>> Voiceover: Live from San Diego, California. It's the CUBE, covering Cisco Live U.S. 2019, brought to you by Cisco, and its EcoSystem Partners. >> Welcome back to San Diego, day two here, of Cisco Live 2019, I'm Dave Villante with my co-host Stu Miniman, Lisa Martin is also here. You're watching the Cube, the leader live tech coverage, we're here in the DevNet zone, which is a very happenin' place, and all the action is here the CCIE folks are getting trained up on how to do Infrastructure as Code. Terry Ramos is here, he's the Vice President of Alliances, at Cohesity, hot company, achieving escape velocity. Terry great to have you on. Good to see you again. >> Great to be here, really enjoy it. >> So Cisco is a big partner of yours, perhaps the biggest I know you don't like to say that, you love all your partners like you love your kids, but clearly a lot of good action going on with you guys. Talk about the partnership, where it started, how it's evolved. >> Sure so first off a little bit about Cohesity, I think would be helpful right, we're in the data management space, really helping customers with their data management, and how do they deal with the problem of mass data fragmentation, right if you think about the traditional data silos that enterprises have, we really take and level that out into one platform, our platform, and really allows customers to get the most out of their data. If we talk about the partnership with Cisco, it's actually a really good partnership. They have been an investor with us, both series C and D rounds. We recently, about three months ago announced that we were on the price book, so now a customer has the ability to go buy a Cisco UCS, Hyperflex, and Cohesity, as a cohesive bundle to solve their problems, right, to really help them grow. And then we are working on some new things, like Cisco Solutions Plus Support, where customers has a single call place, where they get all their support needs addressed. >> That's huge Stu, I remember when the, remember the Vblock when it first came out. It's a V support, I forget how many VMs, like thousands and thousands of VMs, and I just have one question, how do you back it up? And they went, and they were staring at their feet, so the fact that now you're bundled in to UCS HyperFlex, and that's part of the SKU, or its a different SKU or? >> Terry: Yeah they're all different SKUs, but it is bundled together. >> Yeah, so it's all integrated? It's a check box item, right okay? >> What we did was came up with the CVD, validated design so customers can get a validated design that says HyerFlex, UCS, Cohesity, here's how to deploy it, here's the best use cases, and they can actually go buy that, then it's a bundled solution. >> Terry brings us inside a little bit that go to market, because it's one thing to be partnered with CBDs, they're great but Cisco as you know hundred of these, if not more, but you know when you've got access to that Cisco channel out there, people that are transforming data centers, they talked about conversion infrastructure, hyper conversion infrastructure, Cisco UCS, tip of the spear for Cisco in that Data Center world, what does it mean to be that oh hey you know that whole channel, they are going to help get paid on that not just say oh yeah yeah that works. >> Yeah, I think that there's a few things for the channel for us, one is just Cisco's team themselves right, they don't have a backup solution so we are really the next gen backup and that's really helped them out. When we talk about Channel as well Channel partners are looking for a solution that differentiates them from everybody else. So we are a high touch sales team, but we are a hundred percent channel so working with the channel, giving them new ways actually to go out a sell the solution. >> So lets talk a little bit about backup, data protection, data insurance you know sort of we're trying to pass between, all right, what's the marketing and what's the reality for customers, so we remember the VM where Ascendancy days, it caused people to really have to rethink their backup and their data protection. What's driving it now? Why are so many customers kind of reassessing their backup approach and their overall data protection and data management? >> Yeah, I think it's the best analogy to last one is data management right, everybody has thought of data protection, it's just protecting your data. Backup and recovery. What we've done is really looked at it as it's data, you should be able to use your data however you want to. So, yeah we made do data protection on the platform, but then we do tests that, we do file shares, we do things like that, and we make it this cohesive data management platform, where customers get various use cases, but then they can look at their entire dataset, and that is really the key anymore. And when you talk about the data protection as it was, it was very silo. You data protect one set of systems, and data protect the next, and data protect the next. They never talked you couldn't do management across them. >> Dave: Okay so. >> Yeah yeah Terry. So I love when you're talking about the silos there, back in Barcelona we heard Cisco talking about HyperFlex anywhere, and some of the concerns of us have is, is multi-cloud the new multi vendor, and oh my gosh have I just created a whole bunch of silos that are just outside of my data center, like I used to do inside my data center. How's Cohesity helping to solve that solution for people from your. >> Yeah I think that's a interesting one. Cloud is really come along, right? Everybody thought we'll see what cloud does, it's really come a long way and people are using multi-cloud, so they are doing cloud on prem. Then they're archiving out to public cloud providers, and they're archiving out to other silos where they, or other data services where they have it, and that's really been the approach lately, is you can't just have your data in one location, you're going to move it out to the Cloud, you're going to store it on UCS and HyperFlex, and Cohesity. And again its how do you use that data, so that's the key is really that. But it is a cloud world for sure, where you're doing On-prem Cloud and Public Cloud. >> So today a lot of that focus, correct me it I am wrong, is infrastructure as a service? >> Yes >> Whether it's AWS, Google, you know Azure. Do you, have you started to think about, or are customers and partners asking you to think about, all the protecting all the data in SAS, is that something that's sort of on the road map are you hearing that for customers, or to is it still early for that? >> No I think that actually a great use case, if you talk about I'll just pick on one, Office 365 right, if you think about what they really provide it's availability right it's not backup so, if you need to back a year and get that critical email that you need for whatever reason, that's really not what they're doing. They're making sure it's up and running, and available to the users. So data protection for SAS apps is actually a new use case that I think is enormous. >> Okay so take Office 365 as an example, is that something you can protect today, or is that kind on the road map? >> That's something we can do today. >> So explain to our audience, why if I am using Office 365 which is in the Cloud, isn't Microsoft going to take care of that for me, why do I need Cohesity explain? >> Yeah, I think it is really comes down to that, it's they're really providing availability, yeah they have some backup services, but even if they do it's not tying into your overall data management solution. And so backing up O-365 gives you access to all that data as well, so you can do algorithms on it, analytics all those things once it's part of the bigger platform. >> And you probably have more facile recovery, which is, backup is one thing, recovery Stu. >> Is a everything. >> There you go. >> It is. (laugh) >> Terry talk to us about your customers, how about any big you know Cisco joint customers that you can talk about but would love to hear some of the latest from your customers? >> Yeah I think when we started this partnership awhile ago, what we really focused on Cohesity on UCS, and we got some traction there. When we went on the price sheet that really changed, things because the customers are now able to buy on a single price sheet. When you talk about the large customers it's been incredible the last three, four months, the numbers of joint customers that we've been in, and Cisco's been in, and its enterprise customers, it's the fortune five hundred customers that we're going after. A customer that's here later today, Quantium is a great use case. They're data analytics, they're AI, and they're providing a lot of information to customers on supply chain. And he's here later today on the CUBE, and it's a really great use case to what they are doing with it. >> Yeah we're excited to talk to him so lets do a little prep for him, what, tell us about Quantium, what do you know about them so we, gives us the bumper sticker so we're ready for the interview. >> Craig will do a much better job of it, but my understanding is they're looking at data, supply chain data, when to get customers in, when they should have product there, propensity to buy, all of those things, and they are doing all that for very large enterprise customers, and then they're using us to data protect all that they do. >> So, so the reason I asked that is I wanted to double click on that, because you've been stressing Terry, that it's not just backup. It's this notion of data management. You can do Analytics, you can do other things. So when you, lets generalize and lets not make it specific to Quantium, we'll talk to them later, but what specifically are customers doing beyond backup? What kind of analytics are they doing? How is affecting their business? What kind of outcomes are they trying to drive? >> Yeah I think it's a great question, we did something about four months ago, where we replaced released the market place. So now we've gotten all this data from data protection, file shares, test-dev, cloud as we talked about. So we've got this platform with all this data on top of it, and now partners can come in and write apps on top to do all sorts of things with that data. So think of being able to spin up a VM in our platform, do some Analytics on it, looking at it for any number of things, and then destroy it right, destroy the backup copy not the backup the copy that's made, and then be able to go to the next one, and really get deep into what data is on there, how can I use that data, how can I use that data across various applications? >> Are you seeing, I've sort have always thought the corpus, the backup corpus could be used in a security context, not you know, not to compete with Palo Alto Networks but specifically to assess exposure to things like Ransomware. If you see some anomalous behavior 'cause stuff when it goes bad it goes bad quickly these days, so are you seeing those types of use cases emerging? >> Absolutely, ransomware is actually a really big use case for us right now, where customers are wanting data protection to ensure Ransomware's not happening, and if they do get hit how do we make sure to restart quickly. Give you another example is we have a ClamAV so we can spin up a VM and check it for anitivirus. Right in their data protection mode so not without, not touching the production systems but touching the systems that are already backed up. >> I think you guys recently made an acquisition of a Manas Data which if I recall correctly was a specialized, sort of data protection company focused on things like, NoSQL and maybe Hadoop and so forth, so that's cool. We had those guys on in New York City last fall. And then, so I like that, building out the portfolio. My question is around containers, and all this cloud native stuff going on we're in the DevNet zone so a lot DevOps action, data protection for containers are you, your customers and your partners are they sort of pushing you in that direction, how are you responding? >> Yeah I think when you talk about cloud in general right, there's been a huge amount of VMs that are there, containers are there as well so yeah customers are absolutely talking about containers. Our market place is a container based market place, so containers are absolutely a big thing for us. >> So what else can you share with us about you know conversations that you're having with customers and partners at the show? What are the, what's the narrative like? What are some of the big concerns, maybe that again either customers or partners have? >> Yeah I don't want to sound like a broken record but I think the biggest thing we hear always is the data silos, right? It's really breaking down those silos, getting rid of the old legacy silos where you can't use the data how you want to, where you can't run analytics across the data. That is the number one talk track that customers tell us. >> So how does that fit in, you know the old buzz word of digital transformation, but we always say the difference between a business and a digital business is how they use data. And if you think about how a traditional business looks at it's data, well that data's all in silos as you pointed out and there's something in the middle like a business process or a bottling plant or... >> That's right. >> manufacturing facility, but the data's all dispersed in silos, are you seeing people, as at least as part of their digital transformation, leveraging you guys to put that data in at least in a logical place that they can do those analytics and maybe you could add some color to that scenario. >> Yeah, for sure, I mean the data from I'll give you a great example. The CBD we just did with Cisco, the updated one has Edge. So now when you're talking about plants and branch offices and those things, now we can bring that data back in to the central core as well, do analytics on it, and then push it to other offices for updated information. So absolutely, it is a big use case of, it's not just looking at that core central data center. How do you get that data from your other offices, from your retail locations, from your manufacturing plants. >> Final thoughts. San Diego, good venue you know great weather. >> Beautiful. >> Cisco Live. >> Yeah. >> Dave: Put a bumper sticker on it. >> I'm impressed with Cisco Live. I haven't been here in several years. It's an impressive show, 26 thousand people, great, beautiful weather, great convention center. Just a great place to be right now. >> All right and we're bring it all to you live from the CUBE. Thank you Terry for coming on. Dave Villante, for Stu Miniman, Lisa Martin is also here. Day two, Cisco Live, 2019. You're watching the CUBE, we'll be right back. (upbeat techno music)

>> Announcer: Live from Washington, DC, it's the Cube, covering .conf2017, brought to you by Splunk. (busy electronic music) >> Welcome back to the Washington Convention Center, the Walter Washington Convention Center, in our nation's capital as our coverage continues here of .conf2017. We're here at Splunk along with Dave Vellante. I'm John Walls, and kind of coming down the home stretch, Dave. There's just something about the crowd's lingering still, the show for, still has that good vibe to it, late second day, hasn't let off yet. >> Oh, no, remember, the show goes on through tomorrow. There's some event tonight, I think. I don't know, the band's here. >> Yeah, but-- >> Be hanging out, partying tonight. >> But you can tell the Splunkers are alive and well. We have Terry Ramos with us, who's going to join us for the next 15 minutes or so, the VP of Business Development of Palo Alto Networks. Terry, good to see you, sir. >> Good, really appreciate you having me here. >> You bet, you bet, thanks for joining us. You've got a partnership now, you've synced up with Splunk. >> Terry: Yes. >> Tell us a little bit about that. Then we'll get into the customer value after that. But first off, what's the partnership all about? >> Sure. We've actually been partners for about five years, really helping us solve some customer needs. We've got about several thousand customers who are actually using both products together to solve the needs I'll talk about in a minute. The partnership is really key to us. We've invested a ton of time, money, effort into it, we have executive level sponsorship all the way down to sales. In the field, we have reps working together to really position the solution to customers, both us and Splunk and then how we tie together. We're the number one downloaded app for Splunk by far that's a third party, so they have a couple that are more downloaded than us, but for third party, we've done that. We develop it all in house ourselves. For customers out there who think the app's great, I'll talk about the new version coming, I'd love any feedback on what should we do next, what are the next things we should do in the app, because we're really developing this and making this investment for customers to get the value out of it. >> What about the business update for Palo Alto Networks? I mean, can you give us the sort of quick rundown on what's going on in your world? >> Sure. I think most people know Palo Alto Networks has done pretty well. We just finished our FY '17, finished with about 42,500 customers. Revenue was, I think, 1.8 billion, approximately. We're still a very high growth company, and been growing the product set pretty well, from products next-gen firewall, all the attached subscriptions. Then we've got things like the Endpoint Traps now that's really doing well in the market, where customers need help on preventing exploits on the endpoint. That's been a growing market for us. >> It's the hottest space in the data center right now, and everybody wants to partner with you guys. Obviously, Splunk, you go to all the big shows, and they're touting their partnerships with Palo Alto. What do you attribute that sort of success to? >> Customers, truly. I run the partnerships for the company. If we do not have a customer who will be invested in the integration and the partnership, we don't do it. The number one thing we ask when somebody says, I want to partner with you, is, who's the customer, what's the use case, and why, right. Then if we can get good answers to that, then we go down the path of a partnership. Even then, though, we're still pretty selective. We've got 150 partners today that are technology partnerships. But we've got a limited number, Splunk's a big one, that we really invest heavily in, far more than the others, far more than just an API integration, the stuff of getting out to customers in the field the development of apps and integration, those things. >> Talk about, we laugh about Barney deals sometimes, I love you, you love me, let's do a press release. What differentiates that sort of Splunk level of partnership? Is it engineering resources? Is it deeper go to market? Maybe talk about that a little. >> Yeah, I hate Barney partnerships completely. If I do those, fire me, truthfully. I think the value that we've done with Splunk that we've really drawn out is, we've built this app, right, so BD has a team of developers on our team that writes the app for Splunk. We have spent four years developing this app. We were the first company to do adaptive response before it was called adaptive response. You see something in Splunk, you can actually take action back to a firewall to actually block something, quarantine something, anything like that. The app today is really focused on our products, right, through Endpoint, WildFire, things like that, right, so it's very product focused. We're actually putting in a lot of time and effort into a brand new app that we're developing that we're showing off now that we'll ship in about a month a half that's really focused on adversaries and incidents. We have something called the adversary score card where it'll show you, this is what's actually happening on my network, how far is this threat penetrating my network and my endpoints, is it being stopped, when is it being stopped. Then we've got an incident flow, too, that shows that level down to Traps prevented this, and here's how it prevented it. Then if we go back to the adversary score card, it ties into what part of the kill chain did we actually stop it at. For a CISO, when you come in and you say, there's a new outbreak, there's a new worm, there's a new threat that's happening, how do I know that I'm protected? Well, Splunk gives you great access to that data. What we've done is an app on top of it that's a single click. A SOC guy can say, here's where we're at, here's where we've blocked it. >> I guess I've been talking to a lot of folks here the last two days, and we've got a vendor right over here, we're talking, they have a little scorecard up, and they tell you about how certain intrusions are detected at certain intervals, 190 days to 300 and some odd days. Then I hear talk about a scorecard that tells you, hey, you've got this risk threat, and this is what's happened. I mean, I guess I'm having a hard time squaring that all up with, it sounds like a real time examination. But it's really not, because we're talking about maybe half a year or longer, in some cases, before a threat is detected. >> Yeah, so as a company, we've really focused on prevention. Prevent as much as you can. We have a product called WildFire, where we have tens of thousands of customers who actually share data with us, files and other things, files, URLs, other things. What we do is we run those through sandboxing, dynamic analysis, static analysis, all sorts of stuff, to identify if it's malicious. If it's malicious, we don't just start blocking that file, we also send down to the firewall all the things that it does. Does it connect to another website to download a different payload, does it connect to a C&C site, command and control site? What's that malware actually doing? We send that down to the customer, but we also send it to all of our customers. It may hit a target, right, the zero day hit one customer, but then we start really, how do we prevent this along the way, both in the network and at the endpoint? Yeah, there are a lot of people that talk about breaches long term, all that, what we're trying to make sure is we're preventing as much as we can and letting the SOC guys really focus on the things that they need to. A simple piece of malware, they shouldn't be having to look at that. That should be automatically stopped, prevented. But that advanced attack, they need to focus on that and what are they doing about it. >> The payloads have really evolved in the last decade. You mentioned zero day. Think about them, we didn't even know what it was in the early 2000s. I wonder if you could talk about how your business has evolved as the sophistication of the attackers has evolved from hacktivist to organized crime to nation state. >> Yeah, yeah. It has evolved a lot, and when you think about the company, 42,500 customers says a lot. We've been able to grow that out. When you talk about a product, something like WildFire that does this payload analysis, when we launched the product it was free. You'd get an update about every 24 hours, right. We moved it down to, I think it was four hours, then it was an hour, 20 minutes, and now it's about five minutes. In about five minutes, we do all that analysis and how do we stop it. Back to the question is, when you're talking about guys that are just using malware and running it over and over, that's one thing. But when you're talking about sophisticated nation states, that's where you've got to get this, prevent it as quickly as you possibly can. >> If we're talking about customer value, you've kind of touched on it a little bit, but ultimately, you said you've got some to deal with Splunk, some to deal with you, some are now dealing with both. End of the day, what does that mean to me, that you're bringing this extra arsenal in? How am I going to leverage that in my operations? What can I do with it better, I guess, down the road? >> Yeah, I think it really comes down to that, how quickly can you react, how do you know what to react to. I mean, it's as simple as that, I know it sounds super simple, but it is that. If I'm a SOC guy sitting in a SOC, looking at the threats that are happening on my network, what's happening on my endpoints, and being able to say, this one actually got through the firewall. It was a total zero day, we had never seen it before. But it landed at the endpoint, and it tried to run and we prevented it there. Now you can go and take action down to that endpoint and say, let's get it off the endpoint, the firewall's going to be updated in a few minutes anyway. But let's go really focus on that. It's the focus of, what do you need to worry about. >> Dave: Do you know what a zero day is? >> You've kind of, yeah, I mean, it's the movie, right? >> He's going, no, no, there was a movie because of the concept-- >> Because of the idea. >> David's note, there's been zero days of protection. But you can explain it better than I can. >> Yeah, zero day means it's a brand new attack, never seen before, whether it be-- >> Unique characteristics and traits in a new way that infiltrate, and something that's totally off from left field. >> When you think about it, those are hard to create. They take a lot of time and effort to go find the bugs in programs, right. If it's something in a Microsoft or an Oracle, that's a lot of effort, right, to go find that new way to do a buffer overflow or a heap spray or whatever it is. That's a lot of work, that's a lot of money. One of the things we focused on is, if we can prevent it faster, that money, that investment those people are making is out the window. We really, again, are going to focus on the high end, high fidelity stuff. >> The documentary called "Zero Days," but there was, I don't know how many zero day viruses inside of Stuxnet, like, I don't know, four or five. You maybe used to see, the antivirus guys would tell you, we maybe see one or two a year, and there were four or five inside of this code. >> Loaded into one invasion, yeah, yeah, yeah. >> It's the threat from within. I mean, one of the threats, if I recall correctly, was actually, they had to go in and steal some chip at some Taiwanese semiconductor manufacturer, so they had to have a guy infiltrate, who knows, with a mop or something, stick a, had to break in, basically. These are, when you see a payload like that, you know it's a nation state, not just some hacktivist, right, or even organized crime doesn't necessarily have the resources for the most part, right? >> It's a big investment, it is. Zero days are a big investment, because you've got to figure it out, you may have to get hardware, you have to get the software. It's a lot of work to fund that. >> They're worth a lot of money on the black market. I mean, you can sell those things. >> That's why, if we make them unusable fairly quickly, it stops that investment. >> We were talking with Monte Mercer earlier, just talking about his comments this morning, keynotes about you could be successful defending, right. It's not all bets are off, we're hopeless here. But it still sounds as if, in your world, there are these inherent frustrations, because bad guys are really smart. All of a sudden, you've got a whole new way, a whole new world that you have to combat, just when you thought you had enough prophylactic activity going on in one place, boom, here you are now. Can you successfully defend? Do you feel like you have the tools to be that watch at the gate? >> I'd be a liar if I say you can prevent everything, right. It's just not possible. But what you've got to be able to prevent is everything that's known, and then take the unknown, make it known as quickly as possible, and start preventing that. That's the goal. If anybody out here is saying they prevent everything, it's just not true, it can't be true. But the faster you take that unknown and make it known and start preventing it, that's what you do. >> Well, and it's never just one thing in this world, right? Now there's much more emphasis being placed on response and predicting the probability of the severity and things of that nature. It really is an ecosystem, right. >> Terry: It is, that's what I do. >> Which is kind of back to what you do. How do you see this ecosystem evolving? What are your objectives? >> I think that from my standpoint, we'll continue to build out new partnerships for customers. We really focus on those ones that are important to customers. We recently did a lot with authentication partners, right, because that's another level of, if people are getting those credentials and using them then what are they doing with them, right? We did some new stuff in the product with a number of partners where we look at the credentials, and if they're leaving the network, going to an unknown site, that should never happen, right? Your corporate credentials should never go to some unknown site. That's a good example of how we build out new things for customers that weren't seen before with a partner. We don't do authentication, so we rely on partners to do that with us. As we continue to talk about partnership and BD, we're going to continue to focus on those things that really solve that need for our customer. >> Well, I don't know how you guys sleep at night, but I'm glad you do. >> Dave: No, we don't. What do you mean? I'm glad you don't. >> It's 24/7, that's for sure. >> Terry: Yes. >> Terry, thanks for being with us. >> Thank you very much. >> We appreciate the time, glad to have you on the Cube. The Cube will continue live from Washington, DC, we're at .conf2017. (busy electronic music)