendors to bring that architecture to everybody. So, so with vSphere eight, we have the ability to take the network processing that east west inspection. I talked about, take it off of the CPU and put it into this dedicated processing element called the DPU and free up the CPU to run the applications that AJ and team are building. >>So no performance degradation at all, correct. >>To CPU >>Offload. So even the opposite, right? I mean you're running it basically bare metal speeds. >>Yes, yes. And yes. >>And, and, and you're also isolating the, the storage right from the, from the, the, the security, the management. And >>There's an isolation angle to this, which is that firewall that we're putting everywhere. Not just that the perimeter, we put it in each little piece of the server is running when it runs on one of these DPU, it's a different memory space. So even if, if an attacker gets to root in the OS, they it's very, very, never say never, but it's very difficult. >>So who has access to that? That, that resource >>Pretty much just the infrastructure layer, the cloud provider. So it's Google Microsoft, you know, and the enterprise, the >>Application can't get in, >>Can't get in there. Cause it, you would've to literally bridge from one memory space to another, never say never, but it would be very, very, >>It hasn't earned the trust >>To get it's more than Bob wire. It's, it's, it's multiple walls and, and >>It's like an air gap. It puts an air gap in the server itself so that if the server's compromised, it's not gonna get into the network really powerful. >>What's the big thing that you're seeing with this super cloud transition we're seeing, we're seeing, you know, multicloud and this new, not just SAS hosted on the cloud. Yeah. You're seeing a much different dynamic of combination of large scale CapEx, cloud native. And then now cloud native develops on premises and edge kind of changing what a cloud looks like if the cloud's on a cloud. So rubber customer, I'm building on a cloud and I have on-prem stuff. So I'm getting scale CapEx relief from the, from the cap, from the hyperscalers. >>I, I think there's an important nuance on what you're talking about, which is, is in the early days of the cloud customers. Remember those first skepticism? Oh, it'll never work. Oh, that's consumer grade. Oh, that's not really gonna work. And some people realize >>It's not secure. Yeah. >>It, it's not secure that one's like, no, no, no, it's secure. It works. And it, and it's good. So then there was this sort of over rush. Like let's put everything on the cloud. And I had a lot of customers that took VM based applications said, I'm gonna move those onto the cloud. You gotta take 'em all apart, put 'em on the cloud and put 'em all back together again. And little tiny details, like changing an IP address. It's actually much harder than it looks. So my argument is for existing workloads for VM based workloads, we are VMware. We're so good at running VM based workloads. And now we run them on anybody's cloud. So whether it's your east coast data center, your west coast data center, Amazon, Google, Microsoft, Alibaba, IBM keep going. Right. We pretty much every, and >>The benefit of the customer is what you >>Can literally vMotion and just pick it up and move it from private to public public, to private, private, to public, public, back and forth. >>Remember when we called VMO BS years ago. Yeah, yeah, yeah. >>We were really, skeptic is >>Powerful. We were very skeptical. We're like, that'll never happen. I mean, we were, I mean, it's supposed to be pat ourselves on the back. We, well, >>Because it's alchemy, it seems like what you can't possibly do that. Right. And so, so, so, and now we do it across clouds, right? So we can, you know, it's not quite VMO, but it's the same idea. You can just move these things over. I have one customer that had a production data center in the Ukraine, things got super tense, super fast, and they had to go from their private cloud data center in the Ukraine to a public cloud data center outta harm's way. They did it over a weekend, 48 hours. If you've ever migrated data, that's usually six months, right? And a lot of heartburn and a lot of angst, boom. They just drag and drop, moved it on over. That's the power of what we call the cloud operating model. And you can only do this when all your infrastructure's defined in software. >>If you're relying on hardware, load, balancers, hardware, firewalls, you can't move those. They're like a boat anchor. You're stuck with them. And by the way, really, really expensive. And by the way, they eat a lot of power, right? So that was an architecture from the nineties in the cloud operating model, your data center. And this goes back to what you were talking about is just racks and racks of X 86 with these magic DPU or smart necks to make any individual node go blisteringly fast and do all the functions that you used to do in network appliances. >>We just said, AJ taking us to school and everyone else to school on applications, middleware abstraction layer. Yeah. And kit Culver was also talking about this across cloud. We're talking super cloud, super pass. If this continues to happen, which we would think it will happen. What does the security posture look like? It has. It feels to me. And again, this is, this is your wheelhouse. If super cloud happens with this kind of past layer where there's B motioning going on, all kinds of yeah. Spanning applications and data. Yeah. Across environments. Yeah. Assume there's an operating system working on behind the scenes. Right. What's the security posture in all this. Yeah. >>So remember my narrative about like VA guys are getting in and they're moving around and they're so sneaky that they're using legitimate pathways. The only way to stop that stuff is you've gotta understand it at what, you know, we call layer seven at the application layer the in, you know, trying to do security, the infrastructure layer. It was interesting 20 years ago, kind of less interesting 10 years ago. And now it's becoming irrelevant because the infrastructure is oftentimes not even visible, right. It's buried in some cloud provider. So layer seven, understanding, application awareness, understanding the APIs and reading the content. That's the name of the game in security. That's what we've been focused on. Right. Nothing to do with >>The infras. And where's the progress bar on that, that paradigm early one at the 10, 10 being everyone's doing it >>Right now. Well, okay. So we, as a vendor can do this today. All the stuff I talked about about reading APIs, understanding the, the individual services looking at, Hey, wait a minute. This credit card anomalies, that's all shipping production code. Where is it in customer adoption life cycle, early days, 10%. So, so there's a whole lot of headroom. We, for people to understand, Hey, I can put these controls in place. There's software based. They don't require appliances. It's layer seven. So it has contextual awareness and it's works on every single cloud. >>You know, we talk about the pandemic. Being an accelerator really was a catalyst to really rethink. Remember we used to talk about pat his security a do over. He's like, yes, if it's the last thing I'm due, I'm gonna fix security. Well, he decided to go try to fix Intel instead, but, >>But, but he's getting some help from the government, >>But it seems like, you know, CISOs have totally rethought, you know, their security strategy. And, and at least in part is a function of the pandemic. >>When I started at VMware four years ago, pat sat me down in his office and he said to me what he said to you, which is like Tom, he said, I feel like we have fundamentally changed servers. We fundamentally changed storage. We fundamentally changed networking. The last piece of the puzzle of security. I want you to go fundamentally change it. And I'll argue that the work that we're doing with this, this horizontal security understanding the lateral movement east west inspection, it fundamentally changes how security works. It's got nothing to do with firewalls. It's got nothing to do with endpoint. It's a unique capability that VMware is uniquely suited to deliver on. And so pat, thanks for the mission. We delivered it and available >>Those, those wet like web applications firewall for instance are, are around. I mean, but to your point, the perimeter's gone. Exactly. And so you gotta get, there's no perimeter. So it's a surface area problem. Correct. And access and entry, correct. They're entering here easy from some manual error or misconfiguration or bad password that shouldn't be there. They're >>In. Think about it this way. You put the front door of your house, you put a big strong door and a big lock. That's a firewall bad guys, come in the window. Right. And >>Then the window's open and the window with a ladder room. Oh my >>God. Cause it's hot, bad user behavior. Trump's good security >>Every time. And then they move around room to room. We're the room to room people. Yeah. We see each little piece of the thing. Wait, that shouldn't happen. Right. >>I wanna get you a question that we've been seeing and maybe we're early on this, or it might be just a, a false data point. A lot of CSOs and we're talking to are, and people in industry in the customer environment are looking at CSOs and CSOs, two roles, chief information security officer, and then chief security officer Amazon, actually, Steven Schmidt is now CSO at reinforced. They actually called that out. Yeah. And the, and the interesting point that he made, we've had some other situations that verified. This is that physical security is now tied to online to your point about the service area. If I get a password, I still at the keys to the physical goods too. Right. Right. So physical security, whether it's warehouse for them is, or store or retail digital is coming in there. Yeah. So is there a CSO anymore? Is it just CSO? What's the role or are there two roles you see that evolving or is that just, >>Well, >>I circumstance, >>I, I think it's just one. And I think that, that, you know, the stakes are incredibly high in security. Just look at the impact that these security attacks are having on it. It, you know, companies get taken down, Equifax market cap was cut, you know, 80% with a security breach. So security's gone from being sort of a nuisance to being something that can impact your whole kind of business operation. And then there's a whole nother domain where politics get involved. Right. It determines the fate of nations. I know that sounds grand, but it's true. Yeah. And so, so, so companies care so much about it. They're looking for one liter, one throat to choke, you know, one person that's gonna lead security in the virtual domain, in the physical domain, in the cyber domain, in, in, you know, in the actual, well, it is, >>I mean, you mentioned that, but I mean, mean you look at Ukraine. I mean the, the, that, that, that cyber is a component of that war. I mean, that's very clear. I mean, that's, that's new, we've never seen >>This. And in my opinion, the stuff that we see happening in the Ukraine is small potatoes compared to what could happen. Yeah, yeah. Right. So the us, we have a policy of, of strategic deterrents where we develop some of the most sophisticated cyber weapons in the world. We don't use them and we hope never to use them because the, the, our adversaries who could do stuff like, oh, I don't know, wipe out every bank account in north America, or turn off the lights in New York city. They know that if they were to do something like that, we could do something back. >>I, this discuss, >>This is the red line conversation I wanna go there. So >>I had this discussion with Robert Gates in 2016 and he said, we have a lot more to lose, which is really >>Your point. So this brand, so I agree that there's the, to have freedom and Liberty, you gotta strike back with divorce and that's been our way to, to balance things out. Yeah. But with cyber, the red line, people are already in banks. So they're addresses are operating below the red line, red line, meaning before we know you're in there. So do we move the red line down because Hey, Sony got hacked the movie because they don't have their own militia. Yeah. If they were physical troops on the shores of LA breaking into the file cabinets. Yeah. The government would've intervened. >>I, I, I agree with you that it creates, it creates tension for us in the us because our, our adversaries don't have the clear delineation between public and private sector here. You're very, very clear if you're working for the government or you work for an private entity, there's no ambiguity on that. And so, so we have different missions in each department. Other countries will use the same cyber capabilities to steal intellectual, you know, a car design as they would to, you know, penetrate a military network. And that creates a huge hazard for us on the us. Cause we don't know how to respond. Yeah. Is that a civil issue? Is that a, a, a military issue? And so, so it creates policy ambiguity. I still love the clarity of separation of, you know, sort of the various branches of government separation of government from, >>But that, but, but bureau on multinational corporation, you then have to, your cyber is a defensible. You have to build the defenses >>A hundred percent. And I will also say that even though there's a clear D mark between government and private sector, there's an awful lot of cooperation. So, so our CSO, Alex toshe is actively involved in the whole intelligence community. He's on boards and standards and we're sharing because we have a common objective, right? We're all working together to fight these bad guys. And that's one of the things I love about cyber is that that even direct competitors, two big banks that are rivals on the street are working together to share security information and, and private, is >>There enough? Is collaboration Tom in the vendor community? I mean, we've seen efforts to try to, that's a good question, monetize private data, you know? Yeah. And private reports and, >>And, you know, like, so at VMware, we, we, I'm very proud of the security capabilities we've built, but we also partner with people that I think of as direct competitors, we've got firewall vendors and endpoint vendors that we work with and integrate. And so cooperation is something that exists. It's hard, you know, because when you have these kind of competing, you know, so could we do more? Of course we probably could, but I do think we've done a fair amount of cooperation, data sharing, product integration, et cetera, you know, and, you know, as the threats get worse, you'll probably see us continue to do more. >>And the governments is gonna trying to force that too. >>And, and the government also drives standards. So let's talk about crypto. Okay. So there's a new form of encryption coming out called quantum processing, calling out. Yeah. Yeah. Quantum, quantum computers have the potential to crack any crypto cipher we have today. That's bad. Okay. Right. That's not good at all because our whole system is built around these private communications. So, so the industry is having conversations about crypto agility. How can we put in place the ability to rapidly iterate the ciphers in encryption? So when the day quantum becomes available, we can change them and stay ahead of these quantum people. Well, >>Didn't this just put out a quantum proof algo that's being tested right now by the, the community. >>There's a lot of work around that. Correct. And, and, and this is taking the lead on this, but you know, Google's working on it, VMware's working on it. We're very, very active in how do we keep ahead of the attackers and the bad guys? Because this quantum thing is like a, it's a, it's a x-ray machine. You know, it's like, it's like a, a, a di lithium crystal that can power a whole ship. Right. It's a really, really, really powerful >>Tool. It's bad. Things will happen. >>Bad things could happen. >>Well, Tom, great to have you on the cube. Thanks for coming. Take the last minute to just give a plug for what's going on for you here at world this year, VMware explore this year. Yeah. >>We announced a bunch of exciting things. We announced enhancements to our, our NSX family, with our advanced load balancer, with our edge firewall. And they're all in service of one thing, which is helping our customers make their private cloud like the public cloud. So I like to say 0, 0, 0. If you are in the cloud operating model, you have zero proprietary appliances. You have zero tickets to launch a workload. You have zero network taps and zero trust built into everything you do. And that's, that's what we're working on and pushing that further and further. >>Tom Gill, senior vices president head of the networking at VMware. Thanks for coming up for you. Appreciate >>It. Yes. Thanks for having guys >>Always getting the security data. That's killer data and security of the two ops that get the most conversations around dev ops and cloud native. This is the queue bringing you all the action here in San Francisco for VMware. Explore 2022. I'm John furrier with Dave, Alan. Thanks for watching.

(upbeat music) >> Hello, and welcome to this CUBE Conversation. I'm John Furrier, host of theCUBE here in Palo Alto, California for a great remote interview with Ameya Talwalkar, CEO of Cequence Security. Protecting APIs is the name of the game. Ameya thanks for coming on this CUBE Conversation. >> Thank you, John. Thanks for having us. >> So, I mean, obviously APIs, cloud, it runs everything. It's only going to get better, faster, more containers, more Kubernetes, more cloud-native action, APIs are at the center of it. Quick history, Cequence, how you guys saw the problem and where is it today? >> Yeah, so we started building the company or the product, the first product of the company focused on abuse or business logic abuse on APIs. We had design partners in large finance FinTech companies that are now customers of Cequence that were sort of API first, if you will. There were products in the market that were, you know, solving this problem for them on the web and in some cases mobile applications, but since these were API first very modern FinTech and finance companies that deal with lot of large enterprises, merchants, you have it, you name it. They were struggling to protect their APIs while they had protection on web and mobile applications. So that's the genesis. The problem has evolved exponentially in terms of volume size, pain, the ultimate financial losses from those problems. So it has, it's been a interesting journey and I think we timed it perfectly in terms of when we got started with the problem we started with. >> Yeah, I'm sure if you look at the growth of APIs, they're just exponentially growing because of the development, cloud-native development wave plus open source driving a lot of action. I was talking to a developer the other day and he's like, "Just give me a bag of Lego blocks and I'll build whatever application." I mean, this essentially- >> Yeah. >> API first is, has got us here, and that's standard. >> Yeah. >> Everyone's building on top of APIs, but the infrastructure going cloud-native is growing as well. So how do you secure APIs without slowing down the application velocity? Which everyone's trying to make go faster. So you got faster velocity on the developer side and (chuckles) more APIs coming. How do you secure the API infrastructure without slowing down the apps? >> Yeah, I'll come to the how part of it but I'll give you a little bit of commentary on what the problem really is. It's what has happened in the last few years is as you mentioned, the sort of journey to the cloud whether it's a public cloud or a private cloud, some enterprises have gone to a multi-cloud strategy. What really has happened is two things. One is because of that multi-environment deployment there is no defined parameter anymore to your applications or APIs. And so the parameter where people typically used to have maybe a CDN or WAF or other security controls at the parameter and then you have your infrastructure hosting these apps and APIs is completely gone away, that just doesn't exist anymore. And even more so for APIs which really doesn't have a whole lot of content to be cashed. They don't use CDN. So they are behind whatever API gateways whether they're in the cloud or whatever, they're hosting their APIs. And that has become your micro parameter, if you will, as these APIs are getting spread. And so the security teams are struggling with, how do I protect such a diverse set of environments that I am supposed to manage and protect where I don't have a unified view. I don't have even, like a complete view, if you will, of these APIs. And back in the days when phones or the modern iPhones and Android phones became popular, there used to be a sort of ad campaign I remember that said, "There is an app for that." >> Yeah. >> So the fast forward today, it's like, "There's an API for that." So everything you wanted to do today as a consumer or a business- >> John: Yeah. >> You can call an API and get your business done. And that's the challenge that's the explosion in APIs. >> Yeah. >> (laughs) Go ahead. >> It's interesting you have the API life cycle concept developing. Now you got, everyone knows- >> Right. >> The application life cycle, you know CI/CD pipelining, shifting left, but the surface area, you got web app firewalls which everyone knows is kind of like outdated, but you got API gateways. >> Yep. >> The surface area- >> Yeah. >> Is only increasing. So I have to ask you, do the existing API security tools out there bring that full application- >> Yeah. >> And API life cycle together? 'Cause you got to discover- >> Yep. >> The environment, you got to know what to protect and then also net new functionality. Can you comment? >> Right. Yeah. So that actually goes to your how question from, you know, previous section which is really what Cequence has defined is a API protection life cycle. And it's this concrete six-step process in which you protect your APIs. And the reason why we say it's a life cycle is it's not something that you do once and forget about it. It's a continuous process that you have to keep doing because your DevOps teams are publishing new APIs almost every day, every other day, if you will. So the start of that journey of that life cycle is really about discovering your external facing API attack surface which is where we highlight new hosting environments. We highlight accidental exposures. People are exposing their staging APIs. They might have access to production data. They are exposing Prometheus or performance monitoring servers. We find PKCS 7 files. We find Log4j vulnerabilities. These are things that you can just get a view of from outside looking in and then go about prioritizing which API environments you want to protect. So that's step number one. Step number two, really quick is do an inventory of all your APIs once you figure out which environments you want to protect or prioritize. And so that inventory includes a runtime inventory. Also creating specifications for these APIs. In lot of places, we find unmanaged APIs, shadow APIs and we create the API inventory and also push them towards sort of a central API management program. The third step is really looking at the risk of these APIs. Make sure they are using appropriate security controls. They're not leaking any sensitive information, PCI, PHI, PII, or other sort of industry-specific sensitive information. They are conforming to their schema. So sometimes the APIs dba.runtime from their schema and then that can cause a risk. So that's the first, sort of first half of this life cycle, if you will, which is really making sure your APIs are secure, they're using proper hygiene. The second half is about attack detection and prevention. So the fourth step is attack detection. And here again, we don't stop just at the OWASP Top 10 category of threats, a lot of other vendors do. They just do the OWASP API Top 10, but we think it's more than that. And we go deeper into business logic abuse, bots, and all the way to fraud. And that's sort of the attack detection piece of this journey. Once you detect these attacks, you start about, think about prevention of these attacks, also natively with Cequence. And the last step is about testing and making sure your APIs are secure even before they go live. >> What's- >> So that's a journey. Yeah. >> What's the secret sauce? What makes you different? 'Cause you got two sides to that coin. You got the auditing, kind of figure things out, and then you got the in-built attacks. >> Yeah. >> What makes you guys different? >> Yeah. So the way we are different is, first of all, Cequence is the only vendor that can, that has all these six steps in a single platform. We talked about security teams just lacking that complete view or consistent and uniform view of all your, you know, parameter, all your API infrastructure. We are combining that into a single platform with all the six steps that you can do in just one platform. >> John: Yeah. >> Number two is the outside looking in view which is the external discovery. It's something Cequence is unique in this space, uniquely doing this in this space. The third piece is the depth of our detection which is we don't just stop at the OWASP API Top 10, we go to fraud, business logic abuse, and bot attacks. And the mitigation, this will be interesting to you, which is a lot of the API security vendors say you come into existence because your WAF is not protecting your APIs, but they turn around when they detect the attacks to rely on a WAF to mitigate this or prevent these threats. And how can you sort of comprehend all that, right? >> Yeah. >> So we are unique in the sense we can prevent the attacks that we detect in the same platform without reliance on any other third-party solution. >> Yeah, I mean we- >> The last part is, sorry, just one last. >> Go ahead. Go ahead. >> Which is the scale. So we are serving largest of the large Fortune 100, Fortune 50 enterprises. We are processing 6 billion API calls per day. And one of the large customers of ours is processing 1 billion API calls per day with Cequence. So scale of APIs that we can process and how we can scale is also unique to Cequence. >> Yeah, I think the scale thing's a huge message. There, just, I put a little accent on that. I got to comment because we had an event last week called Supercloud which we were trying to talking about, you know, as clouds become more multicloud, you get more super capabilities. But automation, with super cloud comes super hackers. So as things advance, you're seeing the step function, the bad guys are getting better too. You mentioned bots. So I have to ask you what are some of the sophisticated attacks that you see that look like legitimate traffic or transactions? Can you comment on what your scale and your patterns are showing? Because the attacks are coming in fast and furious >> Correct. So APIs make the attack easier because APIs are well documented. So you want your partners and, you know, programmers to use your API ecosystem, but at the same time the attackers are getting the same information and they can program against those APIs very easily which means what? They are going to write a bunch of bots and automation to cause a lot of pain. The kind of sophistication we have seen is I'll just give a few examples. Ulta Beauty is one of our customers, very popular retailer in the US. And we recently found an interesting attack. They were selling some high-end hair curling high ends which are very high-end demand, very expensive, very hard to find. And so this links sort of physical path to API security, think about it, which is the bad guys were using a bot to scrape a third-party service which was giving local inventory information available to people who wanted to search for these items which are high in demand, low in supply. And they wrote a bot to find where, which locations have these items in supply, and they went and sort of broke into these showrooms and stole those items. So not only we say are saving them from physical theft and all the other problems that they have- >> Yeah. >> But also, they were paying about $25,000 per month extra- >> Yeah. >> For this geo-location service that was looking at their inventory. So that's the kind of abuse that can go on with APIs. Even when the APIs are perfectly secure, they're using appropriate security controls, these can go on. >> You know, that's a really great example. I'm glad you brought that up because I observed at AWS re:Inforce in Boston that Steven Schmidt has changed his title from chief information security officer to just chief security officer, to the point when asked he said, "Physical security is now tied together with the online." So to your point- >> Yeah. >> About the surveillance and attack setup- >> Yeah. >> For the physical, you got warehouses- >> Yep. >> You've got brick and mortar. This is the convergence of security. >> Correct. Absolutely. I mean, we do deal with many other, sort of a governance case. We help a Fortune 50 finance company which operates worldwide. And their gets concern is if an API is hosted in a certain country in Europe which has the most sort of aggressive data privacy and data regulations that they have to deal with, they want to make sure the consumer of that API is within a certain geo location whereby they're not subject to liabilities from GDPR and other data residency regulation. And we are the ones that are giving them that view. And we can have even restrict and make sure they're compliant with that regulation that they have to sort of comply with. >> I could only imagine that that geo-regional view and the intelligence and the scale gives you insights- >> Yeah. >> Into attacks that aren't really kind of, aren't supposed to be there. In other words, if you can keep the data in the geo, then you could look- >> Yep. >> At anything else as that, you know, you don't belong here kind of track. >> You don't belong here. Exactly. Yeah, yeah. >> All right. So let's get to the API. >> Yeah, I mean- >> So the API visibility is an issue, right? So I can see that, check, sold me on that, protection is key, but if, what's the current security team makeup? Are they buying into this or are they just kind of the hair on fire? What are security development teams doing? 'Cause they're under a lot of pressure to do the hardcore security work. And APIs, again, surface area's wide open, they're part of everyone's access. >> Yeah. So I mentioned about the six-step journey of the life cycle. Right? We see customers come to us with very acute pain point and they say, "Our hair is on, our hair on fire. (John laughing) Solve this problem for us." Like one large US telco company came to us to, just a simple problem, do the inventory and risk assessment of all our APIs. That's our number one pain point. Ended up starting with them on those two pain points or those two stops on their life cycle. And then we ended up solving all the six steps with them because once we started creating an inventory and looking at the risk profile, we also observed that these same APIs were target by bots and fraudsters doing all kinds of bad things. So once we discovered those problems we expanded the scope to sort of have the whole life cycle covered with the Cequence platform. And that's the typical experience which is, it's typically the security team. There are developer communities that are coming to us with sort of the testing aspect of it which integrated into DevOps toolchains and CI/CD pipelines. But otherwise, it's all about security challenges, acute pain points, and then expanding into the whole journey. >> All right. So you got the detection, you got the alerting, you got the protection, you got the mitigation. What's the advice- >> Yeah. >> To the customer or the right approach to set up with Cequence so that they can have the best protection. What the motion? What's the initial engagement look like? How do they engage? How do they operationalize? >> Yeah. >> You guys take me through that. >> Yeah. The simple way of engaging with Cequence is get that external assessment which will map your APIs for you, it'll create a assessment for you. We'll present that assessment, you know, to your security team. And like 90% of the times customers have an aha moment, (John chuckles) that they didn't know something that we are showing them. They find APIs that were not supposed to be public. They will find hosting environments that they didn't know about. They will find API gateways that were, like not commissioned, but being used. And so start there, start their journey with an assessment with Cequence, and then work with us to prioritize what problems you want to solve next once you have that assessment. >> So really making sure that their inventory of API is legit. >> Yep. Yep, absolutely. >> It's basically- >> Yep. >> I mean, you're starting to see more of this in the cloud-native, you know, Sbot, they call 'em, you know, (indistinct) materials. >> (Ameya faintly speaking). What do you got out there, kind of full understanding of what's being instrumented out there, big time. >> Yeah. The thing is a lot of analysts say that APIs is the number one attack vector this year and going forward, but you'll be surprised to see that it's not the APIs that get targeted that are poorly secured. Actually, the APIs that are completely not secured are the ones that are attacked the most because there are plenty of them. So start with the assessment, figure out the APIs that are out there and then start your journey. That's sort of my recommendation. >> So based on your advice what you're saying is there's a, most people make the mistake of having a lot of undocumented or unauthorized APIs out there that are unsecured. >> Yeah. And security teams are unaware of those APIs. So how do you protect something that you don't know even exists? >> Yeah. >> Right? So that's the challenge. >> Okay. You know, the APIs have to be secure. And as applications connect too, there's the other side of the APIs, whether that's credential passing, so much is at stake here relative to the security. It's not just access it's what's behind it. There's a lot of trust coming in. So, you know, I got to ask you a final question. You got zero trust and you got trust kind of coming together. What's (laughs), how do you respond to that? >> Yeah. Zero trust is part of it in the sense that you have to not trust sort of any API consumer as a completely trusted entity. Just like I gave you the Ultra Beauty example. They had trusted this third party to be absolutely safe and secure, you know, no controls necessary to sort of monitor their traffic, whereas they can be abused by their end consumers and cause you a lot of pain. So there is a sort of a linkage between zero trust. Never trusts anybody until you verify, that's the sort of angle, that's sort of the connection between APIs security and zero trust. >> Ameya, thank you for coming on theCUBE. Really appreciate the conversation. I'll give you the final word. What should people know about Cequence Security? How would you give the pitch? You go, you know, quick summary, what's going on? >> Yeah. So very excited to be in this space. We sort of are the largest security of API security vendor in the space in terms of revenue, the largest volume of API traffic that we process. And we are just getting started. This is a exciting journey we are on, we are very happy to serve the, you know, Fortune 50, you know, global 200 customers that we have, and we are expanding into many geographies and locations. And so look for some exciting updates from us in the coming days. >> Well, congratulations on your success. Love the approach, love the scale. I think scale's a new competitive advantage. I think that's the new lock-in if you're good, and your scaling providing a lot of benefits. So Ameya, thank you for coming, sharing the story. Looking forward to chatting again soon. >> Thank you very much. Thanks for having us. >> Okay. This is a CUBE Conversation. I'm John Furrier, here at Palo Alto, California. Thanks for watching. (cheerful music)