>>Well, hi everybody, John Walls here on the cube. And thank you for joining us here for this cube conversation today. And we're talking about data. Of course, it's a blessing and the respect that it's become such a valuable asset. So many companies around the world, it's also a curse, obviously, because it is certainly can be vulnerable. It is under attack and Druva is all about protecting your data and preventing those attacks. And with us to talk about that a little bit more in depth as Jaspreet Singh, who is the founder and CEO at Druva and Steven Manley, who was the company's CTO. Gentlemen, thanks for being with us here on the queue. Good to see you. >>Thank you. Thank you, John. >>So Jaspreet, let me just begin with you. Let's, let's talk about the larger picture of data these days. And, and we read, it seems as though every day about some kind of invasion, you know, where some ransomware attack it's become all too commonplace. So if you wouldn't maybe just set the stage a little bit for the state of ransomware here in 2021. >>That's right. John, I think Lansing has now a new national security threat and at the scene, uh, all around us, this, uh, almost every single day, we hear about businesses getting hit with a, a new ransomware attack, uh, ransomware 1.0 was more a malware situation impacting our data. And as you know, the pandemic transformed the entire data landscape, like the application, the terror, the entire supply chain delivery model as to be more online, more connected, which, you know, for this mortar stores, this whole approach towards a malware coming in, we're also seeing ransomware 2.0, it is all about like insider techs or, or, or in general security misconfiguration, which could lead to data being exfiltrated or traded off in the market. So in general, as data is far more connected, far more expected to be online security techs from either malware or human oriented security issues are becoming more and more dominant threat to, to our, our entire data landscape. Right? >>Yeah. So, so Steven, if you would, I'd like you to just to follow up on this, this, uh, uh, will the landscape to take one of Jaspreet's terms here about what you're seeing in terms of, of kind of these evolving threats now, um, used to be probably, I don't know, five, six years ago, it was a very different, uh, set of problems and challenges and companies maybe weren't as laser focused as they are now. Um, maybe take us through that, that process, what has happened with regard to the client base that you see and you're working with in terms of their recognition and other steps that they need to take going forward as they modernize their operations? >>Yeah. You know, I th I think there's, there's two things we see from, uh, from sort of a technical perspective. The first one is in just pre-call that ransomware 1.0, ransomware 1.0, uh, is mainstream at this point, you know, so, so you, you can go out there and you don't have to be an expert hacker there's ransomware as a service. You know, your average, your average teenager can basically download a ransomware attack kit, uh, you know, get, get a pretty lightweight cloud account and attack school districts, hospitals, municipal organizations, whatever it is, you know, with what we would consider the traditional ransomware and, and that's become ubiquitous. And that's why we see all these reports of, there are multiple ransomware attacks every minute, you know, in the United States and around the world. So, so that's, that's, that's one part which is you're going to get hit. >>Now you'll probably get heading in with the more traditional ransomware, but, you know, like any industry, the ransomware people have evolved. And so it's as just breed said, they are constantly innovating. And so what we're seeing now from, uh, from sort of a marketplace standpoint is, you know, getting smarter about the ransomware attack. So, so laying low, longer, uh, you know, sort of corrupting or attacking data a little bit more slowly. So it's harder to detect specifically attacking backup infrastructure so that you won't be able to recover exfiltrating data. So that, so that now you can have sort of two types of threats, one that your data is encrypted, and the other is if you don't pay us, we're just going to post it on the internet. So, so you've got stage one, which is ubiquitous, and you've got to protect yourself against that because anyone can be attacked at any time. And then you've got stage two where it's getting smarter and that's where organizations then have to step up their game and say, I've got to keep my backup safer. Uh, I've got to be able to detect things a little bit more easily, and I need to start really understanding my data footprint. So I understand what can be exfiltrated and what that's going to mean to me as a business. >>So, Jess, um, to that point, that Steven was just talking about how the organizations need to get smarter in terms of your communications that you're having with the folks in the C-suite, um, is that point, is that you, if they readily identified today, I mean, are, do they get it, um, are the, is the communication going out to their stakeholders, are the business priorities being aligned appropriately? I mean, what, what are organizations and specifically on that executive level, what are they doing right now? Um, in terms of, of preparation in terms of protections that, that, uh, again, are so necessary, I would think. >>Yeah, absolutely. So I think we do see customers truly making strides to solving the problem. There's not a one facet that, you know, one solution fits all problem either, right? So there's, there's, there's, there's a whole productive nature of preventing ransomware detection and response. There's a readiness aspect of it, but what happens when you do get here now that recovery element to it, how do I recover in time in shape from a attack like this, the customers are evolving. They're understanding at the same time, they actually deploying appropriate technologies to, to put all the three aspects of solving the solution. What does Stickney like any of the security challenge? This is, uh, you know, there's not a one application solve all problems. Typically the OLAP and controls built by a multiple group and multiple parties to make sure you're ready to response towards a tech like this. >>And just to jump in, because one of the things I find fascinating as we go through this, the customer conversations I have, I've I've been doing, you know, sort of data protection for a long time. We won't get into that, but, but most of my time I'd spent talking to, you know, VPs of it. Maybe I'd see a CIO. It's fascinating. Now we will have conversations with boards of directors because it becomes such a big issue. And the focus is, is, is so different, right? Because they understand that this isn't just like a usual backup and recovery, or even the traditional disaster recovery that you might do from a natural disaster or some sort of hardware outage. They're seeing that there are so many stages now to an orchestrator recovery. These customers we work with where it's, it's, it's not just about, I need a little bit to technology. They're really looking for how do I operationalize all of this? You know, because once you're up at the board of directors, this is no longer a which product is better than X, Y, or Z. It's a discussion about who can really insulate me from the risk, because these, these can be business sending events. If you're not careful, >>Right? I mean, you're ready. This is a great point. And actually, Steven, I hadn't really thought about these fiduciary responsibilities that boards have. And obviously we think about operations. We think about PNL, right? We think about all, but I hadn't really thought about how also data protection. And I want to talk about data resiliency, how those come into play, as well as those board decisions are made. So let's talk about resiliency. I want you guys to explain this concept to me. Um, so the, you know, what, what's the distinction between protection and resiliency because to me, they're, they're maybe not exactly synonymous, but they're kind of cousins in some respects. So a Jaspreet, if you will talk about resiliency and how you define that. >>Sure. So I just see what I mentioned, right? The prediction was more about how do I actually save guard my data to actually, you know, recover from an incident right there, didn't say residency is all about being ready to respond in time, right? The forward-leaning pusher of making sure, you know, am I ready to not just recover from a very, uh, you know, age, old problem of application failure or, or human errors, but also a cyber attack or a, you know, a true age incident or a cyber recovery or security incident, which I'm prepared to respond in a appropriate SLA across the board. Right. Uh, and resiliency also goes beyond, you know, just the nature of data itself, right? You're, you're talking about applications, environments ecosystem to truly understand that the enterprise operation needs it. Data needs to be holistic. We talked through how do I get my business online, faster. Right. And that's the two nature of differentiation between, uh, protection going towards resiliency. >>And then as obviously driving a lot of your product development. Right. And, and, and I know you've got the data resilience, resiliency, cloud, um, service that you're offering now. So Steven blitz blitz, let's dive into that a little bit. Um, what was the Genesis of that offering and, and what do you see as its primary advantages to your clients? >>Yeah, so, so I think, I think there's, there's really those, those tier two key words there it's resiliency and it's cloud. So just brief, kind of walked about how your resiliency is that step forward. It's that shift left, whatever term you want to use. To me, the best part about the cloud is, and like I said, I've been doing this for a long time and I've yet to meet a customer. Who's come to me and said, I really wish I could spend more money and more time on my data protection infrastructure. I love sticking together, multiple separate products. It's just a great use of my time. Right? Nobody says that what they really say is, could you just solve this problem for me? This is, this is hard capacity planning and patching and upgrades and tying together all the different components from up to seven different vendors. >>This is hard work. And I just need this to work. I need this to work seamlessly. And so we, we, we looked at that cloud part and we said, well, when you think of cloud, you think of something that's flexible. You think of something that's on demand. You think of something that does the job for you. And so, you know, when we talk about this data resiliency cloud, it's about, you know, moving onto your front foot, getting aggressive, being ready for what's coming, but having, you know, frankly, Druva do it for you as opposed to saying here's some technology, good luck. You know, Mr. And Mrs. Customer, you know, we've got this solved for you, it's our job to take care of it. >>And to add to it, you know, this entire resiliency question cannot be solved to a simple, a software is approach is a fundamental belief because the same network, the same principles of operation, the same people involved, you know, what, what those are involved around the primary application that the resiliency aspect has to be air gap appropriately, not just at the data level, but ID and operations limit as well. Right? So a notion of a cloud, almost a social distancing for your data, right? And you're in your ego to the enterprise that, Hey, if anything happens to my primary network application stack data, my second Bree cloud, my redundancy cloud is ready to respond inappropriate, define SNDs to recover my Buddhist business holistically as a combination of integrating with SecOps as a combination of truly integrating disaster recovery elements with cyber recovery elements, truly understanding application recovery from a backup and recovery point of view. So holistically understanding the notion of resiliency and simplifying it to the elements of public cloud. Yes, sir. >>How do you bend that for your clients? Because as you both pointed out, they have different needs, right? And they have, they have different obviously different that they're involved in different sectors of different operations with different priorities and all that. How is the data resiliency cloud, uh, providing them with the kind of flexibility and aid, the kind of adaptability that you need in order to conform it for what you need and not necessarily, you know, what someone else in another sector is, is all about. >>So, so for me, there's a couple of things that, that is great about, about being the data resiliency cloud. One is that we've got well over 3,500 customers, which means that no matter what segment you're looking in, you're not going to be alone, right? If you're, if you're healthcare, if you're finance, if you're a manufacturing, Druva, Druva understands, you know, what you, and many of, of your similar sort of companies look like, which enables us to work in a lot of ways and enables us to understand what trends are happening across your industry, whether it's, you know, ransomware attacks that are coming across, you know, say manufacturing space and how those look or what data growth looks like, or what type of applications are important in those industries. So it's, it's really useful for us to be able to say, we understand these different verticals because we've got such a broad customer base. >>I think the second thing that comes in then is every customer. I meet the number one question they asked me, and Amanda might not be the first one, but it's the one they want to ask. It's always, how am I doing compared to everybody else? And so it's really useful to, to be able to sit down and say, look in your industry. This is what we see as the standards right now. So this is where you fall. You're sort of maybe a stage two, everybody else's at stage three will help you move forward. You, our industry as a whole is actually ahead of many of the other industries, but this is what's coming next for it for others. And so it's really useful for those customers to understand where they sit in respect to, to sort of the broader marketplace. And so that's one of the values I think we bring is that we do have such a broad understanding of our customers because we are a service as opposed to just selling software. >>Yeah. And those customers too, um, as you've talked about, they're looking maybe at their, their, their competitive landscape and trying to decide, okay, are we keeping up with the Joneses, so to speak? Um, but all of you, all of us, we're all trying to, we're trying to keep up with the bad guys. And so in terms of that going forward, what does that challenge for you at Druva in terms of being anticipatory in terms of trying to recognize, uh, their trends and their movements and, and therefore we're thinking so that you can be that, that great, uh, protective mechanism, you can be that prophylactic measure that stands between a company and something bad from happening. >>So I I'll start. And then, uh, it's funny cause, uh, you know, just breed and I had just this morning, we were actually talking about some of the future of ransomware protection and one of the things that we are using a lot in driven, and I get every company says they're doing it is the use of AIML, especially in detecting, uh, sort of unusual trends. Um, but, but you know, but I think we're different than most because the AIML we use is again, across, you know, two and a half billion backups every year, right? Because we, we get, we get visibility across everybody. So it's not just isolated, but we're looking at things like, you know, unusual access patterns in the data and usual access patterns based on administrators, because like Jaspreet said, said at the beginning, one of the things we see the ransomware attackers doing is they're trying to get entire control of your environment because if I control your environment, if I control your phone system, your email, I can get control of your backup application and delete everything. >>So we're even doing things to sort of prevent, oh, you know, we were getting unusual administrative access patterns. Let's stop that. We're getting unusual recovery patterns. Maybe that's somebody trying to steal data out. Let's track that. So our use of AIML is across a much broader data set than anybody else. And it's looking at a lot more than just, you know, sort of data, data pattern changes took to a much broader set of things. And, and basically, again, it's, it's sort of a, a bi-weekly meeting we have where Jaspreet comes in with more ideas that basically for our, for, for our team to start to go, what else can we do? Because the landscape keeps changing. >>And on top of it, I think also if you think about data protection or even data storage was never designed from a security point of view, it was always designed from a point of view of recoverability of data tool. Application issues are basically not corruption, but security or the thinking help us also fundamentally understand how do we think about elements of zero trust all around the platform and how do you make sure to what Steven mentioned, if your IDP gets compromised, if you do have a bad actor, enter a data protection solution, make us, how do you still make sure levels of automatization immutability like multiple levels of control that it plays to make sure no bad actor take construct control and true recoverability resiliency is possible across a variety of scenarios and Trudy customer driven SLA. So both foundationally, uh, we've, we've truly built something which is now, uh, it's very deep in and focused on security. The same time as Steven mentioned to understanding of customer landscape really helps us understand bad actors thought more, better, and more faster than many of our, uh, in the industry competition. >>Well, the need is great. That's for sure. And gentlemen, I want to thank you for the time today to talk about, uh, what Druva is doing and wish you continued success down the road. Thanks to you both. >>Thank >>You. All right. We've been talking about data, keeping it safe, keeping your data safe. That's what Druva is all about. And I'm John Walls and you've been watching the cube.