(gentle synth music) (music ends) >> Welcome back to Supercloud 2, an open industry collaboration between technologists, consultants, analysts, and of course practitioners to help shape the future of cloud. At this event, one of the key areas we're exploring is the intersection of cloud and data. And how building value on top of hyperscale clouds and across clouds is evolving, a concept of course we call "Supercloud". And we're pleased to welcome our friends from Enterprise Technology research, Erik Bradley and Darren Brabham. Guys, thanks for joining us, great to see you. we love to bring the data into these conversations. >> Thank you for having us, Dave, I appreciate it. >> Yeah, thanks. >> You bet. And so, let me do the setup on what is Supercloud. It's a concept that we've floated, Before re:Invent 2021, based on the idea that cloud infrastructure is becoming ubiquitous, incredibly powerful, but there's a lack of standards across the big three clouds. That creates friction. So we defined over the period of time, you know, better part of a year, a set of essential elements, deployment models for so-called supercloud, which create this common experience for specific cloud services that, of course, again, span multiple clouds and even on-premise data. So Erik, with that as background, I wonder if you could add your general thoughts on the term supercloud, maybe play proxy for the CIO community, 'cause you do these round tables, you talk to these guys all the time, you gather a lot of amazing information from senior IT DMs that compliment your survey. So what are your thoughts on the term and the concept? >> Yeah, sure. I'll even go back to last year when you and I did our predictions panel, right? And we threw it out there. And to your point, you know, there's some haters. Anytime you throw out a new term, "Is it marketing buzz? Is it worth it? Why are you even doing it?" But you know, from my own perspective, and then also speaking to the IT DMs that we interview on a regular basis, this is just a natural evolution. It's something that's inevitable in enterprise tech, right? The internet was not built for what it has become. It was never intended to be the underlying infrastructure of our daily lives and work. The cloud also was not built to be what it's become. But where we're at now is, we have to figure out what the cloud is and what it needs to be to be scalable, resilient, secure, and have the governance wrapped around it. And to me that's what supercloud is. It's a way to define operantly, what the next generation, the continued iteration and evolution of the cloud and what its needs to be. And that's what the supercloud means to me. And what depends, if you want to call it metacloud, supercloud, it doesn't matter. The point is that we're trying to define the next layer, the next future of work, which is inevitable in enterprise tech. Now, from the IT DM perspective, I have two interesting call outs. One is from basically a senior developer IT architecture and DevSecOps who says he uses the term all the time. And the reason he uses the term, is that because multi-cloud has a stigma attached to it, when he is talking to his business executives. (David chuckles) the stigma is because it's complex and it's expensive. So he switched to supercloud to better explain to his business executives and his CFO and his CIO what he's trying to do. And we can get into more later about what it means to him. But the inverse of that, of course, is a good CSO friend of mine for a very large enterprise says the concern with Supercloud is the reduction of complexity. And I'll explain, he believes anything that takes the requirement of specific expertise out of the equation, even a little bit, as a CSO worries him. So as you said, David, always two sides to the coin, but I do believe supercloud is a relevant term, and it is necessary because the cloud is continuing to be defined. >> You know, that's really interesting too, 'cause you know, Darren, we use Snowflake a lot as an example, sort of early supercloud, and you think from a security standpoint, we've always pushed Amazon and, "Are you ever going to kind of abstract the complexity away from all these primitives?" and their position has always been, "Look, if we produce these primitives, and offer these primitives, we we can move as the market moves. When you abstract, then it becomes harder to peel the layers." But Darren, from a data standpoint, like I say, we use Snowflake a lot. I think of like Tim Burners-Lee when Web 2.0 came out, he said, "Well this is what the internet was always supposed to be." So in a way, you know, supercloud is maybe what multi-cloud was supposed to be. But I mean, you think about data sharing, Darren, across clouds, it's always been a challenge. Snowflake always, you know, obviously trying to solve that problem, as are others. But what are your thoughts on the concept? >> Yeah, I think the concept fits, right? It is reflective of, it's a paradigm shift, right? Things, as a pendulum have swung back and forth between needing to piece together a bunch of different tools that have specific unique use cases and they're best in breed in what they do. And then focusing on the duct tape that holds 'em all together and all the engineering complexity and skill, it shifted from that end of the pendulum all the way back to, "Let's streamline this, let's simplify it. Maybe we have budget crunches and we need to consolidate tools or eliminate tools." And so then you kind of see this back and forth over time. And with data and analytics for instance, a lot of organizations were trying to bring the data closer to the business. That's where we saw self-service analytics coming in. And tools like Snowflake, what they did was they helped point to different databases, they helped unify data, and organize it in a single place that was, you know, in a sense neutral, away from a single cloud vendor or a single database, and allowed the business to kind of be more flexible in how it brought stuff together and provided it out to the business units. So Snowflake was an example of one of those times where we pulled back from the granular, multiple points of the spear, back to a simple way to do things. And I think Snowflake has continued to kind of keep that mantle to a degree, and we see other tools trying to do that, but that's all it is. It's a paradigm shift back to this kind of meta abstraction layer that kind of simplifies what is the reality, that you need a complex multi-use case, multi-region way of doing business. And it sort of reflects the reality of that. >> And you know, to me it's a spectrum. As part of Supercloud 2, we're talking to a number of of practitioners, Ionis Pharmaceuticals, US West, we got Walmart. And it's a spectrum, right? In some cases the practitioner's saying, "You know, the way I solve multi-cloud complexity is mono-cloud, I just do one cloud." (laughs) Others like Walmart are saying, "Hey, you know, we actually are building an abstraction layer ourselves, take advantage of it." So my general question to both of you is, is this a concept, is the lack of standards across clouds, you know, really a problem, you know, or is supercloud a solution looking for a problem? Or do you hear from practitioners that "No, this is really an issue, we have to bring together a set of standards to sort of unify our cloud estates." >> Allow me to answer that at a higher level, and then we're going to hand it over to Dr. Brabham because he is a little bit more detailed on the realtime streaming analytics use cases, which I think is where we're going to get to. But to answer that question, it really depends on the size and the complexity of your business. At the very large enterprise, Dave, Yes, a hundred percent. This needs to happen. There is complexity, there is not only complexity in the compute and actually deploying the applications, but the governance and the security around them. But for lower end or, you know, business use cases, and for smaller businesses, it's a little less necessary. You certainly don't need to have all of these. Some of the things that come into mind from the interviews that Darren and I have done are, you know, financial services, if you're doing real-time trading, anything that has real-time data metrics involved in your transactions, is going to be necessary. And another use case that we hear about is in online travel agencies. So I think it is very relevant, the complexity does need to be solved, and I'll allow Darren to explain a little bit more about how that's used from an analytics perspective. >> Yeah, go for it. >> Yeah, exactly. I mean, I think any modern, you know, multinational company that's going to have a footprint in the US and Europe, in China, or works in different areas like manufacturing, where you're probably going to have on-prem instances that will stay on-prem forever, for various performance reasons. You have these complicated governance and security and regulatory issues. So inherently, I think, large multinational companies and or companies that are in certain areas like finance or in, you know, online e-commerce, or things that need real-time data, they inherently are going to have a very complex environment that's going to need to be managed in some kind of cleaner way. You know, they're looking for one door to open, one pane of glass to look at, one thing to do to manage these multi points. And, streaming's a good example of that. I mean, not every organization has a real-time streaming use case, and may not ever, but a lot of organizations do, a lot of industries do. And so there's this need to use, you know, they want to use open-source tools, they want to use Apache Kafka for instance. They want to use different megacloud vendors offerings, like Google Pub/Sub or you know, Amazon Kinesis Firehose. They have all these different pieces they want to use for different use cases at different stages of maturity or proof of concept, you name it. They're going to have to have this complexity. And I think that's why we're seeing this need, to have sort of this supercloud concept, to juggle all this, to wrangle all of it. 'Cause the reality is, it's complex and you have to simplify it somehow. >> Great, thanks you guys. All right, let's bring up the graphic, and take a look. Anybody who follows the breaking analysis, which is co-branded with ETR Cube Insights powered by ETR, knows we like to bring data to the table. ETR does amazing survey work every quarter, 1200 plus 1500 practitioners that that answer a number of questions. The vertical axis here is net score, which is ETR's proprietary methodology, which is a measure of spending momentum, spending velocity. And the horizontal axis here is overlap, but it's the presence pervasiveness, and the dataset, the ends, that table insert on the bottom right shows you how the dots are plotted, the net score and then the ends in the survey. And what we've done is we've plotted a bunch of the so-called supercloud suspects, let's start in the upper right, the cloud platforms. Without these hyperscale clouds, you can't have a supercloud. And as always, Azure and AWS, up and to the right, it's amazing we're talking about, you know, 80 plus billion dollar company in AWS. Azure's business is, if you just look at the IaaS is in the 50 billion range, I mean it's just amazing to me the net scores here. Anything above 40% we consider highly elevated. And you got Azure and you got Snowflake, Databricks, HashiCorp, we'll get to them. And you got AWS, you know, right up there at that size, it's quite amazing. With really big ends as well, you know, 700 plus ends in the survey. So, you know, kind of half the survey actually has these platforms. So my question to you guys is, what are you seeing in terms of cloud adoption within the big three cloud players? I wonder if you could could comment, maybe Erik, you could start. >> Yeah, sure. Now we're talking data, now I'm happy. So yeah, we'll get into some of it. Right now, the January, 2023 TSIS is approaching 1500 survey respondents. One caveat, it's not closed yet, it will close on Friday, but with an end that big we are over statistically significant. We also recently did a cloud survey, and there's a couple of key points on that I want to get into before we get into individual vendors. What we're seeing here, is that annual spend on cloud infrastructure is expected to grow at almost a 70% CAGR over the next three years. The percentage of those workloads for cloud infrastructure are expected to grow over 70% as three years as well. And as you mentioned, Azure and AWS are still dominant. However, we're seeing some share shift spreading around a little bit. Now to get into the individual vendors you mentioned about, yes, Azure is still number one, AWS is number two. What we're seeing, which is incredibly interesting, CloudFlare is number three. It's actually beating GCP. That's the first time we've seen it. What I do want to state, is this is on net score only, which is our measure of spending intentions. When you talk about actual pervasion in the enterprise, it's not even close. But from a spending velocity intention point of view, CloudFlare is now number three above GCP, and even Salesforce is creeping up to be at GCPs level. So what we're seeing here, is a continued domination by Azure and AWS, but some of these other players that maybe might fit into your moniker. And I definitely want to talk about CloudFlare more in a bit, but I'm going to stop there. But what we're seeing is some of these other players that fit into your Supercloud moniker, are starting to creep up, Dave. >> Yeah, I just want to clarify. So as you also know, we track IaaS and PaaS revenue and we try to extract, so AWS reports in its quarterly earnings, you know, they're just IaaS and PaaS, they don't have a SaaS play, a little bit maybe, whereas Microsoft and Google include their applications and so we extract those out and if you do that, AWS is bigger, but in the surveys, you know, customers, they see cloud, SaaS to them as cloud. So that's one of the reasons why you see, you know, Microsoft as larger in pervasion. If you bring up that survey again, Alex, the survey results, you see them further to the right and they have higher spending momentum, which is consistent with what you see in the earnings calls. Now, interesting about CloudFlare because the CEO of CloudFlare actually, and CloudFlare itself uses the term supercloud basically saying, "Hey, we're building a new type of internet." So what are your thoughts? Do you have additional information on CloudFlare, Erik that you want to share? I mean, you've seen them pop up. I mean this is a really interesting company that is pretty forward thinking and vocal about how it's disrupting the industry. >> Sure, we've been tracking 'em for a long time, and even from the disruption of just a traditional CDN where they took down Akamai and what they're doing. But for me, the definition of a true supercloud provider can't just be one instance. You have to have multiple. So it's not just the cloud, it's networking aspect on top of it, it's also security. And to me, CloudFlare is the only one that has all of it. That they actually have the ability to offer all of those things. Whereas you look at some of the other names, they're still piggybacking on the infrastructure or platform as a service of the hyperscalers. CloudFlare does not need to, they actually have the cloud, the networking, and the security all themselves. So to me that lends credibility to their own internal usage of that moniker Supercloud. And also, again, just what we're seeing right here that their net score is now creeping above AGCP really does state it. And then just one real last thing, one of the other things we do in our surveys is we track adoption and replacement reasoning. And when you look at Cloudflare's adoption rate, which is extremely high, it's based on technical capabilities, the breadth of their feature set, it's also based on what we call the ability to avoid stack alignment. So those are again, really supporting reasons that makes CloudFlare a top candidate for your moniker of supercloud. >> And they've also announced an object store (chuckles) and a database. So, you know, that's going to be, it takes a while as you well know, to get database adoption going, but you know, they're ambitious and going for it. All right, let's bring the chart back up, and I want to focus Darren in on the ecosystem now, and really, we've identified Snowflake and Databricks, it's always fun to talk about those guys, and there are a number of other, you know, data platforms out there, but we use those too as really proxies for leaders. We got a bunch of the backup guys, the data protection folks, Rubric, Cohesity, and Veeam. They're sort of in a cluster, although Rubric, you know, ahead of those guys in terms of spending momentum. And then VMware, Tanzu and Red Hat as sort of the cross cloud platform. But I want to focus, Darren, on the data piece of it. We're seeing a lot of activity around data sharing, governed data sharing. Databricks is using Delta Sharing as their sort of place, Snowflakes is sort of this walled garden like the app store. What are your thoughts on, you know, in the context of Supercloud, cross cloud capabilities for the data platforms? >> Yeah, good question. You know, I think Databricks is an interesting player because they sort of have made some interesting moves, with their Data Lakehouse technology. So they're trying to kind of complicate, or not complicate, they're trying to take away the complications of, you know, the downsides of data warehousing and data lakes, and trying to find that middle ground, where you have the benefits of a managed, governed, you know, data warehouse environment, but you have sort of the lower cost, you know, capability of a data lake. And so, you know, Databricks has become really attractive, especially by data scientists, right? We've been tracking them in the AI machine learning sector for quite some time here at ETR, attractive for a data scientist because it looks and acts like a lake, but can have some managed capabilities like a warehouse. So it's kind of the best of both worlds. So in some ways I think you've seen sort of a data science driver for the adoption of Databricks that has now become a little bit more mainstream across the business. Snowflake, maybe the other direction, you know, it's a cloud data warehouse that you know, is starting to expand its capabilities and add on new things like Streamlit is a good example in the analytics space, with apps. So you see these tools starting to branch and creep out a bit, but they offer that sort of neutrality, right? We heard one IT decision maker we recently interviewed that referred to Snowflake and Databricks as the quote unquote Switzerland of what they do. And so there's this desirability from an organization to find these tools that can solve the complex multi-headed use-case of data and analytics, which every business unit needs in different ways. And figure out a way to do that, an elegant way that's governed and centrally managed, that federated kind of best of both worlds that you get by bringing the data close to the business while having a central governed instance. So these tools are incredibly powerful and I think there's only going to be room for growth, for those two especially. I think they're going to expand and do different things and maybe, you know, join forces with others and a lot of the power of what they do well is trying to define these connections and find these partnerships with other vendors, and try to be seen as the nice add-on to your existing environment that plays nicely with everyone. So I think that's where those two tools are going, but they certainly fit this sort of label of, you know, trying to be that supercloud neutral, you know, layer that unites everything. >> Yeah, and if you bring the graphic back up, please, there's obviously big data plays in each of the cloud platforms, you know, Microsoft, big database player, AWS is, you know, 11, 12, 15, data stores. And of course, you know, BigQuery and other, you know, data platforms within Google. But you know, I'm not sure the big cloud guys are going to go hard after so-called supercloud, cross-cloud services. Although, we see Oracle getting in bed with Microsoft and Azure, with a database service that is cross-cloud, certainly Google with Anthos and you know, you never say never with with AWS. I guess what I would say guys, and I'll I'll leave you with this is that, you know, just like all players today are cloud players, I feel like anybody in the business or most companies are going to be so-called supercloud players. In other words, they're going to have a cross-cloud strategy, they're going to try to build connections if they're coming from on-prem like a Dell or an HPE, you know, or Pure or you know, many of these other companies, Cohesity is another one. They're going to try to connect to their on-premise states, of course, and create a consistent experience. It's natural that they're going to have sort of some consistency across clouds. You know, the big question is, what's that spectrum look like? I think on the one hand you're going to have some, you know, maybe some rudimentary, you know, instances of supercloud or maybe they just run on the individual clouds versus where Snowflake and others and even beyond that are trying to go with a single global instance, basically building out what I would think of as their own cloud, and importantly their own ecosystem. I'll give you guys the last thought. Maybe you could each give us, you know, closing thoughts. Maybe Darren, you could start and Erik, you could bring us home on just this entire topic, the future of cloud and data. >> Yeah, I mean I think, you know, two points to make on that is, this question of these, I guess what we'll call legacy on-prem players. These, mega vendors that have been around a long time, have big on-prem footprints and a lot of people have them for that reason. I think it's foolish to assume that a company, especially a large, mature, multinational company that's been around a long time, it's foolish to think that they can just uproot and leave on-premises entirely full scale. There will almost always be an on-prem footprint from any company that was not, you know, natively born in the cloud after 2010, right? I just don't think that's reasonable anytime soon. I think there's some industries that need on-prem, things like, you know, industrial manufacturing and so on. So I don't think on-prem is going away, and I think vendors that are going to, you know, go very cloud forward, very big on the cloud, if they neglect having at least decent connectors to on-prem legacy vendors, they're going to miss out. So I think that's something that these players need to keep in mind is that they continue to reach back to some of these players that have big footprints on-prem, and make sure that those integrations are seamless and work well, or else their customers will always have a multi-cloud or hybrid experience. And then I think a second point here about the future is, you know, we talk about the three big, you know, cloud providers, the Google, Microsoft, AWS as sort of the opposite of, or different from this new supercloud paradigm that's emerging. But I want to kind of point out that, they will always try to make a play to become that and I think, you know, we'll certainly see someone like Microsoft trying to expand their licensing and expand how they play in order to become that super cloud provider for folks. So also don't want to downplay them. I think you're going to see those three big players continue to move, and take over what players like CloudFlare are doing and try to, you know, cut them off before they get too big. So, keep an eye on them as well. >> Great points, I mean, I think you're right, the first point, if you're Dell, HPE, Cisco, IBM, your strategy should be to make your on-premise state as cloud-like as possible and you know, make those differences as minimal as possible. And you know, if you're a customer, then the business case is going to be low for you to move off of that. And I think you're right. I think the cloud guys, if this is a real problem, the cloud guys are going to play in there, and they're going to make some money at it. Erik, bring us home please. >> Yeah, I'm going to revert back to our data and this on the macro side. So to kind of support this concept of a supercloud right now, you know Dave, you and I know, we check overall spending and what we're seeing right now is total year spent is expected to only be 4.6%. We ended 2022 at 5% even though it began at almost eight and a half. So this is clearly declining and in that environment, we're seeing the top two strategies to reduce spend are actually vendor consolidation with 36% of our respondents saying they're actively seeking a way to reduce their number of vendors, and consolidate into one. That's obviously supporting a supercloud type of play. Number two is reducing excess cloud resources. So when I look at both of those combined, with a drop in the overall spending reduction, I think you're on the right thread here, Dave. You know, the overall macro view that we're seeing in the data supports this happening. And if I can real quick, couple of names we did not touch on that I do think deserve to be in this conversation, one is HashiCorp. HashiCorp is the number one player in our infrastructure sector, with a 56% net score. It does multiple things within infrastructure and it is completely agnostic to your environment. And if we're also speaking about something that's just a singular feature, we would look at Rubric for data, backup, storage, recovery. They're not going to offer you your full cloud or your networking of course, but if you are looking for your backup, recovery, and storage Rubric, also number one in that sector with a 53% net score. Two other names that deserve to be in this conversation as we watch it move and evolve. >> Great, thank you for bringing that up. Yeah, we had both of those guys in the chart and I failed to focus in on HashiCorp. And clearly a Supercloud enabler. All right guys, we got to go. Thank you so much for joining us, appreciate it. Let's keep this conversation going. >> Always enjoy talking to you Dave, thanks. >> Yeah, thanks for having us. >> All right, keep it right there for more content from Supercloud 2. This is Dave Valente for John Ferg and the entire Cube team. We'll be right back. (gentle synth music) (music fades)

(upbeat music) >> Hello, everybody. This is Dave Vellante. Welcome back to Supercloud2, where we're exploring the intersection of data analytics and the future of cloud. In this segment, we're going to look at how the Supercloud will support a new class of applications, not just work that runs on multiple clouds, but rather a new breed of apps that can orchestrate things in the real world. Think Uber for many types of businesses. These applications, they're not about codifying forms or business processes. They're about orchestrating people, places, and things in a business ecosystem. And I'm pleased to welcome my colleague and friend, George Gilbert, former Gartner Analyst, Wiki Bond market analyst, former equities analyst as my co-host. And we're thrilled to have Tristan Handy, who's the founder and CEO of DBT Labs and Bob Muglia, who's the former President of Microsoft's Enterprise business and former CEO of Snowflake. Welcome all, gentlemen. Thank you for coming on the program. >> Good to be here. >> Thanks for having us. >> Hey, look, I'm going to start actually with the SuperCloud because both Tristan and Bob, you've read the definition. Thank you for doing that. And Bob, you have some really good input, some thoughts on maybe some of the drawbacks and how we can advance this. So what are your thoughts in reading that definition around SuperCloud? >> Well, I thought first of all that you did a very good job of laying out all of the characteristics of it and helping to define it overall. But I do think it can be tightened a bit, and I think it's helpful to do it in as short a way as possible. And so in the last day I've spent a little time thinking about how to take it and write a crisp definition. And here's my go at it. This is one day old, so gimme a break if it's going to change. And of course we have to follow the industry, and so that, and whatever the industry decides, but let's give this a try. So in the way I think you're defining it, what I would say is a SuperCloud is a platform that provides programmatically consistent services hosted on heterogeneous cloud providers. >> Boom. Nice. Okay, great. I'm going to go back and read the script on that one and tighten that up a bit. Thank you for spending the time thinking about that. Tristan, would you add anything to that or what are your thoughts on the whole SuperCloud concept? >> So as I read through this, I fully realize that we need a word for this thing because I have experienced the inability to talk about it as well. But for many of us who have been living in the Confluence, Snowflake, you know, this world of like new infrastructure, this seems fairly uncontroversial. Like I read through this, and I'm just like, yeah, this is like the world I've been living in for years now. And I noticed that you called out Snowflake for being an example of this, but I think that there are like many folks, myself included, for whom this world like fully exists today. >> Yeah, I think that's a fair, I dunno if it's criticism, but people observe, well, what's the big deal here? It's just kind of what we're living in today. It reminds me of, you know, Tim Burns Lee saying, well, this is what the internet was supposed to be. It was supposed to be Web 2.0, so maybe this is what multi-cloud was supposed to be. Let's turn our attention to apps. Bob first and then go to Tristan. Bob, what are data apps to you? When people talk about data products, is that what they mean? Are we talking about something more, different? What are data apps to you? >> Well, to understand data apps, it's useful to contrast them to something, and I just use the simple term people apps. I know that's a little bit awkward, but it's clear. And almost everything we work with, almost every application that we're familiar with, be it email or Salesforce or any consumer app, those are applications that are targeted at responding to people. You know, in contrast, a data application reacts to changes in data and uses some set of analytic services to autonomously take action. So where applications that we're familiar with respond to people, data apps respond to changes in data. And they both do something, but they do it for different reasons. >> Got it. You know, George, you and I were talking about, you know, it comes back to SuperCloud, broad definition, narrow definition. Tristan, how do you see it? Do you see it the same way? Do you have a different take on data apps? >> Oh, geez. This is like a conversation that I don't know has an end. It's like been, I write a substack, and there's like this little community of people who all write substack. We argue with each other about these kinds of things. Like, you know, as many different takes on this question as you can find, but the way that I think about it is that data products are atomic units of functionality that are fundamentally data driven in nature. So a data product can be as simple as an interactive dashboard that is like actually had design thinking put into it and serves a particular user group and has like actually gone through kind of a product development life cycle. And then a data app or data application is a kind of cohesive end-to-end experience that often encompasses like many different data products. So from my perspective there, this is very, very related to the way that these things are produced, the kinds of experiences that they're provided, that like data innovates every product that we've been building in, you know, software engineering for, you know, as long as there have been computers. >> You know, Jamak Dagani oftentimes uses the, you know, she doesn't name Spotify, but I think it's Spotify as that kind of example she uses. But I wonder if we can maybe try to take some examples. If you take, like George, if you take a CRM system today, you're inputting leads, you got opportunities, it's driven by humans, they're really inputting the data, and then you got this system that kind of orchestrates the business process, like runs a forecast. But in this data driven future, are we talking about the app itself pulling data in and automatically looking at data from the transaction systems, the call center, the supply chain and then actually building a plan? George, is that how you see it? >> I go back to the example of Uber, may not be the most sophisticated data app that we build now, but it was like one of the first where you do have users interacting with their devices as riders trying to call a car or driver. But the app then looks at the location of all the drivers in proximity, and it matches a driver to a rider. It calculates an ETA to the rider. It calculates an ETA then to the destination, and it calculates a price. Those are all activities that are done sort of autonomously that don't require a human to type something into a form. The application is using changes in data to calculate an analytic product and then to operationalize that, to assign the driver to, you know, calculate a price. Those are, that's an example of what I would think of as a data app. And my question then I guess for Tristan is if we don't have all the pieces in place for sort of mainstream companies to build those sorts of apps easily yet, like how would we get started? What's the role of a semantic layer in making that easier for mainstream companies to build? And how do we get started, you know, say with metrics? How does that, how does that take us down that path? >> So what we've seen in the past, I dunno, decade or so, is that one of the most successful business models in infrastructure is taking hard things and rolling 'em up behind APIs. You take messaging, you take payments, and you all of a sudden increase the capability of kind of your median application developer. And you say, you know, previously you were spending all your time being focused on how do you accept credit cards, how do you send SMS payments, and now you can focus on your business logic, and just create the thing. One of, interestingly, one of the things that we still don't know how to API-ify is concepts that live inside of your data warehouse, inside of your data lake. These are core concepts that, you know, you would imagine that the business would be able to create applications around very easily, but in fact that's not the case. It's actually quite challenging to, and involves a lot of data engineering pipeline and all this work to make these available. And so if you really want to make it very easy to create some of these data experiences for users, you need to have an ability to describe these metrics and then to turn them into APIs to make them accessible to application developers who have literally no idea how they're calculated behind the scenes, and they don't need to. >> So how rich can that API layer grow if you start with metric definitions that you've defined? And DBT has, you know, the metric, the dimensions, the time grain, things like that, that's a well scoped sort of API that people can work within. How much can you extend that to say non-calculated business rules or governance information like data reliability rules, things like that, or even, you know, features for an AIML feature store. In other words, it starts, you started pragmatically, but how far can you grow? >> Bob is waiting with bated breath to answer this question. I'm, just really quickly, I think that we as a company and DBT as a product tend to be very pragmatic. We try to release the simplest possible version of a thing, get it out there, and see if people use it. But the idea that, the concept of a metric is really just a first landing pad. The really, there is a physical manifestation of the data and then there's a logical manifestation of the data. And what we're trying to do here is make it very easy to access the logical manifestation of the data, and metric is a way to look at that. Maybe an entity, a customer, a user is another way to look at that. And I'm sure that there will be more kind of logical structures as well. >> So, Bob, chime in on this. You know, what's your thoughts on the right architecture behind this, and how do we get there? >> Yeah, well first of all, I think one of the ways we get there is by what companies like DBT Labs and Tristan is doing, which is incrementally taking and building on the modern data stack and extending that to add a semantic layer that describes the data. Now the way I tend to think about this is a fairly major shift in the way we think about writing applications, which is today a code first approach to moving to a world that is model driven. And I think that's what the big change will be is that where today we think about data, we think about writing code, and we use that to produce APIs as Tristan said, which encapsulates those things together in some form of services that are useful for organizations. And that idea of that encapsulation is never going to go away. It's very, that concept of an API is incredibly useful and will exist well into the future. But what I think will happen is that in the next 10 years, we're going to move to a world where organizations are defining models first of their data, but then ultimately of their business process, their entire business process. Now the concept of a model driven world is a very old concept. I mean, I first started thinking about this and playing around with some early model driven tools, probably before Tristan was born in the early 1980s. And those tools didn't work because the semantics associated with executing the model were too complex to be written in anything other than a procedural language. We're now reaching a time where that is changing, and you see it everywhere. You see it first of all in the world of machine learning and machine learning models, which are taking over more and more of what applications are doing. And I think that's an incredibly important step. And learned models are an important part of what people will do. But if you look at the world today, I will claim that we've always been modeling. Modeling has existed in computers since there have been integrated circuits and any form of computers. But what we do is what I would call implicit modeling, which means that it's the model is written on a whiteboard. It's in a bunch of Slack messages. It's on a set of napkins in conversations that happen and during Zoom. That's where the model gets defined today. It's implicit. There is one in the system. It is hard coded inside application logic that exists across many applications with humans being the glue that connects those models together. And really there is no central place you can go to understand the full attributes of the business, all of the business rules, all of the business logic, the business data. That's going to change in the next 10 years. And we'll start to have a world where we can define models about what we're doing. Now in the short run, the most important models to build are data models and to describe all of the attributes of the data and their relationships. And that's work that DBT Labs is doing. A number of other companies are doing that. We're taking steps along that way with catalogs. People are trying to build more complete ontologies associated with that. The underlying infrastructure is still super, super nascent. But what I think we'll see is this infrastructure that exists today that's building learned models in the form of machine learning programs. You know, some of these incredible machine learning programs in foundation models like GPT and DALL-E and all of the things that are happening in these global scale models, but also all of that needs to get applied to the domains that are appropriate for a business. And I think we'll see the infrastructure developing for that, that can take this concept of learned models and put it together with more explicitly defined models. And this is where the concept of knowledge graphs come in and then the technology that underlies that to actually implement and execute that, which I believe are relational knowledge graphs. >> Oh, oh wow. There's a lot to unpack there. So let me ask the Colombo question, Tristan, we've been making fun of your youth. We're just, we're just jealous. Colombo, I'll explain it offline maybe. >> I watch Colombo. >> Okay. All right, good. So but today if you think about the application stack and the data stack, which is largely an analytics pipeline. They're separate. Do they, those worlds, do they have to come together in order to achieve Bob's vision? When I talk to practitioners about that, they're like, well, I don't want to complexify the application stack cause the data stack today is so, you know, hard to manage. But but do those worlds have to come together? And you know, through that model, I guess abstraction or translation that Bob was just describing, how do you guys think about that? Who wants to take that? >> I think it's inevitable that data and AI are going to become closer together? I think that the infrastructure there has been moving in that direction for a long time. Whether you want to use the Lakehouse portmanteau or not. There's also, there's a next generation of data tech that is still in the like early stage of being developed. There's a company that I love that is essentially Cross Cloud Lambda, and it's just a wonderful abstraction for computing. So I think that, you know, people have been predicting that these worlds are going to come together for awhile. A16Z wrote a great post on this back in I think 2020, predicting this, and I've been predicting this since since 2020. But what's not clear is the timeline, but I think that this is still just as inevitable as it's been. >> Who's that that does Cross Cloud? >> Let me follow up on. >> Who's that, Tristan, that does Cross Cloud Lambda? Can you name names? >> Oh, they're called Modal Labs. >> Modal Labs, yeah, of course. All right, go ahead, George. >> Let me ask about this vision of trying to put the semantics or the code that represents the business with the data. It gets us to a world that's sort of more data centric, where data's not locked inside or behind the APIs of different applications so that we don't have silos. But at the same time, Bob, I've heard you talk about building the semantics gradually on top of, into a knowledge graph that maybe grows out of a data catalog. And the vision of getting to that point, essentially the enterprise's metadata and then the semantics you're going to add onto it are really stored in something that's separate from the underlying operational and analytic data. So at the same time then why couldn't we gradually build semantics beyond the metric definitions that DBT has today? In other words, you build more and more of the semantics in some layer that DBT defines and that sits above the data management layer, but any requests for data have to go through the DBT layer. Is that a workable alternative? Or where, what type of limitations would you face? >> Well, I think that it is the way the world will evolve is to start with the modern data stack and, you know, which is operational applications going through a data pipeline into some form of data lake, data warehouse, the Lakehouse, whatever you want to call it. And then, you know, this wide variety of analytics services that are built together. To the point that Tristan made about machine learning and data coming together, you see that in every major data cloud provider. Snowflake certainly now supports Python and Java. Databricks is of course building their data warehouse. Certainly Google, Microsoft and Amazon are doing very, very similar things in terms of building complete solutions that bring together an analytics stack that typically supports languages like Python together with the data stack and the data warehouse. I mean, all of those things are going to evolve, and they're not going to go away because that infrastructure is relatively new. It's just being deployed by companies, and it solves the problem of working with petabytes of data if you need to work with petabytes of data, and nothing will do that for a long time. What's missing is a layer that understands and can model the semantics of all of this. And if you need to, if you want to model all, if you want to talk about all the semantics of even data, you need to think about all of the relationships. You need to think about how these things connect together. And unfortunately, there really is no platform today. None of our existing platforms are ultimately sufficient for this. It was interesting, I was just talking to a customer yesterday, you know, a large financial organization that is building out these semantic layers. They're further along than many companies are. And you know, I asked what they're building it on, and you know, it's not surprising they're using a, they're using combinations of some form of search together with, you know, textual based search together with a document oriented database. In this case it was Cosmos. And that really is kind of the state of the art right now. And yet those products were not built for this. They don't really, they can't manage the complicated relationships that are required. They can't issue the queries that are required. And so a new generation of database needs to be developed. And fortunately, you know, that is happening. The world is developing a new set of relational algorithms that will be able to work with hundreds of different relations. If you look at a SQL database like Snowflake or a big query, you know, you get tens of different joins coming together, and that query is going to take a really long time. Well, fortunately, technology is evolving, and it's possible with new join algorithms, worst case, optimal join algorithms they're called, where you can join hundreds of different relations together and run semantic queries that you simply couldn't run. Now that technology is nascent, but it's really important, and I think that will be a requirement to have this semantically reach its full potential. In the meantime, Tristan can do a lot of great things by building up on what he's got today and solve some problems that are very real. But in the long run I think we'll see a new set of databases to support these models. >> So Tristan, you got to respond to that, right? You got to, so take the example of Snowflake. We know it doesn't deal well with complex joins, but they're, they've got big aspirations. They're building an ecosystem to really solve some of these problems. Tristan, you guys are part of that ecosystem, and others, but please, your thoughts on what Bob just shared. >> Bob, I'm curious if, I would have no idea what you were talking about except that you introduced me to somebody who gave me a demo of a thing and do you not want to go there right now? >> No, I can talk about it. I mean, we can talk about it. Look, the company I've been working with is Relational AI, and they're doing this work to actually first of all work across the industry with academics and research, you know, across many, many different, over 20 different research institutions across the world to develop this new set of algorithms. They're all fully published, just like SQL, the underlying algorithms that are used by SQL databases are. If you look today, every single SQL database uses a similar set of relational algorithms underneath that. And those algorithms actually go back to system R and what IBM developed in the 1970s. We're just, there's an opportunity for us to build something new that allows you to take, for example, instead of taking data and grouping it together in tables, treat all data as individual relations, you know, a key and a set of values and then be able to perform purely relational operations on it. If you go back to what, to Codd, and what he wrote, he defined two things. He defined a relational calculus and relational algebra. And essentially SQL is a query language that is translated by the query processor into relational algebra. But however, the calculus of SQL is not even close to the full semantics of the relational mathematics. And it's possible to have systems that can do everything and that can store all of the attributes of the data model or ultimately the business model in a form that is much more natural to work with. >> So here's like my short answer to this. I think that we're dealing in different time scales. I think that there is actually a tremendous amount of work to do in the semantic layer using the kind of technology that we have on the ground today. And I think that there's, I don't know, let's say five years of like really solid work that there is to do for the entire industry, if not more. But the wonderful thing about DBT is that it's independent of what the compute substrate is beneath it. And so if we develop new platforms, new capabilities to describe semantic models in more fine grain detail, more procedural, then we're going to support that too. And so I'm excited about all of it. >> Yeah, so interpreting that short answer, you're basically saying, cause Bob was just kind of pointing to you as incremental, but you're saying, yeah, okay, we're applying it for incremental use cases today, but we can accommodate a much broader set of examples in the future. Is that correct, Tristan? >> I think you're using the word incremental as if it's not good, but I think that incremental is great. We have always been about applying incremental improvement on top of what exists today, but allowing practitioners to like use different workflows to actually make use of that technology. So yeah, yeah, we are a very incremental company. We're going to continue being that way. >> Well, I think Bob was using incremental as a pejorative. I mean, I, but to your point, a lot. >> No, I don't think so. I want to stop that. No, I don't think it's pejorative at all. I think incremental, incremental is usually the most successful path. >> Yes, of course. >> In my experience. >> We agree, we agree on that. >> Having tried many, many moonshot things in my Microsoft days, I can tell you that being incremental is a good thing. And I'm a very big believer that that's the way the world's going to go. I just think that there is a need for us to build something new and that ultimately that will be the solution. Now you can argue whether it's two years, three years, five years, or 10 years, but I'd be shocked if it didn't happen in 10 years. >> Yeah, so we all agree that incremental is less disruptive. Boom, but Tristan, you're, I think I'm inferring that you believe you have the architecture to accommodate Bob's vision, and then Bob, and I'm inferring from Bob's comments that maybe you don't think that's the case, but please. >> No, no, no. I think that, so Bob, let me put words into your mouth and you tell me if you disagree, DBT is completely useless in a world where a large scale cloud data warehouse doesn't exist. We were not able to bring the power of Python to our users until these platforms started supporting Python. Like DBT is a layer on top of large scale computing platforms. And to the extent that those platforms extend their functionality to bring more capabilities, we will also service those capabilities. >> Let me try and bridge the two. >> Yeah, yeah, so Bob, Bob, Bob, do you concur with what Tristan just said? >> Absolutely, I mean there's nothing to argue with in what Tristan just said. >> I wanted. >> And it's what he's doing. It'll continue to, I believe he'll continue to do it, and I think it's a very good thing for the industry. You know, I'm just simply saying that on top of that, I would like to provide Tristan and all of those who are following similar paths to him with a new type of database that can actually solve these problems in a much more architected way. And when I talk about Cosmos with something like Mongo or Cosmos together with Elastic, you're using Elastic as the join engine, okay. That's the purpose of it. It becomes a poor man's join engine. And I kind of go, I know there's a better answer than that. I know there is, but that's kind of where we are state of the art right now. >> George, we got to wrap it. So give us the last word here. Go ahead, George. >> Okay, I just, I think there's a way to tie together what Tristan and Bob are both talking about, and I want them to validate it, which is for five years we're going to be adding or some number of years more and more semantics to the operational and analytic data that we have, starting with metric definitions. My question is for Bob, as DBT accumulates more and more of those semantics for different enterprises, can that layer not run on top of a relational knowledge graph? And what would we lose by not having, by having the knowledge graph store sort of the joins, all the complex relationships among the data, but having the semantics in the DBT layer? >> Well, I think this, okay, I think first of all that DBT will be an environment where many of these semantics are defined. The question we're asking is how are they stored and how are they processed? And what I predict will happen is that over time, as companies like DBT begin to build more and more richness into their semantic layer, they will begin to experience challenges that customers want to run queries, they want to ask questions, they want to use this for things where the underlying infrastructure becomes an obstacle. I mean, this has happened in always in the history, right? I mean, you see major advances in computer science when the data model changes. And I think we're on the verge of a very significant change in the way data is stored and structured, or at least metadata is stored and structured. Again, I'm not saying that anytime in the next 10 years, SQL is going to go away. In fact, more SQL will be written in the future than has been written in the past. And those platforms will mature to become the engines, the slicer dicers of data. I mean that's what they are today. They're incredibly powerful at working with large amounts of data, and that infrastructure is maturing very rapidly. What is not maturing is the infrastructure to handle all of the metadata and the semantics that that requires. And that's where I say knowledge graphs are what I believe will be the solution to that. >> But Tristan, bring us home here. It sounds like, let me put pause at this, is that whatever happens in the future, we're going to leverage the vast system that has become cloud that we're talking about a supercloud, sort of where data lives irrespective of physical location. We're going to have to tap that data. It's not necessarily going to be in one place, but give us your final thoughts, please. >> 100% agree. I think that the data is going to live everywhere. It is the responsibility for both the metadata systems and the data processing engines themselves to make sure that we can join data across cloud providers, that we can join data across different physical regions and that we as practitioners are going to kind of start forgetting about details like that. And we're going to start thinking more about how we want to arrange our teams, how does the tooling that we use support our team structures? And that's when data mesh I think really starts to get very, very critical as a concept. >> Guys, great conversation. It was really awesome to have you. I can't thank you enough for spending time with us. Really appreciate it. >> Thanks a lot. >> All right. This is Dave Vellante for George Gilbert, John Furrier, and the entire Cube community. Keep it right there for more content. You're watching SuperCloud2. (upbeat music)

>> Narrator: TheCUBE presents Ignite '22, brought to you by Palo Alto Networks. >> Greetings from the MGM Grand Hotel in beautiful Las Vegas. It's theCUBE Live Day two of our coverage of Palo Alto Networks, ignite 22. Lisa Martin, Dave Vellante. Dave, what can I say? This has been a great couple of days. The amount of content we have created and shared with our viewers on theCUBE is second to none. >> Well, the cloud has completely changed the way that people think about security. >> Yeah. You know at first it was like, oh, the cloud, how can that be secure? And they realized, wow actually cloud is pretty secure if we do it right. And so shared responsibility model and partnerships are critical. >> Partnerships are critical, especially as more and more organizations are multicloud by default. Right? These days we're going to be bring Google into the conversation. Josh Haslet joins us. Strategic Partnership Manager at Google. Welcome. Great to have you Josh. >> Hi Lisa, thanks for having me here. >> So you are a secret squirrel from Palo Alto Networks. Talk to me a little bit about your background and about your role at Google in terms of partnership management. >> Sure, I feel like we need to add that to my title. [Lisa] You should, secret squirrel. >> Great. Yeah, so as a matter of fact, I've been at Google for two and a half years. Prior to that, I was at Palo Alto Networks. I was managing the business development relationship with Google, and I was kind of at the inception of when the cash came in and, and decided that we needed to think about how to do security in a new way from a platform standpoint, right? And so it was exciting because when I started with the partnership, we were focusing on still securing you know, workloads in the cloud with next generation firewall. And then as we went through acquisitions the Palo Alto added it expanded the capabilities of what we could do from cloud security. And so it was very exciting, you know, to, to make sure that we could onboard with Google Cloud, take a look at how not only Palo Alto was enhancing their solutions as they built those and delivered those from Google Cloud. But then how did we help customers adopt cloud in a more easy fashion by making things, you know more tightly integrated? And so that's really been a lot of what I've been involved in, which has been exciting to see the growth of both organizations as we see customers shifting to cloud transformation. And then how do they deploy these new methodologies and tools from a security perspective to embrace this new way of working and this new way of, you know creating applications and doing digital transformation. >> Important, since work is no longer a place, it's an activity. Organizations have have to be able to cater to the distributed workforce. Of course, the, the, the workforce has to be able to access everything that they need to, but it has to be done in a secure way regardless of what kind of company you are. >> Yeah, you're right, Lisa. It's interesting. I mean, the pandemic has really changed and accelerated that transformation. I think, you know really remote working has started previous to that. And I think Nikesh called that out in the keynote too right? He, he really said that this has been ongoing for a while, but I think, you know organizations had to figure out how to scale and that was something that they weren't as prepared for. And a lot of the technology that was deployed for VPN connectivity or supporting remote work that was fixed hardware. And so cloud deployment and cloud architecture specifically with Prisma access really enabled this transformation to happen in a much faster, you know, manner. And where we've come together is how do we make sure that customers, no matter what device, what user what application you're accessing. As we take a look at ZTNA, Zero Trust Network Access 2.0, how can we come together to partner to make sure the customers have that wide range of coverage and capability? >> How, how do you how would you describe Josh Google's partner strategy generally and specifically, you know, in the world of cyber and what makes it unique and different? >> Yeah, so that's a great question. I think, you know, from Google Cloud perspective we heard TK mention this in the keynote with Nikesh. You know, we focus on on building a secure platform first and foremost, right? We want to be a trusted cloud for customers to deploy on. And so, you know, we find that as customers do one of two things, they're looking at, you know, reducing cost as they move to cloud and consolidate workloads or as they embrace innovation and look at, you know leveraging things like BigQuery for analytics and you know machine learning for the way that they want to innovate and stay ahead of the competition. They have to think about how do they secure in a new way. And so, not only do we work on how do we secure our own platform, we work with trusted partners to make sure that customers have you mentioned it earlier, Dave the shared security model, right? How do they take a look at their applications and their workloads and this new way of working as they go to CI/CD pipelines, they start thinking about DevSecOps. How do they integrate tooling that is frictionless and seamless for their, for their teams to deploy but allows them to quickly embrace that cloud transformation journey. And so, yes, partners are critical to that. The other thing is, you know we find that, you mentioned earlier, Lisa that customers are multicloud, right? That's kind of the the new normal as we look at enterprises today. And so Google Cloud's going to do a great job at securing our platform, but we need partners that can help customers deploy policy that embraces not only the things that they put in Google Cloud but as they're in their transformation journey. How that embraces the estates that are in data centers the things that are still on-prem. And really this is about making sure that the applications no matter where they are, the databases no matter where they are, and the users no matter where they are are all secure in that new framework of deploying and embracing innovation on public cloud. >> One of the things that almost everybody from Palo Alto Networks talks about is their partnering strategy their acquisition strategy integrations. And I was doing some research. There's over 50 joint integrations that Google Cloud and Palo Alto Networks. Have you talked about Zero Trust Network Access 2.0 that was announced yesterday. >> Correct. >> Give us a flavor of what that is and what does it deliver that 1.0 did not? >> Well, great. And what I'd like to do is touch a little bit on those 50 integrations because it's been, you know, a a building rolling thunder, shall we say as far as how have we taken a look at customers embracing the cloud. The first thing was we took a look at at how do we make sure that Palo Alto solutions are easier for customers to deploy and to orchestrate in Google Cloud making their journey to embracing cloud seamless and easy. The second thing was how could we make that deployment and the infrastructure even more easy to adopt by doing first party integrations? So earlier this year we announced cloud IDS intrusion detection system where we actually have first party directly in our console of customers being able to simply select, they want to turn on inspection of the traffic that's running on Google Cloud and it leverages the threat detection capability from Palo Alto Networks. So we've gone from third party integration alone to first party integration. And that really takes us to, you know, the direction of what we're seeing customers need to embrace now which is, this is your Zero Trusts strategy and Zero Trust 2.0 helps customers do a number of things. The first is, you know, we don't want to just verify a user and their access into the environment once. It needs to be continuous inspection, right? Cause their state could change. I think, you know, the, the teams we're talking about some really good ways of addressing, you know for instance, TSA checkpoints, right? And how does that experience look? We need to make sure that we're constantly evaluating that user's access into the environment and then we need to make sure that the content that's being accessed or, you know, loaded into the environment is inspected. So we need continuous content inspection. And that's where our partnership really comes together very well, is not only can we take care of any app any device, any user, and especially as we take a look at you know, embracing contractor like use cases for instance where we have managed devices and unmanaged devices we bring together beyond Corp and Prisma access to take a look at how can we make sure any device, any user any application is secure throughout. And then we've got content inspection of how that ZTNA 2.0 experience looks like. >> Josh, that threat data that you just talked about. >> Yeah. >> Who has access to that? Is it available to any partner, any customer, how... it seems like there's gold in them, NAR hills, so. >> There is. But, this could be gold going both ways. So how, how do you adjudicate and, how do you make sure that first of all that that data's accessible for, for good and not in how do you protect it against, you know, wrong use? >> Well, this is one of the great things about partnering with Palo Alto because technically the the threat intelligence is coming from their ingestion of malware, known threats, and unknown threats right into their technology. Wildfire, for instance, is a tremendous example of this where unit 42 does, you know, analysis on unknown threats based upon what Nikesh said on stage. They've taken their I think he said 27 days to identification and remediation down to less than a minute, right? So they've been able to take the intelligence of what they ingest from all of their existing customers the unknown vulnerabilities that are identified quickly assessing what those look like, and then pushing out information to the rest of their customers so that they can remediate and protect against those threats. So we get this shared intelligence from the way that Palo Alto leverages that capability and we've brought that natively into Google Cloud with cloud intrusion detection. >> So, okay, so I'm, I'm I dunno why I have high frequency trading in my mind cause it used to be, you know, like the norm was, oh it's going to take a year to identify an intrusion. And, and, and now it's down to, you know take was down to 27 days. Now it's down to a minute. Now it's not. That's best practice. And I'm, again, I'm thinking high frequency trading how do I beat the speed of light? And that's kind of where we're headed, right? >> Right. >> And so that's why he said one minute's not enough. We have to keep going. >> That's right. >> So guys got your best people working on that? >> Well, as a matter of fact, so Palo Alto Networks, you know when we take a look at what Nikesh said from stage, he talked about using machine learning and AI to get ahead of what we what they look at as far as predictability not only about behaviors in the environment so things that are not necessarily known threats but things that aren't behaving properly in the environment. And you can start to detect based on that. The second piece of it then is a lot of that technology is built on Google Cloud. So we're leveraging, their leveraging the capabilities that come together with you know, aggregation of, of logs the file stitching across the entire environment from the endpoint through to cloud operations the things that they detect for network content inspection putting all those files together to understand, you know where has the threat vector entered how has it gone lateral inside the environment? And then how do you make sure that you remediate all of those points of intrusion. And so yeah it's been exciting to see how our product teams have worked together to continue to advance the capabilities for speed for customers. >> And secure speed is critical. We had the opportunity this morning to speak with Lee Claridge, the chief product officer, and you know one of the things that I had heard about Lee is that despite all of the challenges in cybersecurity and the amorphous expansion of the threat network and the sophistication of the adversaries he's really optimistic about what it's going to enable organizations to do. I see you smiling. Do you share that optimism? >> I, I do. I think, you know, when you bring, when you bring leaders together to tackle big problems, I think, you know we've got the right teams working on the right things and we understand the problems that the customers are facing. And so, you know, from a a Google cloud perspective we understand that partnering with Palo Alto Networks helps to make sure that that optimism continues. You know, we work on continuous innovation when it comes to Google Cloud security framework, but then partnering with Palo Alto brings additional capabilities to the table. >> Vision for the, for the partnership. Where do you want to see it go? What's... we're two to five years down the road, what's it look like? Maybe two to three years. Let's go. >> Well, it was interesting. I, I think neer was the one that mentioned on stage about, you know how AI is going to start replacing us in our main jobs, right? I I think there's a lot of truth to that. I think as we look forward, we see that our teams are going to continue to help with automation remediation and we're going to have the humans working on things that are more interesting and important. And so that's an exciting place to go because today the reality is that we are understaffed in cybersecurity across the industry and we just can't hire enough people to make sure that we can detect, remediate and secure, you know every user endpoint and environment out there. So it's exciting to see that we've got a capability to move in a direction to where we can make sure that we get ahead of the threat actors. >> Yeah. So he said within five years your SOC will be AI based and and basically he elaborated saying there's a lot of stuff that you're doing today that you're not going to be doing tomorrow. >> That's true. >> And that's going to continue to be a moving target I would think Google is probably ahead in that game and ahead of most, right? I mean, you guys were there early. I mean, I remember when Hadoop was all the rage like just at the beginning you guys like, yeah, you know Google's like, no, no, no, we're not doing Hadoop anymore. That's like old news. So you tended to be, I don't know, at least five maybe seven years ahead of the industry. So I imagine you using a lot of those AI techniques in your own business today. >> Absolutely. I mean, I think you see it in our consumer products, and you certainly see it in the the capabilities we make available to enterprise as far as how they can innovate on our cloud. And we want to make sure that we continue to provide those capabilities, you know not only for the tools that we build but the tools that customers use. >> What's the, as we kind of get towards the end of our conversation here, we we talk about zero trust as, as a journey, as an approach. It's not a product, it's not a tool. What is the, who's involved in the zero trust journey from the customers perspective? Is this solely with the CSO, CSO, CIOs or is this at the CEO level going, we have to be a data company but we have to be a secure data company 24/7. >> It's interesting as you've seen malware, phishing, ransomware attacks. >> Yeah. >> This is not only just a CSO CIO conversation it's a board level conversation. And so, you know the way to address this new way of working where we have very distributed environments where you can't create a perimeter anymore. You need to strategize with zero trust. And so continuously, when we're talking to customers we're hearing that as a main initiative, you know from the CIO's office and from the board level. >> Got it, last question. The upgrade path for existing customers from 1., ZTNA 1.0 to 2.0. How simple is that? >> It's easy. You know, when we take- >> Is there an easy button? >> So here's the great thing [Dave] If you're feeling lucky. [Lisa] Yeah. (group laughs) >> Well, Palo Alto, right? Billing prisma access has really taken what was traditional security that was an on-prem or a data center deployed strategy to cloud-based. And so we've worked with customers like Princeton University who had to quickly transition from in-person learning to distance learning find a way to ramp their staff their faculty and their students. And we were able to, you know Palo Alto deploy it on Google Cloud's, you know network that solution in very quick order and had those, you know, everybody back up and running. So deployment and upgrade path is, is simple when you look at cloud deployed architectures to address zero trusts network. >> That's awesome. Some of those, some of those use cases that came out of the pandemic were mind blowing but also really set the table for other organizations to go, yes, this can be done. And it doesn't have to take forever because frankly where security is concerned, we don't have time. >> That's right. And it's so much faster than traditional architectures where you had to procure hardware. >> Yeah. >> Deploy it, configure it, and then, you know push agents out to all the endpoints and and get your users provisioned. In this case, we're talking about cloud delivered, right? So I've seen, you know, with Palo Alto deploying for customers that run on Google Cloud they've deployed tens of thousands of users in a very short order. You know, we're talking It was, it's not months anymore. It's not weeks anymore. It's days >> Has to be days. Josh, it's been such a pleasure having you on the program. Thank you for stopping by and talking with Dave and me about Google Cloud, Palo Alto Networks in in addition to secret squirrel. I feel like when you were describing your background that you're like the love child of Palo Alto Networks and Google Cloud, you might put that on your cartoon. >> That is a huge compliment. I really appreciate that, Lisa, thank you so much. >> Thanks so much, Josh. [Josh] It's been a pleasure being here with you. [Dave] Thank you >> Oh, likewise. For Josh Haslett and Dave, I'm Lisa Martin. You're watching theCUBE, the leader in live coverage for emerging and enterprise tech. (upbeat outro music)

>> Announcer: TheCUBE presents Ignite22, brought to you by Palo Alto Networks. >> Hey, welcome back to Vegas. Great to have you. We're pleased that you're watching theCUBE. Lisa Martin and Dave Vellante. Day two of theCUBE's coverage of Palo Alto Ignite22 from the MGM Grand. Dave, we're going to be talking about data. >> You know I love data. >> I do know you love data. >> Survey data- >> There is a great new survey that Palo Alto Networks just published yesterday, "What's next in cyber?" We're going to be digging through it with their CMO. Who better to talk about data with than a CMO that has a PhD in machine learning? We're very pleased to welcome to the program, Zeynep Ozdemir, CMO of Palo Alto Networks. Great to have you. Thank you for joining us. >> It's a pleasure to be here. >> First, I got to ask you about your PhD. Your background as a CMO is so interesting and unique. Give me a little bit of a history on that. >> Oh, absolutely, yes. Yes, I admit that I'm a little bit of an untraditional marketing leader. I spent probably the first half of my career as a software engineer and a research scientist in the area of machine learning and speech signal processing, which is very uncommon, I admit that. Honestly, it has actually helped me immensely in my current role. I mean, you know, you've spoken to Lee Klarich, I think a little while ago. We have a very tight and close partnership with product and engineering teams at Palo Alto Networks. And, you know, cybersecurity is a very complex topic. And we're at a critical juncture right now where all of these new technologies, AI, machine learning, cloud computing, are going to really transform the industry. And I think that I'm very lucky, as somebody who's very technically competent in all of those areas, to partner with the best people and the leading company right now. So, I'm very happy that my technical background is actually helping in this journey. >> Dave: Oh, wait, aren't you like a molecular biologist, or something? >> A reformed molecular...yes. >> Yes. >> Okay. Whoa, okay. (group laughs) >> But >> Math guy over here. >> Yeah. You guys just, the story that I tease is... the amount of data in there is unbelievable. This has just started in August, so a few months ago. >> Zeynep: Yeah. >> Fresh data. You surveyed 1300 CXOs globally. >> Zeynep: That's right. >> Across industries and organizations are saying, you know, hybrid work and remote work became status quo like that. >> Yes. >> Couple years ago everyone shifted to multicloud and of course the cyber criminals are sophisticated, and they're motivated, and they're well funded. >> Zeynep: That's right. >> What are some of the things that you think that the survey really demonstrated that validate the direction that Palo Alto Networks is going in? >> That's right. That's right. So we do these surveys because first and foremost, we have to make sure we're aligned with our customers in terms of our product strategy and the direction. And we have to confirm and validate our very strong opinions about the future of the cybersecurity industry. So, but this time when we did this survey, we just saw some great insights, and we decided we want to share it with the broader industry because we obviously want to drive thought leadership and make sure everybody is in the same level field. Some interesting and significant results with this one. So, as you said, this was 1300 C level cybersecurity decision makers and executives across the world. So we had participants from Europe, from Japan, from Asia Pacific, Latin America, in addition to North America. So one of the most significant stats or data points that we've seen was the fact that out of everybody interviewed, 96% of participants had experienced one or more cybersecurity breaches in the past 12 months. That was more than what we expected, to be honest with you. And then 57% of them actually experienced three or more. So those stats are really worth sharing in terms of where the state of cybersecurity is. What also was personally interesting to me was 33% of them actually experienced an operational disruption as a result of a breach, which is a big number. It's one third of participants. So all of these were very interesting. We asked them more detailed questions around you know, how many...like obviously all of them are trying to respond to this situation. They're trying different technologies, different tools and it seems like they're in a point where they're almost have too many tools and technologies because, you know, when you have too many tools and technologies, there's the operational overhead of integrating them. It creates blind spots between them because those tools aren't really communicating with each other. So what we heard from the responders was that on average they were on like 32 tools, 22% was on 50 or more tools, which is crazy. But what the question we asked them was, you know, are you, are you looking to consolidate? Are you looking to go more tools or less tools? Like what are your thoughts on that? And a significant majority of them, like about 77% said they are actively trying to reduce the number of technologies that they're trying to use because they want to actually achieve better security outcomes. >> I wonder if you could comment on this. So early on in the pandemic, we have a partner, survey partner ETR, Enterprise Technology Research. And we saw a real shift of course, 'cause of hybrid work toward endpoint security, cloud security, they were rearchitecting their networks, a new focus on, you know, different thinking about network security and identity. >> Yeah. >> You play in all of those in partner for identity. >> Zeynep: Yeah. >> I almost, my question is, is was there kind of a knee jerk reaction to get point tools to plug some of those holes? >> Zeynep: Yes. >> And now they're...'cause we said at the time, this is a permanent shift in thinking. What we didn't think through it's coming to focus here at this conference is, okay, we did that, but now we created another problem. >> Zeynep: Yeah. Yeah. >> Now we're- >> Yes, yes. You're very right. I think, and it's very natural to do this, right? >> Sure. >> Every time a problem pops up, you want to fix it as quickly as possible. And you look... you survey who can help you with that. And then you kind of get going because cybersecurity is one of those areas where you can't really wait and do, you know, take time to fix those problems. So that happened a lot and it is happening. But what happened as a result of that. For example, I'll give you a data point from the actual survey that answers this very question. When we asked these executives what keeps them like up at night, like what's their biggest concern? A significant majority of them said, oh we're having difficulty with data management. And what that means is that all these tools that they've deployed, they're generating a lot of insights and data, but they're disconnected, right? So there is no one place where you can say, look at it holistically and come to conclusions very fast about how threat actors are moving in an organization. So that's a direct result of this proliferation of tools, if you will. And you're right. And it will...it's a natural thing to deploy products very quickly. But then you have to take a step back and say, how do I make this more effective? How do I bring things together, bring all my data together to be able to get to threats detect threats much faster? >> An unintended consequence of that quick fix. >> And become cyber resilient. We've been hearing a lot about cyber resiliency. >> Yes, yes. >> Recently and something that I was noting in the survey is only 25% of execs said, yeah, our cyber resilience and readiness is high. And you found that there was a lack of alignment between the boards and the executive levels. And we actually spoke with I think BJ yesterday on how are you guys and even some of your partners >> Yeah. >> How are you helping facilitate that alignment? We know security's always a board level- >> Zeynep: Yes. >> Conversation, but the lack of alignment was kind of surprising to me. >> Yeah. Well I think the good news is that I think we... cybersecurity is taking its place in board discussions more and more. Whether there's alignment or not, at least it's a topic, right? >> Yeah. That was also out of the survey that we saw. I think yes, we have a lot of, a big role to play in helping security executives communicate better with boards and c-level executives in their organizations. Because as we said, it's a very complex topic, and it has to be taken from two angles. When there's...it's a board level discussion. One, how are you reducing risk and making sure that you're resilient. Two, how do you think about return on investment and you know, what's the right level of investment and is that investment going to get us the return that we need? >> What do you think of this? So there's another interesting stat here. What keeps executives up at night? >> Mmhm. >> You mentioned difficulty of data management. Normally, the CISO response to what's your number one problem is lack of talent. >> Zeynep: Number three there, yes. Yeah. >> And it is maybe somewhat related to difficulty of data management, but maybe people have realized, you know what? I'm never going to solve this problem by throwing bodies at it. >> Yeah. >> I got to think of a better way to consolidate my data. Maybe partner with a company that can help me do that. And then the second one was scared of being left behind changes in the tech stack. So we're moving so fast to digitize. >> Zeynep: Yes. >> And security's still an afterthought. And so it's almost as though they're kind of rethinking the problems 'cause they know that they can't just solve the issue by throwing, you know, more hires at it 'cause they can't find the people. >> That is...you're absolutely spot on. The thing about cybersecurity skills gap, it's a reality. It's very real. It's a hard place to be. It's hard to ramp up sometimes. Also, there's a lot of turnover. But you're right in the sense that a lot of the manual work that is needed for cybersecurity, it's actually more sort of much easier to tackle with machines- >> Yeah. >> Than humans. It's a funny double click on the stat you just gave. In North America, the responders when we asked them like how they're coping with the skills shortage, they said we're automating more. So we're using more AI, we're using more process automation to make sure we do the heavy lifting with machines and then only present to the people what they're very good at, is making judgements, right? Very sort of like last minute judgment calls. In the other parts of the world, the top answer to that question is how you're tackling cybersecurity skill shortage was, we're actually trying to provide higher wages and better benefits to the existing p... so there's a little bit of a gap between the two. But I think, I think the world is moving towards the former, which is let's do as much as we can with AI and machines and automation in general and then let's make sure we're more in an automation assisted world versus a human first world. >> We also saw on the survey that ransomware was, you know, the big concern in the United States. Not as much, not that it's not a concern >> Lisa: Yeah. >> In other parts of the world. >> Zeynep: Yeah. >> But it wasn't number one. Why do you think that is? Is it 'cause maybe the US has more to lose? Is it, you know, more high profile or- >> Yeah. Look, I mean, yes you're right? So most responders said number one is ransomware. That's my biggest concern going into 2023. And it was for JAPAC and I think EMEA, Europe, it was supply chain attacks. >> Dave: Right. >> So I think US has been hit hard by ransomware in the past year. I think it's like fresh memory and that's why it rose to the top in various verticals. So I'm not surprised with that outcome. I think supply chain is more of a... we've, you know, we've been hit hard globally by that, and it's very new. >> Lisa: Yeah. >> So I think a lot of the European and JAPAC responders are responding to it from a perspective of, this is a problem I still don't know how to solve. You know, like, and it's like I need the right infrastructure to...and I need the right visibility into my software supply chain. It's very top of mind. So those were some of the differences, but you're right. That was a very interesting regional distinction as well. >> How do you take this data and then bring it back to your customers to kind of close the loop? Do you do that? Do you say, okay, hey, we're going to share this data with you, get realtime feedback- >> Zeynep: Yes. >> Dave: We often like to do that with data- >> Zeynep: Absolutely. >> Say okay...'cause you know, when you do a survey like this, you're like, oh, I wish we asked A, B and C. But it gives you, informs you as to where to double click. Is there a system to do that? Or process to do that? >> Yes. Our hope and goal is to do this every year and see how things are changing and then do some historical analysis as to how things are changing as well. But as I said in the very beginning, I think we take this and we say, okay, there's a lot of alignment in these areas, especially for us for our products to see if where our products are deployed to see if some of those numbers vary, you know, per product. Because we address as a company, we address a lot of these concerns. So then it's very encouraging to say, okay, with certain customers, we're going to go, we're going to have develop certain metrics and we're going to measure how much of a difference we're making with these stats. >> Well, I mean, if you can show that you're consolidating- >> Yeah. >> You know, the number of tools and show the business impact- >> Right. >> Exactly. >> Home run. >> Exactly. Yes- >> Speaking of business outcomes, you know, we have so many conversations around everything needs to be outcome-based. Can security become an enabler of business outcomes for organizations? >> Absolutely. Security has to be an enabler. So it's, you know, back to the security lagging behind the evolution of the digital transformation, I don't think it's possible to move fast without having security move fast with digital transformation. I don't think anybody would raise their hands and say, I'm just going to have the most creative, most interesting digital transformation journey. But, you know, security is say, so I think we're past that point where I think generally people do agree that security has to run as fast as digital transformation and really enable those business outcomes that everybody's proud of. So Yes. Yes it is. >> So...sorry. So chicken and egg, digital transformation, cyber transformation. >> Zeynep: Yes. >> Lisa: How are they related? Is one digital leading? >> They are two halves of the perfect solution. They have to coexist because otherwise if you're taking a lot of risk with your digital transformation, is it really worth going through a digital transformation? >> Yeah. >> Yeah. >> So there's a board over here. I'm looking at it and it started out blank. >> Yes. >> And it's what's next in cyber and basically- >> That's this. Yes. >> People can come through and they can write down, and there's some great stuff in there: 5G, cloud native, some technical stuff, automated meantime to repair or to remediation. >> Yeah. >> Somebody wrote AWS. The AWS guys left their mark, which is kind of cool. >> Zeynep: That's great. >> And so I'm wondering, so we always talk about... we just talked about earlier that cyber is a board...has become a board level you know, issue. I think even go back mid last decade, it was really starting to gain strength. What I'm looking for, and I dunno if there's anything in here that suggests this is going beyond the board. So it becomes this top down thing, not just the the SOC, not just the, you know, IT, not just the board. Now it's top down maybe it's bottom up, middle out. The awareness across the organization. >> Zeynep: Absolutely. >> And that's something that I think is that is a next big thing in cyber. I believe it's coming. >> Cybersecurity awareness is a topic. And you know, there are companies who do that, who actually educate just all of us who work for corporations on the best way to tackle, especially when the human is the source and the reason knowingly or unknowing, mostly unknowingly of cyber attacks. Their education and awareness is critical in preventing a lot of this...before our, you know tools even get in. So I agree with you that there is a cybersecurity awareness as a topic is going to be very, very popular in the future. >> Lena Smart is the CISO of MongoDB does... I forget what she calls it, but she basically takes the top security people in the company like the super geeks and puts 'em with those that know nothing about security, and they start having conversations. >> Zeynep: Yeah. >> And then so they can sort of be empathic to each other's point of view. >> Zeynep: Absolutely. >> And that's how she gets the organization to become cyber aware. >> Yes. >> It's brilliant. >> It is. >> So simple. >> Exactly. Well that's the beauty in it is the simplicity. >> Yeah. And there are programs just to put a plug. There are programs where you can simulate, for example, phishing attacks with your, you know employee base and your workforce. And then teach them at that moment when they fall for it, you know, what they should have done. >> I think I can make a family game night. >> Yeah. Yeah. (group laughs) >> I'm serious. That's a good little exercise For everybody. >> Yes. Yeah, exactly. >> It really is. Especially as the sophistication and smishing gets more and more common these days. Where can folks go to get their hands on this juicy survey that we just unpacked? >> We have it online, so if you go to the Palo Alto Networks website, there's a big link to the survey from there. So for sure there's a summary version that you can come in and you can have access to all the stats. >> Excellent. Zeynep, it's been such a pleasure having you on the program dissecting what's keeping CXOs up at night, what Palo Alto Networks is doing to really help organizations digitally transform cyber transformation and achieve that nirvana of cyber resilience. We appreciate so much your insights. >> Thanks very much. It's been the pleasure. >> Dave: Good to have you. >> Thank you >> Zeynep Ozdemir and Dave Vellante. I'm Lisa Martin. You're watching theCUBE, the leader in live and emerging tech coverage. (upbeat music)

>> Narrator: theCUBE presents Ignite 22. Brought to you by Palo Alto Networks. >> Hey, welcome back to Las Vegas. Lisa Martin here with Dave Vellante. This is day two of theCUBE's coverage of Palo Alto Ignite 2022. Dave we're just talking about how many times we're in Vegas. And we were here two weeks ago with our guest who's back in Alumni. And it's a blur, right? >> It's true, I lost count. Luckily I'm not flying red eye tonight. So that's good. >> I'm impressed. >> Excited about that. >> Yeah >> I'm actually going to enjoy the, nightlife here for a period of time. And, you know, we were at re-Invent. >> Yeah. >> And what a difference. This is nice and relaxed. You have time. You're not getting bumped in the hallway. >> Right. >> A lot of time for learning. So it's been great show. >> It's been great. And one of the things that we've been talking about is the supply chain. Securing the modern software supply chain is really complicated. We've got an Alumni back with us, to talk about what Palo Alto is doing in that respect. Ankur Shah joins us. The SVP and GM of Cloud Security at Palo Alto Networks. Welcome back. >> Yeah, happy to be back. Good to see you again. Dave and Lisa. >> It's been two long weeks. >> Ankur: I know. It's been two weeks, yeah >> Dave: It's kind of crazy. I mean, ReInvent really was a blur. And it's like you had everything coming at you. And there was obviously a big chunk of security, but you. It was just so much to absorb. >> Yeah. >> Right? >> Yeah, and I couldn't get into any of the sessions versus at Ignite. I mean, you could, you could learn a lot. To your point Dave. And 70,000 people versus 3000 in change. Big difference. >> Dave: Yeah. >> Lisa: Huge difference. >> Yeah. >> Lisa: Huge difference. So we touched on the Cider acquisition. >> Ankur: Yeah. >> Which was announced the intent to acquire last month. Let's dig into a little bit more of that, and then some of the great things that had been announced. >> Ankur: Yeah. >> In the last couple of days. >> Oh, absolutely. So, this is something that we have been marinating for last nine months. Thinking about how best to secure supply chain. And this is software supply chain. The modern application software is fairly complex. You know, back in the days when I was a developer, it was a simple three tier application. Ship the code once a year, et cetera. But now with microservices, new architectures, Kubernetes Public Cloud, we talked about this. It's getting super complicated, and the customers are really worried about securing their entire supply chain. Which is nothing but the software pipeline. And so we started looking at a whole bunch of companies and Cider really stood out. I mean, they had, they were the innovators in this space. Very early days, we've seen supply chain attack. But there hasn't been a really good and strong solution in that space. And Cider just delivered that incredible team. Great technology, super excited about what that integration will look like. in the coming quarters. >> What do we need to know about them? I mean, I'll be honest with you, I wasn't familiar with Cider until I saw you guys made the announcement of the intent to acquire them. What, what should we know about them? Why Cider? What was it that attracted you to them? >> Ankur: Yeah, so, you know, we have a history of technology acquisitions as you know, over the last four years, just in the public cloud. We acquire over half a a dozen companies, small and large. And typically we are always looking for companies who have the next gen technology available. Technology that is more in tune with how application software is going to look like in future. So we're not always going after companies that are making you know, tens of hundreds of millions of dollars in a year and all. We're looking for the right tech. The future. And that's what we found in Cider. Like they have a really strong application security background. And AppSec just broadly speaking, supply chain is part of it. But application security, just broadly speaking, is right for disruption. You've got a lot of vendors, who have been around for like last two decades. Old school stuff, lots and lots of false positives. So we've been bolstering, beefing up our portfolio in the application security space. And Cider really fits right nicely into it. Because it can like I said, secure a lot of technology and tooling, that software developers use as part of their software supply chain. So, great founding team, great technology. It was a perfect fit. >> Talk about integration. We spoke with Nikesh yesterday, with Nir, with a whole bunch of folks. Lee this morning. BJ yesterday as well. And one of the things that seems to stick out at me. With all the shows that we do, is the focus that Palo Alto has on ensuring that it's making the right acquisitions. But that it's the integration, is really seems to be like leading part of the strategy. That seems to be a little bit of a differentiator to me. >> Yeah, it absolutely is. There are two ways to integrate a technology into an existing platform. And Prisma Cloud is a platform as you know. Code-to-cloud, CNAPP platform as we call it. One is just kind of slotted in, put the whole thing in a box. And that's basically making one plus one equal to two. We're looking for high leverage in integrations, whereby once that integration comes along. It makes the rest of the platform even better and superior. It makes that technology look even better. So that's why there's a lot of focus on ensuring that we're delivering the right type of integration, that delivers instant customer value. And that makes the overall platform even superior. So customers don't feel like hey, like there's just one more add-on, on top of the other thing. >> Lisa: Right, not a bolt on. >> So that's why there's a lot of focus on that. Getting the strategy nailed. Because the founding teams generally have a preconceived notion about how the world looks like. Then they understand how Prisma cloud and Palo Alto Networks think about it. And then, we sort of merge the two ideas, and build something that's incredible. So I am, we're spending a lot of time in integration. That honeymoon phase of like, let's high five acquisitions done, that's over. Now it's the grinding work of actually getting this right. And you know, getting hundreds and thousands of customers. >> Well I like how you don't have the private equity mentality. It's not about EBITDA and cashflow. We'll take care of that. >> Ankur: Yeah. >> You know, it's about getting that integration. Getting that flywheel effect, inside the platform. You know, we said one plus one equals, maybe even more than two. Can you explain Prisma Cloud Secrets Security? What is that all about? What do we need to know about that? >> Ankur: Absolutely. So, the developers, you know generally store some stuff in the code repo for their automation work to build application. And that thing, the API keys or as Secrets are stored in code repo. It shouldn't be. Or even if they are, they should be encrypted, or locked down and things of that nature. But, you know, the need for speed trumps everything else. Developers want to go fast. And sometimes they're like, okay well. I guess my application needs this particular, you know API access token or secret. I'm just going to stick it in the code. Now the challenge with that is that, if somebody gets hold of your code repo. Now not only is your code repo, which has all your sensitive data. Your code is the life and blood of a technology company. That's in trouble. But also those secrets and API access keys can be used to log into your cloud accounts. And there you may have sensitive customer data. Everything that you have as a technology company stored in that public cloud accounts. So that's the worry. It's usually the initial access for the kill chain. Because that's where the attacks start. Let me get the secret, let me get the API access key. And let me see what I can do in public cloud. So we are now giving customers the visibility into where the secrets are stored. More importantly, it just right there on developer's face. In the code repo as they're checking in the code. They say why, hey, there's a secret here. Are you sure you want to, you want to keep it like this, no? Okay, well then you can either encrypt it, or just get rid of it. So we're making, we're bringing security where the developers are in their code repo, et cetera. >> So I can see a lot of developers saying, yeah, go ahead, encrypt it. So I don't have to do anything else, you know, extra. It's almost, the analogy is a very small you know, version of this. Its like, use a password manager. You store all your passwords in your contacts on your phone, right? I mean, somebody gets a hold of your contacts, you're screwed. >> Ankur: That's exactly right. >> And so, but I could still see a lot of developers say, check in the box. Say, yeah just encrypt it, leave it there. But you're saying best practice is to not to do that, right? >> Yeah, usually you're not supposed to, you know, store all your secrets, et cetera in code repo to begin with. But if you do, you know, you use a key wall like technology to really encrypt it and store it in a secret manner, yeah. >> Dave: There's an old saying, bad user behavior trump's great security every time. >> Ankur: Every time. >> But this is an example where, we know you're going to have bad behavior. So we're going to protect the bad behavior. >> Yeah, and actually, sorry Lisa, just to that point. The bad user behavior trumps good security. The classic example, this happened three weeks ago. Three, four weeks ago, where Dropbox, one of the file sharing companies there. 120 plus code repos were exposed. And the way their attack started, was a simple social engineering attack. Bad user behavior. There was an email, hey, like your passwords are updated for your, you know, this code plugin. Can you enter the password? And boom, now you have access to the code repo. And now if you have secrets inside of it, now, you know all bets are off. >> Are there hard-coded secrets versus like, I mean, like I think like, like you were saying, Dave. Like usernames and passwords and tokens, versus like soft coded secrets. >> Ankur: It's, I think it, this is more so two forms of it, you know. The most primary one is what we call the API access keys. And this keys are used to access cloud accounts, workloads and things of that nature. But there are actually secret secrets. Could be database login passwords, et cetera. The application is using it to spin up databases. Now, you know, you have access to the data stores. Any other application, there's a login password, all of that stuff. So it's less about the user password, but more the application and databases and things of that nature. >> Dave: So again, and, again, everybody should be using password managers. But when you use a password manager, it's going to give you a long list of passwords, that are either been compromised or are weak. And you just go uh, okay. So can you help? How do you help customers identify what the high risk? You know, API, you know, access are versus those ones that they may not have to worry about. >> Ankur: Yeah, look. You know, secrets aside. Risk prioritization is one of the biggest topics that our customers have across the board, in cloud security. All the security vendors are really, really good at one thing, generating alerts. Everybody does it. They generate an alert. You know, your ring camera, if you've got one. I mean this pop up every day, like every minute rather. Well like can you prioritize it for me? What should I really look at it? So that's a number one thing. What Prisma Cloud does is, you know, contextualize it. What the real risk is? They can tell you like, hey, here's the kill chain. If this thing, you know, goes to public internet. These are the potential exposures that you have. So we provide a prioritized risk of critical alerts that customers have to take care of before they can start taking care of more hygiene type of stuff, right? So that's how we do it. Like we leverage a lot of technology. We apply a lot of context. We tell you like, hey, this code repo is not protected by multifactor authentication. And then there's a secret inside. Are you sure, you know, you don't want to fix it? So that's what we do. But it's a great question. Top of mind for all our customers. And that's how we think about it across the board. Versus generating just alerts all the time. >> Dave: Is the strategy, Because we all know phishing is the sort of most, you know obvious way to. It's the top way in which people get hacked. >> Ankur: Yeah. >> Is your strategy essentially to say. Okay we know that's going to happen, so we're going to try to protect it at the back end. How much of the, maybe it's an industry question. more so than just a Palo Alto specifically, How much emphasis is do you think the industry is taking or should be taking on stopping that, you know that those phishing attacks? Because if that's the number one problem you know, maybe that's where we should be starting. >> Yeah, it's a great question. It's typically the initial vector, for a lot of attacks to your point. But there is one thing that technology and AI cannot solve. Which is the user behavior, to your point. Like we can't get into the heads of the user. I mean, you can train them, you can do everything. You can't prevent somebody from clicking a button. Of course there's technology out there for email security that does that. But your point is, right, it's going to happen. Now what do you do? How do you protect your applications, your crown jewel? You know, whether it's in the cloud or it's in the code repo. So a lot of what we are trying to do in code security, or cloud security, or in general at Palo Alto Networks. is to protect those crown jewel. Because we can't prevent somebody from doing something. User behavior is hard to change. >> Dave: So it's almost like, okay, you left your front door open. Somebody's going to walk in, but oh, they walk into a vault. And they don't know where to go. And there's nowhere they can- >> Ankur: Yeah. >> You know, nothing they can take. They can't get to the silverware or the jewelry. >> I think that's it, yeah. >> What are some of the things, like as we look at, we're wrapping up calendar year '22 heading into '23. That customers can look to Palo Alto Networks to help them achieve? One of the things that we talked about with Nikesh and Niri yesterday, is consolidation. Like, and you guys just did a recent, survey. >> Ankur: Yeah. >> About the state of Cyber, and organizations on average have 366 apps in their environment. 31 security tools, 30 to 50 security tools. >> Ankur: Yeah. >> Consolidation is really key there. What are some of the things that you are excited about to deliver to customers where consolidation is concerned? >> Ankur: Yeah. >> Where software supply chain security is concerned in the next year? >> Yeah, absolutely. Look, there are over 3000 security vendors. And this can be, I mean you talked about average customer having 300. I was talking to a CSO, this was last year for one of the largest financial institution I go, "How many security tools do you have?" He got 120. I said, why? He goes, we have a no vendor left behind policy. >> Wow. >> It's crazy. >> Dave: What? >> Obviously he was joking, but it's crazy, right? Like that's how the CSO's are. >> Dave: I mean, he was kidding. >> Yeah. >> Dave: But recognized that. Wow. >> Yeah, and, this is the state the security industry is in. And our mission has been, and Lee and Nikesh and Niri talked about it. Is just platforms, will platforms take moonshots, things long term. And especially the, macro headwinds that we're seeing. We're hearing more and more from the customers that, look we're not going to buy point product. Then we got to buy another product that stitches it all together. We need platforms, whether it's for zero trust, Prisma SaaS, whether it's cloud. Prisma cloud or for your sock transformation. You know XIM and Cortex line of products. So I think you're going to see more and more of that in 2023. I'm confident in that. >> We heard from Lee today, the world record's 400. >> Yes. >> Yeah. >> That's crazy. >> He's going for it. He's got a ways to go. 120 He's got to... >> Maybe he wasn't, that guy wasn't kidding about his no vendor left behind policy. (laughing) Do you have Ankur, a favorite customer story that really articulates the value of what Palo Alto delivers and continues to. You know, 'cause one of the things that Nikesh said in his keynote was that you know, security's a data problem. Well every company these days, in every industry has to be a data company. But really what they need to be able to be is a secured data company. >> Ankur: Yeah. >> How are you guys enabling that? >> Oh, absolutely. Look, many customer examples come to mind, but speaking of data. You know, one of, some of our largest customers who are protecting their PCI workers where they have sensitive data. They're using for example, Prisma Cloud, to ensure that malicious attacks don't happen. And those workloads are used for credit card processing. They're processing tens of thousands of credit card transactions a second. And make sure that nobody gets hold of that. And that's why they have to make sure that nobody is. No attacker is trying to get hold of the sensitive data, to your point, So we have customers across financial services, media and entertainment technology company. Where we are helping them go as fast as possible in public cloud. Go through digital transformation, by securing their applications. >> Dave: What's the T-shirt say? I see code. >> Oh yeah. >> Dave: Secure from Code to Cloud. >> Lisa: Shift Happens. >> Shift Happens, Secrets from Code to Cloud. >> I love that. I was looking at that, going back to that, what's next in cyber survey? >> Ankur: Yeah. >> It said 74% of respondents, and I believe there was 1300 CIO's, CXO's that were surveyed globally. Where they said security is slowing down DevOps. Can customers look to Palo Alto Networks to help them? >> Ankur: Be enablers? >> Yes. >> Yeah, hundred percent. Look, the conversation over the last few years have changed now. Security used to say like, oh, I don't know about these people who are building applications. The DevOps is like security slowing down. I think there's an opportunity for companies like Palo Alto Networks, to build the bridge between the two. And the way we do it is make the securities easy, simple and not super intrusive. Where developers have to do a natural thing. And one part of it, and I talked about it earlier, is bring security where the developers are. In their code repo, in their IDE. Make it super simple. Don't make them do unnatural things. And it just, this is no different from changing the behavior of our kids. Right? Like you make them do unnatural things, they're not going to do it. But if it is part of their regular, you know, day-to-day operating procedures. I think they're going to be more open to change. Yeah. So I think it's possible. And Palo Alto has a huge responsibility to bridge the divide between the apps team, or the DevOps and the security organization. >> Lisa: Lots of great stuff to come. We thank you so much for coming back, two weeks. Only being on two weeks ago. We appreciate your insights, learning more information. It's great to see you at Palo Alto Ignite. And we'll have to have you back on. 'Cause we know that there's so much more to follow with respect to what you're doing. And shifting left, shift happens. >> Awesome. Lisa, Dave, thank you so much. It's been a pleasure. >> Lisa: Thank you so much. For Ankur Shah and Dave Vellante. I'm Lisa Martin. You're watching theCUBE. The leader in live and emerging tech coverage.

>>The cube presents Ignite 22, brought to you by Palo Alto Networks. >>Good morning. Live from the MGM Grand. It's the cube at Palo Alto Networks Ignite 2022. Lisa Martin here with Dave Valante, day two, Dave of our coverage, or last live day of the year, which I can't believe, lots of good news coming out from Palo Alto Networks. We're gonna sit down with its Chief product officer next and dissect all of that. >>Yeah. You know, oftentimes in, in events like this, day two is product day. And look, it's all about products and sales. Yeah, I mean those, that's the, the, the golden rule. Get the product right, get the sales right, and everything else will take care of itself. So let's talk product. >>Yeah, let's talk product. Lee Claridge joins us, the Chief Product Officer at Palo Alto Networks. Welcome Lee. Great to have >>You. Thank you so much. >>So we didn't get to see your keynote yesterday, but we heard one of the things, you know, we've been talking about the threat landscape, the challenges. We had Unit 42, Wendy on yesterday. We had Nash on and near talking about the massive challenges in the threat landscape. But we understand, despite that you are optimistic. I am. Talk about your optimism given the massive challenges that every organization is facing today. >>Look, cybersecurity's hard and often in cybersecurity in the industry, a lot of people get sort of really focused on what the threat actors are doing, why they're successful. We investigate breaches and we think of it, it just starts to feel somewhat overwhelming for a lot of folks. And I just happen to think a little bit differently. I, I look at it and I think it's actually a solvable problem. >>Talk about cyber resilience. How does Palo Alto Networks define that and how does it help customers achieve that? Cuz that's the, that's the holy grail these days. >>Yes. Look, the, the way I think about cyber resilience is basically in two pieces. One, it's all about how do we prevent the threat actors from actually being successful in the first place. Second, we also have to be prepared for what happens if they happen to find a way to get through, and how do we make sure that that happens? The blast radius is, is as narrowly contained as possible. And so the, the way that we approach this is, you know, I, I kind of think in terms of like threes three core principles. Number one, we have to have amazing technology and we have to constantly be, keep keeping up with and ideally ahead of what attackers are doing. It's a big part of my job as the chief product officer, right? Second is we, you know, one of the, the big transformations that's happened is the advent of, of AI and the opportunity, as long as we can do it, a great job of collecting great data, we can drive AI and machine learning models that can start to be used for our advantage as defenders, and then further use that to drive automation. >>So we take the human out of the response as much as possible. What that allows us to do is actually to start using AI and automation to disrupt attackers as it's happening. The third piece then becomes natively integrating these capabilities into a platform. And when we do that, what allows us to do is to make sure that we are consistently delivering cybersecurity everywhere that it needs to happen. That we don't have gaps. Yeah. So great tech AI and automation deliver natively integrated through platforms. This is how we achieve cyber resilience. >>So I like the positivity. In fact, Steven Schmidt, who's now the CSO of, of Amazon, you know, Steven, and it was the CSO at AWS at the time, the first reinforced, he stood up on stage and said, listen, this narrative that's all gloom and doom is not the right approach. We actually are doing a good job and we have the capability. So I was like, yeah, you know, okay. I'm, I'm down with that. Now when I, my question is around the, the portfolio. I, I was looking at, you know, some of your alternatives and options and the website. I mean, you got network security, cloud security, you got sassy, you got capp, you got endpoint, pretty much everything. You got cider security, which you just recently acquired for, you know, this whole shift left stuff, you know, nothing in there on identity yet. That's good. You partner for that, but, so could you describe sort of how you think about the portfolio from a product standpoint? How you continue to evolve it and what's the direction? Yes. >>So the, the, the cybersecurity industry has long had this, I'm gonna call it a major flaw. And the major flaw of the cybersecurity industry has been that every time there is a problem to be solved, there's another 10 or 20 startups that get funded to solve that problem. And so pretty soon what you have is you're, if you're a customer of this is you have 50, a hundred, the, the record is over 400 different cybersecurity products that as a customer you're trying to operationalize. >>It's not a good record to have. >>No, it's not a good record. No. This is, this is the opposite of Yes. Not a good personal best. So the, so the reason I start there in answering your question is the, the way that, so that's one end of the extreme, the other end of the extreme view to say, is there such a thing as a single platform that does everything? No, there's not. That would be nice. That was, that sounds nice. But the reality is that cybersecurity has to be much broader than any one single thing can do. And so the, the way that we approach this is, is three fundamental areas that, that we, Palo Alto Networks are going to be the best at. One is network security within network security. This includes hardware, NextGen, firewalls, software NextGen, firewalls, sassy, all the different security services that tie into that. All of that makes up our network security platforms. >>So everything to do with network security is integrated in that one place. Second is around cloud security. The shift to the cloud is happening is very real. That's where Prisma Cloud takes center stage. C a P is the industry acronym. If if five letters thrown together can be called an acronym. The, so cloud native application protection platform, right? So this is where we bring all of the different cloud security capabilities integrated together, delivered through one platform. And then security, security operations is the third for us. This is Cortex. And this is where we bring together endpoint security, edr, ndr, attack, surface management automation, all of this. And what we had, what we announced earlier this year is x Im, which is a Cortex product for actually integrating all of that together into one SOC transformation platform. So those are the three platforms, and that's how we deliver much, much, much greater levels of native integration of capabilities, but in a logical way where we're not trying to overdo it. >>And cider will fit into two or three >>Into Prisma cloud into the second cloud to two. Yeah. As part of the shift left strategy of how we secure makes sense applications in the cloud >>When you're in customer conversations. You mentioned the record of 400 different product. That's crazy. Nash was saying yesterday between 30 and 50 and we talked with him and near about what's realistic in terms of getting organizations to, to be able to consolidate. I'd love to understand what does cybersecurity transformation look like for the average organization that's running 30 to 50 point >>Solutions? Yeah, look, 30 to 50 is probably, maybe normal. A hundred is not unusual. Obviously 400 is the extreme example. But all of those are, those numbers are too big right now. I think, I think realistic is high. Single digits, low double digits is probably somewhat realistic for most organizations, the most complex organizations that might go a bit above that if we're really doing a good job. That's, that's what I think. Now second, I do really want to point out on, on the product guy. So, so maybe this is just my way of thinking, consolidation is an outcome of having more tightly and natively integrated capabilities. Got you. And the reason I flip that around is if I just went to you and say, Hey, would you like to consolidate? That just means maybe fewer vendors that that helps the procurement person. Yes. You know, have to negotiate with fewer companies. Yeah. Integration is actually a technology statement. It's delivering better outcomes because we've designed multiple capabilities to work together natively ourselves as the developers so that the customer doesn't have to figure out how to do it. It just happens that by, by doing that, the customer gets all this wonderful technical benefit. And then there's this outcome sitting there called, you've just consolidated your complexity. How >>Specialized is the customer? I think a data pipelines, and I think I have a data engineer, have a data scientists, a data analyst, but hyper specialized roles. If, if, let's say I have, you know, 30 or 40, and one of 'em is an SD wan, you know, security product. Yeah. I'm best of breed an SD wan. Okay, great. Palo Alto comes in as you, you pointed out, I'm gonna help you with your procurement side. Are there hyper specialized individuals that are aligned to that? And how that's kind of part A and B, how, assuming that's the case, how does that integration, you know, carry through to the business case? So >>Obviously there are specializations, this is the, and, and cybersecurity is really important. And so there, this is why there had, there's this tendency in the past to head toward, well I have this problem, so who's the best at solving this one problem? And if you only had one problem to solve, you would go find the specialist. The, the, the, the challenge becomes, well, what do you have a hundred problems to solve? I is the right answer, a hundred specialized solutions for your a hundred problems. And what what I think is missing in this approach is, is understanding that almost every problem that needs to be solved is interconnected with other problems to be solved. It's that interconnectedness of the problems where all of a sudden, so, so you mentioned SD wan. Okay, great. I have Estee wan, I need it. Well what are you connecting SD WAN to? >>Well, ideally our view is you would connect SD WAN and branch to the cloud. Well, would you run in the cloud? Well, in our case, we can take our SD wan, connect it to Prisma access, which is our cloud security solution, and we can natively integrate those two things together such that when you use 'em together, way easier. Right? All of a sudden we took what seemed like two separate problems. We said, no, actually these problems are related and we can deliver a solution where those, those things are actually brought together. And that's just one simple example, but you could, you could extend that across a lot of these other areas. And so that's the difference. And that's how the, the, the mindset shift that is happening. And, and I I was gonna say needs to happen, but it's starting to happen. I'm talking to customers where they're telling me this as opposed to me telling them. >>So when you walk around the floor here, there's a visual, it's called a day in the life of a fuel member. And basically what it has, it's got like, I dunno, six or seven different roles or personas, you know, one is management, one is a network engineer, one's a coder, and it gives you an X and an O. And it says, okay, put the X on things that you spend your time doing, put the o on things that you wanna spend your time doing a across all different sort of activities that a SecOps pro would do. There's Xs and O's in every one of 'em. You know, to your point, there's so much overlap going on. This was really difficult to discern, you know, any kind of consistent pattern because it, it, it, unlike the hyper specialization and data pipelines that I just described, it, it's, it's not, it, it, there's way more overlap between those, those specialization roles. >>And there's a, there's a second challenge that, that I've observed and that we are, we've, we've been trying to solve this and now I'd say we've become, started to become a lot more purposeful in, in, in trying to solve this, which is, I believe cybersecurity, in order for cyber security vendors to become partners, we actually have to start to become more opinionated. We actually have to start, guys >>Are pretty opinionated. >>Well, yes, but, but the industry large. So yes, we're opinionated. We build these products, but that have, that have our, I'll call our opinions built into it, and then we, we sell the, the product and then, and then what happens? Customer says, great, thank you for the product. I'm going to deploy it however I want to, which is fine. Obviously it's their choice at the end of the day, but we actually should start to exert an opinion to say, well, here's what we would recommend, here's why we would recommend that. Here's how we envisioned it providing the most value to you. And actually starting to build that into the products themselves so that they start to guide the customer toward these outcomes as opposed to just saying, here's a product, good luck. >>What's, what's the customer lifecycle, not lifecycle, but really kind of that, that collaboration, like it's one thing to, to have products that you're saying that have opinions to be able to inform customers how to deploy, how to use, but where is their feedback in this cycle of product development? >>Oh, look, my, this, this is, this is my life. I'm, this is, this is why I'm here. This is like, you know, all day long I'm meeting with customers and, and I share what we're doing. But, but it's, it's a, it's a 50 50, I'm half the time I'm listening as well to understand what they're trying to do, what they're trying to accomplish, and how, what they need us to do better in order to help them solve the problem. So the, the, and, and so my entire organization is oriented around not just telling customers, here's what we did, but listening and understanding and bringing that feedback in and constantly making the products better. That's, that's the, the main way in which we do this. Now there's a second way, which is we also allow our products to be customized. You know, I can say, here's our best practices, we see it, but then allowing our customer to, to customize that and tailor it to their environment, because there are going to be uniquenesses for different customers in parti, we need more complex environments. Explain >>Why fire firewalls won't go away >>From your perspective. Oh, Nikesh actually did a great job of explaining this yesterday, and although he gave me credit for it, so this is like a, a circular kind of reference here. But if you think about the firewalls slightly more abstract, and you basically say a NextGen firewalls job is to inspect every connection in order to make sure the connection should be allowed. And then if it is allowed to make sure that it's secure, >>Which that is the definition of an NextGen firewall, by the way, exactly what I just said. Now what you noticed is, I didn't describe it as a hardware device, right? It can be delivered in hardware because there are environments where you need super high throughput, low latency, guess what? Hardware is the best way of delivering that functionality. There's other use cases cloud where you can't, you, you can't ship hardware to a cloud provider and say, can you install this hardware in front of my cloud? No, no, no. You deployed in a software. So you take that same functionality, you instantly in a software, then you have other use cases, branch offices, remote workforce, et cetera, where you say, actually, I just want it delivered from the cloud. This is what sassy is. So when I, when I look at and say, the firewall's not going away, what, what, what I see is the functionality needed is not only not going away, it's actually expanding. But how we deliver it is going to be across these three form factors. And then the customer's going to decide how they need to intermix these form factors for their environment. >>We put forth this notion of super cloud a while about a year ago. And the idea being you're gonna leverage the hyperscale infrastructure and you're gonna build a, a, you're gonna solve a common problem across clouds and even on-prem, super cloud above the cloud. Not Superman, but super as in Latin. But it turned into this sort of, you know, superlative, which is fun. But the, my, my question to you is, is, is, is Palo Alto essentially building a common cross-cloud on-prem, presumably out to the edge consistent experience that we would call a super cloud? >>Yeah, I don't know that we've ever used the term surfer cloud to describe it. Oh, you don't have to, but yeah. But yes, based on how you describe it, absolutely. And it has three main benefits that I describe to customers all the time. The first is the end user experience. So imagine your employee, and you might work from the office, you might work from home, you might work while from, from traveling and hotels and conferences. And, and by the way, in one day you might actually work from all of those places. So, so the first part is the end user experience becomes way better when it doesn't matter where they're working from. They always get the same experience, huge benefit from productivity perspective, no second benefit security operations. You think about the, the people who are actually administering these policies and analyzing the security events. >>Imagine how much better it is for them when it's all common and consistent across everywhere that has to happen. Cloud, on-prem branch, remote workforce, et cetera. So there's a operational benefit that is super valuable. Third, security benefit. Imagine if in this, this platform-based approach, if we come out with some new amazing innovation that is able to detect and block, you know, new types of attacks, guess what, we can deliver that across hardware, software, and sassi uniformly and keep it all up to date. So from a security perspective, way better than trying to figure out, okay, there's some new technology, you know, does my hardware provider have that technology or not? Does my soft provider? So it's bringing that in to one place. >>From a developer perspective, is there a, a, a PAs layer, forgive me super PAs, that a allows the developers to have a common experience across irrespective of physical location with the explicit purpose of serving the objective of your platform. >>So normally when I think of the context of developers, I'm thinking of the context of, of the people who are building the applications that are being deployed. And those applications may be deployed in a data center, increasing the data centers, depending private clouds might be deployed into, into public cloud. It might even be hybrid in nature. And so if you think about what the developer wants, the developer actually wants to not have to think about security, quite frankly. Yeah. They want to think about how do I develop the functionality I need as quickly as possible with the highest quality >>Possible, but they are being forced to think about it more and more. Well, but anyway, I didn't mean to >>Interrupt you. No, it's a, it is a good, it's a, it's, it's a great point. The >>Well we're trying to do is we're trying to enable our security capabilities to work in a way that actually enables what the developer wants that actually allows them to develop faster that actually allows them to focus on the things they want to focus. And, and the way we do that is by actually surfacing the security information that they need to know in the tools that they use as opposed to trying to bring them to our tools. So you think about this, so our customer is a security customer. Yet in the application development lifecycle, the developer is often the user. So we, we we're selling, we're so providing a solution to security and then we're enabling them to surface it in the developer tools. And by, by doing this, we actually make life easier for the developers such that they're not actually thinking about security so much as they're just saying, oh, I pulled down the wrong open source package, it's outdated, it has vulnerabilities. I was notified the second I did it, and I was told which one I should pull down. So I pulled down the right one. Now, if you're a developer, do you think that's security getting your way? Not at all. No. If you're a developer, you're thinking, thank god, thank you, thank, thank you. Yeah. You told me at a point where it was easy as opposed to waiting a week or two and then telling me where it's gonna be really hard to fix it. Yeah. Nothing >>More than, so maybe be talking to Terraform or some other hash corp, you know, environment. I got it. Okay. >>Absolutely. >>We're 30 seconds. We're almost out of time. Sure. But I'd love to get your snapshot. Here we are at the end of calendar 2022. What are you, we know you're optimistic in this threat landscape, which we're gonna see obviously more dynamics next year. What kind of nuggets can you drop about what we might hear and see in 23? >>You're gonna see across everything. We do a lot more focus on the use of AI and machine learning to drive automated outcomes for our customers. And you're gonna see us across everything we do. And that's going to be the big transformation. It'll be a multi-year transformation, but you're gonna see significant progress in the next 12 months. All >>Right, well >>What will be the sign of that progress? If I had to make a prediction, which >>I'm better security with less effort. >>Okay, great. I feel like that's, we can measure that. I >>Feel, I feel like that's a mic drop moment. Lee, it's been great having you on the program. Thank you for walking us through such great detail. What's going on in the organization, what you're doing for customers, where you're meeting, how you're meeting the developers, where they are. We'll have to have you back. There's just, just too much to unpack. Thank you both so much. Actually, our pleasure for Lee Cler and Dave Valante. I'm Lisa Martin. You're watching The Cube Live from Palo Alto Networks Ignite 22, the Cube, the leader in live, emerging and enterprise tech coverage.

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Hey guys, welcome back to the Cube, the leader in live enterprise and emerging tech coverage. We are live in Las Vegas at MGM Grand Hotel, Lisa Martin with Dave Valante, covering our first time covering Palo Alto Ignite. 22 in person. Dave, we've had some great conversations so far. We've got two days of wall to wall coverage. We're gonna be talking with Palo Alto execs, leaders, customers, partners, and we're gonna be talking about the partner ecosystem >>Next. Wow. Super important. You know, it's funny you talk about for a minute, you didn't know where we were. I, I came to Vegas in May. I feel like I never left two weeks ago reinvent, which was I, I thought the most awesome reinvent ever. And it was really all about the ecosystem and the marketplace. So super excited to have that >>Conversation. Yeah, we've got Wet Whit Krump joining us, director of America's business development worldwide channels and customer programs at AWS marketplace. Wet, welcome to the Cube. Great to have >>You. Thanks for having me. Give >>Us a, you got a big title there. Give us a little bit of flavor of your scope of work at aws. >>Yeah, sure. So I, I've been with the marketplace team now almost eight years and originally founded our channel programs. And my scope has expanded to not just cover channels, but all things related to customers. So if you think about marketplace having sort of two sides, one being very focused on the isv, I tend to manage all things related to our in customer and our, our channel partners. >>What are some of the feedback that you're getting from customers and channel partners as the marketplace has has evolved so much? >>Yeah. You know, it's, it's, it's been interesting to watch over the course of the years, getting to see it start its infancy and grow up. One of the things that we hear often from customers and from our channel partners, and maybe not so directly, is it's not about finding the things they necessarily want to buy, although that's important, but it's the actual act of how they're able to purchase things and making that a much more streamlined process, especially in large enterprises where there's a lot of complexity. We wanna make that a lot simple, simpler for our customers. >>I mean, vendor management is such a hassle, right? But, so when I come into the marketplace, it's all there. I gotta console, it's integrated, I choose what I want. The billing is simplified. How has that capability evolved since the time that you've been at aws and where do you, where do you want to take it? >>Yeah, so when we, we first started Marketplace, it was really a pay as you go model customer come, they buy whatever, you know, whatever the, the whatever the solution was. And then it was, you know, charged by the hour and then the year. And one of the things that we discovered through customer and partner feedback was especially when they're dealing with large enterprise purchases, you know, they want to be able to instantiate those custom price and terms, you know, into that contract while enjoying the benefits of, of marketplace. And that's been, I think the biggest evolution started in 2017 with private offers, 2018 with consulting partner private offers. And then we've added things on over time to streamline procurement for, for >>Customers. So one of the hottest topics right now, everybody wants to talk about the macro and the headwinds and everything else, but when you talk to customers like, look, I gotta do more with less, less, that's the big theme. Yeah. And, and I wanna optimize my spend. Cloud allows me to do that because I can dial down, I can push storage to, to lower tiers. There's a lot of different things that I can do. Yeah. What are the techniques that people are using in the ecosystem Yeah. To bring in the partner cost optimization. Yeah. >>And so one of the key things that, that partners are, are, are doing for customers, they act as that trusted advisor. And, you know, when using marketplace either directly or through a partner, you know, customers are able to really save money through a licensing flexibility. They're also able to streamline their procurement. And then if there's an at-risk spin situation, they're able to, to manage that at-risk spend by combining marketplace and AWS spin into into one, you know, basically draws down their commitments to, to the company. >>And we talk about ask at-risk spend, you might talk about user or lose IT type of spend, right? Yeah. And so you, you increase the optionality in terms of where you can get value from your cloud spend. That's >>All right. Customers are thinking about their, their IT spend more strategically now more than ever. And so they're not just thinking about how do I buy infrastructure here and then software here, data services, they wanna combine this into one place. It's a lot less to keep up with a lot, a lot less overhead for them. But also just the simplification that you alluded to earlier around, you know, all the billing and vendor management is, and now in one, one streamlined, one streamlined process. Talk >>About that as a facilitator of organizations being able to reduce their risk profile. >>Yeah, so, you know, one of the things that, that came out earlier this year with Forrester was a to were total economic impact studies for both an ISV and for the end customer. But there was also a thought leadership study done where they surveyed over 700 customers worldwide to sort of get their thoughts on procurement and risk profile management. And, and one of the things that was really, you know, really surprising was is was that, you know, I guess it was like over 78% of of respondents DEF stated that they didn't feel like their, their companies had a really well-defined governance model and that over half of software and data purchases actually went outside of procurement. And so the companies aren't really able to, don't, they don't really have eyes on all of this spin and it's substantial >>And that's a, a huge risk for the organization. >>Yeah. Huge risk for the organization. And, and you know, half of the respondents stated outright that like they viewed marketplaces a way for them to reduce their risk profile because they, they were able to have a better governance model around that. >>So what's the business case can take us through that. How, how should a customer think about that? So, okay, I get that the procurement department likes it and the CFO probably likes it, but how, what, what's the dynamic around the business? So if I'm a, let's say I'm, I'm a bus, I'm a business person, I'm a, and running the process, I got my little, I get my procurement reach around. Yeah. What does the data suggest that what's in it from me, right? From a company wide standpoint, you know, what are the, maybe the Forester guys address this. So yeah, that overall business case I think is important. >>Yeah, I think, I think one of the big headlines for the end customer is because of license flexibility is that is is about a 10% cost savings in, in license cost. They're able to right size their purchases to buy the things they actually need. They're not gonna have these big overarching ELAs. There's gonna be a lot of other things in there that, that they don't, they don't really aren't gonna really directly use. You're talking about shelfware, you know, that sort of the classic term buy something, it never gets used, you know, also from just a, a getting things done perspective, big piece of feedback from customers is the contracting process takes a long time. It takes several months, especially for a large purchase. And a lot of those discussions are very repetitive. You know, you're talking about the same things over and over again. And we actually built a feature called standardized contract where we talked to a number of customers and ISVs distilled a contract down into a, a largely a set of terms that both sides already agreed to. And it cuts that, that contract time down by 90%. So if you're a legal team in a company, there's only so many of you and you have a lot of things to get done. If you can shave 90% off your time, that that's, that's now you can now work on a lot of other things for the, the corporation. Right. >>A lot of business impact there. You think faster time to value, faster time to market workforce optimization. >>Yeah. Yeah. I mean, it, it, you know, from an ISV standpoint, the measurement is they're, they're able to close deals about 40% faster, which is great for the isv. I mean obviously they love that. But if you're a customer, you're actually getting the innovative technologies you need 40% faster. So you can actually do the work you want to take it to your customers and drive the business. >>You guys recently launched, what is it, vendor Insights? Yeah. Talk a little bit about that, the value. What are some of the things that you're seeing with that? >>Yeah, so that goes into the, the onboarding value add of marketplaces. The number of things that go into, to cutting that time according to Forrester by 75%. But Vendor Insights was based on a key piece, offa impact from customers. So, you know, marketplace is used for, one of the reasons is discoverability by customers, Hey, what is the broader landscape? Look for example of security or storage partners, you know, trying to, trying to understand what is even available. And then the double click is, alright, well how does that company, or how does that vendor fit into my risk profile? You know, understanding what their compliance metrics are, things of that nature. And so historically they would have to, a customer would've to go to an ISV and say, all right, I want you to fill out this form, you know that my questionnaire. And so they would trade this back and forth as they have questions. Now with vendor insights, a customer can actually subscribe to this and they're able to actually see the risk profile of that vendor from the inside out, you know, from the inside of their SaaS application, what does it look like on a real time basis? And they can go back and look at that whenever they want. And you know, the, the, the feedback since the launch has been fantastic. And that, and I think that helps us double down on the already the, the onboarding benefits that we are providing customers. >>This, this, I wanna come back to this idea of cost optimization and, and try to tie it into predictability. You know, a lot of people, you know, complain, oh, I got surprised at the end of the month. So if I understand it wit by, by leveraging the marketplace and the breadth that you have in the marketplace, I can say, okay, look, I'm gonna spend X amount on tech. Yeah. And, and this approach allows me to say, all right, because right now procurement or historically procurement's been a bunch of stove pipes, I can't take from here and easily put it over there. Right. You're saying that this not only addresses the sort of cost optimization, does it also address the predictability challenge? >>Yeah, and I, I think another way to describe that is, is around cost controls. And you know, just from a reporting perspective, you know, we, we have what are called cost utilization reports or curve files. And we provide those to customers anytime they want and they can load those into Tableau, use whatever analysis tools that they want to be able to use. And so, and then you can actually tag usage in those reports. And what we're really talking about is helping customers adopt thin op practices. So, you know, develop directly for the cloud customers are able to understand, okay, who's using what, when and where. So everyone's informed that creates a really collaborative environment. It also holds people accountable for their spin. So that, you know, again, talking about shelfware, we bought things we're not gonna use or we're overusing people are using software that they probably don't really need to. And so that's, that adds to that predictable is everyone has great visibility into what's happening. And there's >>Another, I mean, of course saving money is, is, is in vogue right now because you know, the headwinds and the economics, et cetera. But there's also another side of the equation, which is, I mean, I see this a lot. You know, the CFO says financial people, why is our cloud bill so high? Well it's because we're actually driving all this revenue. And so, you know, you've seen it so many so often in companies, you know, the, the spreadsheet analysis says, oh, cut that. Well, what happens to revenue if you cut that? Right? Yeah. So with that visibility, the answer may be, well actually if we double down on that, yeah, we're actually gonna make more money cuz we actually have a margin on this and it's, it's got operating leverage. So if we double that, you know, we could, so that kind of cross organization communication to make better decisions, I think is another key factor. Yeah. >>Huge impact there. Talk ultimately about how the buyer's journey seems to have been really transformed >>The >>Correct. Right? So if you're, if you're a buyer, you know, initially to your point is, you know, I'm just looking for a point solution, right? And then you move on to the next one and the next one. And now, you know, working with our teams and using the platform, you know, and frankly customers are thinking more strategically about their IT spend holistically. The conversations that we're having with us is, it's not about how do I find the solution today, but here's my forward looking software spend, or I'm going through a migration, I wanna rationalize the software portfolio I have today as I'm gonna lift and shift it to aws. You know, what is going to make the trip? What are we gonna discard entirely because it's not really optimized for the cloud. Or there's that shelf wheel component, which is, hey, you know, maybe 15 to 25% of my portfolio, it's just not even getting utilized. And that, and that's a sunk cost to your point, which is, you know, that's, that's money I could be using on something that really impacts the bottom line in various areas of the business. Right. >>What would you say is the number one request you get or feedback you get from the end customers? And how is that different from what you hear from the channel partners? How aligned or Yeah. Are those >>Vectors? I would say from a customer perspective, one of the key things I hear about is around visibility of spin, right? And I was just talking about these reports and you know, using cost optimization tools, being able to use features like identity and access management, managing entitlements, private marketplaces. Basically them being able to have a stronger governance model in the cloud. For one thing, it's, it's, you know, keeping everybody on track like some of the points I was talking about earlier, but also cost, cost optimization around, you know, limiting vendor sprawl. Are we actually really using all the things that we need? And then from a channel partner perspective, you know, some of the things I talked about earlier about that 40% faster sales cycle, you know, that that TEI or the total economic impact study that was done by Forrester was, was built for the isv. >>But if you're a channel partner sitting between the customer and the isv, you kind of get to, you get a little bit of the best of both worlds, right? You're acting as that, you're acting as that that advisor. And so if you're a channel partner, the procurement streamlining is a huge benefit because the, you know, like you said, saving money is in vogue right now. You're trying to do more with less. So if you're thinking about 20, 27% faster win rates, 40% faster time to close, and you're the customer who's trying to impact the bottom line by, by innovating more, more quickly, those two pieces of feedback are really coming together and meeting in, in the middle >>Throughout 2021, or sorry, 2022, our survey partner, etr Enterprise Technology Research has asked their panel a question is what's your strategy for, you know, doing more with less? By far the number one response has been consolidating redundant vendors. Yes. And then optimizing cloud was, you know, second, but, but way, way lower than that. The number from last survey went from 34%. It's now up to 44% in the January survey, which is in the field, which they gave me a glimpse to last night. So you're seeing dramatic uptick Yeah. In that point. Yeah. And then you guys are helping, >>We, we definitely are. I mean, it, there's the reporting piece so they have a better visibility of what they're doing. And then you think about a, a feature like private marketplace and manage entitlements. So private marketplace enables a customer to create their own private marketplace as the name states where they can limit access to it for certain types of software to the actual in customer who needs to use that software. And so, you know, not everybody needs a license to software X, right? And so that helps with the sprawl comment to your point, that's, that's on the increase, right? Am I actually spending money on things that we need to use? >>But also on the consolidation front, you, we, we talked with nikesh an hour or so ago, he was mentioning on stage, if you, if you just think of this number of security tools or cybersecurity tools that an organization has on its network, 30 to 50. And we were talking about, well, how does Palo Alto Networks what's realistic in terms of consolidation? But it sounds like what you're doing in the marketplace is giving organizations the visibility, correct, for sure. Into what they're running, usage spend, et cetera, to help facilitate ultimately at some point facilitate a strategic consolidation. >>It's, that's exactly right. And if you, you think about cost optimization, our procurement features, you know, the, the practice that we're trying to help customers around, around finops, it's all about helping customers build a, a modern procurement practice and supply chain. And so that helps with, with that point exactly. The keynotes >>Point. Exactly. So last question for you. What, what's next? What can we expect? >>Oh, so what's next for me is, you know, I, I really want to, you know, my channel business for example, you know, I want to think about enabling new types of partners. So if we've worked really heavily with resellers, we worked very heavily with Palo Alto on the reseller community, how are we bringing in more services partners of various types? You know, the gsi, the distributors, cloud service providers, managed security service providers was in a keynote yesterday listening to Palo Alto talk about their five routes to market. And, you know, they had these bubbles. And so I was like, gosh, that's exactly how I'm thinking about the business is how am I expanding my own footprint to customers that have deeper, I mean, excuse me, to partners that have deeper levels of cloud knowledge, can be more of that advisor, help customers really understand how to maximize their business on aws. And, and you know, my job is to really help facilitate that, that innovative technology through those partners. >>So sounds like powerful force, that ecosystem. Exactly. Great alignment. AWS and Palo Alto, thank you so much for joining us with, we >>Appreciate, thanks for having >>With what's going on at aws, the partner network, the mp, and all that good stuff. That's really the value in it for customers, ISVs and channel partners. I like. We appreciate your insights. >>Thank you. Thanks for having me. Thank you. >>Our guests and Dave Valante. I'm Lisa Martin. You're watching the Cube Lee Leer in live enterprise and emerging tech coverage.

>> From "theCube" Studios in Palo Alto in Boston bringing you data-driven insights from "theCube" and ETR. This is "Breaking Analysis" with Dave Vellante. >> As an independent pure play company, Palo Alto Networks has earned its status as the leader in security. You can measure this in a variety of ways. Revenue, market cap, execution, ethos, and most importantly, conversations with customers generally. In CISO specifically, who consistently affirm this position. The company's on track to double its revenues in fiscal year 23 relative to fiscal year 2020. Despite macro headwinds, which are likely to carry through next year, Palo Alto owes its position to a clarity of vision and strong execution on a TAM expansion strategy through acquisitions and integration into its cloud and SaaS offerings. Hello and welcome to this week's "Wikibon Cube Insights" powered by ETR and this breaking analysis and ahead of Palo Alto Ignite the company's user conference, we bring you the next chapter on top of the last week's cybersecurity update. We're going to dig into the ETR data on Palo Alto Networks as we promised and provide a glimpse of what we're going to look for at "Ignite" and posit what Palo Alto needs to do to stay on top of the hill. Now, the challenges for cybersecurity professionals. Dead simple to understand. Solving it, not so much. This is a taxonomic eye test, if you will, from Optiv. It's one of our favorite artifacts to make the point the cybersecurity landscape is a mosaic of stovepipes. Security professionals have to work with dozens of tools many legacy combined with shiny new toys to try and keep up with the relentless pace of innovation catalyzed by the incredibly capable well-funded and motivated adversaries. Cybersecurity is an anomalous market in that the leaders have low single digit market shares. Think about that. Cisco at one point held 60% market share in the networking business and it's still deep into the 40s. Oracle captures around 30% of database market revenue. EMC and storage at its peak had more than 30% of that market. Even Dell's PC market shares, you know, in the mid 20s or even over that from a revenue standpoint. So cybersecurity from a market share standpoint is even more fragmented perhaps than the software industry. Okay, you get the point. So despite its position as the number one player Palo Alto might have maybe three maybe 4% of the total market, depending on what you use as your denominator, but just a tiny slice. So how is it that we can sit here and declare Palo Alto as the undisputed leader? Well, we probably wouldn't go that far. They probably have quite a bit of competition. But this CISO from a recent ETR round table discussion with our friend Eric Bradley, summed up Palo Alto's allure. We thought pretty well. The question was why Palo Alto Networks? Here's the answer. Because of its completeness as a platform, its ability to integrate with its own products or they acquire, integrate then rebrand them as their own. We've looked at other vendors we just didn't think they were as mature and we already had implemented some of the Palo Alto tools like the firewalls and stuff and we thought why not go holistically with the vendor a single throat to choke, if you will, if stuff goes wrong. And I think that was probably the primary driver and familiarity with the tools and the resources that they provided. Now here's another stat from ETR's Eric Bradley. He gave us a glimpse of the January survey that's in the field now. The percent of IT buyers stating that they plan to consolidate redundant vendors, it went from 34% in the October survey and now stands at 44%. So we fo we feel this bodes well for consolidators like Palo Alto networks. And the same is true from Microsoft's kind of good enough approach. It should also be true for CrowdStrike although last quarter we saw softness reported on in their SMB market, whereas interestingly MongoDB actually saw consistent strength from its SMB and its self-serve. So that's something that we're watching very closely. Now, Palo Alto Networks has held up better than most of its peers in the stock market. So let's take a look at that real quick. This chart gives you a sense of how well. It's a one year comparison of Palo Alto with the bug ETF. That's the cyber basket that we like to compare often CrowdStrike, Zscaler, and Okta. Now remember Palo Alto, they didn't run up as much as CrowdStrike, ZS and Okta during the pandemic but you can see it's now down unquote only 9% for the year. Whereas the cyber basket ETF is off 27% roughly in line with the NASDAQ. We're not showing that CrowdStrike down 44%, Zscaler down 61% and Okta off a whopping 72% in the past 12 months. Now as we've indicated, Palo Alto is making a strong case for consolidating point tools and we think it will have a much harder time getting customers to switch off of big platforms like Cisco who's another leader in network security. But based on the fragmentation in the market there's plenty of room to grow in our view. We asked breaking analysis contributor Chip Simington for his take on the technicals of the stock and he said that despite Palo Alto's leadership position it doesn't seem to make much difference these days. It's all about interest rates. And even though this name has performed better than its peers, it looks like the stock wants to keep testing its 52 week lows, but he thinks Palo Alto got oversold during the last big selloff. And the fact that the company's free cash flow is so strong probably keeps it at the one 50 level or above maybe bouncing around there for a while. If it breaks through that under to the downside it's ne next test is at that low of around one 40 level. So thanks for that, Chip. Now having get that out of the way as we said on the previous chart Palo Alto has strong opinions, it's founder and CTO, Nir Zuk, is extremely clear on that point of view. So let's take a look at how Palo Alto got to where it is today and how we think you should think about his future. The company was founded around 18 years ago as a network security company focused on what they called NextGen firewalls. Now, what Palo Alto did was different. They didn't try to stuff a bunch of functionality inside of a hardware box. Rather they layered network security functions on top of its firewalls and delivered value as a service through software running at the time in its own cloud. So pretty obvious today, but forward thinking for the time and now they've moved to a more true cloud native platform and much more activity in the public cloud. In February, 2020, right before the pandemic we reported on the divergence in market values between Palo Alto and Fort Net and we cited some challenges that Palo Alto was happening having transitioning to a cloud native model. And at the time we said we were confident that Palo Alto would make it through the knot hole. And you could see from the previous chart that it has. So the company's architectural approach was to do the heavy lifting in the cloud. And this eliminates the need for customers to deploy sensors on prem or proxies on prem or sandboxes on prem sandboxes, you know for instance are vulnerable to overwhelming attacks. Think about it, if you're a sandbox is on prem you're not going to be updating that every day. No way. You're probably not going to updated even every week or every month. And if the capacity of your sandbox is let's say 20,000 files an hour you know a hacker's just going to turn up the volume, it'll overwhelm you. They'll send a hundred thousand emails attachments into your sandbox and they'll choke you out and then they'll have the run of the house while you're trying to recover. Now the cloud doesn't completely prevent that but what it does, it definitely increases the hacker's cost. So they're going to probably hit some easier targets and that's kind of the objective of security firms. You know, increase the denominator on the ROI. All right, the next thing that Palo Alto did is start acquiring aggressively, I think we counted 17 or 18 acquisitions to expand the TAM beyond network security into endpoint CASB, PaaS security, IaaS security, container security, serverless security, incident response, SD WAN, CICD pipeline security, attack service management, supply chain security. Just recently with the acquisition of Cider Security and Palo Alto by all accounts takes the time to integrate into its cloud and SaaS platform called Prisma. Unlike many acquisitive companies in the past EMC was a really good example where you ended up with a kind of a Franken portfolio. Now all this leads us to believe that Palo Alto wants to be the consolidator and is in a good position to do so. But beyond that, as multi-cloud becomes more prevalent and more of a strategy customers tell us they want a consistent experience across clouds. And is going to be the same by the way with IoT. So of the next wave here. Customers don't want another stove pipe. So we think Palo Alto is in a good position to build what we call the security super cloud that layer above the clouds that brings a common experience for devs and operational teams. So of course the obvious question is this, can Palo Alto networks continue on this path of acquire and integrate and still maintain best of breed status? Can it? Will it? Does it even have to? As Holger Mueller of Constellation Research and I talk about all the time integrated suites seem to always beat best of breed in the long run. We'll come back to that. Now, this next graphic that we're going to show you underscores this question about portfolio. Here's a picture and I don't expect you to digest it all but it's a screen grab of Palo Alto's product and solutions portfolios, network cloud, network security rather, cloud security, Sassy, CNAP, endpoint unit 42 which is their threat intelligence platform and every imaginable security service and solution for customers. Well, maybe not every, I'm sure there's more to come like supply chain with the recent Cider acquisition and maybe more IoT beyond ZingBox and earlier acquisition but we're sure there will be more in the future both organic and inorganic. Okay, let's bring in more of the ETR survey data. For those of you who don't know ETR, they are the number one enterprise data platform surveying thousands of end customers every quarter with additional drill down surveys and customer round tables just an awesome SaaS enabled platform. And here's a view that shows net score or spending momentum on the vertical axis in provision or presence within the ETR data set on the horizontal axis. You see that red dotted line at 40%. Anything at or over that indicates a highly elevated net score. And as you can see Palo Alto is right on that line just under. And I'll give you another glimpse it looks like Palo Alto despite the macro may even just edge up a bit in the next survey based on the glimpse that Eric gave us. Now those colored bars in the bottom right corner they show the breakdown of Palo Alto's net score and underscore the methodology that ETR uses. The lime green is new customer adoptions, that's 7%. The forest green at 38% represents the percent of customers that are spending 6% or more on Palo Alto solutions. The gray is at that 40 or 8% that's flat spending plus or minus 5%. The pinkish at 5% is spending is down on Palo Alto network products by 6% or worse. And the bright red at only 2% is churn or defections. Very low single digit numbers for Palo Alto, that's a real positive. What you do is you subtract the red from the green and you get a net score of 38% which is very good for a company of Palo Alto size. And we'll note this is based on just under 400 responses in the ETR survey that are Palo Alto customers out of around 1300 in the total survey. It's a really good representation of Palo Alto. And you can see the other leading companies like CrowdStrike, Okta, Zscaler, Forte, Cisco they loom large with similar aspirations. Well maybe not so much Okta. They don't necessarily rule want to rule the world. They want to rule identity and of course the ever ubiquitous Microsoft in the upper right. Now drilling deeper into the ETR data, let's look at how Palo Alto has progressed over the last three surveys in terms of market presence in the survey. This view of the data shows provision in the data going back to October, 2021, that's the gray bars. The blue is July 22 and the yellow is the latest survey from October, 2022. Remember, the January survey is currently in the field. Now the leftmost set of data there show size a company. The middle set of data shows the industry for a select number of industries in the right most shows, geographic region. Notice anything, yes, Palo Alto up across the board relative to both this past summer and last fall. So that's pretty impressive. Palo Alto network CEO, Nikesh Aurora, stressed on the last earnings call that the company is seeing somewhat elongated deal approvals and sometimes splitting up size of deals. He's stressed that certain industries like energy, government and financial services continue to spend. But we would expect even a pullback there as companies get more conservative. But the point is that Nikesh talked about how they're hiring more sales pros to work the pipeline because they understand that they have to work harder to pull deals forward 'cause they got to get more approvals and they got to increase the volume that's coming through the pipeline to account for the possibility that certain companies are going to split up the deals, you know, large deals they want to split into to smaller bite size chunks. So they're really going hard after they go to market expansion to account for that. All right, so we're going to wrap by sharing what we expect and what we're going to probe for at Palo Alto Ignite next week, Lisa Martin and I will be hosting "theCube" and here's what we'll be looking for. First, it's a four day event at the MGM with the meat of the program on days two and three. That's day two was the big keynote. That's when we'll start our broadcasting, we're going for two days. Now our understanding is we've never done Palo Alto Ignite before but our understanding it's a pretty technically oriented crowd that's going to be eager to hear what CTO and founder Nir Zuk has to say. And as well CEO Nikesh Aurora and as in addition to longtime friend of "theCube" and current president, BJ Jenkins, he's going to be speaking. Wendy Whitmore runs Unit 42 and is going to be several other high profile Palo Alto execs, as well, Thomas Kurian from Google is a featured speaker. Lee Claridge, who is Palo Alto's, chief product officer we think is going to be giving the audience heavy doses of Prisma Cloud and Cortex enhancements. Now, Cortex, you might remember, came from an acquisition and does threat detection and attack surface management. And we're going to hear a lot about we think about security automation. So we'll be listening for how Cortex has been integrated and what kind of uptake that it's getting. We've done some, you know, modeling in from the ETR. Guys have done some modeling of cortex, you know looks like it's got a lot of upside and through the Palo Alto go to market machine, you know could really pick up momentum. That's something that we'll be probing for. Now, one of the other things that we'll be watching is pricing. We want to talk to customers about their spend optimization, their spending patterns, their vendor consolidation strategies. Look, Palo Alto is a premium offering. It charges for value. It's expensive. So we also want to understand what kind of switching costs are customers willing to absorb and how onerous they are and what's the business case look like? How are they thinking about that business case. We also want to understand and really probe on how will Palo Alto maintain best of breed as it continues to acquire and integrate to expand its TAM and appeal as that one-stop shop. You know, can it do that as we talked about before. And will it do that? There's also an interesting tension going on sort of changing subjects here in security. There's a guy named Edward Hellekey who's been in "theCube" before. He hasn't been in "theCube" in a while but he's a security pro who has educated us on the nuances of protecting data privacy, public policy, how it varies by region and how complicated it is relative to security. Because securities you technically you have to show a chain of custody that proves unequivocally, for example that data has been deleted or scrubbed or that metadata does. It doesn't include any residual private data that violates the laws, the local laws. And the tension is this, you need good data and lots of it to have good security, really the more the better. But government policy is often at odds in a major blocker to sharing data and it's getting more so. So we want to understand this tension and how companies like Palo Alto are dealing with it. Our customers testing public policy in courts we think not quite yet, our government's making exceptions and policies like GDPR that favor security over data privacy. What are the trade-offs there? And finally, one theme of this breaking analysis is what does Palo Alto have to do to stay on top? And we would sum it up with three words. Ecosystem, ecosystem, ecosystem. And we said this at CrowdStrike Falcon in September that the one concern we had was the pace of ecosystem development for CrowdStrike. Is collaboration possible with competitors? Is being adopted aggressively? Is Palo Alto being adopted aggressively by global system integrators? What's the uptake there? What about developers? Look, the hallmark of a cloud company which Palo Alto is a cloud security company is a thriving ecosystem that has entries into and exits from its platform. So we'll be looking at what that ecosystem looks like how vibrant and inclusive it is where the public clouds fit and whether Palo Alto Networks can really become the security super cloud. Okay, that's a wrap stop by next week. If you're in Vegas, say hello to "theCube" team. We have an unbelievable lineup on the program. Now if you're not there, check out our coverage on theCube.net. I want to thank Eric Bradley for sharing a glimpse on short notice of the upcoming survey from ETR and his thoughts. And as always, thanks to Chip Symington for his sharp comments. Want to thank Alex Morrison, who's on production and manages the podcast Ken Schiffman as well in our Boston studio, Kristen Martin and Cheryl Knight they help get the word out on social and of course in our newsletters, Rob Hoof, is our editor in chief over at Silicon Angle who does some awesome editing, thank you to all. Remember all these episodes they're available as podcasts. Wherever you listen, all you got to do is search "Breaking Analysis" podcasts. I publish each week on wikibon.com and silicon angle.com where you can email me at david.valante@siliconangle.com or dm me at D Valante or comment on our LinkedIn post. And please do check out etr.ai. They've got the best survey data in the enterprise tech business. This is Dave Valante for "theCube" Insights powered by ETR. Thanks for watching. We'll see you next week on "Ignite" or next time on "Breaking Analysis". (upbeat music)

>>Partnerships in the technology business, they take many forms. For example, technology engineering partnerships, they drive value in terms of things like integration and simplification for customers. There are product partnerships. They fill gaps to create more comprehensive portfolios and more fluid relationships. Partner ecosystems offer high touch services. They offer managed services, specialty services, and other types of value based off of strong customer knowledge and years of built up trust partner. Ecosystems have evolved quite dramatically over the last decade with the explosion of data and the popularity of cloud models. Public, private, hybrid cross clouds. You know, yes it's true. Partnerships are about selling solutions, but they're also about building long term sustainable trust, where a seller learns the ins and outs of a customer's organization and can anticipate needs that are gonna drive bottom line profits for both sides of the equation, the buyer and the seller. >>Hello and welcome to our program. My name is Dave Ante and along with Lisa Martin, we're going to explore how Hitachi Van Tara drives customer success with its partners. First up, Lisa speaks with Kim King. She's the senior vice president of Strategic Partners and Alliances at Hitachi Van. And they'll set the table for us with an overview of how Hitachi is working with partners and where their priorities are focused. Then Russell Kingsley, he's the CTO and global VP of Technical sales at Hitachi Van Tara. He joins Lisa for a discussion of the tech and they're gonna get into cloud generally and hybrid cloud specifically in the role that partners play in the growing as a service movement. Now, after that I'll talk with Tom Christensen, he's the global technology advisor and executive analyst at Hitachi Vitara. And we're gonna talk about a really important topic, sustainability. We're gonna discuss where it came from, why it matters, and how it can drive bottom line profitability for both customers and partners. Let's get right to it. >>Where for the data driven, for those who understand clarity is currency. Believe progress requires precision and no neutral is not an option. We're for the data driven. The ones who can't tolerate failure, who won't put up with downtime or allow access to just anyone. We're for the data driven who act on insight instead of instinct. Bank on privacy instead of probabilities and rely on resilience instead of reaction. We see ourselves in the obsessive, the incessant, progressive, and the meticulously engineered. We enable the incredible identify with the analytical and are synonymous with the mission critical. We know what it means to be data driven because data is in our dna. We were born industrial and and we breathe digital. We speak predictive analytics so you can keep supply chains moving. We bleed in store and online insights so you can accurately predict customer preferences. We sweat security and digital privacy so you can turn complex regulations into competitive advantage. We break down barriers and eliminate silos. So you can go from data rich to data driven because it's clear the future belongs to the data driven. >>Hey everyone, welcome to this conversation. Lisa Martin here with Kim King, the SVP of Strategic Partners and Alliances at Hitachi Ventera. Kim, it's great to have you on the program. Thank you so much for joining me today. >>Thanks Lisa. It's great to be here. >>Let's talk about, so as we know, we talk about cloud all the time, the landscape, the cloud infrastructure landscape increasingly getting more and more complex. What are some of the biggest challenges and pain points that you're hearing from customers today? >>Yeah, so lot. There are lots, but I would say the, the few that we hear consistently are cost the complexity, right? Really the complexity of where do they go, how do they do it, and then availability. They have a lot of available options, but again, going back to complexity and cost, where do they think that they should move and how, how do they make that a successful move to the cloud? >>So talk to me, Hitachi Ventura has a great partner ecosystem. Where do partners play a role in helping customers to address some of the challenges with respect to the cloud landscape? >>Yeah, so part, our partners are really leading the way in the area of cloud in terms of helping customers understand the complexities of the cloud. As we talked about, they're truly the trusted advisor. So when they look at a customer's complete infrastructure, what are the workloads, what are the CRI critical applications that they work with? What's the unique architecture that they have to drive with that customer for a successful outcome and help them architect that? And so partners are truly leading the way across the board, understanding the complexities of each individual customer and then helping them make the right decisions with and for them. And then bringing us along as part of that, >>Talk to me a little bit about the partner landscape, the partner ecosystem at Hitachi Ventura. How does this fit into the overall strategy for the company? >>So we really look at our ecosystem as an extension of our sales organization and and really extension across the board, I would say our goal is to marry the right customer with the right partner and help them achieve their goals, ensure that they keep costs in check, that they ensure they don't have any security concerns, and that they have availability for the solutions and applications that they're trying to move to the cloud, which is most important. So we really, we really look at our ecosystem as a specialty ecosystem that adds high value for the right customers. >>So Kim, talk to me about how partners fit into Hitachi van's overall strategy. >>So I think our biggest differentiators with partners is that they're not just another number. Our partner organization is that valued extension of our overall sales pre-sales services organization. And we treat them like an extension of our organization. It's funny because I was just on a call with an analyst earlier this week and they said that AWS has increased their number of partners to 150,000 partners from, it was just under a hundred thousand. And I'm really not sure how you provide quality engagement to partners, right? And is how is that really a sustainable strategy? So for us, we look at trusted engagement across the ecosystem as a def differentiation. Really our goal is to make their life simple and profitable and really become their primary trusted partner when we go to market with them. And we see that paying dividends with our partners as they engage with us and as they expand and grow across the segments and then grow globally with us as well. >>And that's key, right? That synergistic approach when you're in customer conversations, what do you articulate as the key competitive differentiators where it relates to your partners? >>So really the, that they're the trusted advisor for that partner, right? That they understand our solutions better than any solution out there. And because we're not trying to be all things to our customers and our partners that we being bring best breaths of breed, best of breed solutions to our customers through our partner community, they can truly provide that end user experience and the successful outcome that's needed without, you know, sort of all kinds of, you know, crazy cha challenges, right? When you look at it, they really wanna make sure that they're driving that co-developed solution and the successful outcome for that customer. >>So then how do you feel that Hitachi Ventura helps partners really to grow and expand their own business? >>Wow, so that's, there's tons of ways, but we've, we've created a very simplified, what we call digital selling platform. And in that digital selling platform, we have allowed our partners to choose their own price and pre-approve their pricing and their promotions. They've actually, we've expanded the way we go to market with our partners from a sort of a technical capabilities. We give them online what we call Hitachi online labs that allow them to really leverage all of the solutions and demo systems out there today. And they have complete access to any one of our resources, product management. And so we really have, like I said, we actually provide our partners with better tools and resources sometimes than we do our own sales and pre-sales organization. So we, we look at them as, because they have so many other solutions out there that we have to be one step ahead of everybody else to give them that solution capability and the expertise that they need for their customers. >>So if you dig in, where is it that Hiti is helping partners succeed with your portfolio? >>Wow. So I think just across the board, I think we're really driving that profitable, trusted, and simplified engagement with our partner community because it's a value base and ease of doing business. I say that we allow them to scale and drive that sort of double digit growth through all of the solutions and and offerings that we have today. And because we've taken the approach of a very complex technical sort of infrastructure from a high end perspective and scale it all the way through to our mid-size enterprise, that allows them to really enter any customer at any vertical and provide them a really quality solution with that 100% data availability guarantee that we provide all of our customers. >>So then if we look at the overall sales cycle and the engagement, where is it that you're helping cus your partners rather succeed with the portfolio? >>Say that again? Sorry, my brain broke. No, >>No worries. So if we look at the overall sales cycle, where is it specifically where you're helping customers to succeed with the portfolio? >>So from the sales cycle, I think because we have the, a solution that is simple, easy, and really scaled for the type of customer that we have out there, it allows them to basically right size their infrastructure based on the application, the workload, the quality or the need that application may have and ensure that we provide them with that best solution. >>So then from a partner's perspective, how is it that Hitachi van is helping them to actually close deals faster? >>Yeah, so lots of great ways I think between our pre-sales organization that's on call and available a hundred percent of the time, I think that we've seen, again, the trusted engagement with them from a pricing and packaging perspective. You know, we, you know, two years ago it would take them two to three weeks to get a pre-approved quote where today they preapproved their own quotes in less than an hour and can have that in the hands of a customer. So we've seen that the ability for our partners to create and close orders in very short periods of time and actually get to the customer's needs very quickly, >>So dramatically faster. Yes. Talk about overall, so the partner relationship's quite strong, very synergistic that, that Hitachi Ventura has with its customers. Let's kind of step back out and look at the cloud infrastructure. How do you see it evolving the market evolving overall in say the next six months, 12 months? >>Yeah, so we see it significantly, we've been doing a lot of studies around this specifically. So we have a couple of different teams. We have our sort of our standard partner team that's out there and now we have a specialty cloud service provider team that really focuses on partners that are building and their own infrastructure or leveraging the infrastructure of a large hyperscaler or another GSI and selling that out. And then what we found is when we dig down deeper into our standard sort of partner reseller or value added reseller market, what we're seeing is that they are want to have the capability to resell the solution, but they don't necessarily wanna have to own and manage the infrastructure themselves. So we're helping both of them through that transition. We see that it's gonna, so it's funny cuz you're seeing a combination of many customers move to really the hyperscale or public cloud and many of them want to repatriate their infrastructure back because they see costs and they see challenges around all of that. And so our partners are helping them understand, again, what is the best solution for them as opposed to let's just throw everything in the public cloud and hope that it works. We're we're really helping them make the right choices and decisions and we're putting the right partners together to make that happen. >>And how was that feedback, that data helping you to really grow and expand the partner program as a whole? >>Yeah, so it's been fantastic. We have a whole methodology that we, we created, which is called PDM plan, develop monetize with partners. And so we went specifically to market with cloud service providers that'll, and we really tested this out with them. We didn't just take a solution and say, here, go sell it, good luck and have, you know, have a nice day. Many vendors are doing that to their partners and the partners are struggling to monetize those solutions. So we spend a lot of time upfront planning with them what is not only the storage infrastructure but your potentially your data resiliency and, and everything else that you're looking at your security solutions. How do we package those all together? How do we help you monetize them? And then who do you target from a customer perspective so that they've built up a pipeline of opportunities that they can go and work with us on and we really sit side by side with them in a co-development environment. >>In terms of that side by side relationship, how does the partner ecosystem play a role in Hitachi Venturas as a service business? >>So our primary go to market with our, as a service business is with and through partners. So our goal is to drive all, almost all of of our as a service. Unless it's super highly complex and something that a partner cannot support, we will make sure that they really, we leverage that with them with all of our partners. >>So strong partner relationships, very strong partner ecosystem. What would you say, Kim, are the priorities for the partner ecosystem going forward? The next say year? >>Yeah, so we have tons of priorities, right? I think really it's double digit growth for them and for us and understanding how a simpler approach that's customized for the specific vertical or customer base or go to market that they have that helps them quickly navigate to be successful. Our goal is always to facilitate trusted engagements with our partners, right? And then really, as I said, directionally our goal is to be 95 to a hundred percent of all of our business through partners, which helps customers and then really use that trusted advisor status they have to provide that value base to the customer. And then going back on our core tenants, which are, you know, really a trusted, simplified, profitable engagement with our partner community that allows them to really drive successful outcomes and go to market with us. And the end users >>Trust is such an important word, we can't underutilize it in these conversations. Last question. Sure. From a channel business perspective, what are some of the priorities coming down the pi? >>Oh, again, my biggest priority right, is always to increase the number of partner success stories that we have and increase the value to our partners. So we really dig in, we, we right now sit about number one or number two in, in our space with our partners in ease of doing business and value to our channel community. We wanna be number one across the board, right? Our goal is to make sure that our partner community is successful and that they really have those profitable engagements and that we're globally working with them to drive that engagement and, and help them build more profitable businesses. And so we just take tons of feedback from our partners regularly to help them understand, but we, we act on it very quickly so that we can make sure we incorporate that into our new program and our go to markets as we roll out every year. >>It sounds like a great flywheel of communications from the partners. Kim, thank you so much for joining me today talking about what Hitachi Vanta is doing with its partner ecosystem, the value in IT for customers. We appreciate your insights. >>Thank you very much. >>Up next, Russell Kingsley joins me, TTO and global VP of technical sales at Hitachi van you watch in the cube, the leader in live tech coverage. Hey everyone, welcome back to our conversation with Hitachi van Tara, Lisa Martin here with Russell Skillings Lee, the CTO and global VP of technical sales at Hitachi Van Russell. Welcome to the program. >>Hi Lisa, nice to be here. >>Yeah, great to have you. So here we are, the end of calendar year 2022. What are some of the things that you're hearing out in the field in terms of customers priorities for 2023? >>Yeah, good one. Just to, to set the scene here, we tend to deal with enterprises that have mission critical IT environments and this has been been our heritage and continues to be our major strength. So just to set the scene here, that's the type of customers predominantly I'd be hearing from. And so that's what you're gonna hear about here. Now, in terms of 20 23, 1 of the, the macro concerns that's hitting almost all of our customers right now, as you can probably appreciate is power consumption. And closely related to that is the whole area of ESG and decarbonization and all of that sort of thing. And I'm not gonna spend a lot of time on that one because that would be a whole session in itself really, but sufficient to say it is a priority for us and we, we are very active in, in that area. >>So aside from from that one that that big one, there's also a couple that are pretty much in common for most of our customers and, and we're in areas that we can help. One of those is in an exponential growth of the amount of data. It's, it's predicted that the world's data is going to triple by 2025 as opposed to where it was in 2020. And I think everyone's contributing to that, including a lot of our customers. So just the, the act of managing that amount of data is, is a challenge in itself. And I think closely related to that, a desire to use that data better to be able to gain more business insights and potentially create new business outcomes and business ideas are, is another one of those big challenges in, in that sense, I think a lot of our customers are in what I would kind of call, I affectionately call the, the post Facebook awakening era. >>And that, and what I mean by that is our traditional businesses, you know, when Facebook came along, they kind of illustrated, hey, I can actually make some use out of what is seemingly an enormous amount of useless data, which is exactly what Facebook did. They took a whole lot of people's Yeah. The minutia of people's lives and turned it into, you know, advertising revenue by gaining insights from, from those, you know, sort of seemingly useless bits of data and, you know, right. And I think this actually gave rise to a lot of digital business at that time. You know, the, this whole idea of what all you really need to be successful and disrupt the business is, you know, a great idea, you know, an app and a whole bunch of data to, to power it. And I think that a lot of our traditional customers are looking at this and wondering how do they get into the act? Because they've been collecting data for decades, an enormous amount of data, right? >>Yes. I mean, every company these days has to be a data company, but to your point, they've gotta be able to extract those insights, monetize it, and create real value new opportunities for the business at record speed. >>Yes, that's exactly right. And so being able to, to wield that data somehow turn it, it kind of turns out our customer's attentions to the type of infrastructure they've got as well. I mean, if you think about those, those companies that have been really successful in leveraging that data, a lot of them have, especially in the early days, leverage the cloud to be able to build out their capabilities. And, and the reason why the cloud became such a pivotal part of that is because it offered self-service. IT and, you know, easy development platforms to those people that had these great ideas. All they needed was access to, to, you know, the provider's website and a credit card. And now all of a sudden they could start to build a business from that. And I think a lot of our traditional IT customers are looking at this and thinking, now how do I build a similar sort of infrastructure? How do I, how do I provide that kind of self-service capability to the owners of business inside my company rather than the IT company sort of being a gatekeeper to a selected set of software packages. How now do I provide this development platform for those internal users? And I think this, this is why really hybrid cloud has become the defacto IT sort of architectural standard, even even for quite traditional, you know, IT companies. >>So when it comes to hybrid cloud, what are some of the challenges the customers are facing? And then I know Hitachi has a great partner ecosystem. How are partners helping Hitachi Ventura and its customers to eliminate or solve some of those hybrid cloud challenges? >>Yeah, it's, it, it's a great question and you know, it's, it's not 1975 anymore. It's not, it's not like you're going to get all of your IT needs from, from one, from one vendor hybrid by sort of, it's, you know, by definition is going to involve multiple pieces. And so there basically is no hybrid at all without a partner ecosystem. You really can't get everything at, at a one stop shop like you used to. But even if you think about the biggest public cloud provider on the planet, aws even, it has a marketplace for partner solutions. So, so even they see, even for customers that might consider themselves to be all in on public cloud, they are still going to need other pieces, which is where their marketplace come comes in. Now for, for us, you know, we are, we're a company that, we've been in the IT business for over 60 years, one of one of the few that could claim that sort of heritage. >>And you know, we've seen a lot of this type of change ourselves, this change of attitude from being able to provide everything yourself to being someone who contributes to an overall ecosystem. So partners are absolutely essential. And so now we kind of have a, a partner first philosophy when it comes to our routes to market on, you know, not just our own products in terms of, you know, a resale channel or whatever, but also making sure that we are working with some of the biggest players in hybrid infrastructure and determining where we can add value to that in our, in our own solutions. And so, you know, when it comes to those, those partner ecosystems, we're always looking for the spaces where we can best add our own capability to those prevailing IT architectures that are successful in the marketplace. And, you know, I think that it's probably fair to say, you know, for us, first and foremost, we, we have a reputation for having the biggest, most reliable storage infrastructure available on the planet. >>And, and we make no apologies for the fact that we tout our speeds and feeds and uptime supremacy. You know, a lot of our, a lot of our competitors would suggest that, hey, speeds and feeds don't matter. But you know, that's kind of what you say when, when you're not the fastest or not the most reliable, you know, of course they matter. And for us, what we, the way that we look at this is we say, let's look at who's providing the best possible hybrid solutions and let's partner with them to make those solutions even better. That's the way we look at it. >>Can you peel the, the onion a little bit on the technology underpinning the solutions, give a glimpse into that and then maybe add some color in terms of how partners are enhancing that? >>Yeah, let me, let me do that with a few examples here, and maybe what I can do is I can sort of share some insight about the way we think with partnering with, with particular people and why it's a good blend or why we see that technologically it's a good blend. So for example, the work we do with VMware, which we consider to be one of our most important hybrid cloud partners and in, and in fact it's, it's my belief, they have one of the strongest hybrid cloud stories in the industry. It resonates really strongly with, with our customers as well. But you know, we think it's made so much better with the robust underpinnings that we provide. We're one of the, one of the few storage vendors that provides a 100% data availability guarantee. So we, we take that sort of level of reliability and we add other aspects like life cycle management of the underpinning infrastructure. >>We combine that with what VMware's doing, and then when you look at our converged or hyper-converged solutions with them, it's a better together story where you now have what is one of the best hybrid cloud stories in the industry with VMware. But now for the on premise part, especially, you've now added a hundred percent data, data availability guarantee, and you've made managing the underlying infrastructure so much easier through the tools that we provide that go down to that level A level underneath where VMware are. And so that's, that's VMware. I've got a couple, couple more examples just to sort of fill, fill that out a bit. Sure. Cisco is another part, very strong partner of ours, a key partner. And I mean, you look at Cisco, they're a 50 billion IT provider and they don't have a dedicated storage infrastructure of their own. So they're going to partner with someone. >>From our perspective, we look at Cisco's, Cisco's customers and we look at them and think they're very similar to our own in terms of they're known to appreciate performance and reliability and a bit of premium in quality, and we think we match them them quite well. They're already buying what we believe are the best converge platforms in the industry from Cisco. So it makes sense that those customers would want to compliment that investment with the best array, best storage array they can get. And so we think we are helping Cisco's customers make the most of their decision to be ucs customers. Final one for, for you, Lisa, by way of example, we have a relationship with, with Equinix and you know, Equinix is the world's sort of leading colo provider. And the way I think they like to think of themselves, and I too tend to agree with them, is their, they're one of the most compelling high-speed interconnect networks in the world. >>They're connected to all of the, the, the significant cloud providers in most of the locations around the world. We have a, a relationship with them where we find we have customers in common who really love the idea of compute from the cloud. Compute from the cloud is great because compute is something that you are doing for a set period of time and then it's over you. Like you have a task, you do some compute, it's done. Cloud is beautiful for that. Storage on the other hand is very long lived storage doesn't tend to operate in that same sort of way. It sort of just becomes a bigger and bigger blob over time. And so the cost model around public cloud and storage is not as compelling as it is for compute. And so our, with our relationship with Equinix, we help our customers to be able to create, let's call it a, a data anchor point where they put our arrays into, into an Equinix location, and then they utilize Equinix as high speeding interconnects to the, to the cloud providers, okay. To take the compute from them. So they take the compute from the cloud providers and they own their own storage, and in this way they feel like we've now got the best of all worlds. Right. What I hope that illustrates Lisa is with those three examples is we are always looking for ways to find our key advantages with any given, you know, alliance partners advantages, >>Right? What are, when you're in customer conversations, and our final few minutes here, I wanna get, what are some of the key differentiators that you talk about when you're in customer conversations, and then how does the partner ecosystem fit into Hitachi vans as a service business? We'll start with differentiators and then let's move into the as service business so we can round out with that. >>Okay. Let's start with the differentiators. Yeah. Firstly and I, and hopefully I've kind of, I've hit this point hard, hard enough. We do believe that we have the fastest and most reliable storage infrastructure on the planet. This is kind of what we are known for, and customers that are working with us already sort of have an appreciation for that. And so they're looking for, okay, you've got that now, how can you make my hybrid cloud aspirations better? So we do have that as a fundamental, right? So, but secondly I'd say, I think it's also because we go beyond just storage management and, and into the areas of data management. You know, we've got, we've got solutions that are not just about storing the bits. We do think that we do that very well, but we also have solutions that move into the areas of enrichment, of the data, cataloging of the data, classification of the data, and most importantly, analytics. >>So, you know, we, we think it's, some of our competitors just stop at storing stuff and some of our competitors are in the analytics space, but we feel that we can bridge that. And we think that that's a, that's a competitive advantage for us. One of the other areas that I think is key for us as well is, as I said, we're one of the few vendors who've been in the marketplace for 60 years and we think this, this, this gives us a more nuanced perspective about things. There are many things in the industry, trends that have happened over time where we feel we've seen this kind of thing before and I think we will see it again. But you only really get that perspective if you are, if you are long lived in the industry. And so we believe that our conversations with our customers bear a little bit more sophistication. It's not just, it's not just about what's the latest and greatest trends. >>Right. We've got about one minute left. Can you, can you round us out with how the partner ecosystem is playing a role in the as service business? >>They're absolutely pivotal in that, you know, we, we ourselves don't own data centers, right? So we don't provide our own cloud services out. So we are 100% partner focused when it comes to that aspect. Our formula is to help partners build their cloud services with our solutions and then onsell them to their customers as as as a service. You know, and by what quick way of example, VMware for example, they've got nearly 5,000 partners selling VMware cloud services. 5,000 blows me away. And many of them are our partners too. So we kind of see this as a virtuous cycle. We've got product, we've got an an alliance with VMware and we work together with partners in common for the delivery of an as a service business. >>Got it. So the, as you said, the partner ecosystem is absolutely pivotal. Russell, it's been a pleasure having you on the program talking about all things hybrid cloud challenges, how Hitachi van is working with its partner ecosystems to really help customers across industries solve those big problems. We really appreciate your insights and your time. >>Thank you very much, Lisa. It's been great. >>Yeah, yeah. For Russell Stingley, I'm Lisa Martin. In a moment we're gonna continue our conversation with Tom Christensen. Stay tuned. >>Sulfur Royal has always embraced digital technology. We were amongst the first hospitals in the UK to install a full electronic patient record system. Unfortunately, as a result of being a pioneer, we often find that there's gaps in the digital solutions. My involvement has been from the very start of this program, a group of us got together to discuss what the problems actually were in the hospital and how we could solve this. >>The digital control center is an innovation that's been designed in partnership between ourselves, anti touch, and it's designed to bring all of the information that is really critical for delivering effective and high quality patient care. Together the DCC is designed not only to improve the lives of patients, but also of our staff giving us information that our demand is going to increase in the number of patients needing support. The technology that we're building can be replicated across sulfur, the NCA, and the wider nhs, including social care and community services. Because it brings all of that information that is essential for delivering high quality efficient care. >>The DCC will save time for both staff and more importantly our patients. It will leave clinicians to care for patients rather than administrate systems and it will allow the system that I work with within the patient flow team to effectively and safely place patients in clinically appropriate environments. >>But we chose to partner with Hitachi to deliver the DCC here at Sulfur. They were willing to work with us to co-produce and design a product that really would work within the environment that we find ourselves in a hospital, in a community setting, in a social care setting. >>My hopes for the DCC is that ultimately we will provide more efficient and reliable care for our patients. >>I do believe the digital control center will improve the lives of staff and also the patients so that we can then start to deliver the real change that's needed for patient care. >>Okay, we're back with Tom Christensen, who's the global technology advisor and executive analyst at Hitachi Van Tara. And we're exploring how Hitachi Van Tower drives customer success specifically with partners. You know Tom, it's funny, back in the early part of the last decade, there was this big push around, remember it was called green it and then the oh 7 0 8 financial crisis sort of put that on the back burner. But sustainability is back and it seems to be emerging as a mega trend in in it is, are you seeing this, is it same wine new label? How real is this trend and where's the pressure coming from? >>Well, we clearly see that sustainability is a mega trend in the IT sector. And when we talk to CIOs or senior IT leaders or simply just invite them in for a round table on this topic, they all tell us that they get the pressure from three different angles. The first one is really end consumers and end consumers. Nowaday are beginning to ask questions about the green profile and what are the company doing for the environment. And this one here is both private and public companies as well. The second pressure that we see is coming from the government. The government thinks that companies are not moving fast enough so they want to put laws in that are forcing companies to move faster. And we see that in Germany as an example, where they are giving a law into enterprise companies to following human rights and sustainability tree levels back in the supply chain. >>But we also see that in EU they are talking about a new law that they want to put into action and that one will replicate to 27 countries in Europe. But this one is not only Europe, it's the rest of the world where governments are talking about forcing companies to move faster than we have done in the past. So we see two types of pressure coming in and at the same time, this one here starts off at the CEO at a company because they want to have the competitive edge and be able to be relevant in the market. And for that reason they're beginning to put KPIs on themself as the ceo, but they're also hiring sustainability officers with sustainability KPIs. And when that happens it replicates down in the organization and we can now see that some CIOs, they have a kpi, others are indirectly measured. >>So we see direct and indirect. The same with CFOs and other C levels. They all get measured on it. And for that reason it replicates down to IT people. And that's what they tell us on these round table. I get that pressure every day, every week, every quarter. But where is the pressure coming from? Well the pressure is coming from in consumers and new laws that are put into action that force companies to think differently and have focus on their green profile and doing something good for the environment. So those are the tree pressures that we see. But when we talk to CFOs as an example, we are beginning to see that they have a new store system where they put out request for proposal and this one is in about 58% of all request for proposal that we receive that they are asking for our sustainability take, what are you doing as a vendor? >>And in their score system cost has the highest priority and number two is sustainability. It waits about 15, 20 to 25% when they look at your proposal that you submit to a cfo. But in some cases the CFO say, I don't even know where the pressure is coming from. I'm asked to do it. Or they're asked to do it because end consumers laws and so on are forcing them to do it. But I would answer, yeah, sustainability has become a make trend this year and it's even growing faster and faster every month we move forward. >>Yeah, Tom, it feels like it's here to stay this time. And your point about public policy is right on, we saw the EU leading with privacy and GDPR and it looks like it's gonna lead again here. You know, just shifting gears, I've been to a number of Hitachi facilities in my day. OWA is my favorite because on a clear day you can see Mount Fuji, but other plants I've been to as well. What does Hitachi do in the production facility to reduce CO2 emissions? >>Yeah, I think you're hitting a good point here. So what we have, we have a, a facility in Japan and we have one in Europe and we have one in America as well to keep our production close to our customers and reduced transportation for the factory out to our customers. But you know, in the, in the, in the May region back in 2020 13, we created a new factory. And when we did that we were asked to do it in an energy, energy neutral way, which means that we are moving from being powered by black energy to green energy in that factory. And we build a factory with concrete walls that were extremely thick to make it cold in the summertime and hot in the winter time with minimum energy consumption. But we also put 17,000 square meters of solar panel on the roof to power that factory. >>We were collecting rain waters to flush it in the toilet. We were removing light bulbs with L E D and when we sent out our equipment to our customers, we put it in a, instead of sending out 25 packages to a customer, we want to reduce the waste as much as possible. And you know, this one was pretty new back in 2013. It was actually the biggest project in EA at that time. I will say if you want to build a factory today, that's the way you are going to do it. But it has a huge impact for us when electricity is going up and price and oil and gas prices are coming up. We are running with energy neutral in our facility, which is a big benefit for us going forward. But it is also a competitive advantage to be able to explain what we have been doing the last eight, nine years in that factory. We are actually walking to talk and we make that decision even though it was a really hard decision to do back in 2013, when you do decisions like this one here, the return of investment is not coming the first couple of years. It's something that comes far out in the future. But right now we are beginning to see the benefit of the decision we made back in 2013. >>I wanna come back to the economics, but before I do, I wanna pick up on something you just said because you know, you hear the slogan sustainability by design. A lot of people might think okay, that's just a marketing slogan, slogan to vector in into this mega trend, but it sounds like it's something that you've been working on for quite some time. Based on your last comments, can you add some color to that? >>Yeah, so you know, the factory is just one example of what you need to do to reduce the CO2 emission and that part of the life of a a product. The other one is really innovating new technology to drive down the CO2 emission. And here we are laser focused on what we call decarbonization by design. And this one is something that we have done the last eight years, so this is far from you for us. So between each generation of products that we have put out over the last eight years, we've been able to reduce the CO2 emission by up to 30 to 60% between each generation of products that we have put into the market. So we are laser focused on driving that one down, but we are far from done, we still got eight years before we hit our first target net zero in 2030. So we got a roadmap where we want to achieve even more with new technology. At its core, it is a technology innovator and our answers to reduce the CO2 emission and the decarbonization of a data center is going to be through innovating new technology because it has the speed, the scale, and the impact to make it possible to reach your sustainability objectives going forward. >>How about recycling? You know, where does that fit? I mean, the other day it was, you know, a lot of times at a hotel, you know, you used to get bottled water, now you get, you know, plant based, you know, waters in a box and, and so we are seeing it all around us. But for a manufacturer of your size, recycling and circular economy, how does that fit into your plans? >>Yeah, let me try to explain what we are doing here. Cause one thing is how you produce it. Another thing is how you innovate all that new technology, but you also need to combine that with service and software, otherwise you won't get the full benefit. So what we are doing here, when it comes to exploring circular economics, it's kind of where we have an eternity mindset. We want to see if it is possible to get nothing out to the landfill. This is the aim that we are looking at. So when you buy a product today, you get an option to keep it in your data center for up to 10 years. But what we wanna do when you keep it for 10 years is to upgrade only parts of the system. So let's say that you need more CBU power, use your switch the controller to next generation controller and you get more CPU power in your storage system to keep it those 10 years. >>But you can also expand with new this media flash media, even media that doesn't exist today will be supported over those 10 years. You can change your protocol in the, in the front end of your system to have new protocols and connect to your server environment with the latest and greatest technology. See, the benefit here is that you don't have to put your system into a truck and a recycle process after three years, four years, five years, you can actually postpone that one for 10 years. And this one is reducing the emission again. But once we take it back, you put it on the truck and we take it into our recycling facility. And here we take our own equipment like compute network and switches, but we also take competitor equipment in and we recycle as much as we can. In many cases, it's only 1% that goes to the landfill or 2% that goes to the landfill. >>The remaining material will go into new products either in our cycle or in other parts of the electronic industry. So it will be reused for other products. So when we look at what we've been doing for many years, that has been linear economics where you buy material, you make your product, you put it into production, and it goes into land feed afterwards. The recycling economics, it's really, you buy material, you make your product, you put it into production, and you recycle as much as possible. The remaining part will go into the landfill. But where we are right now is exploring circle economics where you actually buy material, make it, put it into production, and you reuse as much as you can. And only one 2% is going into the landfill right now. So we have come along and we honestly believe that the circular economics is the new economics going forward for many industries in the world. >>Yeah. And that addresses some of the things that we were talking about earlier about sustainability by design, you have to design that so that you can take advantage of that circular economy. I, I do wanna come back to the economics because, you know, in the early days of so-called green, it, there was a lot of talk about, well, I, I, I'll never be able to lower the power bill. And the facilities people don't talk to the IT people. And that's changed. So explain why sustainability is good business, not just an expense item, but can really drive bottom line profitability. I, I understand it's gonna take some time, but, but help us understand your experience there, Tom. >>Yeah, let me try to explain that one. You know, you often get the question about sustainability. Isn't that a cost? I mean, how much does it cost to get that green profile? But you know, in reality when you do a deep dive into the data center, you realize that sustainability is a cost saving activity. And this one is quite interesting. And we have now done more than 1,200 data center assessment around the world where we have looked at data centers. And let me give you just an average number from a global bank that we work with. And this one is, it is not different from all the other cases that we are doing. So when we look at the storage area, what we can do on the electricity by moving an old legacy data center into a new modernized infrastructure is to reduce the electricity by 96%. >>This is a very high number and a lot of money that you save, but the CO2 mission is reduced by 96% as well. The floor space can go up to 35% reduction as well. When we move down to the compute part, we are talking about 61% reduction in electricity on the compute part just by moving from legacy to new modern infrastructure and 61% on the CO2 emission as well. And see this one here is quite interesting because you save electricity and you and you do something really good for the environment. At the same time, in this case I'm talking about here, the customer was paying 2.5 million US dollar annually and by just modernizing that infrastructure, we could bring it down to 1.1 million. This is 1.4 million savings straight into your pocket and you can start the next activity here looking at moving from virtual machine to containers. Containers only use 10% of the CPU resources compared to a virtual machine. Move up to the application layer. If you have that kind of capability in your organization, modernizing your application with sustainability by design and you can reduce the C, the CO2 emission by up to 50%. There's so much we can do in that data center, but we often start at the infrastructure first and then we move up in the chain and we give customers benefit in all these different layers. >>Yeah, A big theme of this program today is what you guys are doing with partners do, are partners aware of this in your view? Are they in tune with it? Are they demanding it? What message would you like to give the channel partners, resellers and, and distributors who may be watching? >>So the way to look at it is that we offer a platform with product, service and software and that platform can elevate the conversation much higher up in the organization. And partners get the opportunity here to go up and talk to sustainability officers about what we are doing. They can even take it up to the CEO and talk about how can you reach your sustainability KPI in the data center. What we've seen this round table when we have sustainability officers in the room is that they're very focused on the green profile and what is going out of the company. They rarely have a deep understanding of what is going on at the data center. Why? Because it's really technical and they don't have that background. So just by elevating the conversation to these sustainability officers, you can tell them what they should measure and how they should measure that. And you can be sure that that will replicate down to the CIO and the CFO and that immediately your request for proposal going forward. So this one here is really a golden opportunity to take that story, go out and talk to different people in the organization to be relevant and have an impact and make it more easy for you to win that proposal when it gets out. >>Well really solid story on a super important topic. Thanks Tom. Really appreciate your time and taking us through your perspectives. >>Thank you Dave, for the invitation. >>Yeah, you bet. Okay, in a moment we'll be back. To summarize our final thoughts, keep it right there. >>Click by click. The world is changing. We make sense of our world by making sense of data. You can draw more meaning from more data than was ever possible before, so that every thought and every action can build your path to intelligent innovation to change the way the world works. Hitachi Van Tara. >>Okay, thanks for watching the program. We hope you gained a better understanding of how Hitachi Ventura drives customer success with its partners. If you wanna learn more about how you can partner for profit, check out the partner togetherPage@hitachiventera.com and there's a link on the webpage here that will take you right to that page. Okay, that's a wrap for Lisa Martin. This is Dave Valante with the Cube. You a leader in enterprise and emerging tech coverage.

>>Good afternoon everybody. I'm John Walls and welcome back to our coverage here on the cube of AWS Reinvent 22. We are bringing you another segment with the Global Startup Program, which is part of the AWS Start Showcase, and it's a pleasure to welcome two new guests here to the showcase. First, immediately to my right Han w lre. Good to see you Han. Good to see you. The leader of the Enterprise Solutions Architecture at aws. And on the far right, Rolin Lee, who is the co-founder and CEO of Heim Doll Data. Roland, good to see you. Great >>To be here. >>All right, good. Thanks for joining us. Well first off, for those at home, I may not be familiar with Heim Doll. What do you do? Why are you here? But I'll let you take it from there. >>Well, we're one of the sponsors here at AWS and great to be here. We offer a data access layer in the form of a proxy, and what it does is it provides complete visibility and the capability to enhance the interaction between the application and one's current database. And as a result, you'll, the customer will improve database scale, database security and availability. And all these features don't require any application changes. So that's sort of our marketing pitch, if you will, all these types of features to improve the experience of managing a database without any application >>Changes. And, and where's the cloud come into play then, for you then, where, where did it come into play for you? >>So we started out actually helping out customers on premise, and a lot of enterprise customers are moving over to the cloud, and it was just a natural progression to do that. And so aws, which is a key part of ours, partners with us to help solve customer problems, especially on the database side, as the application being application performance tends to have issues between the interaction between the application database and we're solving that issue. >>Right. Sohan, I mean, Roan just touched on it about OnPrem, right? There's still some kickers and screamers out there that, that don't, haven't bought in or, or they're about to, but you're about to get 'em. I, I'm sure. But talk about that, that conversion or that transition, if you would, from going OnPrem into a hybrid environment or to into the, the bigger cloud environment and and how difficult that is sometimes. Yes. Maybe to get people to, to make that kind of a leap. >>Well, I would say that a lot of customers are wanting to focus more on product innovation experimentation, and also in terms of having to manage servers and patching, you know, it's to take away from that initiative that they're trying to do. So with aws, we provide undifferentiated heavy lifting so that they can focus on product innovation. And one of the areas talking about Heim is that from the database side, we do provide Amazon rds, which is database and also Aurora, to give them that lift so they don't have to worry about patching servers and setting up provisioning servers as well. >>Right. So Roland, can you get the idea across to people very simply, let us take care of the, the hard stuff and, and that will free you up to do your product innovations, to do your experimentations to, to really free up your team, basically to do the fun stuff and, and let us sweat over the, the, the details basically. Right? >>Exactly. Our, our motto is not only why build when, when you can buy. So a lot of it has to do with offering the, the value in terms of price and the features such as it's gonna benefit a team. Large companies like amazon.com, Google, they have huge teams that can build data access layers and proxies. And what we're trying to do here is commercialize those cuz those are built in house and it's not readily available for customers to use. And you'd need some type of interface between the application and the database. And we provide that sort of why build when you can buy. >>Well, I was gonna say why h right? I mean what's your special sauce? Because everybody's got something, obviously a market differentiator that you're bringing into place here. So you started to touch on a little bit there for me, but, but dive a little deeper there. I mean, what, what is it that, that you're bringing to the table with AWS that you think puts you above the crowd? >>Well, lemme give you a use case here. In typical events like let's say Black Friday where there's a surge traffic that can overwhelm the database, the Heim doll data access layer database proxy provides an auto scaling distributed architecture such that it can absorb those surges and traffic and help scale the database while keeping the data fresh and up to date. And so basically traffic based on season time of day, we can, we can adjust automatically and all these types of features that we offer, most notably automated query caching, ReadWrite split for asset compliance don't require any code changes, which typically requires the application developer to make those changes. So we're saving months, maybe years of development and maintenance. >>Yeah, a lot of gray hairs too, right? Yeah, you're, you're solving a lot of problems there. What about database trends in just in general Hunt, if you will. I mean, this is your space, right? I mean, what we're hearing about from Heindel, you know, in terms of solutions they're providing, but what are you seeing just from the macro level in terms of what people are doing and thinking about the database and how it relates to the cloud? Right. >>And some of the things that we're seeing is that we're seeing an explosion of data, relevant data that customers need to be able to consume and also process as well. So with the explosion of data, there's also, we see customers trying to modernize their application as well through microservices, which does change the design patterns of like the applications we call the access data patterns as well. So again, going back to that, a differentiated heavy lifting, we do have something called purpose built databases, right? It's the right tool for the right purpose. And so it depends on what their like rpo, rto their access to data pattern. Is it a base, is it an acid? So we want to be able to provide them the options to build and also innovate. So with that, that's why we have the Amazon rds, the also the, we also have Redshift, we also have Aurora and et cetera. The Rediff is more of the BI side, but usually when you ingest the data, you have some level of processing to get more insight. So with that, that's why customers are moving more of towards the managed service so that they can give that lift and then focusing on that product and innovation. Yeah. >>Have we kind of caught up or are we catching up to this just the tsunami of data to begin with, right? Because I mean, that was it, you know, what, seven, eight years ago when, when that data became kind of, or becoming king and, and reams and reams and reams and all, you know, can't handle it, right? And, and are we now able to manage that process and manage that flow and get the right data into the right hands at the right time? We're doing better with that. >>I would say that it, it definitely has grown in size of the amount of data that we're ingesting. And so with the scalability and agility of the cloud, we're able to, I would say, adapt to the rapid changes and ingestions of the data. So, so that's why we have things like Aurora servers to have that or auto scale so they can do like MySQL or Postgres and then they can still, like what you know, I'm trying to do is basically don't have to co do like any code changes. It would be a data migration. They still use the same underlying database on also mechanisms, but here we're providing them at scale on the cloud. >>Yeah. Our proxies, they must have for all databases. I mean, is that, is that essential these days? >>Well, good question John. I would say yes. And this is often built in house, as I mentioned, for large companies, they do build some type of data access layer or proxy and, or some utilize some orm, some object relational map to do it. And what again, what we're trying to do is offer this, put this out into the market commercially speaking, such that it can be readily used for, for all the customers to use rather than building it from scratch all the time. >>You know what I didn't ask you was Roy, how does AWS come into play for you then? And, and as in the startup mode, the focus that they've had in startups in general, but in you in particular, I mean, talk about that partnership or that relationship and the value that you're extracting from that. >>The ad AWS partnership has been absolutely wonderful. The collaboration, they have one of the best managed service databases. The value that it that adds in terms of the durability, the manageability, what the Heim doll data does is it compliments Amazon rds, Amazon Redshift very well in the sense that we're not replacing the database. What we're doing is we are allowing the customer to get the most out of the managed service database, whether it be Redshift or Aurora Serverless, rds, all without code changes. And or the analogy that I would give John is a car, a race car may be very fast, but it takes a driver to get to those fast speeds. We're the driver, the Hyundai proxy provides that intelligence so that you can get the most out of that database engine. >>And, and Hfi would then touch on, first off AWS and the emphasis that you have put on startups and are obviously, you know, kind of putting your money where your mouth is, right? With, with the way you've encouraged and nurtured that environment. And they would be about Heim doll in general about where you see this going or what you would like to have, where you want to take this in the next say 12 months, 18 months. >>I think it's more of a better together story of how we can basically coil with our partners, right? And, and basically focusing on helping our customers drive that innovation and be collaboration. So as Heim, as a independent service vendor isv, most customers can leverage that through a marketplace where basically it integrates very nicely with aws. So that gives 'em that lift and it goes back to the undifferentiated heavy lifting on the Hein proxy side, if you will, because then you have this proxy in the middle where then it helps them with their SQL performance. And I've seen use cases where customers were, have some legacy system that they may not have time to modernize the application. So they use this as a lift to keep, keep going as they try to modernize. But also I've seen customers who use are trying to use it as a, a way to give that performance lift because they may have a third party software that they cannot change the code by putting this in there that helps optimize their lines of business or whatever that is, and maybe can be online store or whatever. So I would say it was a better together type of story. >>Yeah. Which is, there's gotta be a song in there somewhere. So peek around the corner and if you wanna be headlights here right now in terms of 12, 18 months, I mean, what, you know, what what next to solve, right? You've already taken, you've slayed a few dragons along the way, but there are others I'm sure is it always happens in innovation in this space. Just when you solve a problem you've just dealt or you have to deal with others that pop up as maybe unintended consequences or at least a new challenge. So what would that be in your world right now? What, what do you see, you know, occupying your sleepless nights here for the next year or so? >>Well, for, for HOMEDALE data, it's all about improving database performance and scale. And those workloads change. We have O ltp, we have OLA with artificial intelligence ml. There's different type of traffic profiles and we're focused on improving those data profiles. It could be unstructured structured. Right now we're focused on structured data, which is relational databases, but there's a lot of opportunity to improve the performance of data. >>Well, you're driving the car, you got a good navigator. I think the GPS is working. So keep up the good work and thank you for sharing the time today. Thank you. Thank you, joy. Do appreciate it. All right, you are watching the cube. We continue our coverage here from AWS Reinvent 22, the Cube, of course, the leader in high tech coverage.

>>Hello everyone. Welcome back to the Cube's Live coverage. I'm John Fur, host of the Cube. We got two sets here, three sets total. Another one in the executive center. It's our 10th year covering AWS Reinvent. I remember 2013 like it was yesterday. You know, now it's a massive of people buying out restaurants. 35,000 people now it's 55,000, soon to be 70,000 back. Great event. Continuing to set the standard in the industry. We had an amazing guest here, Leah Bibo, vice President of Product Marketing. She's in charge of the messaging, the product, overseeing how these products gonna market. Leah, great to see you. Thanks for joining me on the Cube today. >>Absolutely. It's great to be here. It's also my 10 reinvent, so it's, it's been a wild ride. >>Absolutely. Yeah. You and I were talking before we came on camera, how much we love products and yes, this is a product-centric company, has been from day one and you know, over the years watching the announcements, the tsunami of announcements, just all the innovation that's come out from AWS over the years has been staggering to say the least. Everyone always jokes about, oh my God, 5,000 new announcements, over 200 services you're managing and you're marketing them. It's pretty crazy right now. And Adam, as he comes on, as I called them, the solutions CEO on my piece I wrote on Friday, we're in an era where solutions, the products are enabling more solutions. Unpack the messaging around this cuz this is really big moment for aws. >>Absolutely. Well, I'll say first of all that we are a customer focused company that happens to be really good at innovating incredible products and services for our customers. So today the, the energy in the room and what Adam talked about, I think is focused on a few great things for customers that are really important for transformation. So we talked a lot about best price performance for workloads and we talked about extreme workloads, but if you think about the work that we've been doing to innovate on the silicon side, we're really talking about with Graviton all your workloads and getting really great price performance for all of them. You know, we came out with graviton three 25% faster than graviton two, also 60% more energy efficient. We talked about something that is emerging that I think is gonna be really big, which is simulation and really the ability to model these complex worlds and all the little interactions, which I think, you know, in the future as we have more complex environments like 3D simulation is gonna be a bigger part of every, every business's >>Business. You know, just as an aside, we were talking on the analyst segment that speeds and feeds are back and the old days and the data center days was like, we don't wanna talk about speeds and feeds about solutions and you know, the outcomes when you get the cloud, it was like, okay, get the workloads over there, but people want faster and lower cost performance workloads gotta be running at at high performance. And, and there's a real discussion around those. Let's unpack security data performance. What, what does that mean for customers? Because again, I get the workloads run fast. That's great. What else is behind the curtain, so to speak from a customer standpoint? >>Absolutely. Well I think if you're gonna move all your workloads to the cloud, you know, security is a really big area that's important. It's important to every one of our enterprise companies customers. Actually it's important to all of our customers and we've been working, you know, since the beginning of AWS to really create and build the most secure global infrastructure. And you know, as our customers have moved mission critical workloads, we've built out a lot more capabilities and now we have a whole portfolio of security services. And what we announced today is kind of game changing. The service called Security Lake, which brings together, you know, an ecosystem of security data in a format that's open. So you can share data between all of these sources and it's gonna give folks the opportunity to really be able to analyze data, find threats faster, and just kind of know their security posture. And I think, you know, as we talked about today, you don't wanna think about the cloud as unfathomable, the unfathomable, you really need to know that security. And I think that like a lot of things we discussed, security is a data opportunity, right? And I think we, we had a section on on data, but really if you look at the keynote across security, across solutions, across the purpose built things we made, it's all, it all comes down to data and it's really the, the transformational element that our customers >>Are. I mean the data secured is very integral part good call out there. And I, I wanna just double down on that real quick because I remember in 2014 I interviewed Steven Schmidt when he was the CSOs and back then in 2014, if you remember the conversation was this, the clouds not secure, gotta be on premises. Now in today's keynote, Adam says, and he laid out the whole global security footprint. There's a lot going on that Amazon has now become more secure than on-prem. He actually made that statement. So, and then plus you got thousands of security partners, third party partners, you got the open cyber security framework which you guys co-found with all the other, so you got securities not as a team sport, this is what they, they said yes, yes. What does that mean for customers? Because now this is a big deal. >>Well I think for customers, I mean it means nothing but goodness, right? But all of these thousands of security partners have really innovated and created solutions that our customers are using. But they all have different types of data in different silos. And to really get a full picture bringing all that data together is really important. And it's not easy today. You know, log data from different sources, data from detection services and really what customers want is an easier way to get it all together. Which is why we have the open OCS F and really analyze using the tools of their choice. And whether that's AWS tools for analytics or it's tools from our partners, customers need to be able to make that choice so that they can feel like their applications and their workloads are the most secure on aws. >>You know, I've been very impressed with guard duty and I've been following Merit Bear's blogs on online. She's in the security team, she's amazing. Shout out to her. She's been pushing guard duty for a long time now there's big news around guard duty. So you got EKS protection, you know, at Coan this was the biggest cloud native issue, the runtime of Kubernetes and inside the container and outside the container detection of threats, right? As a real software supply chain concern. How are you guys marketing that? This is a huge announcement. EKS protection I know is very nuanced but it's pretty big deal. >>It is a big deal. It is a big deal. And guard duty has been kind of like a quiet service that maybe you don't hear a lot about, but has been really, really popular with our customers. Adam mentioned that 85% of, you know, our top 2000 customers are using guard duty today. And it was a big moment. We launched EKS protection, you know, a little bit earlier and the customer uptake on that has been really incredible. And it is because you can protect your Kubernetes cluster, which is really important because so many customers are, you know, part of their migration to the cloud is containers. Yeah. And so we're pretty excited that now we can answer that question of what's going on inside the container. And so you have both, yeah, right. You know that your Kubernetes pluses are good and you know what's going on inside the container and it's just more threats that you can detect and protect >>Yourself from. You know, as an aside, I'm sure you're watching this, but you know, we go to a lot of events, you know, the C I C D pipeline as developers are getting higher velocity coding, it has moved in because of DevOps on the cloud into the C I C D pipeline. So you're seeing that developer takes some of those IT roles in the coding workflow, hence the, the shift left and or container security, which you guys now, now and are driving towards. But the security and the data teams are emerging as a very key element inside the organizational structure. When I sat down with Adam, one of the things he was very adamant about in my conversation was not just digital transformation, business transformation, structural organizational moves are making where it's not a department anymore, it is the company, a technology is the company when you transform. Absolutely. So digital is the process, business is the outcome. This is a really huge message. What's your reaction to that? What's, what can you share extra cuz that's, this is a big part of the thing. He hit it right outta the gate on the front end of the keynote. >>Absolutely. Absolutely. I mean I think, you know, companies have been migrating to the cloud for a while, but I think that this time that we're going through has really accelerated that migration And as part of that, you know, digital transformation has become real for a lot of companies. And it is true what Adam said there is technology transformation involved, there's data transformation involved, but it, it is transforming businesses. And I think if you look at some of the things that Adam talked about, you know, aws, supply chain, security Lake, aws clean rooms, and Omic, aws, omic, you know, those are all examples of data and the ability to work with data transforming different lines of business within a company, transforming horizontal processes like contact centers and like supply chain and also, you know, going into vertical specific solutions. So what it means is that as technology becomes more pervasive, as data becomes more pervasive, businesses are transforming and that means that a lot more people are going to use the cloud and interact with the cloud and they might not want to or be able to kind of use our building blocks. And so what's really exciting that what we're able to do is make cloud more accessible to lines of business folks to analysts, to security folks. So >>It's, yeah, and that's, and that's why I was calling my this this new trend I see as Amazon Classic, my words, not your words, I call the, hey there was classic cloud and then you got the next gen clown, the new next generation. And I was talking with Adrian Cockcroft, former aws, so he's now retired, he's gonna come on later today. He and I were talking, he use this thing of you got a bag of Legos aka primitives or a toy that's been assembled for you glued together, ones out of the box, but they're not mutually exclusive. You can build a durable application and foundation with the building blocks more durable. You can manage it, refine it, but you got the solution that breaks. You don't have as much flexibility but you gotta replace it. That's okay too. So like this is now kind of a new portfolio approach to the cloud. It's very interesting and I think, I think, I think that's what I took away from the keynote is that you can have both. >>Yes, absolutely. You can do both. I mean, we're gonna go full throttle on releasing innovations and pushing the envelope on compute and storage and databases and our core services because they matter. And having, you know, the choice to choose from a wide range of options. I mean that's what, that's what customers need. You know, if you're gonna run hpc, you're gonna run machine learning and you're gonna run your SAP applications or your Windows applications, you need choice of what you know, specific type of instance and compute capabilities. You need to get the price performance. It's, it's definitely not a one size fits all. It's a 600 instance type. Size fits all maybe. >>Exactly. And you got a lot of instance and we'll get to that in a second. Yeah, I love the themes. I love this keynote themes you had like at first space, but I get the whole data, then you look at it, you can look at it differently. Really good metaphor, the ocean one I love with the security because he mentioned you can have the confidence to explore go deep snorkeling versus scuba and knowing how much oxygen you have. I mean, so really cool metaphor made me think very provocative. So again, this is kind of why people go to AWS because you now have these, these abilities to do things differently, depend on the context of what products you're working with. Yes. Explain why that was the core theme. Was there any rationale behind that? Was it just how you guys saw it? I mean that was pretty clever. >>Well, I think that, you know, we're, we're talking about environments and I think in this world, you know, there's uncertainty in a lot of places and we really feel like all of us need to be prepared for different types of environments. And so we wanted to explore what that could look like. And I think, you know, we're fascinated by space and the vastness and it is very much like the world of data. I don't know about you, but I actually scuba dive. So I love the depths of the ocean. I loved working on that part. There's extremes, extreme workloads like hpc, extreme workloads like machine learning with the growing models and there's an imagination, which is also one of my favorite areas to explore. >>Yeah. And you use the Antarctica one for about the whole environment and extreme conditions. That's good in the performance. And I love that piece of it. And I want to get into the, some of the things I love the speeds and fee. I think the, the big innovation with the silicon we've been covering as, you know, like a blanket. The, he's got the GRAVITON three 25% faster than GRAVITON two, the C seven GN network intense workloads. This is kind of a big deal. I mean this is one of those things where it might not get picked up in the major press, but the network use cases are significant. Nira has been successful. Share your thoughts on these kinds of innovations because they look kind of small, but they're not, they're >>Big, they're not small for sure, especially at the scale that our customers are, are, are running their applications. Like every little optimization that you can get really makes a huge difference. And I think it's exciting. I mean you hit on, you kind of hit on it when we've been working on silicon for a while now we know that, you know, if we're gonna keep pushing the element, the envelope in these areas, we had to, we had to go down to the silicon. And I think that Nitro has really been what's kind of been a breakthrough for us. You know, reinventing that virtualization layer, offloading security and storage and networking to special purpose chips. And I think that it's not just in the area of network optimization, right? You saw training optimized instances and inference optimized instances and HPC optimized instances. So yeah, we are kind of looking at all the extremes of, of what customers want to do. >>I know you can't talk about the future, but I can almost connect the dots as you're talking. It's like, hmm, specialized instances, specialized chips, maybe programmability of workload, smart intelligence, generative AI, weaving in there. A lot of kind of cool things I can see around the corner around generative AI automation. Hey, go to this instance with that go here. This is kind of what I see kind of coming around the corner. >>And we have some of that with our instance optimizers, our cost optimizer products where, you know, we wanna help customers find the best instance for their workload, get the best utilization they possibly can, you know, cut costs, but still have the great performance. So I don't, I don't know about your future, John, it sounds great, but we have, you know, we're taking steps in that direction today. >>Still look in this code that's gonna be on this code. Okay. Any, okay, I wanna give you one final question. Well, well two questions. One was a comment Adam made, I'd love to get your reaction if you want to tighten your bell, come to the cloud. I thought that was a very interesting nuance. A lot of economic pressure. Cloud is an opportunity to get agile, time to value faster. We had Zs carve cube analyst who's with us earlier said, the more you spend on the cloud, the more you save. That was his line, which I thought was very smart. Spending more doesn't mean you're gonna lose money, means you can save money too. So a lot of cost optimization discussions. Absolutely. Hey, your belt come to the cloud. What does he mean by that? >>Well I think that in, in times where, you know, there's uncertainty and economic conditions, it is, it's really, you know, you sometimes wanna pull back kind of, you know, batten down the hatches. But the cloud really, and we saw this with C you know, if you, if you move to the cloud, not only can you cut costs, but you put yourself in this position where you can continue to innovate and you can be agile and you can be prepared for whatever environment you're in so that you know when things go back or you have a customer needs that and innovation that goes off like you, you can accelerate back up really, really quickly. And I think we talked about Airbnb, that example of how, you know, in, in that really tough time of covid when travel industry wasn't happening so much, you know, they were able to scale back and save money. And then at the same time when, you know, Airbnb's kind of once again travel came back, they were in a position to really, really quickly change with the, the customer needs. >>You know, Lee, it's always great talking with you. You got a lot of energy, you're so smart and we both love products and you're leading the product marketing. We have an Instagram challenge here on the cube. I'm gonna put you on the spot here. Oh my gosh. It's called Instagram. We called a bumper sticker section. We used to call it what's the bumper sticker for reinvent. But we kind of modernized that. If you were gonna do an Instagram reel right now, what would be the Instagram reel for reinvent Keynote day one. As we look for, we got Verner, we'll probably talk about productivity with developers. What's the Instagram reel for reinvent? >>Wow. That means I have to get short with it, right? I am, I'm not always, that's still wrong answer. Yeah, well I think, you know, this is really big day one, so it's excitement, it's, we're glad to be here. We have a lot coming for you. We're super excited. And if you think about it, it's price, performance, it's data, it's security and it's solutions for purpose-built use cases. >>Great job. Congratulations. I love the message. I love how you guys had the theme. I thought it was great. And it's great to see Amazon continue to innovate with, with the, with the, with the innovation on the product side. But as we get into transformation, starting to see these solutions and the ecosystem is thriving and looking forward to hearing the, the new partner, chief Aruba tomorrow. Absolutely. See what she's got a new plan apparently unveiling. So exciting. Everyone's pretty excited. Thanks for coming >>On. Great. Great. Thanks for having >>Me. All right. Leah, here in the cube. You are the cube, the leader in tech coverage. I'm John Fur, your host. More live coverage after the short break. We'll be right back here. Day two of the cube, day one of reinvent. Lot of great action. Three, four days of wall to wall coverage. We'll be right back.

foreign [Music] to the special presentation of cloud native at scale the cube and Platform 9 special presentation going in and digging into the next generation super cloud infrastructure as code and the future of application development we're here with dick Lee who's the Chief Architect and co-founder of platform nine pick great to see you Cube alumni we we met at openstack event in about eight years ago or later earlier uh when openstack was going great to see you and great congratulations on the success of platform nine thank you very much yeah you guys been at this for a while and this is really the the Year we're seeing the the crossover of kubernetes because of what happens with containers everyone now was realized and you've seen what docker's doing with the new Docker the open source Docker now just the success of containerization and now the kubernetes layer that we've been working on for years is coming bearing fruit this is huge exactly yes and so as infrastructure as code comes in we talked to baskar talking about super cloud I met her about you know the new Arlo our our lawn um you guys just launched the infrastructure's code is going to another level and it's always been devops infrastructure is code that's been the ethos that's been like from day one developers just code I think you saw the rise of serverless and you see now multi-cloud or on the horizon connect the dots for us what is the state of infrastructure as code today so I think I think um I'm glad you mentioned it everybody or most people know about infrastructure as code but with kubernetes I think that project has evolved at the concept even further and these days it's um infrastructure as configuration right so which is an evolution of infrastructure as code so instead of telling the system here's how I want my infrastructure by telling it you know do step a b c and d uh instead with kubernetes you can describe your desired State declaratively using things called manifest resources and then the system kind of magically figures it out and tries to converge the state towards the one that you specify so I think it's it's a even better version of infrastructure as code yeah and that really means it's developer just accessing resources okay that declare okay give me some compute stand me up some turn the lights on turn them off turn them on that's kind of where we see this going and I like the configuration piece some people say composability I mean now with open source so popular you don't have to have to write a lot of code this code being developed and so it's integration it's configuration these are areas that we're starting to see computer science principles around automation machine learning assisting open source because you've got a lot of code that's what you're hearing software supply chain issues so infrastructure as code has to factor in these new Dynamics can you share your opinion on these new dynamics of as open source grows the glue layers the configurations the integration what are the core issues I think one of the major core issues is with all that power comes complexity right so um You know despite its expressive Power Systems like kubernetes and declarative apis let you express a lot of complicated and complex Stacks right but you're dealing with um hundreds if not thousands of these yaml files or resources and so I think you know the emergence of systems and layers to help you manage that complexity is becoming a key Challenge and opportunity in this space I wrote a LinkedIn post today those comments about you know hey Enterprise is the new breed the trend of SAS companies moving uh our consumer consumer-like thinking into the Enterprise has been happening for a long time but now more than ever you're seeing it the old way used to be solve complexity with more complexity and then lock the customer in now with open source it's speed simplification and integration right these are the new Dynam power dynamics for developers so as companies are starting to now deploy and look at kubernetes what are the things that need to be in place because you have some I won't say technical debt but maybe some shortcuts some scripts here that make it look like infrastructure as code people have done some things to simulate or or make infrastructures code happen yes but to do it at scale yes is harder what's your take on this what's your view it's hard because there's a proliferation of of methods tools Technologies so for example today it's a very common for devops and platform engineering tools I mean sorry teams to have to deploy a large number of kubernetes clusters but then apply the applications and configurations on top of those clusters and they're using a wide range of tools to do this right for example maybe ansible or terraform or bash scripts to bring up the infrastructure and then the Clusters and then they may use a different set of tools such as Argo CD or other tools to apply configurations and applications on top of the Clusters so you have this sprawl of tools you also you also have this sprawl of configurations and files because the more objects you're dealing with the more resources you have to manage and there's a risk of drift that people call that where you know you think you have things under control but some people from various teams will make changes here and there and then before the end of the day systems break and you have no idea of tracking them so I think there's real need to kind of unify simplify and try to solve these problems using a smaller more unified set of tools and methodology apologies and that's something that we try to do with this new project Arlon yeah so so we're going to get to our line in a second I want to get to the yr lawn you guys announced that at argocon which was put on here in Silicon Valley at the community meeting by Intuit they had their own little day over their headquarters but before we get there um Bhaskar your CEO came on and he talked about super cloud at our inaugural event what's your definition of super cloud if you had to kind of explain that to someone at a cocktail party or someone in the industry technical how would you look at the super cloud Trend that's emerging has become a thing what's your what would be your contribution to that definition or the narrative well it's it's uh funny because I've actually heard of the term for the first time today speaking to you earlier today but I think based on what you said I I already get kind of some of the the gist and the the main Concepts it seems like uh super cloud the way I interpret that is you know um clouds and infrastructure um programmable infrastructure all of those things are becoming commodity in a way and everyone's got their own flavor but there's a real opportunity for people to solve real business Problems by perhaps trying to abstract away you know all of those various implementations and then building uh um better abstractions that are perhaps business or application specific to help companies and businesses solve real business problems yeah I remember it's a great great definition I remember not to date myself but back in the old days you know IBM had its proprietary Network operating system so the deck for the mini computer vintage deck net and sna respectively um but tcpip came out of the OSI the open systems interconnect and remember ethernet beat token ring out so not to get all nerdy for all the young kids out there look just look up token ring you'll see if I never heard of it it's IBM's you know a connection for the internet at the layer two is Amazon the ethernet right so if TCP could be the kubernetes and containers abstraction that made the industry completely change at that point in history so at every major inflection point where there's been serious industry change and wealth creation and business value there's been an abstraction Yes somewhere yes what's your reaction to that I think um this is um I think a saying that's been heard many times in this industry and I forgot who originated it but um I think the saying goes like there's no problem that can't be solved with another layer of indirection right and we've seen this over and over and over again where Amazon and its peers have inserted this layer that has simplified you know Computing and infrastructure management and I believe this trend is going to continue right the next set of problems are going to be solved with these insertions of additional abstraction layers I think that that's really a yeah it's going to continue it's interesting just when I wrote another post today on LinkedIn called the Silicon Wars AMD stock is down arm has been on the rise we've been reporting for many years now that arm's going to be huge it has become true if you look at the success of the infrastructure as a service layer across the clouds Azure AWS Amazon's clearly way ahead of everybody the stuff that they're doing with the Silicon and the physics and the atoms the pro you know this is where the Innovation they're going so deep and so strong at is the more that they get that gets gone they have more performance so if you're an app developer wouldn't you want the best performance and you'd want to have the best abstraction layer that gives you the most ability to do infrastructures code or infrastructure for configuration for provisioning for managing services and you're seeing that today with service meshes a lot of action going on in the service mesh area in this community of kubecon which we'll be covering so that brings up the whole what's next you guys just announced our lawn at argocon which came out of Intuit we've had Mariana Tesla out our supercloud event she's a CTO you know they're all in the cloud so there contributed that project where did Arlon come from what was the origination what's the purpose why our lawn why this announcement yeah so um the the Inception of the project this was the result of um us realizing that problem that we spoke about earlier which is complexity right with all of this these clouds these infrastructure all the variations around and you know compute storage networks and um the proliferation of tools we talked about the ansibles and terraforms and kubernetes itself you can think of that as another tool right we saw a need to solve that complexity problem and especially for people and users who use kubernetes at scale so when you have you know hundreds of clusters thousands of applications thousands of users spread out over many many locations there there needs to be a system that helps simplify that management right so that means fewer tools more expressive ways of describing the state that you want and more consistency and and that's why um you know we built um Arlon and we built it um recognizing that many of these problems or sub problems have already been solved so Arlon doesn't try to reinvent the wheel it instead rests on the shoulders of several Giants right so for example kubernetes is one building block get Ops and Argo CD is another one which provides a very structured way of applying configuration and then we have projects like cluster API and cross-plane which provide apis for describing infrastructure so Arlon takes all of those building blocks and um builds a thin layer which gives users a very expressive way of defining configuration and desired state so that's that's kind of the Inception and what's the benefit of that what does that give what does that give the developer the user in this case the developers the the platform engineer team members the devops engineers they uh get a ways to provision not just infrastructure and clusters but also applications and configurations they get away a system for provisioning configuring deploying and doing life cycle Management in a in a much simpler way okay especially as I said if you're dealing with a large number of applications so it's like an operating fabric if you will yes for them okay so let's get into what that means for up above and below the the abstraction or thin layer below is the infrastructure we talked a lot about what's going on below that yeah above our workloads at the end of the day and I talked to cxos and um I.T folks that are now devops Engineers they care about the workloads and they want the infrastructure's code to work they want to spend their time getting in the weeds figuring out what happened when someone made a push that that happened or something happened they need observability and they need to to know that it's working that's right and as my workloads running if effectively so how do you guys look at the workload side because now you have multiple workloads on these fabric right so workloads so kubernetes has defined kind of a standard way to describe workloads and you can you know tell kubernetes I want to run this container this particular way or you can use other projects that are in the kubernetes cloud native ecosystem like k-native where you can express your application in more at a higher level right but what's also happening is in addition to the workloads devops and platform engineering teams they need to very often deploy the applications with the Clusters themselves clusters are becoming this commodity it's it's becoming this um host for the application and it kind of comes bundled with it in many cases it's like an appliance right so devops teams have to provision clusters at a really incredible rate and they need to tear them down clusters are becoming more extremely like an ec2 instance spin up a cluster we've heard people used words like that that's right and before Arlon you kind of had to do all of that using a different set of tools as I explained so with our own you can kind of express everything together you can say I want a cluster with a health monitoring stack and a logging stack and this Ingress controller and I want these applications and these security policies you can describe all of that using something we call the profile and then you can stamp out your app your applications and your clusters and manage them in a very essentially standard that creates a mechanism it's standardized declarative kind of configurations and it's like a Playbook you just deploy it now what's this between say a script like I have scripts I can just automate Scripts or yes this is where that um declarative API and um infrastructures configuration comes in right because scripts yes you can automate scripts but the order in which they run matters right they can break things can break in the middle and um and sometimes you need to debug them whereas the declarative way is much more expressive and Powerful you just tell the system what you want and then the system kind of uh figures it out and there are these things called controllers which will in the background reconcile all the state to converge towards your desire to say it's a much more powerful expressive and reliable way of getting things done so infrastructure as configuration is built kind of on it's a superset of infrastructures code because different Evolution you need Edge restaurant's code but then you can configure The Code by just saying do it you're basically declaring and saying go go do that that's right okay so all right so Cloud native at scale take me through your vision of what that means someone says hey what is cloud native at scale mean what's success look like how does it roll out in the future as you that future next couple years I mean people are now starting to figure out okay it's not as easy as it sounds kubernetes has value we're going to hear this year kubecon a lot of this what is cloud native at scale mean yeah there are different interpretations but if you ask me when people think of scale they think of a large number of deployments right geographies many you know supporting thousands or tens or millions of users there's that aspect to scale there's also um an equally important aspect of scale which is also something that we try to address with Arlon and that is just complexity for the people operating this or configuring this right so in order to describe that desired State and in order to perform things like maybe upgrades or updates on a very large scale you want the humans behind that to be able to express and direct the system to do that in in relatively simple terms right and so we want uh the tools and the abstractions and the mechanisms available to the user to be as powerful but as simple as possible so there's I think there's going to be a number and there have been a number of cncf and Cloud native projects that are trying to attack that complexity problem as well and Arlon kind of Falls in in that category okay so I'll put you on the spot where I've got kubecon coming up and obviously this will be shipping this seg series out before what do you expect to see at kubecon issue it's the big story this year what's the what's the most important thing happening is it in the open source community and also within a lot of the the people jockeying for leadership I know there's a lot of projects and still there's some white space on the overall systems map about the different areas get runtime and observability in all these different areas what's the where's the action where's the smoke where's the fire where's the piece where's the tension yeah so uh I think uh one thing that has been happening over the past couple of coupons and I expect to continue and and that is uh the the word on the street is kubernetes getting boring right which is good right or I mean simple well um well maybe yeah invisible no drama right so so the rate of change of the kubernetes features and and all that has slowed but in a positive way um but um there's still a general sentiment and feeling that there's just too much stuff if you look at a stack necessary for uh hosting applications based on kubernetes they're just still too many moving Parts too many uh components right too much complexity I go I keep going back to the complexity problem so I expect kubecon and all the vendors and the players and the startups and the people there to continue to focus on that complexity problem and introduce a further simplifications uh to to the stack yeah Vic you've had a storied career VMware over decades with them uh obviously 12 years for the 14 years or something like that big number co-founder here platform I think it's been around for a while at this game uh we man we'll talk about openstack that project you we interviewed at one of their events so openstack was the beginning of that this new Revolution I remember the early days was it wasn't supposed to be an alternative to Amazon but it was a way to do more cloud cloud native I think we had a Colorado team at that time I mean it's a joke we you know about about the dream it's happening now now at platform nine you guys have been doing this for a while what's the what are you most excited about as the Chief Architect what did you guys double down on what did you guys pivot from or two did you do any pivots did you extend out certain areas because you guys are in a good position right now a lot of DNA in Cloud native um what are you most excited about and what is platform nine bring to the table for customers and for people in the industry watching this yeah so I think our mission really hasn't changed over the years right it's been always about taking complex open source software because open source software it's powerful it solves new problems you know every year and you have new things coming out all the time right openstack was an example within kubernetes took the World by storm but there's always that complexity of you know just configuring it deploying it running it operating it and our mission has always been that we will take all that complexity and just make it you know easy for users to consume regardless of the technology right so the successor to kubernetes you know I don't have a crystal ball but you know you have some indications that people are coming up of new and simpler ways of running applications there are many projects around there who knows what's coming uh next year or the year after that but platform will a Platform 9 will be there and we will you know take the Innovations from the the community we will contribute our own Innovations and make all of those things uh very consumable to customers simpler faster cheaper always a good business model technically to make that happen yeah I think the reigning in the chaos is key you know now we have now visibility into the scale final question before we depart you know this segment um what is that scale how many clusters do you see that would be a high a watermark for an at scale conversation around an Enterprise um is it workloads we're looking at or or clusters how would you yeah how would you describe that and when people try to squint through and evaluate what's a scale what's the at scale kind of threshold yeah and the number of clusters doesn't tell the whole story because clusters can be small in terms of the number of nodes or they can be large but roughly speaking when we say you know large-scale cluster deployments we're talking about um maybe a hundreds uh two thousands yeah and final final question what's the role of the hyperscalers you've got AWS continuing to do well but they got their core I asked they got a pass they're not too too much putting assess out there they have some SAS apps but mostly it's the ecosystem they have marketplaces doing over two billion dollars billions of transactions a year um and and it's just like just sitting there it has really they're now innovating on it but that's going to change ecosystems what's the role the cloud play and the cloud native at scale the the hyperscale yeah Abus Azure Google you mean from a business they have their own interests that you know that they're uh they will keep catering to they they will continue to find ways to lock their users into their ecosystem of uh services and and apis um so I don't think that's going to change right they're just going to keep well they got great uh performance I mean from a from a hardware standpoint yes that's going to be key right yes I think the uh the move from x86 being the dominant away and platform to run workloads is changing right that that that and I think the the hyperscalers really want to be in the game in terms of you know the the new risk and arm ecosystems and platforms yeah that joking aside Paul maritz when he was the CEO of VMware when he took over once said I remember our first year doing the cube the cloud is one big distributed computer it's it's hardware and you've got software and you got middleware and uh he kind of over these kind of tongue-in-cheek but really you're talking about large compute and sets of services that is essentially a distributed computer yes exactly it's we're back in the same game Vic thank you for coming on the segment appreciate your time this is uh Cloud native at scale special presentation with platform nine really unpacking super cloud rlon open source and how to run large-scale applications uh on the cloud cloud native philadelph4 developers and John Furrier with the cube thanks for watching and we'll stay tuned for another great segment coming right up foreign [Music]

>> From every ISV to solve the problems. You want there to be tools in place that you can use, either open source tools or whatever it is that help you build it. And slowly over time, that building will become easier and easier. So my question to you was, where do you see you playing? Do you see yourself playing to ISVs as a set of tools, which will make their life a lot easier and provide that work? >> Absolutely. >> If they don't have, so they don't have to do it. Or you're providing this for the end users? Or both? >> So it's a progression. If you go to the ISVs first, you're doomed to starved before you have time for that other option. >> Yeah. >> Right? So it's a question of phase, the phasing of it. And also if you go directly to end users, you can demonstrate the power of it and get the attention of the ISVs. I believe that the ISVs, especially those with the biggest footprints and the most, you know, coveted estates, they have already made massive investments at trying to solve decentralization of their software stack. And I believe that they have used it as a hook to try to move to a software as a service model and rope people into leasing their infrastructure. So if you look at the clouds that have been propped up by Autodesk or by Adobe, or you name the company, they are building proprietary makeshift solutions for decentralizing or hybrid clouding. Or maybe they're not even doing that at all and all they're is saying hey, if you want to get location agnosticness, then what you should just, is just move into our cloud. >> Right. >> And then they try to solve on the background how to decentralize it between different regions so they can have decent offerings in each region. But those who are more advanced have already made larger investments and will be more averse to, you know, throwing that stuff away, all of their makeshift machinery away, and using a platform that gives them high performance parallel, low level file system access, while at the same time having metadata-driven, you know, policy-based, intent-based orchestration to manage the diffusion of data across a decentralized infrastructure. They are not going to be as open because they've made such an investment and they're going to look at how do they monetize it. So what we have found with like the movie studios who are using us already, many of the app they're using, many of those software offerings, the ISVs have their own cloud that offers that software for the cloud. But what we got when I asked about this, 'cause I was dealt specifically into this question because I'm very interested to know how we're going to make that leap from end user upstream into the ISVs where I believe we need to, and they said, look, we cannot use these software ISV-specific SAS clouds for two reasons. Number one is we lose control of the data. We're giving it to them. That's security and other issues. And here you're talking about we're doing work for Disney, we're doing work for Netflix, and they're not going to let us put our data on those software clouds, on those SAS clouds. Secondly, in any reasonable pipeline, the data is shared by many different applications. We need to be agnostic as to the application. 'Cause the inputs to one application, you know, the output for one application provides the input to the next, and it's not necessarily from the same vendor. So they need to have a data platform that lets them, you know, go from one software stack, and you know, to run it on another. Because they might do the rendering with this and yet, they do the editing with that, and you know, et cetera, et cetera. So I think the further you go up the stack in the structured data and dedicated applications for specific functions in specific verticals, the further up the stack you go, the harder it is to justify a SAS offering where you're basically telling the end users you need to park all your data with us and then you can run your application in our cloud and get this. That ultimately is a dead end path versus having the data be open and available to many applications across this supercloud layer. >> Okay, so-- >> Is that making any sense? >> Yes, so if I could just ask a clarifying question. So, if I had to take Snowflake as an example, I think they're doing exactly what you're saying is a dead end, put everything into our proprietary system and then we'll figure out how to distribute it. >> Yeah. >> And and I think if you're familiar with Zhamak Dehghaniis' data mesh concept. Are you? >> A little bit, yeah. >> But in her model, Snowflake, a Snowflake warehouse is just a node on the mesh and that mesh is-- >> That's right. >> Ultimately the supercloud and you're an enabler of that is what I'm hearing. >> That's right. What they're doing up at the structured level and what they're talking about at the structured level we're doing at the underlying, unstructured level, which by the way has implications for how you implement those distributed database things. In other words, implementing a Snowflake on top of Hammerspace would have made building stuff like in the first place easier. It would allow you to easily shift and run the database engine anywhere. You still have to solve how to shard and distribute at the transaction layer above, so I'm not saying we're a substitute for what you need to do at the app layer. By the way, there is another example of that and that's Microsoft Office, right? It's one thing to share that, to have a file share where you can share all the docs. It's something else to have Word and PowerPoint, Excel know how to allow people to be simultaneously editing the same doc. That's always going to happen in the app layer. But not all applications need that level of, you know, in-app decentralization. You know, many of them, many workflows are pipelined, especially the ones that are very data intensive where you're doing drug discovery or you're doing rendering, or you're doing machine learning training. These things are human in the loop with large stages of processing across tens of thousands of cores. And I think that kind of data processing pipeline is what we're focusing on first. Not so much the Microsoft Office or the Snowflake, you know, parking a relational database because that takes a lot of application layer stuff and that's what they're good at. >> Right. >> But I think... >> Go ahead, sorry. >> Later entrance in these markets will find Hammerspace as a way to accelerate their work so they can focus more narrowly on just the stuff that's app-specific, higher level sharing in the app. >> Yes, Snowflake founders-- >> I think it might be worth mentioning also, just keep this confidential guys, but one of our customers is Blue Origin. And one of the things that we have found is kind of the point of what you're talking about with our customers. They're needing to build this and since it's not commercially available or they don't know where to look for it to be commercially available, they're all building themselves. So this layer is needed. And Blue is just one of the examples of quite a few we're now talking to. And like manufacturing, HPC, research where they're out trying to solve this problem with their own scripting tools and things like that. And I just, I don't know if there's anything you want to add, David, but you know, but there's definitely a demand here and customers are trying to figure out how to solve it beyond what Hammerspace is doing. Like the need is so great that they're just putting developers on trying to do it themselves. >> Well, and you know, Snowflake founders, they didn't have a Hammerspace to lean on. But, one of the things that's interesting about supercloud is we feel as though industry clouds will emerge, that as part of company's digital transformations, they will, you know, every company's a software company, they'll begin to build their own clouds and they will be able to use a Hammerspace to do that. >> A super pass layer. >> Yes. It's really, I don't know if David's speaking, I don't want to speak over him, but we can't hear you. May be going through a bad... >> Well, a regional, regional talks that make that possible. And so they're doing these render farms and editing farms, and it's a cloud-specific to the types of workflows in the median entertainment world. Or clouds specifically to workflows in the chip design world or in the drug and bio and life sciences exploration world. There are large organizations that are kind of a blend of end users, like the Broad, which has their own kind of cloud where they're asking collaborators to come in and work with them. So it starts to even blur who's an end user versus an ISV. >> Yes. >> Right? When you start talking about the massive data is the main gravity is to having lots of people participate. >> Yep, and that's where the value is. And that's where the value is. And this is a megatrend that we see. And so it's really important for us to get to the point of what is and what is not a supercloud and, you know, that's where we're trying to evolve. >> Let's talk about this for a second 'cause I want to, I want to challenge you on something and it's something that I got challenged on and it has led me to thinking differently than I did at first, which Molly can attest to. Okay? So, we have been looking for a way to talk about the concept of cloud of utility computing, run anything anywhere that isn't addressed in today's realization of cloud. 'Cause today's cloud is not run anything anywhere, it's quite the opposite. You park your data in AWS and that's where you run stuff. And you pretty much have to. Same with with Azure. They're using data gravity to keep you captive there, just like the old infrastructure guys did. But now it's even worse because it's coupled back with the software to some degree, as well. And you have to use their storage, networking, and compute. It's not, I mean it fell back to the mainframe era. Anyhow, so I love the concept of supercloud. By the way, I was going to suggest that a better term might be hyper cloud since hyper speaks to the multidimensionality of it and the ability to be in a, you know, be in a different dimension, a different plane of existence kind of thing like hyperspace. But super and hyper are somewhat synonyms. I mean, you have hyper cars and you have super cars and blah, blah, blah. I happen to like hyper maybe also because it ties into the whole Hammerspace notion of a hyper-dimensional, you know, reality, having your data centers connected by a wormhole that is Hammerspace. But regardless, what I got challenged on is calling it something different at all versus simply saying, this is what cloud has always meant to be. This is the true cloud, this is real cloud, this is cloud. And I think back to what happened, you'll remember, at Fusion IO we talked about IO memory and we did that because people had a conceptualization of what an SSD was. And an SSD back then was low capacity, low endurance, made to go military, aerospace where things needed to be rugged but was completely useless in the data center. And we needed people to imagine this thing as being able to displace entire SAND, with the kind of capacity density, performance density, endurance. And so we talked IO memory, we could have said enterprise SSD, and that's what the industry now refers to for that concept. What will people be saying five and 10 years from now? Will they simply say, well this is cloud as it was always meant to be where you are truly able to run anything anywhere and have not only the same APIs, but you're same data available with high performance access, all forms of access, block file and object everywhere. So yeah. And I wonder, and this is just me throwing it out there, I wonder if, well, there's trade offs, right? Giving it a new moniker, supercloud, versus simply talking about how cloud is always intended to be and what it was meant to be, you know, the real cloud or true cloud, there are trade-offs. By putting a name on it and branding it, that lets people talk about it and understand they're talking about something different. But it also is that an affront to people who thought that that's what they already had. >> What's different, what's new? Yes, and so we've given a lot of thought to this. >> Right, it's like you. >> And it's because we've been asked that why does the industry need a new term, and we've tried to address some of that. But some of the inside baseball that we haven't shared is, you remember the Web 2.0, back then? >> Yep. >> Web 2.0 was the same thing. And I remember Tim Burners Lee saying, "Why do we need Web 2.0? "This is what the Web was always supposed to be." But the truth is-- >> I know, that was another perfect-- >> But the truth is it wasn't, number one. Number two, everybody hated the Web 2.0 term. John Furrier was actually in the middle of it all. And then it created this groundswell. So one of the things we wrote about is that supercloud is an evocative term that catalyzes debate and conversation, which is what we like, of course. And maybe that's self-serving. But yeah, HyperCloud, Metacloud, super, meaning, it's funny because super came from Latin supra, above, it was never the superlative. But the superlative was a convenient byproduct that caused a lot of friction and flack, which again, in the media business is like a perfect storm brewing. >> The bad thing to have to, and I think you do need to shake people out of their, the complacency of the limitations that they're used to. And I'll tell you what, the fact that you even have the terms hybrid cloud, multi-cloud, private cloud, edge computing, those are all just referring to the different boundaries that isolate the silo that is the current limited cloud. >> Right. >> So if I heard correctly, what just, in terms of us defining what is and what isn't in supercloud, you would say traditional applications which have to run in a certain place, in a certain cloud can't run anywhere else, would be the stuff that you would not put in as being addressed by supercloud. And over time, you would want to be able to run the data where you want to and in any of those concepts. >> Or even modern apps, right? Or even modern apps that are siloed in SAS within an individual cloud, right? >> So yeah, I guess it's twofold. Number one, if you're going at the high application layers, there's lots of ways that you can give the appearance of anything running anywhere. The ISV, the SAS vendor can engineer stuff to have the ability to serve with low enough latency to different geographies, right? So if you go too high up the stack, it kind of loses its meaning because there's lots of different ways to make due and give the appearance of omni-presence of the service. Okay? As you come down more towards the platform layer, it gets harder and harder to mask the fact that supercloud is something entirely different than just a good regionally-distributed SAS service. So I don't think you, I don't think you can distinguish supercloud if you go too high up the stack because it's just SAS, it's just a good SAS service where the SAS vendor has done the hard work to give you low latency access from different geographic regions. >> Yeah, so this is one of the hardest things, David. >> Common among them. >> Yeah, this is really an important point. This is one of the things I've had the most trouble with is why is this not just SAS? >> So you dilute your message when you go up to the SAS layer. If you were to focus most of this around the super pass layer, the how can you host applications and run them anywhere and not host this, not run a service, not have a service available everywhere. So how can you take any application, even applications that are written, you know, in a traditional legacy data center fashion and be able to run them anywhere and have them have their binaries and their datasets and the runtime environment and the infrastructure to start them and stop them? You know, the jobs, the, what the Kubernetes, the job scheduler? What we're really talking about here, what I think we're really talking about here is building the operating system for a decentralized cloud. What is the operating system, the operating environment for a decentralized cloud? Where you can, and that the main two functions of an operating system or an operating environment are the process scheduler, the thing that's scheduling what is running where and when and so forth, and the file system, right? The thing that's supplying a common view and access to data. So when we talk about this, I think that the strongest argument for supercloud is made when you go down to the platform layer and talk of it, talk about it as an operating environment on which you can run all forms of applications. >> Would you exclude--? >> Not a specific application that's been engineered as a SAS. (audio distortion) >> He'll come back. >> Are you there? >> Yeah, yeah, you just cut out for a minute. >> I lost your last statement when you broke up. >> We heard you, you said that not the specific application. So would you exclude Snowflake from supercloud? >> Frankly, I would. I would. Because, well, and this is kind of hard to do because Snowflake doesn't like to, Frank doesn't like to talk about Snowflake as a SAS service. It has a negative connotation. >> But it is. >> I know, we all know it is. We all know it is and because it is, yes, I would exclude them. >> I think I actually have him on camera. >> There's nothing in common. >> I think I have him on camera or maybe Benoit as saying, "Well, we are a SAS." I think it's Slootman. I think I said to Slootman, "I know you don't like to say you're a SAS." And I think he said, "Well, we are a SAS." >> Because again, if you go to the top of the application stack, there's any number of ways you can give it location agnostic function or you know, regional, local stuff. It's like let's solve the location problem by having me be your one location. How can it be decentralized if you're centralizing on (audio distortion)? >> Well, it's more decentralized than if it's all in one cloud. So let me actually, so the spectrum. So again, in the spirit of what is and what isn't, I think it's safe to say Hammerspace is supercloud. I think there's no debate there, right? Certainly among this crowd. And I think we can all agree that Dell, Dell Storage is not supercloud. Where it gets fuzzy is this Snowflake example or even, how about a, how about a Cohesity that instantiates its stack in different cloud regions in different clouds, and synchronizes, however magic sauce it does that. Is that a supercloud? I mean, so I'm cautious about having too strict of a definition 'cause then only-- >> Fair enough, fair enough. >> But I could use your help and thoughts on that. >> So I think we're talking about two different spectrums here. One is the spectrum of platform to application-specific. As you go up the application stack and it becomes this specific thing. Or you go up to the more and more structured where it's serving a specific application function where it's more of a SAS thing. I think it's harder to call a SAS service a supercloud. And I would argue that the reason there, and what you're lacking in the definition is to talk about it as general purpose. Okay? Now, that said, a data warehouse is general purpose at the structured data level. So you could make the argument for why Snowflake is a supercloud by saying that it is a general purpose platform for doing lots of different things. It's just one at a higher level up at the structured data level. So one spectrum is the high level going from platform to, you know, unstructured data to structured data to very application-specific, right? Like a specific, you know, CAD/CAM mechanical design cloud, like an Autodesk would want to give you their cloud for running, you know, and sharing CAD/CAM designs, doing your CAD/CAM anywhere stuff. Well, the other spectrum is how well does the purported supercloud technology actually live up to allowing you to run anything anywhere with not just the same APIs but with the local presence of data with the exact same runtime environment everywhere, and to be able to correctly manage how to get that runtime environment anywhere. So a Cohesity has some means of running things in different places and some means of coordinating what's where and of serving diff, you know, things in different places. I would argue that it is a very poor approximation of what Hammerspace does in providing the exact same file system with local high performance access everywhere with metadata ability to control where the data is actually instantiated so that you don't have to wait for it to get orchestrated. But even then when you do have to wait for it, it happens automatically and so it's still only a matter of, well, how quick is it? And on the other end of the spectrum is you could look at NetApp with Flexcache and say, "Is that supercloud?" And I would argue, well kind of because it allows you to run things in different places because it's a cache. But you know, it really isn't because it presumes some central silo from which you're cacheing stuff. So, you know, is it or isn't it? Well, it's on a spectrum of exactly how fully is it decoupling a runtime environment from specific locality? And I think a cache doesn't, it stretches a specific silo and makes it have some semblance of similar access in other places. But there's still a very big difference to the central silo, right? You can't turn off that central silo, for example. >> So it comes down to how specific you make the definition. And this is where it gets kind of really interesting. It's like cloud. Does IBM have a cloud? >> Exactly. >> I would say yes. Does it have the kind of quality that you would expect from a hyper-scale cloud? No. Or see if you could say the same thing about-- >> But that's a problem with choosing a name. That's the problem with choosing a name supercloud versus talking about the concept of cloud and how true up you are to that concept. >> For sure. >> Right? Because without getting a name, you don't have to draw, yeah. >> I'd like to explore one particular or bring them together. You made a very interesting observation that from a enterprise point of view, they want to safeguard their store, their data, and they want to make sure that they can have that data running in their own workflows, as well as, as other service providers providing services to them for that data. So, and in in particular, if you go back to, you go back to Snowflake. If Snowflake could provide the ability for you to have your data where you wanted, you were in charge of that, would that make Snowflake a supercloud? >> I'll tell you, in my mind, they would be closer to my conceptualization of supercloud if you can instantiate Snowflake as software on your own infrastructure, and pump your own data to Snowflake that's instantiated on your own infrastructure. The fact that it has to be on their infrastructure or that it's on their, that it's on their account in the cloud, that you're giving them the data and they're, that fundamentally goes against it to me. If they, you know, they would be a pure, a pure plate if they were a software defined thing where you could instantiate Snowflake machinery on the infrastructure of your choice and then put your data into that machinery and get all the benefits of Snowflake. >> So did you see--? >> In other words, if they were not a SAS service, but offered all of the similar benefits of being, you know, if it were a service that you could run on your own infrastructure. >> So did you see what they announced, that--? >> I hope that's making sense. >> It does, did you see what they announced at Dell? They basically announced the ability to take non-native Snowflake data, read it in from an object store on-prem, like a Dell object store. They do the same thing with Pure, read it in, running it in the cloud, and then push it back out. And I was saying to Dell, look, that's fine. Okay, that's interesting. You're taking a materialized view or an extended table, whatever you're doing, wouldn't it be more interesting if you could actually run the query locally with your compute? That would be an extension that would actually get my attention and extend that. >> That is what I'm talking about. That's what I'm talking about. And that's why I'm saying I think Hammerspace is more progressive on that front because with our technology, anybody who can instantiate a service, can make a service. And so I, so MSPs can use Hammerspace as a way to build a super pass layer and host their clients on their infrastructure in a cloud-like fashion. And their clients can have their own private data centers and the MSP or the public clouds, and Hammerspace can be instantiated, get this, by different parties in these different pieces of infrastructure and yet linked together to make a common file system across all of it. >> But this is data mesh. If I were HPE and Dell it's exactly what I'd be doing. I'd be working with Hammerspace to create my own data. I'd work with Databricks, Snowflake, and any other-- >> Data mesh is a good way to put it. Data mesh is a good way to put it. And this is at the lowest level of, you know, the underlying file system that's mountable by the operating system, consumed as a real file system. You can't get lower level than that. That's why this is the foundation for all of the other apps and structured data systems because you need to have a data mesh that can at least mesh the binary blob. >> Okay. >> That hold the binaries and that hold the datasets that those applications are running. >> So David, in the third week of January, we're doing supercloud 2 and I'm trying to convince John Furrier to make it a data slash data mesh edition. I'm slowly getting him to the knothole. I would very much, I mean you're in the Bay Area, I'd very much like you to be one of the headlines. As Zhamak Dehghaniis going to speak, she's the creator of Data Mesh, >> Sure. >> I'd love to have you come into our studio as well, for the live session. If you can't make it, we can pre-record. But you're right there, so I'll get you the dates. >> We'd love to, yeah. No, you can count on it. No, definitely. And you know, we don't typically talk about what we do as Data Mesh. We've been, you know, using global data environment. But, you know, under the covers, that's what the thing is. And so yeah, I think we can frame the discussion like that to line up with other, you know, with the other discussions. >> Yeah, and Data Mesh, of course, is one of those evocative names, but she has come up with some very well defined principles around decentralized data, data as products, self-serve infrastructure, automated governance, and and so forth, which I think your vision plugs right into. And she's brilliant. You'll love meeting her. >> Well, you know, and I think.. Oh, go ahead. Go ahead, Peter. >> Just like to work one other interface which I think is important. How do you see yourself and the open source? You talked about having an operating system. Obviously, Linux is the operating system at one level. How are you imagining that you would interface with cost community as part of this development? >> Well, it's funny you ask 'cause my CTO is the kernel maintainer of the storage networking stack. So how the Linux operating system perceives and consumes networked data at the file system level, the network file system stack is his purview. He owns that, he wrote most of it over the last decade that he's been the maintainer, but he's the gatekeeper of what goes in. And we have leveraged his abilities to enhance Linux to be able to use this decentralized data, in particular with decoupling the control plane driven by metadata from the data access path and the many storage systems on which the data gets accessed. So this factoring, this splitting of control plane from data path, metadata from data, was absolutely necessary to create a data mesh like we're talking about. And to be able to build this supercloud concept. And the highways on which the data runs and the client which knows how to talk to it is all open source. And we have, we've driven the NFS 4.2 spec. The newest NFS spec came from my team. And it was specifically the enhancements needed to be able to build a spanning file system, a data mesh at a file system level. Now that said, our file system itself and our server, our file server, our data orchestration, our data management stuff, that's all closed source, proprietary Hammerspace tech. But the highways on which the mesh connects are actually all open source and the client that knows how to consume it. So we would, honestly, I would welcome competitors using those same highways. They would be at a major disadvantage because we kind of built them, but it would still be very validating and I think only increase the potential adoption rate by more than whatever they might take of the market. So it'd actually be good to split the market with somebody else to come in and share those now super highways for how to mesh data at the file system level, you know, in here. So yeah, hopefully that answered your question. Does that answer the question about how we embrace the open source? >> Right, and there was one other, just that my last one is how do you enable something to run in every environment? And if we take the edge, for example, as being, as an environment which is much very, very compute heavy, but having a lot less capability, how do you do a hold? >> Perfect question. Perfect question. What we do today is a software appliance. We are using a Linux RHEL 8, RHEL 8 equivalent or a CentOS 8, or it's, you know, they're all roughly equivalent. But we have bundled and a software appliance which can be instantiated on bare metal hardware on any type of VM system from VMware to all of the different hypervisors in the Linux world, to even Nutanix and such. So it can run in any virtualized environment and it can run on any cloud instance, server instance in the cloud. And we have it packaged and deployable from the marketplaces within the different clouds. So you can literally spin it up at the click of an API in the cloud on instances in the cloud. So with all of these together, you can basically instantiate a Hammerspace set of machinery that can offer up this file system mesh. like we've been using the terminology we've been using now, anywhere. So it's like being able to take and spin up Snowflake and then just be able to install and run some VMs anywhere you want and boom, now you have a Snowflake service. And by the way, it is so complete that some of our customers, I would argue many aren't even using public clouds at all, they're using this just to run their own data centers in a cloud-like fashion, you know, where they have a data service that can span it all. >> Yeah and to Molly's first point, we would consider that, you know, cloud. Let me put you on the spot. If you had to describe conceptually without a chalkboard what an architectural diagram would look like for supercloud, what would you say? >> I would say it's to have the same runtime environment within every data center and defining that runtime environment as what it takes to schedule the execution of applications, so job scheduling, runtime stuff, and here we're talking Kubernetes, Slurm, other things that do job scheduling. We're talking about having a common way to, you know, instantiate compute resources. So a global compute environment, having a common compute environment where you can instantiate things that need computing. Okay? So that's the first part. And then the second is the data platform where you can have file block and object volumes, and have them available with the same APIs in each of these distributed data centers and have the exact same data omnipresent with the ability to control where the data is from one moment to the next, local, where all the data is instantiate. So my definition would be a common runtime environment that's bifurcate-- >> Oh. (attendees chuckling) We just lost them at the money slide. >> That's part of the magic makes people listen. We keep someone on pin and needles waiting. (attendees chuckling) >> That's good. >> Are you back, David? >> I'm on the edge of my seat. Common runtime environment. It was like... >> And just wait, there's more. >> But see, I'm maybe hyper-focused on the lower level of what it takes to host and run applications. And that's the stuff to schedule what resources they need to run and to get them going and to get them connected through to their persistence, you know, and their data. And to have that data available in all forms and have it be the same data everywhere. On top of that, you could then instantiate applications of different types, including relational databases, and data warehouses and such. And then you could say, now I've got, you know, now I've got these more application-level or structured data-level things. I tend to focus less on that structured data level and the application level and am more focused on what it takes to host any of them generically on that super pass layer. And I'll admit, I'm maybe hyper-focused on the pass layer and I think it's valid to include, you know, higher levels up the stack like the structured data level. But as soon as you go all the way up to like, you know, a very specific SAS service, I don't know that you would call that supercloud. >> Well, and that's the question, is there value? And Marianna Tessel from Intuit said, you know, we looked at it, we did it, and it just, it was actually negative value for us because connecting to all these separate clouds was a real pain in the neck. Didn't bring us any additional-- >> Well that's 'cause they don't have this pass layer underneath it so they can't even shop around, which actually makes it hard to stand up your own SAS service. And ultimately they end up having to build their own infrastructure. Like, you know, I think there's been examples like Netflix moving away from the cloud to their own infrastructure. Basically, if you're going to rent it for more than a few months, it makes sense to build it yourself, if it's at any kind of scale. >> Yeah, for certain components of that cloud. But if the Goldman Sachs came to you, David, and said, "Hey, we want to collaborate and we want to build "out a cloud and essentially build our SAS system "and we want to do that with Hammerspace, "and we want to tap the physical infrastructure "of not only our data centers but all the clouds," then that essentially would be a SAS, would it not? And wouldn't that be a Super SAS or a supercloud? >> Well, you know, what they may be using to build their service is a supercloud, but their service at the end of the day is just a SAS service with global reach. Right? >> Yeah. >> You know, look at, oh shoot. What's the name of the company that does? It has a cloud for doing bookkeeping and accounting. I forget their name, net something. NetSuite. >> NetSuite. NetSuite, yeah, Oracle. >> Yeah. >> Yep. >> Oracle acquired them, right? Is NetSuite a supercloud or is it just a SAS service? You know? I think under the covers you might ask are they using supercloud under the covers so that they can run their SAS service anywhere and be able to shop the venue, get elasticity, get all the benefits of cloud in the, to the benefit of their service that they're offering? But you know, folks who consume the service, they don't care because to them they're just connecting to some endpoint somewhere and they don't have to care. So the further up the stack you go, the more location-agnostic it is inherently anyway. >> And I think it's, paths is really the critical layer. We thought about IAS Plus and we thought about SAS Minus, you know, Heroku and hence, that's why we kind of got caught up and included it. But SAS, I admit, is the hardest one to crack. And so maybe we exclude that as a deployment model. >> That's right, and maybe coming down a level to saying but you can have a structured data supercloud, so you could still include, say, Snowflake. Because what Snowflake is doing is more general purpose. So it's about how general purpose it is. Is it hosting lots of other applications or is it the end application? Right? >> Yeah. >> So I would argue general purpose nature forces you to go further towards platform down-stack. And you really need that general purpose or else there is no real distinguishing. So if you want defensible turf to say supercloud is something different, I think it's important to not try to wrap your arms around SAS in the general sense. >> Yeah, and we've kind of not really gone, leaned hard into SAS, we've just included it as a deployment model, which, given the constraints that you just described for structured data would apply if it's general purpose. So David, super helpful. >> Had it sign. Define the SAS as including the hybrid model hold SAS. >> Yep. >> Okay, so with your permission, I'm going to add you to the list of contributors to the definition. I'm going to add-- >> Absolutely. >> I'm going to add this in. I'll share with Molly. >> Absolutely. >> We'll get on the calendar for the date. >> If Molly can share some specific language that we've been putting in that kind of goes to stuff we've been talking about, so. >> Oh, great. >> I think we can, we can share some written kind of concrete recommendations around this stuff, around the general purpose, nature, the common data thing and yeah. >> Okay. >> Really look forward to it and would be glad to be part of this thing. You said it's in February? >> It's in January, I'll let Molly know. >> Oh, January. >> What the date is. >> Excellent. >> Yeah, third week of January. Third week of January on a Tuesday, whatever that is. So yeah, we would welcome you in. But like I said, if it doesn't work for your schedule, we can prerecord something. But it would be awesome to have you in studio. >> I'm sure with this much notice we'll be able to get something. Let's make sure we have the dates communicated to Molly and she'll get my admin to set it up outside so that we have it. >> I'll get those today to you, Molly. Thank you. >> By the way, I am so, so pleased with being able to work with you guys on this. I think the industry needs it very bad. They need something to break them out of the box of their own mental constraints of what the cloud is versus what it's supposed to be. And obviously, the more we get people to question their reality and what is real, what are we really capable of today that then the more business that we're going to get. So we're excited to lend the hand behind this notion of supercloud and a super pass layer in whatever way we can. >> Awesome. >> Can I ask you whether your platforms include ARM as well as X86? >> So we have not done an ARM port yet. It has been entertained and won't be much of a stretch. >> Yeah, it's just a matter of time. >> Actually, entertained doing it on behalf of NVIDIA, but it will absolutely happen because ARM in the data center I think is a foregone conclusion. Well, it's already there in some cases, but not quite at volume. So definitely will be the case. And I'll tell you where this gets really interesting, discussion for another time, is back to my old friend, the SSD, and having SSDs that have enough brains on them to be part of that fabric. Directly. >> Interesting. Interesting. >> Very interesting. >> Directly attached to ethernet and able to create a data mesh global file system, that's going to be really fascinating. Got to run now. >> All right, hey, thanks you guys. Thanks David, thanks Molly. Great to catch up. Bye-bye. >> Bye >> Talk to you soon.

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching