>> live from Boston, Massachusetts. It's the Cube covering A W s reinforce 2019 brought to you by Amazon Web service is and its ecosystem partners. >> Okay, welcome back. Everyone keeps live coverage here in Boston. Messages of AWS reinforce That's Amazon. Webster's his first inaugural commerce around cloud security on John Kerry with David Lantz. One of the top stories here, the announced being announced here reinforced is the VPC traffic nearing and we wanted to bring in alumni and friend Mike Banner was the VP of marketing at a Vectra who specializes in networking. Welcome to the Q. We go way back. HP networking got a hot start up here so wanted to really bring you in to help unpack this VPC traffic mirroring product is probably medias announcement of everything on stage. That other stuff was general availability of security have which is great great product, Absolutely. And guard guard duty. Well, all this other stuff have it. But the VPC traffic nearing is a killer feature for a lot of reasons, absolutely. But it brings some challenges and some opportunities that might be downstream. I don't get the thoughts on what is your take on the BBC traffic nearing >> a tte. The highest level brings a lot of value because it allows you get visibility and something that's really opaque, which is the traffic within the cloud. And in the past, the way people were solving this was they had to put an agent on the workload, and nobody wants that one. It's hard to manage. You don't want dozens to hundreds or thousands of agents, and also it's going to slow things down. On third, it could be subverted. You get the advanced attacker in there. He knows how to get below that level and operated on in a way where he can hide his communication and and his behavior isn't seen. With traffic nearing that, we're getting a copy of the packet from below. The hyper visor cannot be subverted, and so we're seeing everything, and we're also not slowing down the traffic in the virtual private cloud. So it allows us to extract just the right data for a security application, which is our case, metadata and enrich it with information that's necessary for detecting threats and also of performing an investigation. >> Yeah, it was definitely the announcement that everybody has been talking about has the buzz. So from a from a partner perspective, how do you guys tie into that? What do you do? Was the value that you bring to the customer, >> So the value that we're bringing really stems from what you can do with our platform. There's two things everybody is looking to do with him at the highest level, which is detect threats and respond to threats. On the detection side, we could take the metadata that we've extracted and we've enriched. We're running through machine learning algorithms, and from there we not only get a detection, but we can correlated to the workers we're seeing it on. And so we could present much more of an incident report rather than just a security alert, saying, Hey, something bad happened over there. It's not just something bad happened, but these four bad things happen and they happen in this time sequence over this period of time, and it involved these other work looks. We can give you a sense of what the attack campaign looks like. So you get a sense of like with cancer, such as you have bad cells in your liver, but they've metastasized to these other places. Way also will keep that metadata in something we call cognito recall, which is in AWS. And it has pre built analytics and save searches so that once you get that early warning signal from cognito detect, you know exactly where to start looking for. You can peel back all the unrelated metadata, and you can look specifically at what's happened during the time of that incident. In order, perform your threat investigation and respond rapidly to that threat. >> So you guys do have a lot of machine intelligence. OK, ay, ay chops. How close are we to be able to use that guy to really identify? Detect, but begin to automate responses? We there yet eyes. It's something that people want don't want. >> We're getting close to being there. It's answer your first question, and people are sure that they want it yet. And here's some of the rationale behind it. You know, like we generally say that Aria is pretty smart, but security operations people are still the brains of the operation. There's so much human intelligence, so much contextual knowledge that a security operations person can apply to the threats that we detect. They can look at something and say, Oh, yeah, I see the user account. The service is being turned on from, you know, this particular workload. I know exactly what's happening with that. They add so much value. So we look at what we're doing is augmenting the security operations team. We're reducing their workload by taking all the mundane work and automating that and putting the right details at their fingertips so they could take action. Now there's some things that are highly repeatable that they do like to use playbooks for So we partner with companies like Phantom, which got bought by spunk, and to Mr which Palazzo Networks acquired. They've built some really good playbooks for some of those well defying situations. And there was a couple presentations on the floor that talked about those use >> cases. Fan of fan was pretty good. Solid product was built in the security hub. Suit helps nice product, but I'll get back to the VPC traffic, not smearing. It makes so much sense. It's about time. Yes, Finally they got it done. This make any sense? It wasn't done before, but I gotta ask first with the analytics, you and you said on the Q. Before network doesn't lie, >> the network is no line >> they were doesn't lie with subversion pieces of key piece. It's better be the lowest level possible. That's a great spot for the data. So totally agree. Where do you guys create Valley? Because now that everyone's got available BBC traffic mirroring How do you guys take advantage of that? What's next for you guys is that Where's the differentiation come from? Where's the value go next? >> Yeah, there's really three things that I tend to focus on. One is we enrich the metadata that we're extracting with a lot of important data that makes it. It really accelerates the threat investigation. So things like directionality, things like building a notion of what's the identity of the workload or when you're running us on prem. The device, because I P addresses changed. There's dynamic things in there, so having a sense of of consistency over a period of time is extremely valuable for performing a threat investigation so that information gets put in tow. Recall for the metadata store. If people have a data leak that they wanna have ascended to, whether it's elastic or spawn, Kafka then that is included in what we send to them and Zeke formatting use. Others eat tooling so they're not wasting any money there. And in the second piece is around the way that we build analytics. There's always, ah, a pairing of somebody from security research with the data scientist. This is the security researcher explains the tools, the tactics, the techniques of the attacker. So that way, the data scientist isn't being completely random about what features do they want to find in the network traffic. They're being really specific to what features are gonna actually pair to that tool, tactic and technique. So that way, the efficacy of the algorithm is better. We've been doing this for five plus years, and history speaks for something because some of the learning we've had is all right. In the beginning, there were maybe a couple different supervised techniques to apply. Well, now we're applying those supervised techniques with some deep learning techniques. So that way, the performance of the algorithm is actually 90% more effective than it was five years ago. >> Appreciating with software. Get the data extract the data, which the metadata, Yes, you're doing. Anyway. Now, It's more efficient, correct, low speed, No, no problems with informants in the agents you mentioned earlier. Now it's better data impact the customers. What's the What's the revelation here For the end of the day, your customer and Amazons customers through you? What do they get out of it? What's the benefit to them? >> So it's all about reducing the time to detect in the time to respond. Way had one of our fortune to 50 customers present last week at the Gardener Security Summit. Still on stage. Gentlemen from Parker Hannifin talked about how they had an incident that they got an urgent alert from from Cognito. It told him about an attack campaign. He was immediately alerted the 45 different machines that were sending data to the cloud. He automatically knew about what were the patterns of data, the volume of data. They immediately know exactly what the service is that were being used with in the cloud. They were able to respond to this and get it all under control. Listen 24 hours, but it's because they had the right data at their fingertips to make rapid decisions before there was any risk. You know what they ended up finding was it was actually a new application, but somebody had actually not followed the procedures of the organization that keeps them compliant with so many of their end users. In the end, it's saved tremendous time and money, and if that was a real breach, it would have actually prevented them from losing proprietary information. >> Well, historically, it would take 250 days to even find out that there was a breach, right? And then by then who knows what What's been exfiltrate ID? >> Yeah, we had a couple. We had a couple of firms that run Red team exercises for a living come by and they said, I said to them, Do you know who we are? And they said, Of course we know where you are. There's one tool out there, then finds us. It's victory. That's >> a That's a kind of historical on Prem. So what do you do for on Pramuk? This is all running any ws. Is it cloud only? >> It's actually both, so we know that there's a lot of companies that come here that have never owned a server, and everything's been in AWS from day one and for I t. Exactly. And for them waken run everything. We have the sensor attached to the VPC traffic nearing in AWS. We could have the brain of the cognitive platform in eight of us, you know. So for them they don't need anything on prime. There's a lot of people that are in the lift and shift mode. It can be on Prem and in eight of us, eh? So they can choose where they want the brain. And they could have sensors in both places. And we have people that are coming to this event that their hybrid cloud, they've got I t infrastructure in Azure. But they have production in eight of us and they have stuff that's on Prem. And we could meet that need to because we work with the V Top from Azure and so that we're not religious about that. It's all about giving the right data right place, reducing the time to detective respond, >> Mike, Thanks for coming and sharing the insights on the VP. Your perspective on the vpc traffic mirror appreciated. Give a quick plug for the company. What you guys working on? What's the key focus? You hiring. Just got some big funding news. Take a minute to get the plug in for electric. >> Yeah, So we've gone through several years of consecutive more than doubling in. Not in a recurring revenue. I've been really fortunate to have to be earning a lot of customer business from the largest enterprises in the world. Recently had funding $100,000,000 led by T C V out of Menlo Park. Total capitalization is over to 22 right now on the path to continue that doubling. But, you know, we've been really focusing on moving where the you know already being where the puck is going to by working with Amazon. Advance on the traffic nearing. And, you know, we know that today people are using containers in the V M environment. We know that you know where they want to go. Is more serverless on, you know, leveraging containers more. You know, we're already going in that direction. So >> great to see congratulates we've known each other for many, many years is our 10th anniversary of the Q. You were on year one. Great to know you. And congratulations. Successive victor and great announcement. Amazon gives you a tailwind. >> Thanks a lot. It's great to see your growth as well. Congratulations. >> Thanks, Mike. Mike Banning unpacking the relevance of the VPC traffic mirroring feature. >> This is kind >> of conversation we're having here. Deep conversation around stuff that matters around security and cloud security. Of course, the cubes bring any coverage from the inaugural event it reinforced for me. Ws will be right back after this short break.

(bright upbeat music) >> Hello, everyone, welcome to this special CUBE Conversation. I'm John Furrier here in the Palo Alto studio, a Cube Conversation with Mike Banic, who's the VP of Marketing at Vectra Networks. Big news coming for you guys, you just had a good year, we love security and I want to drive a good conversation with you because you're in the front lines, you're seeing all the trends. You guys have been doing very well with AI for cyber, you're also impacting IT operations because security is certainly forcing modernization in the IT world, using data, just really interesting stuff. But hacking is the number one threat problem. What's the security trends, Mike, what are you seeing and what's happening? There's a ton of stuff happening, we're seeing ransomware, a bunch of stuff going on across the board, spearfishing to you name it. It's at a rampant pace; no perimeter anymore, a whole new ballgame. You know networking, you know the perimeter, now you're in the cloud, what are the trends? >> I think one of the things that a lot of people aren't paying enough attention to is the fact that all the systems they have in place are looking for exploits. They're looking for the use of malware, and there's a lot of attacks that actually don't use malware. There may be malware that's used for a specific exploit in the beginning to start it, but the smart attacker now, they sit and they lay low. They watch how your enterprise operates. They look at the tools that you use, and they steal credentials, and then they start to use those tools against the business to steal information or to do damage. And that's something you won't catch if you're using tools that are specifically looking for malware. And that's where using AI to look for explicit attacker behaviors becomes so useful. The other thing is that attackers are on the inside for much longer than people think. We look at M-Trends data from last year that says that the average amount of time that an attacker has gone unmitigated before it's discovered is 99 days. It's actually much longer than that. Those are just the attacks that are reported and those are just the attacks that we have data on. We've seen it actually run much longer than that. And we also know that an attacker can get admin credentials in three days or less. As soon as they get those, they have the keys to the kingdom. >> Yeah, and you mention hacker groups involved. It's lucrative, it's a whole business, we've seen that. >> Mike: It's a supply chain. >> It's a really big racket. Now, networking is interesting because footprints can be left on the network. So you've got encryption, oh, it's encrypted, but you can still get around the encryption. Talk about how you guys do it. How do you guys see the patterns? With encryption out there, you guys have the network footprints, what's the secret sauce, what's the formula? >> So what we're doing to detect this is we're looking at network metadata. We're not performing deep packet inspection. Deep packet inspection is the approach that a firewall uses or traditional intrusion detection and prevention platforms use. So what we're doing, we're collecting metadata, we're collecting log information, we're collecting cloud events, and we're using all that in our mix of analytics. What we're looking for are the behavioral patterns. So, I'll give you a really tangible example. Let's say you're the attacker, John, and you've got control of my computer, and you've got fingers on the keyboard. So you're using a RAT, a Remote Access Trojan. The way that I'm going to use advanced analytics or AI to detect that is I'm going to look at, first, the fact that my machine's opened a connection to an external IP address. That's your machine. I'm going to look for random silences, those are the pauses in the conversation. If I'm just web browsing, then my machine's going to interrupt all those random pauses 'cause I'm moving from page to page, site to site. If your IP address is always interrupting them, then you're in control of the conversation. Anybody in IT should care when an internal host is being controlled by an external host. I didn't have to read any of the web browsing traffic, any of the email traffic, the app traffic, in order to do that. I did that principally by analyzing network metadata. >> So this is unspoofable, either, because the network doesn't lie. >> That's correct. >> Because the packets have to move around. >> That's correct. The attacker has to perform certain things. There's no way for them to erase them. And there's a group of companies that tried to apply analytics to logs, and here's the problem they have. If the smart attacker knows that logs are sent in batches, it's like when somebody breaks into your house. They know they have about 45 seconds to get the alarm code right. They know that they have a certain amount of time before the batch of logs is sent up. So if they have admin access, they'll erase the footprint of what they've done on your machine, and there's no logs. If there's no body, there's no murder. >> Yeah, I've done a few ventures in my day that have been first movers and usually the first movers take the arrows in the back. One of my relatives says, if this is such a great idea, why hasn't someone else done it? So, the question for you guys is it's so obvious that now that you explain it that way that it's a great way to do it. Why hasn't someone else done it? Is it the timing, is it the founding team, is it the approach? I mean a lot of people are in network; you've got Cisco, you've got a zillion networking people. Why hasn't anyone else done this? >> There's a couple of things that come to mind right away. The first is that people who are in this business already, that want to take advantage of AI, it's really difficult to add it to an existing platform. You really have to start from scratch. And then the second is what you said about the approach. The approach that we've taken is very different than others. So there are people in this business that claim they're doing AI and they fall into one end of the spectrum or the other. They either have this big group of security researchers and they've hired a couple of data science guys and they're trying to solve this problem. Or they have a big data science team and they've got a couple of security researchers. We've taken an approach that's in the middle. Whenever we develop an algorithm, we take a security researcher who has a really strong experience or background in the attacker behavior we're trying to detect. And we pair them with somebody in data science who has expertise in the techniques that are going to be best used to detect that. We pair them up; the data scientist looks at the features that they can find in the network. The features I mentioned before, internal IP to external random silences, they determine what those are, they build the algorithm, and then they run it. Then we put it into precursor mode, just like Hitesh's Tesla has precursor stuff running as he's driving up and down the freeway, we do the same thing with our customers. And then once we see that the efficacy is really high, we release that into production. >> So it's a combination of timing and the management team's unique problem space that they addressed, and combined with people and data and software. >> Yes. >> You're kind of blending them all together, so it's a new approach. >> It is very much a new approach, and one following the approach that people have taken before. They go in one of those other two directions. >> I mean if you're a hammer, everything looks like a nail. So Cisco sees everything they do their way, maybe an application developer might take a different approach. So, I buy that, so timing's good. What makes you guys different, what makes you guys think you could be successful? Because, you know, I hear this all the time. Amazon's out there, Amazon could just copy it, you always hear those arguments. How do you guys answer that question; manageability, what's the protection? >> I think first we've taken an approach that gives us a unique capability that is succeeding against others who are really explicitly trying to solve the cyber security problem. I think the other is that we've been very open-minded about not taking just one approach in a field like data science. We don't just use supervised machine learning, unsupervised. We don't just use neural networks. We use whatever tool is best to solve the problem. The other is, we're not religious about where the product gets deployed. We look at protecting cloud workloads, enterprise private cloud workloads. We look at traditional data centers, users, IoT devices, so we're looking at the threat landscape in a very holistic way. Many of the others out there have a very specific focus as they start, and I think our breadth and our approach is serving us well. >> The whole value proposition in business models tends to change in these new value utilities, if you will, like the clouds create. I mean Amazon's successful because they never look in the rear view mirror, they just continue to push forward. Sounds like you guys have that same approach, just keep moving the needle with more people, more data, more software. >> Yeah, relentless, it's day one. It's always day one, just like Jeff says. >> Alright so you guys are doing good, where do you guys do well, and specifically talk about this malware that was hacking computers and doing money on Bitcoin. Big story that's been in the news lately, a couple of weeks ago, but still it's important. Malware being used for not only hacking your cash, using your machine to generate Bitcoin. >> That's correct. So we have a set of algorithms that look for things we call botnet monetization behaviors. And Bitcoin mining is one of them. So, if somebody is mining Bitcoin on your computer they're not really stealing from you, they're just stealing compute cycles to mine Bitcoin. Finding this stuff is actually really important because the attack landscape can quickly pivot on you. I mentioned before that cyber attackers, it's a supply chain. If your machine is latched to a botnet and it's performing Bitcoin mining and the price of Bitcoin falls, the person who owns that botnet might say, screw Bitcoin mining, I'm going to sell all my bot machines to whoever the highest bidder is. Somebody finds out you work for a really interesting company and they want to steal data from you, they're going to buy that IP address, they're going to buy your machine, and they're going to start to launch a direct attack. We've actually seen that scenario in enterprises, and been able to alert the team in real time so they can stop it. And it's the AI that's doing this, it's a not a human that has to take an action. And that's the thing that's really cool in terms of helping us win. We see a lot of customers run red team exercises in parallel with an evaluation, and that red team is designed to explicitly challenge the blue team. It's not a pen test. A pen test is all about trying to see whether the hacker can break in. A red team, they actually give the attackers access to a computer on the inside and then they say, "You've got to steal this trophy." They give them a flag to steal. >> Capture the flag. >> Capture the flag! And the goal of the blue team is to defend it. What we've seen over and over again in these evals is that AI is able to detect those behaviors of the red team in real time fast enough for them to stop them, so the data isn't stolen. It becomes evidence that if we had this tool every day then we're a lot better off than we were before. >> So you guys aren't just looking for known patterns and mapping policy to some script. You guys are losing data in real time, inferring network behavior to look for anomalies. >> Exactly. I'll give you a great example. Last year when there was ransomware, the NotPetya attack. The thing that was interesting about that is it spread like a worm. We hadn't seen a worm since Confecker and that was 10 years ago. The interesting thing is we built an algorithm to detect worm-like behavior based on what we had seen 10 years ago with Confecker. It detected the spread of NotPetya. It's because we're looking for behavior and not the... >> The payload. >> The malware, not the payload, we're able to find it, even if it's a brand new attack vector like NotPetya. And that's the cool thing, 'cause the old style was, let me look for the precise definition of the malware or the exploit or the reputation list. >> And I personally believe we've reported on theCUBE that the cloud computing and distributed computing and even decentralized computing, for that matter, encourages more packet movement. More packet movement gives you more data. >> That's correct. >> So it's a great approach. Congratulations, Mike, on your success. Looking forward to seeing what you guys do this year. Keep in touch. Security, obviously, is top of mind. We care about that at theCUBE. Cyber warfare is number one problem in America. It's the number one problem for enterprises, government, and users. Spearfishing, malware, you name it, it's out there, we've all been hacked and we probably don't even know it. It's theCUBE hackin' the data here inside the studio, I'm John Furrier and thanks for watching. (bright music)

(triumphant music) >> Hello and welcome to a special CUBE Conversation, exclusive content here in Palo Alto Studios, I'm John Furrier, the co-founder of SiliconANGLE Media, and cohost of theCUBE. We have exclusive news with Vectra Networks announcing new funding, new R and D facility. I'm here with the president and CEO, Hitesh Sheth, who's the president and CEO. Welcome to theCUBE Conversation, congratulations. >> Thank you John. glad to be here. >> So you've got some big news. >> Vectra Networks, you guys doing some pretty cool stuff with AI and cyber. >> Correct. >> But it's not just software, it's really kind of changing the game with IT operations, the entire Cloud movement, DevOps automations, all impacting the enterprise. >> Hitesh: Yes. >> And other companies. >> Hitesh: Yes. >> Before we dig into some of the exclusive news you guys have, take a minute to talk about, what is Vectra? What is Vectra Networks? >> Maybe it'd be useful to give you context of the way we see the security industry evolving. And if you think about the last 20 years, and if you were to speak to the security person in an enterprise, their primary concern would be around access banishment, who gets in, who gets out. The firewall industry was born to solve this problem. And you know, in many ways its been a gift that's kept on giving. You know, you've got companies with multi-billion dollar evaluations, Palo Alto, Checkpoint, Fortinet, you know, piece of Cisco, etc, right? There's roughly about 40 billion dollars on the market cap sitting in this industry today. Now, if you go back to the same enterprise today, and you look at the next 5-10 years and you ask them, "What is the number one issue that you care about?" Right? It's no longer who's getting in and out from an access policy standpoint, it's all about threat, management, and mitigation. So, the threat's signal is now the most important commodity inside the enterprise and the pervasive challenge for the customer, the enterprise customer, is, "How do I get my hands on this threat's signal in the most efficient way possible?" And we, at Vectra, are all about automating and helping our customers hunt for advanced cyber attacks using artificial intelligence. >> Where did you get the idea of AI's automation? I've always said in theCUBE, "Oh, AI's a bunch of b.s. Because real true AI is there. But again, AI is really kind of growing out of machine learning. >> Hitesh: Right >> Automating, and so this kind of loose definition but certainly is very sexy right now. People love AI. >> Hitesh: Correct. >> I mean, AI is awesome. But at a practical matter, it seems to be very important for good things, also for the enterprise, where'd you get the idea for using AI for cyber? >> Well, you know, I would go back to in my journey intersection with the notion of using AI for cyber security, Back in about 2010, there are major cyber events reported in the press. At that time, I was in the networking sector and in the networking sector, we all looked at it and said, "You know, we can do something about this," and being good networking company is, we thought we would build chips that would do DPI and do packet inspection. It was, too be blunt, old school thinking, okay? Fast forward to 2012 and I was sitting with Vinod Khosla of Khosla ventures and we were talking about the notion of security. How can you transform security dramatically >> Mhmm. >> Hitesh: And this is when we started talking about using artificial intelligence. It was very nascent and frankly, if you went up and down Sand Hill at that time, you know, most of the venture companies would have- and they did, because we were raising money at the time, they would look at us and said, "You guys are nuts. This is just not going to happen." You know, it's very experimental, it would take forever to come to pass. But that's usually the best time to go and build a new business and take a risk, right? And we said, you know what, AI has matured enough. >> By the way, at that time, they were also poo-pooing the Cloud. >> Absolutely. >> Amazon will be nothing. >> Yeah, exactly. Generally, a good time, a good time to go and do something revolutionary. But, here are the other things to know. Not only had the technology around AI and its applicability had advanced enough, but two other things have happened at the same time. The cost of compute had changed dramatically. The cost of storage had changed dramatically. And ultimately, if AI is going to be efficient, not only is the software got to be good, but the computer's got to be valid as well. Storage got to be valid as well. These three things were really coming together on their timeframe. >> Well, what's interesting, let's dig into that for a second because knowing what the scene was with networking at the time, you said, "old thinking," but the state of the art, you know, In the 90's and 2000's was, hardware got advanced, so you had wire speed capability. So, you can do some cool things like, you know, like still move through the network and do some inspection. >> Hitesh: Correct. >> And you said DPACK is recommended But that's the concept of looking at the data. >> Hitesh: That's correct. >> John: So, okay, now they might have been narrow view so now you take it back >> Hitesh: Yes. >> With AI, am I getting it right? You're thinking of zooming out saying, okay, >> Hitesh: A couple of things. >> You find that notion of inspection of data >> Right. >> With more storage, more compute >> But it comes down to also, you know, what data are you looking at, right? When you had wire spec in booties, you would apply your classic signature based approaches. So you could deal with known attacks, right? What is really happening, like 2011-2012 onwards is, the attack landscape is more stored dramatically. It changes so fast that the approach of just dealing with the known was never going to be enough. >> Yeah. >> So, how do you deal with the unknown? You need software that can learn. You need software that can adapt on the fly. And this is where machine learning comes into play. >> You got to assume everyone's a bad actor at that point. >> You got to assume everybody has been infiltrated in some way or fashion. >> Well, the Cloud, certainly, you guys were on the front end, kind of probably thought we're crazy with other VC's, you mentioned that. But at the time, I do remember when Cloud was kind of looked at as just nonsense. >> Yeah >> But if you then go look at what that impact has been, you're in the right side of history, congratulations,. What really happened? When was the C change? You mentioned 2012, was that because of the overall threat landscape change? Was that because of open source? Was that because of new state sponsored threats? >> Hitesh: Yeah. A couple things. >> What was the key flash point? >> Hitesh: A couple of things. We saw, at the time, that there was an emerging class of threats in the marketplace being sponsored by either state actors but we also saw that there was significant funding going into creating organized entities that were going to go and hack large enterprises. >> John: Not state sponsored directly, state sponsored, kind of, you know, >> On the side. >> Yeah, on the side. >> Let's call them, "For Profit Entities," okay? >> Sounds like Equifax to me. (laughter) >> That's a good point. And we saw that happening. Trend two was, there were enough public on the record, hacks are getting reported, right? Sony would be a really good example at the time. But just as fundamentally, it's not just enough that there's a market. The technology has got to be sufficiently ready to be transformative, and this is the whole point around what we saw in compute and storage and the fact that there was enough advancement in the machine learning itself that it was worth taking a risk and experimenting to see what's going to happen. And in our journey, I can tell you, it took us about 18 months, really, to kind of tune what we were doing because we tried and we failed for 18 months before we kind of came to an answer that was actually going to gel and work for the customers. >> And what's interesting is having a pattern oriented to look for the unknown >> Hitesh: Yeah >> Because it's, you know, in the old days was, "Hey, here's a bunch of threats, look for'em and be prepared to deploy." Here, you got to deal with a couple of the unknown potentially attack. But also I would say that we've observed the surface areas increased. So, you mention Checkpoint in these firewalls. >> Hitesh: Yes. Absolutely. >> Those are perimeter based security models. So you got a perimeter based environment. >> Hitesh: Correct. >> Everyday. >> Hitesh: And you got IOT. >> IOT. So it's a hacker's dream. >> It's absolutely. The way I like to think about it is you got an end by end probatational issue. You got an infinite possible, if you're a hacker, you're absolutely right, it's Nirvana. You've got endless opportunities to break into the enterprise today. It's just going to get better. It's absolutely going to get better for them. >> John: Well, let's get to the hard news. You guys have an announcement. You've got new funding >> Hitesh: Yeah. >> And an R and D facility, in your words, what is the announcement? Share the data. >> We're really excited to announced that we have raised closed a round of 36 million dollars, Series D funding, it's being led by Atlantic Bridge, they are a growth fund, and they've got significant European roots, and in addition to Atlantic Bridge, we're bringing on board two new investors, two additional investors. The Ireland's Strategic Investment Fund, number one, effectively the sovereign fund of Ireland, and then secondly, Nissho Electronics of Japan. This is going to bring our double funding to 123 millions dollars, today. What we're going to be using this funds for is to find things with. One is the classic expansion of sales and marketing. I think we've had very significance success in our business. From 2016 to 2017, our business grew 181% year end year, subscription based, all subscription revenue. So, we're going to use this, this new fuel, to drive business growth, but just as important, we're going to drive our needs growth significantly. And as part of this new funding, we are opening up a brand new R & D center in Dublin, Ireland. This is our fourth R & D center. We've got one here in San Jose, California. We've got one in Austin, Texas, Cambridge, Massachusetts, and so this is number four. >> John: So, you hired some really smart people. How many engineers do you guys have? >> So, we are about a 140% company, roughly half the company is in R and D. >> I see a lot of engineering going on and you need it, too. So let's talk about competitors. Darktrace is out there, heavily funded companies, >> Hitesh: Yes. >> Their competitor, how do you compare against the competition and why do you think you'll be winning? >> I can tell you, statistically, whether it is Darktrace or we run into barcoding with Cisco as well. We win into large enterprise. We win 90% of the time. [Overlapping Conversation] >> It's actually correct. And I'll describe to you why is it that we win. We look at people like Darktrace and there are other smaller players in the marketplace as well And I'll tell you one thing fundamentally true about the competitive landscape and that differentiates us. AI is on everybody's lips nowadays, right? As you pointed out. But what is generally true for most companies doing AI and I think this is true for our competition as well, it tends to be human augmented AI. It's not really AI, right? This is sort of like the Wizard of Oz, you know, somebody behind the curtain actually doing the work and that ultimately does not deliver the promise of AI and automation to the customer. The one thing we have been very - >> John: They're using AI to cover up essentially manual business models for all people added, is that what you're saying? >> Hitesh: That's correct. Effectively, it's still people oriented answer for the customer and if AI is really true, then automation has got to be the forefront and if automation is really going to be true, then the user experience of the software has got to be second to none >> John: So, I know Mike Lynch is on the board of that company, Darktrace, he was indicted or charged with fraud to front for HP for billions of dollars. So, is he involved? Is he a figurehead? How does he relate to that? >> I think you should talk to Mike. You should put him in this chair and have this conversation. I recommend it, that would be great. >> John: I don't think he'd come on. >> But my understanding is that he has a very heavy hand in the reign of Darktrace. Darktrace, if you go to their website, so this is all public data, if you look at their management chain, this is all Autonomy people. What that means, respect to how Autonomy was running and how Vectra is being run, is for them to speak about, what I can tell you is that, when we meet them competitively, we meet other competitors. >> John: I mean, if I'm a customer, I would have a lot of fear and certainty in doubt to work with an Autonomy led because they had such a head fake with the HP deal and how they handled that software and just software stack wasn't that great either. So, I mean, I would be concerned about that. [Overlapping Discussion] >> History may be repeating itself. >> Okay, so you won't answer the question. Okay, well, let's get back to Vectra. Some interesting, notable things I discovered was, you guys had been observing what's been reported in the press with the Olympics. >> Hitesh: Correct. >> You have information and insight on what's going on with the Olympics. Apparently, they were hacked. Obviously, it's in Korea, so it's Asia, there's no DNS that doesn't have certificates that have been hacked or whatever so, I mean, what's going on in South Korea with the Olympics? What's the impact? What's the data? >> Hitesh: Well, I'm going to think, what is really remarkable is that, despite the history of different kinds of attacks, Equifax, what have you, nation state events, political elections getting impacted and so forth, once again, a very public event. We have had a massive breach and they've been able to infiltrate their systems and the remarkable thing is they- >> John: There's proof on this? >> There's proof on this. This is in the press. There's no secret data in our part, which is, this very much out there, in the public arena, they have been sitting in the infrastructure of the Olympics, in Korea, for months and the remarkable thing is, why were they able to get in? Well, I can tell you, I'm pretty sure that the approach to security that these people took is no different than the approach of security most enterprises take. Right? The thing that should really concern us all is that they chose to attack, they chose to infiltrate, but they actually paused before really fundamentally damaging the infrastructure. It goes to show you that they are demonstrating control. I can come in. I can do what I want for as long as I want. I can stop when I want. >> John: They were undetected. >> They were undetected. Absolutely. >> John: And they realized that these attacks reflected that. >> Absolutely. And given the fact there seems to be a recent trend of going after public events, we have many other such public events coming to bear. >> How would you guys have helped? >> The way we would help them, most fundamentally is that, look, here's the fundamental reality, there are, as we've discussed just a second ago, there are infinite options as to break in, into the infrastructure, but once you're in, right? For people like you and I, who are networking people, you're on our turf and the things you can do inside the network are actually very visible. They're very visible, right? It's like somebody breaking through your door, once they get in, their footprints are everywhere, right? And if you had the ability to get your hands on those footprints, right? You can actually contain the attack at- as close to real time as possible, before any real damage is done. >> But then we're going to see where the action is, no doubt about it, you can actually roll that data up and that's where the computer- >> And then you could apply machine learning. You can extract the data, look at the network, extract the right data out of it, apply machine learning or AI and you can get your hands on the attack well before it does any real damage. >> John: And so to your point, if I get this right, if I hear ya properly, computers are much stronger now. >> Hitesh: Correct. >> And with software and AI techniques, you can move on this data quickly. >> Hitesh: Correct. But you have got to, you've got to have a fundamental mindset shift, which is, "I'm not in the business of stopping attacks anymore, I should try, but I recognize I will be breached every single time. So, then, I better have the mechanisms and the means to catch the attack once it's in my environment." And that mindset shift is not pervasive. I am 1,000% sure at the Olympics that people designed the security search have said, "We can stop this stuff, don't worry about it." You had that taught differently that would not be in this position today. >> This is the problem. In all society, whether it's a shooting at a school or Olympic hack event, the role of data is super critical. That's the focus, thanks for coming on and sharing the exclusive news at theCUBE with exclusive coverage of the breaking news of the new round of funding for Vectra Networks. I'm John Furrier. Thanks for watching. >> Hitesh: Thank you, John. (triumphant music)

>> Announcer: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a CUBE conversation. >> As you may recall, coming into the second part of 2019 we reported, based on ETR Survey data, that there was a narrowing of spending on emerging tech and an unplugging of a lot of legacy systems. This was really because people were going from experimentation into operationalizing their digital initiatives. When COVID hit, conventional wisdom suggested that there would be a flight to safety. Now, interestingly, we reported with Eric Bradley, based on one of the Venns, that a lot of CIOs were still experimenting with emerging vendors. But this was very anecdotal. Today, we have more data, fresh data, from the ETR Emerging Technology Study on private companies, which really does suggest that there's a notable decline in experimentation, and that's affecting emerging technology vendors. Hi, everybody, this is Dave Vellante, and welcome to this week's Wikibon Cube Insights, powered by ETR. Once again, Sagar Kadakia is joining us. Sagar is the Director of Research at ETR. Sagar, good to see you. Thanks for coming on. >> Good to see you again. Thanks for having me, Dave. >> So, it's really important to point out, this Emerging Tech Study that you guys do, it's different from your quarterly Technology Spending Intention Survey. Take us through the methodology. Guys, maybe you could bring up the first chart. And, Sagar, walk us through how you guys approach this. >> No problem. So, a lot of the viewers are used to seeing a lot of the results from the Technology Spending Intention Survey, or the TSIS, as we call it. That study, as the title says, it really tracks spending intentions on more pervasive vendors, right, Microsoft, AWS, as an example. What we're going to look at today is our Emerging Technology Study, which we conduct biannually, in May and November. This study is a little bit different. We ask CIOs around evaluations, awareness, planned evaluations, so think of this as pre-spend, right. So that's a major differentiator from the TSIS. That, and this study, really focuses on private emerging providers. We're really only focused on those really emerging private companies, say, like your Series B to Series G or H, whatever it may be, so, two big differences within those studies. And then today what we're really going to look at is the results from the Emerging Technology Study. Just a couple of quick things here. We had 811 CIOs participate, which represents about 380 billion in annual IT spend, so the results from this study matter. We had almost 75 Fortune 100s take it. So, again, we're really measuring how private emerging providers are doing in the largest organizations. And so today we're going to be reviewing notable sectors, but largely this survey tracks roughly 356 private technologies and frameworks. >> All right, guys, bring up the pie chart, the next slide. Now, Sagar, this is sort of a snapshot here, and it basically says that 44% of CIOs agree that COVID has decreased the organization's evaluation and utilization of emerging tech, despite what I mentioned, Eric Bradley's Venn, which suggested one CIO in particular said, "Hey, I always pick somebody in the lower left "of the magic quadrant." But, again, this is a static view. I know we have some other data, but take us through this, and how this compares to other surveys that you've done. >> No problem. So let's start with the high level takeaways. And I'll actually kind of get into to the point that Eric was debating, 'cause that point is true. It's just really how you kind of slice and dice the data to get to that. So, what you're looking at here, and what the overall takeaway from the Emerging Technology Study was, is, you know, you are going to see notable declines in POCs, of proof-of-concepts, any valuations because of COVID-19. Even though we had been communicating for quite some time, you know, the last few months, that there's increasing pressure for companies to further digitize with COVID-19, there are IT budget constraints. There is a huge pivot in IT resources towards supporting remote employees, a decrease in risk tolerance, and so that's why what you're seeing here is a rather notable number of CIOs, 44%, that said that they are decreasing their organization's evaluation and utilization of private emerging providers. So that is notable. >> Now, as you pointed out, you guys run this survey a couple of times a year. So now let's look at the time series. Guys, if you bring up the next chart. We can see how the sentiment has changed since last year. And, of course, we're isolating here on some of larger companies. So, take us through what this data means. >> No problem. So, how do we quantify what we just saw in the prior slide? We saw 44% of CIOs indicating that they are going to be decreasing their evaluations. But what exactly does that mean? We can pretty much determine that by looking at a lot of the data that we captured through our Emerging Technology Study. There's a lot going on in this slide, but I'll walk you through it. What you're looking at here is Fortune 1000 organizations, so we've really isolated the data to those organizations that matter. So, let's start with the teal, kind of green line first, because I think it's a little bit easier to understand. What you're looking at, Fortune 1000 evaluations, both planned and current, okay? And you're looking at a time series, one year ago and six months ago. So, two of the answer options that we provide CIOs in this survey, right, think about the survey as a grid, where you have seven answer options going horizontally, and then 300-plus vendors and technologies going vertically. For any given vendor, they can essentially indicate one of these options, two of them being on currently evaluating them or I plan to evaluate them in six months. So what you're looking at here is effectively the aggregate number, or the average number of Fortune 1000 evaluations. So if you look into May 2019, all the way on the left of that chart, that 24% roughly means that a quarter of selections made by Fortune 1000 of the survey, they selected plan to evaluate or currently evaluating. If you fast-forward six months, to the middle of the chart, November '19, it's roughly the same, one in four technologies that are Fortune 1000 selected, they indicated that I plan or am currently evaluating them. But now look at that big drop off going into May 2020, the 17%, right? So now one out of every six technologies, or one out of every selections that they made was an evaluation. So a very notable drop. And then if you look at the blue line, this is another answer option that we provided CIOs: I'm aware of the technology but I have no plans to evaluate. So this answer option essentially tracks awareness levels. If you look at the last six months, look at that big uptick from 44% to over 50%, right? So now, essentially one out of every two technologies, or private technologies that a CIO is aware of, they have no plans to evaluate. So this is going to have an impact on the general landscape, when we think about those private emerging providers. But there is one caveat, and, Dave, this is what you mentioned earlier, this is what Eric was talking about. The providers that are doing well are the ones that are work-from-home aligned. And so, just like a few years ago, we were really analyzing results based on are you cloud-native or are you Cloud-aligned, because those technologies are going to do the best, what we're seeing in the emerging space is now the same thing. Those emerging providers that enable organizations to maintain productivity for their employees, essentially allowing their employees to work remotely, those emerging providers are still doing well. And that is probably the second biggest takeaway from this study. >> So now what we're seeing here is this flight to perceive safety, which, to your point, Sagar, doesn't necessarily mean good news for all enterprise tech vendors, but certainly for those that are positioned for the work-from-home pivot. So now let's take a look at a couple of sectors. We'll start with information security. We've reported for years about how the perimeter's been broken down, and that more spend was going to shift from inside the moat to a distributed network, and that's clearly what's happened as a result of COVID. Guys, if you bring up the next chart. Sagar, you take us through this. >> No problem. And as you imagine, I think that the big theme here is zero trust. So, a couple of things here. And let me just explain this chart a little bit, because we're going to be going through a couple of these. What you're seeing on the X-axis here, is this is effectively what we're classifying as near term growth opportunity from all customers. The way we measure that effectively is we look at all the evaluations, current evaluations, planned evaluations, we look at people who are evaluated and plan to utilize these vendors. The more indications you get on that the more to the top right you're going to be. The more indications you get around I'm aware of but I don't plan to evaluate, or I'm replacing this early-stage vendor, the further down and on the left you're going to be. So, on the X-axis you have near term growth opportunity from all customers, and on the Y-axis you have near term growth opportunity from, really, the biggest shops in the world, your Global 2000, your Forbes Private 225, like Cargill, as an example, and then, of course, your federal agencies. So you really want to be positioned up and to the right here. So, the big takeaway here is zero trust. So, just a couple of things on this slide when we think about zero trust. As organizations accelerate their Cloud and Saas spend because of COVID-19, and, you know, what we were talking about earlier, Dave, remote work becomes the new normal, that perimeter security approach is losing appeal, because the perimeter's less defined, right? Apps and data are increasingly being stored in the Cloud. That, and employees are working remotely from everywhere, and they're accessing all of these items. And so what we're seeing now is a big move into zero trust. So, if we look at that chart again, what you're going to see in that upper right quadrant are a lot of identity and access management players. And look at the bifurcation in general. This is what we were talking about earlier in terms of the landscape not doing well. Most security vendors are in that red area, you know, in the middle to the bottom. But if you look at the top right, what are you seeing here? Unify ID, Auth0, WSO2, right, all identity and access management players. These are critical in your zero trust approach, and this is one of the few area where we are seeing upticks. You also see here BitSight, Lucideus. So that's going to be security assessment. You're seeing VECTRA and Netskope and Darktrace, and a few others here. And Cloud Security and IDPS, Intrusion Detection and Prevention System. So, very few sectors are seeing an uptick, very few security sectors actually look pretty good, based on opportunities that are coming. But, essentially, all of them are in that work-from-home aligned security stack, so to speak. >> Right, and of course, as we know, as we've been reporting, buyers have options, from both established companies and these emerging companies that are public, Okta, CrowdStrike, Zscaler. We've seen the work-from-home pivot benefit those guys, but even Palo Alto Networks, even CISCO, I asked (other speaker drowns out speech) last week, I said, "Hey, what about this pivot to work from home? "What about this zero trust?" And he said, "Look, the reality is, yes, "a big part of our portfolio is exposed "to that traditional infrastructure, "but we have options for zero trust as well." So, from a buyer's standpoint, that perceived flight to safety, you have a lot of established vendors, and that clearly is showing up in your data. Now, the other sector that we want to talk about is database. We've been reporting a lot on database, data warehouse. So, why don't you take us through the next graphic here, if you would. >> Sagar: No problem. So, our theme here is that Snowflake is really separating itself from the pack, and, again, you can see that here. Private database and data warehousing vendors really continue to impact a lot of their public peers, and Snowflake is leading the way. We expect Snowflake to gain momentum in the next few years. And, look, there's some rumors that IPOing soon. And so when we think about that set-up, we like it, because as organizations transition away from hybrid Cloud architectures to 100% or near-100% public Cloud, Snowflake is really going to benefit. So they look good, their data stacks look pretty good, right, that's resiliency, redundancy across data centers. So we kind of like them as well. Redis Labs bring a DB and they look pretty good here on the opportunity side, but we are seeing a little bit of churn, so I think probably Snowflake and DataStax are probably our two favorites here. And again, when you think about Snowflake, we continue to think more pervasive vendors, like Paradata and Cloudera, and some of the other larger database firms, they're going to continue seeing wallet and market share losses due to some of these emerging providers. >> Yeah. If you could just keep that slide up for a second, I would point out, in many ways Snowflake is kind of a safer bet, you know, we talk about flight to safety, because they're well-funded, they're established. You can go from zero to Snowflake very quickly, that's sort of their mantra, if you will. But I want to point out and recognize that it is somewhat oranges and tangerines here, Snowflake being an analytical database. You take MariaDB, for instance, I look at that, anyway, as relational and operational. And then you mentioned DataStax. I would say Couchbase, Redis Labs, Aerospike. Cockroach is really a... EValue Store. You've got some non-relational databases in there. But we're looking at the entire sector of databases, which has become a really interesting market. But again, some of those established players are going to do very well, and I would put Snowflake on that cusp. As you pointed out, Bloomberg broke the story, I think last week, that they were contemplating an IPO, which we've known for a while. >> Yeah. And just one last thing on that. We do like some of the more pervasive players, right. Obviously, AWS, all their products, Redshift and DynamoDB. Microsoft looks really good. It's just really some of the other legacy ones, like the Teradatas, the Oracles, the Hadoops, right, that we are going to be impacted. And so the claw providers look really good. >> So, the last decade has really brought forth this whole notion of DevOps, infrastructure as code, the whole API economy. And that's the piece we want to jump into now. And there are some real stand-outs here, you know, despite the early data that we showed you, where CIOs are less prone to look at emerging vendors. There are some, for instance, if you bring up the next chart, guys, like Hashi, that really are standing out, aren't they? >> That's right, Dave. So, again, what you're seeing here is you're seeing that bifurcation that we were talking about earlier. There are a lot of infrastructure software vendors that are not positioned well, but if you look at the ones at the top right that are positioned well... We have two kind of things on here, starting with infrastructure automation. We think a winner here is emerging with Terraform. Look all the way up to the right, how well-positioned they are, how many opportunities they're getting. And for the second straight survey now, Terraform is leading along their peers, Chef, Puppet, SaltStack. And they're leading their peers in so many different categories, notably on allocating more spend, which is obviously very important. For Chef, Puppet and SaltStack, which you can see a little bit below, probably a little bit higher than the middle, we are seeing some elevator churn levels. And so, really, Terraform looks like they're kind of separating themselves. And we've got this great quote from the CIO just a few months ago, on why Terraform is likely pulling away, and I'll read it out here quickly. "The Terraform tool creates "an entire infrastructure in a box. "Unlike vendors that use procedural languages, "like Ants, Bull and Chef, "it will show you the infrastructure "in the way you want it to be. "You don't have to worry about "the things that happen underneath." I know some companies where you can put your entire Amazon infrastructure through Terraform. If Amazon disappears, if your availability drops, load balancers, RDS, everything, you just run Terraform and everything will be created in 10 to 15 minutes. So that shows you the power of Terraform and why we think it's ranked better than some of the other vendors. >> Yeah, I think that really does sum it up. And, actually, guys, if you don't mind bringing that chart back up again. So, a point out, so, Mitchell Hashimoto, Hashi, really, I believe I'm correct, talking to Stu about this a little bit, he sort of led the Terraform project, which is an Open Source project, and, to your point, very easy to deploy. Chef, Puppet, Salt, they were largely disrupted by Cloud, because they're designed to automate deployment largely on-prem and DevOps, and now Terraform sort of packages everything up into a platform. So, Hashi actually makes money, and you'll see it on this slide, and things, Vault, which is kind of their security play. You see GitLab on here. That's really application tooling to deploy code. You see Docker containers, you know, Docker, really all about open source, and they've had great adoption, Docker's challenge has always been monetization. You see Turbonomic on here, which is application resource management. You can't go too deep on these things, but it's pretty deep within this sector. But we are comparing different types of companies, but just to give you a sense as to where the momentum is. All right, let's wrap here. So maybe some final thoughts, Sagar, on the Emerging Technology Study, and then what we can expect in the coming month here, on the update in the Technology Spending Intention Study, please. >> Yeah, no problem. One last thing on the zero trust side that has been a big issue that we didn't get to cover, is VPN spend. Our data is pointing that, yes, even though VPN spend did increase the last few months because of remote work, we actually think that people are going to move away from that as they move onto zero trust. So just one last point on that, just in terms of overall thoughts, you know, again, as we cover it, you can see how bifurcated all these spaces are. Really, if we were to go sector by sector by sector, right, storage and block chain and MLAI and all that stuff, you would see there's a few or maybe one or two vendors doing well, and the majority of vendors are not seeing as many opportunities. And so, again, are you work-from-home aligned? Are you the best vendor of all the other emerging providers? And if you fit those two criteria then you will continue seeing POCs and evaluations. And if you don't fit that criteria, unfortunately, you're going to see less opportunities. So think that's really the big takeaway on that. And then, just in terms of next steps, we're already transitioning now to our next Technology Spending Intention Survey. That launched last week. And so, again, we're going to start getting a feel for how CIOs are spending in 2H-20, right, so, for the back half of the year. And our question changes a little bit. We ask them, "How do you plan on spending in the back half year "versus how you actually spent "in the first half of the year, or 1H-20?" So, we're kind of, tighten the screw, so to speak, and really getting an idea of what's spend going to look like in the back half, and we're also going to get some updates as it relates to budget impacts from COVID-19, as well as how vendor-relationships have changed, as well as business impacts, like layoffs and furloughs, and all that stuff. So we have a tremendous amount of data that's going to be coming in the next few weeks, and it should really prepare us for what to see over the summer and into the fall. >> Yeah, very excited, Sagar, to see that. I just wanted to double down on what you said about changes in networking. We've reported with you guys on NPLS networks, shifting to SD-WAN. But even VPN and SD-WAN are being called into question as the internet becomes the new private network. And so lots of changes there. And again, very excited to see updated data, return of post-COVID, as we exit this isolation economy. Really want to point out to folks that this is not a snapshot survey, right? This is an ongoing exercise that ETR runs, and grateful for our partnership with you guys. Check out ETR.plus, that's the ETR website. I publish weekly on Wikibon.com and SiliconANGLE.com. Sagar, thanks so much for coming on. Once again, great to have you. >> Thank you so much, for having me, Dave. I really appreciate it, as always. >> And thank you for watching this episode of theCube Insights, powered by ETR. This Dave Vellante. We'll see you next time. (gentle music)

>> Live from San Francisco, celebrating 10 years of high tech coverage, it's the cube. Covering VMWorld 2019 Brought to you by VMware and it's ecosystem partners. >> It is 10 years and going strong for the cube coverage here at Vmworld, Vmworld 2019, we were here 10 years back, and looking forward to the next 10 or more. We're at Moscone Center North San Francisco, the cube with Dave Vellante, John Walls. We're joined now by Tom Barsi, who is the senior vice president, business development at Carbon Black Inc. Tom kind of required couple of weeks for you not much really going on in all serious.. >> Tom: Just a little bit (laughs) >> Yeah I mean big purchase VMware, I'm sure you're aware pick up Carbon Black making that announcement official this week. You were in the center of that, that discussion so if you would kind of give us a little behind the scenes peek, behind the curtain if you will of how those talks developed and really back to your relationship with VMware to begin with. >> Tom: Yeah >> Cause this goes back for a while. >> Tom: Needless to say a super, a super exciting week and accomodation of a lot of work amongst a army of people to get us to where we are and obviously announcement last week, around the acquisition of Carbon Black was huge but I think the announcement this week in terms of going into more detail that Sanjay and Pat went to in terms of combining the best infrastructure management with our best app reek cloud, native, modern, security platform with analytics combine that together, I think there is really an opportunity to transform the industry and currently we've been working with VMware for well over 2 years. So 2 years ago Vmworld we announced an exclusive partnership with VM where we integrated with Vmwares newly announced app defense product, which is really around securing cloud workloads, obviously their in a unique position to secure workloads because of where they sit, leveraging the infrastructure and knowing what's good and what should be running within those workloads so they've leveraged that and build app defense and for the first time we built that integration, exclusive integration and for the first time a security operation center has been able to have visibility into the hypervisor. So that's where we started to see that potential and the opportunity and it also gave us an opportunity to really start to work closely with the Vmworld team, understand their culture, understand their community, understand their leadership, their commitment to winning, understanding commitment to really sort of transform in security and it just became, we dated and it became just obvious that there is so much energy between our leadership and theirs, so much energy in terms of vision of you know, securing the world from, make them safe from cyber attacks and so it just made so much sense. So in Pat's words sure it de-risked the acquisition over a period of time but it also allowed us to really work closer together know what we're getting into and really getting super excited. So I can tell you the response from our employees has been overwhelming and their response here at Vmworld has been just amazing in terms of traffic and the partners, customers and all that. >> Dave: I asked Pat Gelsinger 5 years ago if the cube was security broken and he said "Yeah, it's broken" and I was like "what you going to do about it" stay tuned well, we've been tuned. I did an analysis of, and this may be, first of all Patrick is going to take over as to run Vmwares cloud security business? >> Tom: Correct. >> Dave: So when Patrick stated... >> John: Patrick Morelik >> Dave: Yeah, Patrick Morelik CEO of Carbon Black and Pat Gelsinger said that we want to be the cloud security company. >> Tom: Absolutely. >> Dave: Okay, so I love when they lace down aspirations like that, now this now may not be fair to you because you... >> Tom: We've been in the security, yeah. >> Dave: But there's a portfolio there that may not be as familiar with but I'll ask you anyway cause you're going to have to come familiar with it soon. So I did analysis of the Carbon Black acquisition, obviously app defense was in there but if you look at the VMware security portfolio, NSX has a micro segmentation. >> Tom: Absolutely. >> Dave: News case. Obviously, Air watch you know. >> Tom: Workspace One >> Dave: Competing with Workspace Once >> Tom: Absolutely >> Dave: Cloud Corio, E8 security bracket, Trinsic is another tuck in acquisition that VMware did so while their building up this portfolio, can you help us understand how that's shaping out and where Carbon Black fits. >> Tom: Yeah, absolutely. So let's talk about first the opportunity here. The opportunity is to leverage infrastructure management and security portfolio that VMware has and then sprinkling the Carbon Black portfolio, capabilities across that infrastructures, so in betting NSX for network to end point. And embedding works in base one, which we've already done. Embedding it with integrating app defense, which we've already done. The ability to do agent less within the steer, super super powerful. Post close we'll be working on things like that, so basically by integrating across that portfolio you really have the ability to transform the entire security space, and I'll talk about that in a second. But what that means is basically by embedding security across that infrastructure management and eliminate a lot of complexity in the overhead in the bloat you're coming up with basically intrinsic security. The best thing from a human prespective to increase your immune system, you know, is or staying healthy is boosting your immune system and the best way, reason we're doing this, the best best way to secure enterprise is to integrate, embed security into the actual infrastructure and take the benefits of infrastructure management with security, combine it and eliminate a lot complexity, so let's talk just a second about being broken. It's hard for a security guy coming in and saying the industry is broken, I will tell you that but truth is it needs to be transformed there is just no question about it. So let's talk about it just from in point perspective, and then we'll get into the whole opportunity to extend that capability. You look at the end point from a enterprise customer perspective it's well documented that you know Legacy AV was built 20 years ago and not built for the modern tact factor so it's well documented, yes customers still have Legacy AV, it's not, you know it's 35% effective so what have customers done? They've gone and deployed EDR and point detection response, which is what Carbon Black strive has been a market leader hands down market leader in this space in terms of adding EDR's, yet another sensor. Then you want to have the ability to say look we got workloads and there's another sensor for that. Then you want to talk about, hey, vulnerability is coming out and we want to be able to query across the fleet to understand what vulnerabilities were in your environment, tanium like, right, there's a sensor for that. So you know what 2 and a half years ago our customers came back to us and said look we love you guys, what you guys are doing but there's too many sensors on the end point bloating and slowing my systems and my security teams is getting fatigue with all this point tools they said we need a integrated approach, in comes the Carbon Black clouds and that's we're we had the ability to integrate multiple services, NG, next-gen anti-virus, EDR, Life ops, the ability to query across. We've integrated App D for hard workload all those are shipping today, all those service on single, soft, light weight sensor and a modern cloud native SAS back in with analytics, so it's just super powerful and so now you're consolidating on that, you're getting more efficient, you're eliminating overhead and you're making the security operations team that much more effective, now, imagine taking that approach to the broken network and workload and exedra and extending that capability across the entire infrastructure and that really is what we're talking about in terms of teaming with VMware embedding our security capabilities across infrastructure a lot across NXS into work app D into workspace one which we're already doing and again eliminating a lot of that bloat and making our customers more secure and much more efficient. >> Dave: So there's another dimension to this acquisition which I like which is your SAS business, so I think it's about 38% of your revenue, I call it roughly 40% of your revenue, but growing very very rapidly, growing to 70% of the year. >> Tom: Exactly. >> Dave: So VMware has said that this acquisition along with pivotal is going to have add a billion dollars in, basically, mostly in all subscription revenue next year and three billion in year two and it's going to be accretive in cash flow deposit acquisition by year two so all very, VMware actually keeps well generally in acquisitions and so notwithstanding some weird stuff in the economy they usually hit their targets. >> Tom: Yes. >> Dave: You know they intend to be conservative so I really like that and that's clearly the direction you're moving. The other thing about this, a lot of people on Wall street said well it's maybe overpaid for stock and I want to get your opinion. Cause you're out competing everyday and cloud strike is obviously the comparison to use, okay. Say a company is a 16/17 billion dollar valuation you're valuation was 2.7 billion, you look at cloud strikes post IPO's, doc chart, it looks like a bathtub you know, it kind of goes like this and then goes like that because people start to realize wow this asset actually has you know a lot of intrinsic value upon attend it. So in comparing cloud strike with Carbon Black in terms of feature, function, capabilities you know execution and those technology. Is it really that much of difference 16 billion and 2.7 billion (laughs) >> Tom: You know I can't really comment on Crowdstrike's market cap, obviously I respect them as a competitor. >> Dave: Great, great job. >> Tom: I don't have to like them but I respect them as a competitor no question. >> Dave: What in terms of the function and the capabilities. >> Tom: In terms of the functionality look we've significantly close the gap and adding cloud workload capability with app D adding the query kit with live ops and extending that capabilities so from a feature functionality look at VMware is technology driven they kick tires and they do the diligence on technology that's the strength of VMware, they look deep and what they came away with was we have a super competitive platform, you're seeing it in our wins our growth rate you're seeing it with our wins and large customers that I can't really name so from a feature functionality perspective you know we're at parr in many ways we're better now, now if you look at where the market is going look Crowdstrike is going to be a great point product solution for end point. But we believe, that they're going to do phenomenally well but we believe there's an opportunity here, again to integrate infrastructure management that VMWare has security capability and deliver an end to end platform and truly transform across the entire infrastructure of an enterprise so that really where we see the opportunity and the opportunity for growth and then you want to look at our growth rate I mean to your point, VMware does an incredible job and you know you start talking about the reach of VMware and talk about the reach of DellEMC and it's super exciting. >> Dave: Yeah the VMware brain trust is very capable both from a strategy standpoint and a technical, strong, very strong engineering culture. >> Tom: Yeah >> Dave: You saw this with Airwatch so Airwatch when VMware required Airwatch VMware was struggling what was then the VDI business and airwatch wasn't you know number one in the market place but VMware like now crushes, people are making similar analogy with regard to Carbon Black do you think that's fair, I mean you think you can repeat that sort of momentum. >> Tom: Yeah you know I've obviously been very very close to this relationship and I have been sort of the number one fan and cheerleader of this partnership because I just believe in my soul that it's going to be transformative really is so to that point I you know I think and I've talked about it internally what they've done with my serie what they've done with aiwth now workspace one and the ability to take a business from me no revenues or couple hundred million and take them to two billion. I absolutely believe you will see, it's going to take a lot of work but we're going to see rejectorty I've been focussed on if there are gaps we're going to force it in or anything to accelerate the road map to allow us to win and then you're going to talk about the triple acceleration with VMWare and DeliMC so answer I say I truly truly believe that we can take our position to number two and really be number one >> John: Transformative in a significant way a significant word to use. What's that end product going to be that makes you looking at it at this visionary stand point that, this is a perfect marriage this is a fantastic opportunity. You're not you're selling hard >> Tom: Yeah >> Dave: It's a platform really >> Tom: Look it is a platform and at the end of the day we're focused on here as customers we're talking about how do we protect our customers and the best way to protect those customers is to embed the capability you know we did many years back Carbon Black we exposed our data and many of our partners, sometimes we compete with cisco or firehire a number of other players because customers demand the end to end visibility from network to end point. Can you imagine the kind of damage when you integrate Carbon Black and our modern platform are analytics and the ability to pull data from hypervisor the ability to pull data from NSX to ability to pull data from workspace one into a common console and then understand exactly what is happening from an attack perspective and then let's talk about okay, so now you have the visibility it's a 360 degree view of what happening in the network now you want to talk about the ability to orgistrate or imidiate like solve the problem. Well historically it's been security operations center over here and you got IT over there. And there's been this friction because Sycguys says take it down take the server down there's a problem and the IT guys ops, hey, I got run time I got to keep it up so now you have the opportunity again to leverage that management to identify a threat and the ability to seemlessly leverage VMware infrastructure's management tools to instantly reimmediate and orgistrate a problem without the conflict with IT and security operations. So we've actually seen an opportunity to eliminate our friction and create coloboration between those two. >> Dave: And security is broken, it is a do over and to talk to ops team they'll tell you, we're fighting everyday and bombs are dropping, we have to succeed everyday. The bad guy only has to succeed once so yeah they bring in all these tools and a lot of times they don't work together and they have a very hard time to just figure out okay, what do we prioritize on and obviously analytics helping that but yeah, you see that stats after you get infiltrated to whatever 300 days 250 days they even identify that you have been infiltrated and it's just a very complex environment so the do over is a platform that will give you end visibility and doesn't force you to different point tools and it has a comprehensive in a view of your >> [Tom[ That Right >> Dave: Infrastructure >> Tom: That's right and I do want to point out it doesn't mean that we're going to create this platform that's closed. A lot of competitors like to built closed platforms and Carbon Black has always been API driven like open, and the whole point of this openness is to, we collect this powerful end point data and we want to expose that data across the infrastructure so we're exposing it to the network security guys whether it be Vectra or Palato networks or FireMandion depending on who it is. We're exposing that data to splunk IBMQ radar and IBM rasilion and we're going to continue to do that, leverage this platform and all this powerful delimentry and we're going to continue to have this open platform and continue to work across the industry to make sure it's not just our platform from the MDM just across the ecosystem. >> Dave: Well it's something VMware has been strong if this heritage genaty, you know they help you know balance the score card >> Tom: Yeah >> John: It's been a understatement that it's been an exciting week for you, it's been a great two years it sounds like and we wish you success now it's on down the road like he said a lot of hard work still ahead of you. >> Tom: Absolutely, so congratulations on ten years, I look forward being here in year 20. (laughs) >> John: We'll be right back, we'll be right back just taking a break here on the cube we're at Vmworld 2019. Moscone center, San Francisco. (music)

(funky music) >> Live from Las Vegas, it's theCUBE, covering Informatica World 2019. Brought to you by Informatica. >> Hey, welcome back everyone, this is theCUBE's live coverage here in Las Vegas for Informatica World 2019. I'm John Furrier, your host, with Rebecca Knight who's on the floor getting some data, getting some reports. She's my co-host here this week. Next guest is Bruce Chizen, board member of Informatica, OG, original gangster of the tech scene. Been there, done that. Welcome back to theCUBE, great to see you. >> Yeah, great to see you, John. >> Big alumni. I love having you on because you're kind of, you're a historian through experience, still active in the industry, obviously, Informatica. Four years private. >> Historian, that's scary. >> You've been around the block. You've seen more waves than I have, and that's a lot. But, you know, you've done a lot of things and you've seen the waves. You've run companies, you've been on boards. You've been on Informatica board. Four years private, a lot of great things can go on. Michael Dell proved that. He took Dell Computer, which is now Dell Technologies, he took it private, and I asked him. He wanted to retool and didn't want to do the shot clock of being a public company. Filing, and sour beans and all those regulations, 'cause he knew what was coming, the wave was coming. Informatica did the same thing, so I'm expecting an IPO, or MNA big deal happening. But four years, with great product people, you're on the board. Data, our original conversation four years ago on theCUBE, hasn't changed. >> No. It's the same wave, and now everyone's jumping on the wave. >> The good thing for Informatica is, as a private company, we got to do things that we could not have done as a public company. The level of investment we made in R&D, the transition from perpetual, or on-premise, to subscription. The investment in the sales organization. Couldn't have done that as a public company 'cause the shareholders tend to be too short term focused. >> And also I will add, just to get your reaction to, is that, my observation, looking at these situations when you have smart people, the board, like yourself, and the product team. Which I've been complimentary of Informatica's, as you know. Some other critical analysis, but that's different. But, great product engineering people. When you don't have the pressure of time, you could watch things gestate and when you're early, you have an advantage. Talk about that, because that's a strategic thing, most people aren't talking about, but you an early lead on data. You've had product engineering leadership, and you had time. >> It's not as easy as you make it sound. Keep in mind, Informatica is owned by financial sponsors. Private equity. >> Yeah, there's some pressure. >> CPP. And it's up to people like myself on the board, the other independent board member, the management team, to continue to remind the investors that if we make early investments and they pay off the company will be worth more and they'll ultimately make more money and their partners will make more money. >> I made it sound like you're on the beach drinking wine. >> A great example is what Informatica did with the data catalog. That was an early investment. No one really knew whether it would pan out. Sounded good, but it required a significant investment, that came out of the pockets of our investors and we were able to convince them to do that. Another great example is CLAIRE. You know, AI is hot. Well had we not invested in CLAIRE, three, three and a half years ago, CLAIRE would not be in existence today. Couldn't have done that as a public company. >> And it gives you a little bit of a lead, again, there's just no shot clock on public. But yeah, the private executives, they're not going to let you sit around and hit the beach and clip coupons. You got to work hard. But I got to ask >> The other thing you've seen the company has gone from a great point product company, great products, to really developing a platform, and architecting a platform. Which requires a significant amount of engineering. >> I was going to ask you about that, I'm glad you jumped the gun on that. Platform is the key. Speaking of platforms, I was just at Adobe, a company you're very familiar with, they're rolling out a new platform. Platforms are now back in vogue but it's not the old way. The old way was build a platform, have a competitive advantage, lock in your nested solution in imitability. Now it's platform open, different twist. How is that different? 'Cause you've seen the platform where you got to own it, barest entry, proprietary technology, to platform that's open extensible. >> Yeah, customers have gotten smart. No customer wants to be held hostage to one individual platform. SAP being a great example. Microsoft Windows being another example. They want to make sure that if they choose one platform, they could easily migrate to another. It's one of the reasons why Informatica is in such a sweet spot, because we allow our customers to choose which Cloud infrastructure providers they want to put their workloads on. And they can use multiple Cloud infrastructure. >> I got to ask about the competition now. Not competition but co-opetition, just marketplace in general. Everybody's jumping on the same wave that you guys have been on. You go to YouTube.com/Siliconangle look up Informatica videos I've done here with the team and you four years ago. Look up some of the things we were talking about, not a lot of many people talk about data driven, hardcore analytics, next-gen. These are the kind of topics that in AI machine learning, now everyone's talking about them. What's different about Informatica as the noise level increases around some of these things? Certainly, it's pretty obvious AI is going to be hot. Multi-generational Cloud, multi-generational things can happen. Operations, AI automation. >> Yeah. >> But what's different about Informatica? What should people know about Informatica that might be unique that you can lend some insight into? >> So when I think about the competition, or the co-opetition, I put those competitors in two buckets. There's a whole slew of smaller players that have some really good point products. Fortunately for Informatica, they don't have the scale to compete. And when I say scale to compete, not just on the go to market side, but they can't afford to invest two hundred million dollars a year in research and development building a complete platform. So, even though they're kind of ankle biters and occasionally I feel like the company has to slap them around, and they're annoyances, I don't think they're a big threat. The Cloud infrastructure players, the platform guys, Google, AWS, Azure, will continue to provide data tools that are developed for their stack. They will do some things that will be good enough. The good news is Informatica does great as it relates to enterprise Cloud management. So, if an enterprise really cares about their data, and they really care about having choice in the future, and they don't want to be held hostage to any one platform, Informatica is the only game in town. >> You're one of the best at doing theCUBE. This is our tenth year, and I remember telling some NetApp people because they invested in Cloud early, too, they don't get the credit. This is another example of Informatica invested early on in Cloud. I talked to Emmett and Anil years ago, they were well down that Cloud path. So Johnny-come-lately's going to jump on the Cloud 'cause there's an advantage so props to Informatica. >> And plus it's not Cloud only. Most of the large enterprises are hybrid, they will be hybrid for many years to come. In fact, if you look at workloads today, they majority of the workloads are still on-premise. >> Scales come up a lot. You know my commentary and theCUBE, everyone who watches me knows I like to rap about I was the first to call Amazon the trillion dollar opportunity because of the scale. Scale is the new competitive advantage, I've said that. I've said open is the new lock in. Value is the new lock in is what I said. So now you've got scales. The question is how does a startup compete if scale is table stakes? Is it race for funding? Snowflakes got to three billion dollar evaluation. Are they worth three billion? We're going to analyze that in theCUBE later. But they raise almost a billion dollars in cash. Do you scale up with cash and grow? >> Great technology. It starts out with really great technology. An organization like Snowflake, great technology. Look at Databricks, great technology. So, I look at the great new startups, what makes them great is that they have an innovative technological solution that's hard to replicate. Then they get the funding, and they're able to scale. That's what it takes to be a startup. >> And that's almost the OG, original gangster, Vectra Capital model. >> That's correct. >> Agile, iterate your way to success. No craft, no scale. Just speed. Is the world going back to the old formula? >> It's going back to innovation. To technical innovation. Especially given that you have so many scale players. You can no longer just come in there as a startup. Money alone is not going to enable you to be successful. >> All right I want you to pay it forward for all the young people graduating. I just was at my daughter's Cal, Berkeley graduation yesterday. Although she wasn't in this class. Cal just graduated their inaugural first-generation class of data science. Databricks was involved in that, they donated a lot of software. They're very Cal oriented. People who graduate high school, elementary school, this is a new field. Not enough jobs. Berkeley, a leading institution, first class ever in data science. What skill gaps are out there that need to be filled that people could learn now to get ahead and get an advantage in the workforce? >> My view, John, it starts in middle school with math. If we could help our kids who are in middle school to get through algebra, studies have shown they will move on to undergrad and then many of them will move to graduate work. We've got to start early. Yeah, there's some simple fixes. Help people become coders, help people do other things. But the reality is >> If you can't get the algebra done you're not going to code. >> We have to solve the longer term problems. So when I think about jobs of the future, we've got to create people who are creative, but at the same time understand the basics. >> Math, stats, great stuff. Final question. Are you going to run a company again soon? >> So I get that question quite often. First of all, I love doing what I do today, which is kind of a lot of little stuff. I do miss running a company. But, as I've told a whole bunch of people, I have no desire to ever report to a board again. So unless I own 51% of that company, I will not be running a company. >> Well now you know the deal terms, anyone who's watching for an investment from Bruce partnering with them. Great stuff. What's missing? What's around the corner? What are people missing in the news these days in the trends? What's coming that's exciting that nobody's talking about? >> I think what's happening, and this happens each wave, there's been so much excitement about the movement from On-Premises to Cloud, about AI and machine learning, I don't think people really appreciate how early it is. That we're this much in to it and we've got a long ways to go. And the old workflows that are on-premise, the amount of advancement in artificial intelligence and machine learning has so far to go, that people need to be patient and continue to invest aggressively in what's going to transpire ten years from now, not six months from now. And then you add things like 5G, faster speed WiFi, that also is going to have this huge impact. >> Great insight, Bruce. Thanks for sharing that insight. Get the kids learning math in middle school, gateway to coding, gateway to graduate work. Next ten waves, lot of waves coming. Bruce, thanks for sharing the insight. Good to see you again. >> Thanks, John. It's a pleasure. >> CUBE coverage here in Informatica World 2019. I'm John Furrier with theCUBE. Thanks for watching. We'll be back with more after this short break. (funky music)