>>Hey everyone, welcome to the Cube's coverage of AWS Reinvent 2022. Lisa Martin here with you with Subaru ier, one of our alumni who's now the CEO of Aerospike. Sabu. Great to have you on the program. Thank you for joining us. >>Great as always, to be on the cube. Luisa, good to meet you. >>So, you know, every company these days has got to be a data company, whether it's a retailer, a manufacturer, a grocer, a automotive company. But for a lot of companies, data is underutilized, yet a huge asset that is value added. Why do you think companies are struggling so much to make data a value added asset? >>Well, you know, we, we see this across the board when I talk to customers and prospects. There's a desire from the business and from it actually to leverage data to really fuel newer applications, newer services, newer business lines, if you will, for companies. I think the struggle is one, I think one the, you know, the plethora of data that is created, you know, surveys say that over the next three years data is gonna be, you know, by 2025, around 175 zetabytes, right? A hundred and zetabytes of data is gonna be created. And that's really a, a, a growth of north of 30% year over year. But the more important, and the interesting thing is the real time component of that data is actually growing at, you know, 35% cagr. And what enterprises desire is decisions that are made in real time or near real time. >>And a lot of the challenges that do exist today is that either the infrastructure that enterprises have in place was never built to actually manipulate data in real time. The second is really the ability to actually put something in place which can handle spikes yet be cost efficient if you'll, so you can build for really peak loads, but then it's very expensive to operate that particular service at normal loads. So how do you build something which actually works for you, for both you, both users, so to speak? And the last point that we see out there is even if you're able to, you know, bring all that data, you don't have the processing capability to run through that data. So as a result, most enterprises struggle with one, capturing the data, you know, making decisions from it in real time and really operating it at the cost point that they need to operate it at. >>You know, you bring up a great point with respect to real time data access. And I think one of the things that we've learned the last couple of years is that access to real time data, it's not a nice to have anymore. It's business critical for organizations in any industry. Talk about that as one of the challenges that organizations are facing. >>Yeah. When, when, when we started Aerospike, right when the company started, it started with the premise that data is gonna grow, number one, exponentially. Two, when applications open up to the internet, there's gonna be a flood of users and demands on those applications. And that was true primarily when we started the company in the ad tech vertical. So ad tech was the first vertical where there was a lot of data both on the supply side and the demand side from an inventory of ads that were available. And on the other hand, they had like microseconds or milliseconds in which they could make a decision on which ad to put in front of you and I so that we would click or engage with that particular ad. But over the last three to five years, what we've seen is as digitization has actually permeated every industry out there, the need to harness data in real time is pretty much present in every industry. >>Whether that's retail, whether that's financial services, telecommunications, e-commerce, gaming and entertainment. Every industry has a desire. One, the innovative companies, the small companies rather, are innovating at a pace and standing up new businesses to compete with the larger companies in each of these verticals. And the larger companies don't wanna be left behind. So they're standing up their own competing services or getting into new lines of business that really harness and are driven by real time data. So this compelling pressures, one, the customer exp you know, customer experience is paramount and we as customers expect answers in, you know, an instant in real time. And on the other hand, the way they make decisions is based on a large data set because you know, larger data sets actually propel better decisions. So there's competing pressures here, which essentially drive the need. One from a business perspective, two from a customer perspective to harness all of this data in real time. So that's what's driving an inces need to actually make decisions in real or near real time. >>You know, I think one of the things that's been in short supply over the last couple of years is patients we do expect as consumers, whether we're in our business lives, our personal lives that we're going to be getting, be given information and data that's relevant, it's personal to help us make those real time decisions. So having access to real time data is really business critical for organizations across any industries. Talk about some of the main capabilities that modern data applications and data platforms need to have. What are some of the key capabilities of a modern data platform that need to be delivered to meet demanding customer expectations? >>So, you know, going back to your initial question Lisa, around why is data really a high value but underutilized or underleveraged asset? One of the reasons we see is a lot of the data platforms that, you know, some of these applications were built on have been then around for a decade plus and they were never built for the needs of today, which is really driving a lot of data and driving insight in real time from a lot of data. So there are four major capabilities that we see that are essential ingredients of any modern data platform. One is really the ability to, you know, operate at unlimited scale. So what we mean by that is really the ability to scale from gigabytes to even petabytes without any degradation in performance or latency or throughput. The second is really, you know, predictable performance. So can you actually deliver predictable performance as your data size grows or your throughput grows or your concurrent user on that application of service grows? >>It's really easy to build an application that operates at low scale or low throughput or low concurrency, but performance usually starts degrading as you start scaling one of these attributes. The third thing is the ability to operate and always on globally resilient application. And that requires a, a really robust data platform that can be up on a five, nine basis globally, can support global distribution because a lot of these applications have global users. And the last point is, goes back to my first answer, which is, can you operate all of this at a cost point? Which is not prohibitive, but it makes sense from a TCO perspective. Cuz a lot of times what we see is people make choices of data platforms and as ironically their service or applications become more successful and more users join their journey, the revenue starts going up, the user base starts going up, but the cost basis starts crossing over the revenue and they're losing money on the service, ironically, as the service becomes more popular. So really unlimited scale, predictable performance always on, on a globally resilient basis and low tco. These are the four essential capabilities of any modern data platform. >>So then talk to me with those as the four main core functionalities of a modern data platform. How does aerospace deliver that? >>So we were built, as I said, from the from day one to operate at unlimited scale and deliver predictable performance. And then over the years as we work with customers, we build this incredible high availability capability which helps us deliver the always on, you know, operations. So we have customers who are, who have been on the platform 10 years with no downtime for example, right? So we are talking about an amazing continuum of high availability that we provide for customers who operate these, you know, globally resilient services. The key to our innovation here is what we call the hybrid memory architecture. So, you know, going a little bit technically deep here, essentially what we built out in our architecture is the ability on each node or each server to treat a bank of SSDs or solid state devices as essentially extended memory. So you're getting memory performance, but you're accessing these SSDs, you're not paying memory prices, but you're getting memory performance as a result of that. >>You can attach a lot more data to each node or each server in your distributed cluster. And when you kind of scale that across basically a distributed cluster you can do with aerospike, the same things at 60 to 80% lower server count and as a result 60 to 80% lower TCO compared to some of the other options that are available in the market. Then basically, as I said, that's the key kind of starting point to the innovation. We layer around capabilities like, you know, replication change, data notification, you know, synchronous and asynchronous replication. The ability to actually stretch a single cluster across multiple regions. So for example, if you're operating a global service, you can have a single aerospace cluster with one node in San Francisco, one northern New York, another one in London. And this would be basically seamlessly operating. So that, you know, this is strongly consistent. >>Very few no SQL data platforms are strongly consistent or if they are strongly consistent, they will actually suffer performance degradation. And what strongly consistent means is, you know, all your data is always available, it's guaranteed to be available, there is no data lost anytime. So in this configuration that I talked about, if the node in London goes down, your application still continues to operate, right? Your users see no kind of downtime and you know, when London comes up, it rejoins the cluster and everything is back to kind of the way it was before, you know, London left the cluster so to speak. So the op, the ability to do this globally resilient, highly available kind of model is really, really powerful. A lot of our customers actually use that kind of a scenario and we offer other deployment scenarios from a higher availability perspective. So everything starts with HMA or hybrid memory architecture and then we start building out a lot of these other capabilities around the platform. >>And then over the years, what our customers have guided us to do is as they're putting together a modern kind of data infrastructure, we don't live in a silo. So aerospace gets deployed with other technologies like streaming technologies or analytics technologies. So we built connectors into Kafka, pulsar, so that as you're ingesting data from a variety of data sources, you can ingest them at very high ingest speeds and store them persistently into Aerospike. Once the data is in Aerospike, you can actually run spark jobs across that data in a, in a multithreaded parallel fashion to get really insight from that data at really high, high throughput and high speed, >>High throughput, high speed, incredibly important, especially as today's landscape is increasingly distributed. Data centers, multiple public clouds, edge IOT devices, the workforce embracing more and more hybrid these days. How are you ex helping customers to extract more value from data while also lowering costs? Go into some customer examples cause I know you have some great ones. >>Yeah, you know, I think we have, we have built an amazing set of customers and customers actually use us for some really mission critical applications. So, you know, before I get into specific customer examples, let me talk to you about some of kind of the use cases which we see out there. We see a lot of aerospace being used in fraud detection. We see us being used in recommendations and since we use get used in customer data profiles or customer profiles, customer 360 stores, you know, multiplayer gaming and entertainment, these are kind of the repeated use case digital payments. We power most of the digital payment systems across the globe. Specific example from a, from a specific example perspective, the first one I would love to talk about is PayPal. So if you use PayPal today, then you know when you actually paying somebody your transaction is, you know, being sent through aero spike to really decide whether this is a fraudulent transaction or not. >>And when you do that, you know, you and I as a customer not gonna wait around for 10 seconds for PayPal to say yay or me, we expect, you know, the decision to be made in an instant. So we are powering that fraud detection engine at PayPal for every transaction that goes through PayPal before us, you know, PayPal was missing out on about 2% of their SLAs, which was essentially millions of dollars, which they were losing because, you know, they were letting transactions go through and taking the risk that it, it's not a fraudulent transaction with the aerospace. They can now actually get a much better sla and the data set on which they compute the fraud score has gone up by, you know, several factors. So by 30 x if you will. So not only has the data size that is powering the fraud engine actually grown up 30 x with Aerospike. Yeah. But they're actually making decisions in an instant for, you know, 99.95% of their transactions. So that's, >>And that's what we expect as consumers, right? We want to know that there's fraud detection on the swipe regardless of who we're interacting with. >>Yes. And so that's a, that's a really powerful use case and you know, it's, it's a great customer, great customer success story. The other one I would talk about is really Wayfair, right? From retail and you know, from e-commerce. So everybody knows Wayfair global leader in really, you know, online home furnishings and they use us to power their recommendations engine and you know, it's basically if you're purchasing this, people who bought this but also bought these five other things, so on and so forth, they have actually seen the card size at checkout go by up to 30% as a result of actually powering their recommendations in G by through Aerospike. And they, they were able to do this by reducing the server count by nine x. So on one ninth of the servers that were there before aerospace, they're now powering their recommendation engine and seeing card size checkout go up by 30%. Really, really powerful in terms of the business outcome and what we are able to, you know, drive at Wayfair >>Hugely powerful as a business outcome. And that's also what the consumer wants. The consumer is expecting these days to have a very personalized, relevant experience that's gonna show me if I bought this, show me something else that's related to that. We have this expectation that needs to be really fueled by technology. >>Exactly. And you know, another great example you asked about, you know, customer stories, Adobe, who doesn't know Adobe, you know, they, they're on a, they're on a mission to deliver the best customer experience that they can and they're talking about, you know, great customer 360 experience at scale and they're modernizing their entire edge compute infrastructure to support this. With Aerospike going to Aerospike, basically what they have seen is their throughput go up by 70%, their cost has been reduced by three x. So essentially doing it at one third of the cost while their annual data growth continues at, you know, about north of 30%. So not only is their data growing, they're able to actually reduce their cost to actually deliver this great customer experience by one third to one third and continue to deliver great customer 360 experience at scale. Really, really powerful example of how you deliver Customer 360 in a world which is dynamic and you know, on a dataset which is constantly growing at north, north of 30% in this case. >>Those are three great examples, PayPal, Wayfair, Adobe talking about, especially with Wayfair when you talk about increasing their cart checkout sizes, but also with Adobe increasing throughput by over 70%. I'm looking at my notes here. While data is growing at 32%, that's something that every organization has to contend with data growth is continuing to scale and scale and scale. >>Yep. I, I'll give you a fun one here. So, you know, you may not have heard about this company, it's called Dream 11 and it's a company based out of India, but it's a very, you know, it's a fun story because it's the world's largest fantasy sports platform and you know, India is a nation which is cricket crazy. So you know, when, when they have their premier league going on, you know, there's millions of users logged onto the dream alone platform building their fantasy lead teams and you know, playing on that particular platform, it has a hundred million users, a hundred million plus users on the platform, 5.5 million concurrent users and they have been growing at 30%. So they are considered a, an amazing success story in, in terms of what they have accomplished and the way they have architected their platform to operate at scale. And all of that is really powered by aerospace where think about that they are able to deliver all of this and support a hundred million users, 5.5 million concurrent users all with you know, 99 plus percent of their transactions completing in less than one millisecond. Just incredible success story. Not a brand that is you know, world renowned but at least you know from a what we see out there, it's an amazing success story of operating at scale. >>Amazing success story, huge business outcomes. Last question for you as we're almost out of time is talk a little bit about Aerospike aws, the partnership GRAVITON two better together. What are you guys doing together there? >>Great partnership. AWS has multiple layers in terms of partnerships. So you know, we engage with AWS at the executive level. They plan out, really roll out of new instances in partnership with us, making sure that, you know, those instance types work well for us. And then we just released support for Aerospike on the graviton platform and we just announced a benchmark of Aerospike running on graviton on aws. And what we see out there is with the benchmark, a 1.6 x improvement in price performance and you know, about 18% increase in throughput while maintaining a 27% reduction in cost, you know, on graviton. So this is an amazing story from a price performance perspective, performance per wat for greater energy efficiencies, which basically a lot of our customers are starting to kind of talk to us about leveraging this to further meet their sustainability target. So great story from Aero Aerospike and aws, not just from a partnership perspective on a technology and an executive level, but also in terms of what joint outcomes we are able to deliver for our customers. >>And it sounds like a great sustainability story. I wish we had more time so we would talk about this, but thank you so much for talking about the main capabilities of a modern data platform, what's needed, why, and how you guys are delivering that. We appreciate your insights and appreciate your time. >>Thank you very much. I mean, if, if folks are at reinvent next week or this week, come on and see us at our booth. We are in the data analytics pavilion. You can find us pretty easily. Would love to talk to you. >>Perfect. We'll send them there. So Ira, thank you so much for joining me on the program today. We appreciate your insights. >>Thank you Lisa. >>I'm Lisa Martin. You're watching The Cubes coverage of AWS Reinvent 2022. Thanks for watching.

>>Hello, and welcome to the cubes presentation of the AWS startup showcase. This is season two, episode four, the ongoing series covering exciting startups from the AWS ecosystem to talk about cyber security. I'm your host, John feer. And today we're excited to join by a Mediatel Walker, CEO of Quin security and sub IER, vice president of product management of sequence security gentlemen, thanks for joining us today on this showcase. >>Thank you, John PRAs. >>So the title of this session is continuous API protection life cycle to discover, detect, and defend security. APIs are part of it. They're hardened, everyone's using them, but they're they're target for malicious behavior. This is the focus of this segment. You guys are in the leading edge of this. What are the biggest challenges for organizations right now in assessing their security risks? Because you're seeing APIs all over the place in the news, just even this week, Twitter had a whistleblower come out from the security group, talking about their security plans, misleading the FTC on the bots and some of the malicious behavior inside the API interface of Twitter. This is really a mainstream Washington post is reporting on it. New York times, all the global outlets are talking about this story. This is the risk. I mean, yeah, this is what you guys do protect against this. >>Yeah, this is absolutely top of mind for a lot of security folks today. So obviously in the media and the type of attack that that is being discussed with this whistleblower coming out is called reputation bombing. This is not new. This has been going on since I would say at least eight to 10 years where the, the bad actors are using bots or automation and ultimately using APIs on these large social media platforms, whether it's Facebook, whether it's Twitter or some other social media platform and messing with the reputation system of those large platforms. And what I mean by that is they will do fake likes, fake commenting, fake retweeting in the case of Twitter. And what that means is that things that are, should not be very popular, all of a sudden become popular. That that way they're able to influence things like elections, shopping habits, personnel. >>We, we work with similar profile companies and we see this all the time. We, we mostly work on some of the secondary platforms like dating and other sort of social media platforms around music sharing and things like video sharing. And we see this all the time. These, these bots are bad. Actors are using bots, but ultimately it's an API problem. It's not just a bot problem. And that's what we've been trying to sort of preach to the world, which is your bot problem is subset of your API security challenges that you deal as an organization. >>You know, IMIA, we talked about this in the past on a previous conversation, but this really is front and center mainstream for the whole world to see around the challenges. All companies face, every CSO, every CIO, every board member organizations out there looking at this security posture that spans not just information technology, but physical and now social engineering. You have all kinds of new payloads of malicious behavior that are being compromised through, through things like APIs. This is not just about CSO, chief information security officer. This is chief security officer issues. What's your reaction >>Very much so I think the, this is a security problem, but it's also a reputation problem. In some cases, it's a data governance problem. We work with several companies which have very restrictive data governance and data regulations or data residency regulations there to conform to those regulations. And they have to look at that. It's not just a CSO problem anymore. In case of the, the news of the day to day, this is a platform problem. This goes all the way to the, that time CTO of Twitter. And now the CEO of Twitter, who was in charge of dealing with these problems. We see as just to give you an example, we, we work, we work with a similar sort of social media platform that allows Oop based login to their platform that is using tokens. You can sort of sign in with Facebook, sign in with Twitter, sign in with Google. These are API keys that are generated and trusted by these social media platforms. When we saw that Facebook leaked about 50 million of these login credentials or API keys, this was about three, four years ago. I wrote a blog about it. We saw a huge spike in those API keys being used to log to other social media platforms. So although one social platform might be taking care of its, you know, API or what problem, if something else gets reached somewhere else, it has a cascading impact on a variety of platforms. >>You know, that's a really interesting dynamic. And if you think about just the token piece that you mentioned, that's kind of under the coverage, that's a technology challenge, but also you get in the business logic. So let's go back and, and unpack that, okay, they discontinue the tokens. Now they're being reused here. In the case of Twitter, I was talking to an executive here in Silicon valley and they said, yeah, it's a cautionary tale, for sure. Although Twitter's a unique situation, but they abstract out the business value and say, Hey, they had an M and a deal on the table. And so if someone wants to unwind that deal, all I gotta say is, Hey, there's a bot problem. And now you have essentially new kinds of risk in the business have nothing to do with some sign the technology, okay. They got a security breach, but here with Twitter, you have an, an, an M and a deal, an acquisition that's being contested because of the, the APIs. So, so if you're in business, you gotta think to yourself, what am I risking with my API? So every organization should be assessing their security risks, tied to their APIs. This is a huge awakening for them. Where should they start? And that's the, that's the core question. Okay. You got my attention risks with the API. What do I do? >>So when I talked to you in my previous interview, the start is basically knowing what to, in most cases, you see these that are hitting the wire much. Every now there is a major in cases you'll find these APIs are targeted, that are not poorly protected. They're absolutely just not protected at all, which means the security team or any sort of team that is responsible for protecting these APIs are just completely unaware of these APIs being there in the first place. And this is where we talk about the shadow it or shadow API problem. Large enterprises have teams that are geo distributed, and this problem is escalated after the pandemic even more because now you have teams that are completely distributed. They do M and a. So they acquire new companies and have no visibility into their API or security practices. And so there are a lot of driving factors why these APIs are just not protected and, and just unknown even more to the security team. So the first step has to be discover your API attack surface, and then prioritize which APIs you wanna target in terms of runtime protection. >>Yeah. I wanna dig into that API kind of attack surface area management, runtime monitoring capability in a second, but so I wanna get you in here too, because we're talking about APIs, we're talking about attacks. What does an API attack look like? >>Yeah, that's a very good question, John, there are really two different forms of attacks of APIs, one type of attack, exploits, APIs that have known vulnerabilities or some form of vulnerabilities. For instance, APIs that may use a weak form of authentication or are really built with no authentication at all, or have some sort of vulnerability that makes them very good targets for an attacker to target. And the second form of attack is a more subtle one. It's called business logic abuse. It's, it's utilizing APIs in completely legitimate manner manners, but exploiting those APIs to exfiltrate information or key sensitive information that was probably not thought through by the developer or the designers or those APIs. And really when we do API protection, we really need to be able to handle both of those scenarios, protect against abuse of APIs, such as broken authentication, or broken object level authorization APIs with that problem, as well as protecting APIs from business logic abuse. And that's really how we, you know, differentiate against other vendors in this >>Market. So just what are the, those key differentiated ways to identify the, in the malicious intents with APIs? Can you, can you just summarize that real quick, the three ways? >>Sure. Yeah, absolutely. There are three key ways that we differentiate against our competition. One is in the, we have built out a, in the ability to actually detect such traffic. We have built out a very sophisticated threat intelligence network built over the entire lifetime of the company where we have very well curated information about malicious infrastructures, malicious operators around the world, including not just it address ranges, but also which infrastructures do they operate on and stuff like that, which actually helps a lot in, in many environments in especially B2C environments, that alone accounts for a lot of efficacy for us in detecting our weed out bad traffic. The second aspect is in analyzing the request that are coming in the API traffic that is coming in and from the request itself, being able to tell if there is credential abuse going on or credential stuffing going on or known patterns that the traffic is exhibiting, that looks like it is clearly trying to attack the attack, the APM. >>And the third one is, is really more sophisticated as they go farther and farther. It gets more sophisticated where sequence actually has a lot of machine learning models built in which actually profile the traffic that is coming in and separate. So the legitimate or learns the legitimate traffic from the anomalous or suspicious traffic. So as the traffic, as the API requests are coming in, it automatically can tell that this traffic does not look like legitimate traffic does not look like the traffic that this API typically gets and automatically uses that to figure out, okay, where is this traffic coming from? And automatically takes action to prevent that attack? >>You know, it's interesting APIs have been part of the goodness of cloud and cloud scale. And it reminds me of the old Andy Grove quote, founder of, in one of the founders of Intel, you know, let chaos, let, let the chaos happen, then reign it in it's APIs. You know, a lot of people have been creating them and you've got a lot of different stakeholders involved in creating them. And so now securing them and now manage them. So a lot of creation now you're starting to secure them and now you gotta manage 'em. This all is now big focus. As you pointed out, what are some of the dynamics that customers who have to deal with on the product side and, and organization, let, let chaos rain, and then rain in the chaos, as, as the saying goes, what, what do companies do? >>Yeah. Typically companies start off with like, like a mayor talked about earlier. Discovery is really the key thing to start with, like figuring out what your API attack surfaces and really getting your arms around that problem. And typically we are finding customers start that off from the security organization, the CSO organization to really go after that problem. And in some cases, in some customers, we even find like dedicated centers of excellence that are created for API security, which go after that problem to be able to get their arms around the whole API attack surface and the API protection problem statement. So that's where usually that problem starts to get addressed. >>I mean, organizations and your customers have to stop the attacks. A lot of different techniques, you know, run time. You mentioned that earlier, the surface area monitoring, what's the choice. What's the, where are, where are, where is everybody? Is everyone in the, in the boiling water, like the frog and boiling water or they do, they know it's happening? Like what did they do? What's their opportunity to get in >>Position? Yeah. So I, I think let's take a step back a little bit, right? What has happened is if you draw the cloud security market, if you will, right. Which is the journey to the cloud, the security of these applications or APIs at a container level, in terms of vulnerabilities and, and other things that market grew with the journey to the cloud, pretty much locked in lockstep. What has happened in the API side is the API space has kind of lacked behind the growth and explosion in the API space. So what that means is APIs are getting published way faster than the security teams are able to sort of control and secure them. APIs are getting published in environments that the security completely unaware of. We talked about in the past about the parameter, the parameter, as we know, it doesn't exist anymore. It used to be the case that you hit a CDN, you terminate your SSL, you stop your layer three and four DDoS. >>And then you go into the application and do the business logic. That parameter is just gone because it's now could be living in multi-cloud environment. It could be living in the on-prem environment, which is PubNet is friendly. And so security teams that are used to protecting apps, using a perimeter defense plus changes, it's gone. You need to figure out where your perimeter is. And therefore we sort of recommend an approach, which is have a uniform view across all your APIs, wherever they could be distributed and have a single point of control across those with a solution like sequence. And there are others also in this space, which is giving you that uniform view, which is first giving you that, you know, outside and looking view of what APIs to protect. And then let's, you sort of take the journey of securing the API life cycle. >>So I would say that every company now hear me out on this indulges me for a second. Every company in the world will be non perimeter based, except for maybe 5% because of maybe unique reason, proprietary lockdown, information, whatever. But for most, most companies, everyone will be in the cloud or some cloud native, non perimeter based security posture. So the question is, how does your platform fit into that trajectory? And specifically, why are you guys in the position in your mind to help customers solve this API problem? Because again, APIs have been the greatest thing about the cloud, right? Yeah. So the goodness is there because of APS. Now you gotta reign it in reign in the chaos. Yeah. What, what about your platform share? What is it, why is it win? Why should customers care about this? >>Absolutely. So if you think about it, you're right, the parameter doesn't exist. People have APIs deployed in multiple environments, multicloud hybrid, you name it sequence is uniquely positioned in a way that we can work with your environment. No matter what that environment is. We're the only player in this space that can protect your APIs purely as a SA solution or purely as an on-prem deployment. And that could be a SaaS platform. It doesn't need to be RackN, but we also support that and we could be a hybrid deployment. We have some deployments which are on your prem and the rest of this solution is in our SA. If you think about it, customers have secured their APIs with sequence with 15 minutes, you know, going live from zero to life and getting that protection instantaneously. We have customers that are processing a billion API calls per day, across variety of different cloud environments in sort of six different brands. And so that scale, that flexibility of where we can plug into your infrastructure or be completely off of your infrastructure is something unique to sequence that we offer that nobody else is offering >>Today. Okay. So I'll be, I'll be a naysayer. Yeah, look, it, we are perfectly coded APIs. We are the best in the business. We're locked down. Our APIs are as tight as a drum. Why do I need you? >>So that goes back to who's answer. Of course, >>Everyone's say that that's, that's great, but that's my argument. >>There are two types of API attacks. One is a tactic problem, which is exploiting a vulnerability in an API, right? So what you're saying is my APIs are secure. It does not have any vulnerability I've taken care of all vulnerabilities. The second type of attack that targets APIs is the business logic. Use this stuff in the news this week, which is the whistleblower problem, which is, if you think APIs that Twitter is publishing for users are perfectly secure. They are taking care of all the vulnerabilities and patching them when they find new ones. But it's the business logic of, you know, REWE liking or commenting that the bots are targeting, which they have no against. Right. And then none of the other social networks too. Yeah. So there are many examples. Uber wrote a program to impersonate users in different geo locations to find lifts, pricing, and driver information and passenger information, completely legitimate use of APIs for illegitimate, illegitimate purpose using bots. So you don't need bots by the way, don't, don't make this about bot versus not. Yeah. You can use APIs sort of for the, the purpose that they're not designed for sort of exploiting their business logic, either using a human interacting, a human farm, interacting with those APIs or a bot form targeting those APIs, I think. But that's the problem when you have, even when you've secured all your problem, all your APIs, you still have to worry about these of challenges. >>I think that's the big one. I think the business logic one, certainly the Twitter highlights that the Uber example is a good one. That is basically almost the, the backlash of having a simplistic API, which people design to. Right. Yeah. You know, as you point out, Twitter is very simple API, hardened, very strong security, but they're using it to maliciously manipulate what's inside. So in a way that perimeter's dead too. Right. So how do you stop that business logic? What's the, what's the solution what's the customer do about that? Because their goal is to create simple, scalable APIs. >>Yeah. I'll, I'll give you a little bit, and then I think Subaru should maybe go into a little bit of the depth of the problem, but what I think that the answer lies in what Subaru spoke earlier, which is our ML. AI is, is good at profiling plus split between the API users, are these legitimate users, humans versus bots. That's the first split we do. The split second split we do is even when these, these are classified users as bots, we will say there are some good bots that are necessary for the business and bad bots. So we are able to split this across three types of users, legitimate humans, good bots and bad bots. And just to give you an example of good bots is there are in the financial work, there are aggregators that are scraping your data and aggregating for end users to consume, right? Your, your, and other type of financial aggregators FinTech companies like MX. These are good bots and you wanna allow them to, you know, use your APIs, whereas you wanna stop the bad bots from using your APIs super, if you wanna add so, >>So good bots versus bad bots, that's the focus. Go ahead. Weigh in, weigh in on your thought on this >>Really breaks down into three key areas that we talk about here, sequence, right? One is you start by discovering all your APIs. How many APIs do I have in my environment that ly immediately highlight and say, Hey, you have, you know, 10,000 APIs. And that usually is an eye opener to many customers where they go, wow. I thought we had a 10th of that number. That usually is an eyeopener for them to, to at least know where they're at. The second thing is to tell them detection information. So discover, detect, and defend detect will tell them, Hey, your APIs are getting traffic from. So and so it addresses so and so infrastructure. So and so countries and so on that usually is another eye opener for them. They then get to see where their API traffic is coming from. Let's say, if you are a, if you're running a pizza delivery service out of California and your traffic is coming from Eastern Europe to go, wait a minute, nobody's trying, I'm not, I'm not, I don't deliver pizzas in Eastern Europe. Why am I getting traffic from that part of the world? So that sort of traffic immediately comes up and it will tell you that it is hitting your unauthenticated API. It is hitting your API. That has, that is vulnerable to a broken object level, that authorization, vulnerable be and so on. >>Yeah, I think, and >>Then comes the different aspect. Yeah. The different aspect is where you can take action and say, I wanna block certain types of traffic, or I wanna rate limit certain types of traffic. If, if you're seeing spikes there or you could maybe insert header so that it passes on to the end application and the application team can use that bit to essentially take a, a conscious response. And so, so the platform is very flexible in allowing them to take an action that suits their needs. >>Yeah. And I think this is the big trend. This is why I like what you guys are doing. One APIs we're built for the goodness of cloud. They're now the plumbing, you know, anytime you see plumbing involved, connection points, you know, that's pretty important. People are building it out and it has made the cloud what it is. Now, you got a security challenge. You gotta add more intelligence, more smarts to it. This is where I think platform versus tools matter. Can you guys just quickly share your thoughts on that? Cuz a lot of your customers and, and future customers have dealt with the sprawls of all these different tools. Right? I got a tool for this. I got a tool for that, but people are gravitating towards platforms, but how many platforms can a customer have? So again, this brings up the point point around how you guys are engaging with customers. Can you share your thoughts on tooling platforms? Your customers are constantly inundated with the same tsunami. Isn't new thing. Why, what, how should they look at this? >>Yeah, I mean, we don't wanna be, we don't wanna add to that alert fatigue problem that affects much of the cybersecurity industry by generating a whole bunch of alerts and so on. So what we do is we actually integrate very well with S IEM systems or so systems and allow customers to integrate the information that we are detecting or mitigating and feed them onto enterprise systems like a Splunk or a Datadog where they may have sophisticated processes built in to monitor, you know, spikes in anomalous traffic or actions that are taken by sequence. And that can be their dashboard where a whole bunch of alerting and reporting actually happens. So we play in the security ecosystem very well by integrating with other products and integrate very tightly with them, right outta the box. >>Okay. Mia, this is a wrap up now for the showcase. Really appreciate you guys sharing your awesome technology and very relevant product for your customers and where we are right now in this we call Supercloud or now multi-cloud or hybrid world of cloud. Share a, a little bit about the company, how people can get involved in your solution, how they can consume it and things they should know about, about sequence security. >>Yeah, we've been on this journey, an exciting journey it's been for, for about eight years. We have very large fortune 100 global 500 customers that use our platform on a daily basis. We have some amazing logos, both in Europe and, and, and in us customers are, this is basically not the shelf product customers not only use it, but depend on sequence. Several retailers. We are sitting in front of them handling, you know, black Friday, cyber, Monday, Christmas shopping, or any sort of holiday seasonality shopping. And we have handled that the journey starts by, by just simply looking at your API attack surface, just to a discover call with sequence, figure out where your APIs are posted work with you to prioritize how to protect them in a sort of a particular order and take the whole life cycle with sequence. This is, this is an exciting phase exciting sort of stage in the company's life. We just raised a very sort of large CDC round of funding in December from Menlo ventures. And we are excited to see, you know, what's next in, in, in the next, you know, 12 to 18 months. It certainly is the, you know, one of the top two or three items on the CSOs, you know, budget list for next year. So we are extremely busy, but we are looking for, for what the next 12 to 18 months are, are in store for us. >>Well, congratulations to all the success. So will you run the roadmap? You know, APIs are the plumbing. If you will, you know, they connection points, you know, you want to kind of keep 'em simple, as they say, keep the pipes dumb and make the intelligence around it. You seem to see more and more intelligence coming around, not just securing it, but does, where does this go in your mind? Where, where do we go beyond once we secure everything and manage it properly, APRs, aren't going away, they're only gonna get better and smarter. Where's the intelligence coming share a little bit. >>Absolutely. Yeah. I mean, there's not a dull moment in the space. As digital transformation happens to most enterprise systems, many applications are getting transformed. We are seeing an absolute explosion in the volume of APIs and the types of APIs as well. So the applications that were predominantly limited to data centers sort of deployments are now splintered across multiple different cloud environments are completely microservices based APIs, deep inside a Kubernetes cluster, for instance, and so on. So very exciting stuff in terms of proliferation of volume of APIs, as well as types of APIs, there's nature of APIs. And we are building very sophisticated machine learning models that can analyze traffic patterns of such APIs and automatically tell legitimate behavior from anomalous or suspicious behavior and so on. So very exciting sort of breadth of capabilities that we are looking at. >>Okay. I mean, yeah. I'll give you the final words since you're the CEO for the CSOs out there, the chief information security officers and the chief security officers, what do you want to tell them? If you could give them a quick shout out? What would you say to them? >>My shout out is just do an assessment with sequence. I think this is a repeating thing here, but really get to know your APIs first, before you decide what and where to protect them. That's the one simple thing I can mention for thes >>Am. Thank you so much for, for joining me today. Really appreciate it. >>Thank you. >>Thank you. Okay. That is the end of this segment of the eight of his startup showcase. Season two, episode four, I'm John for your host and we're here with sequin security. Thanks for watching.

>>Ly from San Diego, California. It's the cube covering to clock in cloud native con brought to you by red hat, the cloud native computing foundation and its ecosystem Marsh. >>Welcome back to San Diego. I'm Stewman and my cohost is Justin Warren. And coming back to our program, one of our cube alumni and be coach hair of this coupon cloud native con prion Lyles who is also a senior staff engineer at VMware. Brian, thanks so much for joining us. Thanks for having me on. And do you want to have a shout out of course to a Vicky Chung who is your coach hair. She has been doing a lot of work. She came to our studio ahead of it to do a preview and unfortunately she's supposed to be sitting here but a little under the weather. And we know there was nothing worse than, you know, doing travel and you know, fighting an illness. But she's a little sick today, but um, uh, she knows that we'll, we'll, we'll still handle it. Alright, so Brian, 12,000 people here in attendance. >>Uh, more keynotes than most of us can keep a track of. So, first of all, um, congratulations. Uh, things seem to be going well other than maybe, uh, choosing the one day of the year that it rained in, uh, you know, San Diego, uh, which we we can't necessarily plan for. Um, I'd love you to bring us a little bit insight as to some of the, the, the goals and the themes that, uh, you know, you and Vicki and the, the, the, the, the community we're, we're looking at for, for this coupon. So you're right, let's help thousand people and so many sponsors and so many ideas and so many projects, it's really hard to have a singular theme. But a few months ago we came up with was, well, if, if Kubernetes in this cloud software make us better or basically advances, then we can do more advanced things. >>And then our end users can be more advanced. And it was like a three pong thing. And if you look, go back and look at our keynotes, he would say, Hey, we're looking at our software. Hey, we're looking at an amazing things that we did, especially cat by that five G keynote yesterday. And the notice that we had, it was me talking about how we could look forward and then, and then notice we had in talking about security and then we had Walmart and target talking about how they're using it and, and that was all on purpose. It's trying to tell a story that people can go back and look at. Yeah, I liked the, the message that you were, you were trying to put out there around how we need to make Kubernetes a little bit easier, but how we need to change the way that we talk about it as well. >>So maybe you could, uh, fill us in a little bit more. Let's say, unfortunately, Kubernetes is not going to get an easier, um, that's like saying we wish Linux was easier to use. Um, Linux has a huge ABI and API interface. It's not going to get easier. So what we need to do is start doing what we did with Linux and Linux is the Colonel. Um, this should be some Wars happened over the years and you notice some distributions are easier to use. Another. So if you use the current fedora or you the current Ubuntu or even like mint, it's getting really easy to use. And I'm not suggesting that we need Kubernetes distributions. That's actually the furthest thing, but we do need to work on building our ecosystem on top of Kubernetes because I mentioned like CIS CD, um, observability security audit management and who knows what else we need to start thinking about those things as pretty much first-class items. >>Just as important as Kubernetes. Kubernetes is the Colonel. Yeah. Um, in the keynotes, there's, as you said, there's such a broad landscape here. Uh, uh, I've heard some horror stories that people like, Oh, Hey, where do I start? And they're like, Oh, here's the CNCF landscape. And they're like, um, I can't start there. There's too much there. Uh, you, you picked out and highlighted, um, some of the lesser known pieces. Uh, th there's some areas that are a little bit mature. What, what are some of the more exciting things that you've seen going on right now, your system and this ecosystem? >> Um, I'm not even gonna. I highlighted open policy agent as a, as an interesting product. I don't know if it's the right answer, actually. I kind of wish there was a competitor just so I could determine if it was the right answer. >>But things like OPA and then like open telemetry, um, two projects coming together and having even bigger goals. Uh, let's make a severability easy. What I would also like to see is a little bit more, more maturity and the workflow space. So, you know, the CII and CD space. And I know with Argo and flux merging to Argo flux, uh, that's very interesting. And just a little bit of a tidbit is that I, I also co-chair the CNCF SIG application delivery, uh, special interest group, but, uh, we're thinking about that, that space right there. So I would love to see more in the workflow space, but then also I would like to see more security tools and not just old school check, check, check, but, um, think about what Aqua security is doing. And I'm, I don't know if they're now Snick or S, I don't know how to say it, but, um, there's, there's companies out there rethinking security. >>Let's do that. Yeah. I spoke to Snick a couple of days ago and it's, I'm pretty sure it's sneak. Apparently it stands for, so now you know, which that was news to me that, so now I know interesting. But they have a lot of good projects coming up. Yeah. You mentioned that the ecosystem and that you like that there's competitors for particular projects to kind of explore which way is the right way of doing things. We have a lot of exhibitors here and we have a lot of competitors out there trying to come into this ecosystem. It seems to actually be growing even bigger. Are we going to see a period of consolidation where some of these competing options, we decided that actually no, we don't want to use that. We want to go over here. I mean according to crossing the chasm, yes, but we need to figure out where we are on the maturity chart for, for the whole ecosystem. >>So I think in a healthy, healthy ecosystem, people don't succeed and products go away, but then what we see is in maybe six months or a year or two later, those same founders are out there creating new products. So not everyone's going to win on their first shot. So I think that's fine because, you know, we've all had failures in the past, but we're still better for those failures. Yeah, I've heard it described as a kind of Cambridge and explosion at the moment. So hopefully we don't get an asteroid that comes in and, uh, and hopefully it is out cause yeah. Um, one of the things really, really noticed is, uh, if you went back a year or even two years ago, we were talking about very much the infrastructure, the building blocks of what we had. Uh, I really noticed front and center, especially in the keynote here, talking a lot about the workload. >>You're talking about the application. We're talking about, uh, you know, much more up the stack and uh, from kind of that application, uh, uh, piece down, even, uh, some friends of mine that were new to this ecosystem was like, I don't understand what language they're talking. I'm like, well, they're talking to the app devs. That's why, you know, they're not speaking to you. Is that, was that intentional? >> Well, I mean for me it is because I like to speak to the app devs and I realized that infrastructure comes and goes. I've been doing this for decades now and I've seen the rise of Cisco as, as a networking platform and I've seen their ups and downs. I've worked in security. But what I know is fundamentals are, are just that. And I would like to speak to the developers now because we need to get back to the developers because they create the value. >>I mean the only people who win at selling via our selling Kubernetes are vendors of Kubernetes. So, you know, I work for one and then there's the clouds and then there's other companies as well. So the thing that stays constant are people are building applications and ultimately if Kubernetes and the cloud native landscape can't take care of those application developers remember happened, remember, um, OpenStack, and not in like a negative way, but remember OpenStack, it got to be so hard that people couldn't even focus on what gave value. >> Unlike obvious fact leaves on it. It's still being used a lot in, in service providers and so on. So technology never really goes away completely. It just may fade off and live in a corner and then we move on to whatever's the next newest and greatest thing and then end up reinventing ourselves and having to do all of the same problems again. >>It feels a little bit like that with sometimes the Kubernetes way where haven't we already sold this? Linux is still here, Linux is still, and Linux is still growing. I mean Linux is over Virgin five right now and Linux is adapting and bringing in new things in a Colonel and moving things out to the user land. Kubernetes needs to figure out how to do that as well. Yeah, no Brian, I think it's a great point. You know, I'm an infrastructure guy and we know the only reason infrastructure exists is to serve up that application. What Matt managed to the business, my application, my data. Um, you and your team have some open source projects that you're involved in. Maybe give us a little bit about right? So oxen is a, so let me tell you the quick story. Joe Beda and I talked about how do we approach developers where they are. >>And one thing came up really early in that conversation was, well, why don't we just tell developers where things are broken? So come to find out using Kubernetes object model and a little bit of computer science, like just a tiny little bit. You can actually build this graph where everything is connected and then all you need to do then is determine if for any type of object, is it working or is it not working? So now look at this. Now I can actually show you what's broken and what's not broken. And what makes octane a little bit different is that we also wrapped it with a dashboard that shows everything inside of a Kubernetes cluster. And then we made it extensible. And just, just a crazy thing. I made a plugin API one weekend because I'm like, Oh, that would be kind of cool. And just at this conference alone, nine to 10 people to walk up to me and said, Oh, um, we use oxygen and we use your plugin system. >>And now we've done things that I can't imagine, and I think I might've said this, I know I've said it somewhere recently, but the hallmark of a good platform is when people start creating things you could never imagine on it. And that's what Linux did. That's what Kubernetes is doing. And octane is doing it in the small right now. So kudos to me and me really and my team that's really exciting. So fry, Oakton, Coobernetti's and Tansu both are seven sided. Uh, was, was that, that, that uh, uh, moving to, uh, to, to eight, uh, so no marketing. Okay. And I don't profess to understand what marketing is. Someone just named it. And I said, you know what, I'm a developer. I don't really mind w as long as you can call it something, that's fine. I do like the idea that we should evolve the number of platonic solids. >>There's another answer too. So if you think about what seven is, it, um, people were thinking ahead and said, well, someone could actually take that and use it as another connotation. So I was like, all right, we'll just get out of that. That's why it's called octane, but still nautical theme. Okay, great. Brian. So much going on. You know, even outside of this facility, there's things going on. Uh, any hidden gems that just the, you know, our audience that's watching or people that we'll look back at this event and say, Hey, you know, here's some cool little things there. I mean, they hit the Twitters, I'm sure they'll see the therapy dogs and whatnot, but you know, for the people geeking out, some of those hidden gems that you'd want to share. Um, some of the hidden gems or I'll, I'll throw up to, um, watch what these end-user companies are doing and watch what, like the advanced companies like Walmart and target and capital one are doing. >>I just think there's a lot of lessons to be learned and think about this. They have a crazy amount of money. They're actually investing time in this. It might be a good idea. And other hidden gyms are, are companies that are embracing the, the extension model of Kubernetes through custom resource definitions and building things. So the other day I had the tests on, on the stage, and they're not the only example of this, but running my sequel and Coobernetti's and it pretty much works all well, let's see what we can run with this. So I think that there's going to be a lot more companies that are going to invest in this space and, and, and actually deliver on these types of products. And, and I think that's a very interesting space. Yeah. We, we spoke to Bloomberg just before and uh, we talked to the tests, we spoke to Subaru from the test yesterday. >>Uh, seeing how people are using Kubernetes to build these systems, which can then be built upon themselves. Right. I think that's, that's probably for me, one of the more interesting things is that we end up with a platform and then we build more platforms on top of it. But we, we're creating these higher levels of abstraction, which actually gets us closer to just being able to do the work that we want to do as developers. I don't need to think about how all of the internals work, which again to your keynote today is like, I don't want to write machine code and I just want to solve this sort of business problem. If we can embed that into the, into this ecosystem, then it just makes everyone's lives much, much easier. So you basically, that is my secret. I'm really, I know people hate it for attractions and they say they will, but no one hates an abstraction. >>You don't actually turn the crank in your motor to make the car run. You press the accelerator and it goes. Yeah. Um, so we need to figure out the correct attractions and we do that through iteration and failure, but I'm liking that people are pushing the boundaries and uh, like Joe beta and Kelsey Hightower said is that Kubernetes is a platform of platforms. It is basically an API for writing API APIs. Let's take advantage of that and write API APIs. All right. Well, Brian, thank you. Thank Vicky. Uh, please, uh, you know, share, congratulations to the team for everything done here. And while you might be stepping down as, or we do hope you'll come and join us back on the cube at a future event. No, I enjoyed talking to you all, so thank you. Alright, thanks so much Brian for Justin Warren we'll be back with more of our water wall coverage. CubeCon cloud native con here in San Diego. Thanks for watching the queue.