>>Hello, fabulous cloud community and welcome to Las Vegas. We are the Cube and we will be broadcasting live from the AWS Reinvent Show floor for the next four days. This is our first opening segment. I am joined by the infamous John Furrier. John, it is your 10th year being here at Reinvent. How does >>It feel? It's been a great to see you. It feels great. I mean, just getting ready for the next four days. It's, this is the marathon of all tech shows. It's, it's busy, it's crowd, it's loud and the content and the people here are really kind of changing the game and the stories are always plentiful and deep and just it's, it really is one of those shows you kind of get intoxicated on the show floor and in the event and after hours people are partying. I mean it is like the big show and 10 years been amazing run People getting bigger. You're seeing the changing ecosystem Next Gen Cloud and you got the Classics Classic still kind of doing its thing. So getting a lot data, a lot of data stories. And our guests here are gonna talk more about that. This is the year the cloud kind of goes next gen and you start to see the success Gen One cloud players go on the next level. It's gonna be really fun. Fun week. >>Yes, I'm absolutely thrilled and you can certainly feel the excitement. The show floor doors just opened, people pouring in the drinks are getting stacked behind us. As you mentioned, it is gonna be a marathon and very exciting. On that note, fantastic interview to kick us off here. We're starting the day with Stripe. Please welcome nor and Brian, how are you both doing today? Excited to be here. >>Really happy to be here. Nice to meet you guys. Yeah, >>Definitely excited to be here. Nice to meet you. >>Yeah, you know, you were mentioning you could feel the temperature and the energy in here. It is hot, it's a hot show. We're a hot crew. Let's just be honest about that. No shame in that. No shame in that game. But I wanna, I wanna open us up. You know, Stripe serving 2 million customers according to the internet. AWS with 1 million customers of their own, both leading companies in your industries. What, just in case there's someone in the audience who hasn't heard of Stripe, what is Stripe and how can companies use it along with AWS nor, why don't you start us off? >>Yeah, so Stripe started back in 2010 originally as a payments company that helped businesses accept and process their payments online. So that was something that traditionally had been really tedious, kind of difficult for web developers to set up. And what Stripe did was actually introduce a couple of lines of code that developers could really easily integrate into their websites and start accepting those payments online. So payments is super core to who Stripe is as a company. It's something that we still focus on a lot today, but we actually like to think of ourselves now as more than just a payments company but rather financial infrastructure for the internet. And that's just because we have expanded into so many different tools and technologies that are beyond payments and actually help businesses with just about anything that they might need to do when it comes to the finances of running an online company. So what I mean by that, couple examples being setting up online marketplaces to accept multi-party payments, running subscriptions and recurring payments, collecting sales tax accurately and compliantly revenue recognition and data and analytics. Importantly on all of those things, which is what Brian and I focus on at Stripe. So yeah, since since 2010 Stripes really grown to serve millions of customers, as you said, from your small startups to your large multinational companies, be able to not only run their payments but also run complex financial operations online. >>Interesting. Even the Cube, the customer of Stripe, it's so easy to integrate. You guys got your roots there, but now as you guys got bigger, I mean you guys have massive traction and people are doing more, you guys are gonna talk here on the data pipeline in front you, the engineering manager. What has it grown to, I mean, what are some of the challenges and opportunities your customers are facing as they look at that data pipeline that you guys are talking about here at Reinvent? >>Yeah, so Stripe Data Pipeline really helps our customers get their data out of Stripe and into, you know, their data warehouse into Amazon Redshift. And that has been something that for our customers it's super important. They have a lot of other data sets that they want to join our Stripe data with to kind of get to more complex, more enriched insights. And Stripe data pipeline is just a really seamless way to do that. It lets you, without any engineering, without any coding, with pretty minimal setup, just connect your Stripe account to your Amazon Redshift data warehouse, really secure. It's encrypted, you know, it's scalable, it's gonna meet all of the needs of kind of a big enterprise and it gets you all of your Stripe data. So anything in our api, a lot of our reports are just like there for you to take and this just overcomes a big hurdle. I mean this is something that would take, you know, multiple engineers months to build if you wanted to do this in house. Yeah, we give it to you, you know, with a couple clicks. So it's kind of a, a step change for getting data out of Stripe into your data work. >>Yeah, the topic of this chat is getting more data outta your data from Stripe with the pipelining, this is kind of an interesting point, I want to get your thoughts. You guys are in the, in the front lines with customers, you know, stripes started out with their roots line of code, get up and running, payment gateway, whatever you wanna call it. Developers just want to get cash on the door. Thank you very much. Now you're kind of turning in growing up and continue to grow. Are you guys like a financial cloud? I mean, would you categorize yourself as a, cuz you're on top of aws? >>Yeah, financial infrastructure of the internet was a, was a claim I definitely wanna touch on from your, earlier today it was >>Powerful. You guys are super financial cloud basically. >>Yeah, super cloud basically the way that AWS kind of is the superstar in cloud computing. That's how we feel at Stripe that we want to put forth as financial infrastructure for the internet. So yeah, a lot of similarities. Actually it's funny, we're, we're really glad to be at aws. I think this is the first time that we've participated in a conference like this. But just to be able to participate and you know, be around AWS where we have a lot of synergies both as companies. Stripe is a customer of AWS and you know, for AWS users they can easily process payments through Stripe. So a lot of synergies there. And yeah, at a company level as well, we find ourselves really aligned with AWS in terms of the goals that we have for our users, helping them scale, expand globally, all of those good things. >>Let's dig in there a little bit more. Sounds like a wonderful collaboration. We love to hear of technology partnerships like that. Brian, talk to us a little bit about the challenges that the data pipeline solves from Stripe for Redshift users. >>Yeah, for sure. So Stripe Data Pipeline uses Amazon RedShift's built in data sharing capabilities, which gives you kind of an instant view into your Stripe data. If you weren't using Stripe data pipeline, you would have to, you know, ingest the state out of our api, kind of pull yourself manually. And yeah, I think that's just like a big part of it really is just the simplicity with what you can pull the data. >>Yeah, absolutely. And I mean the, the complexity of data and the volume of it is only gonna get bigger. So tools like that that can make things a lot easier are what we're all looking for. >>What's the machine learning angle? Cause I know there's lots of big topic here this year. More machine learning, more ai, a lot more solutions on top of the basic building blocks and the primitives at adds, you guys fit right into that. Cause developers doing more, they're either building their own or rolling out solutions. How do you guys see you guys connecting into that with the pipeline? Because, you know, data pipelining people like, they like that's, it feels like a heavy lift. What's the challenge there? Because when people roll their own or try to get in, it's, it's, it could be a lot of muck as they say. Yeah. What's the, what's the real pain point that you guys solve? >>So in terms of, you know, AI and machine learning, what Stripe Data Pipeline is gonna give you is it gives you a lot of signals around your payments that you can incorporate into your models. We actually have a number of customers that use Stripe radar data, so our fraud product and they integrate it with their in-house data that they get from other sources, have a really good understanding of fraud within their whole business. So it's kind of a way to get that data without having to like go through the process of ingesting it. So like, yeah, your, your team doesn't have to think about the ingestion piece. They can just think about, you know, building models, enriching the data, getting insights on top >>And Adam, so let's, we call it etl, the nasty three letter word in my interview with them. And that's what we're getting to where data is actually connecting via APIs and pipelines. Yes. Seamlessly into other data. So the data mashup, it feels like we're back into in the old mashup days now you've got data mashing up together. This integration's now a big practice, it's a becoming an industry standard. What are some of the patterns and matches that you see around how people are integrating their data? Because we all know machine learning works better when there's more data available and people want to connect their data and integrate it without the hassle. What's the, what's some of the use cases that >>Yeah, totally. So as Brian mentioned, there's a ton of use case for engineering teams and being able to get that data reported over efficiently and correctly and that's, you know, something exactly like you touched on that we're seeing nowadays is like simply having access to the data isn't enough. It's all about consolidating it correctly and accurately and effectively so that you can draw the best insights from that. So yeah, we're seeing a lot of use cases for teams across companies, including, a big example is finance teams. We had one of our largest users actually report that they were able to close their books faster than ever from integrating all of their Stripe revenue data for their business with their, the rest of their data in their data warehouse, which was traditionally something that would've taken them days, weeks, you know, having to do the manual aspect. But they were able to, to >>Simplify that, Savannah, you know, we were talking at the last event we were at Supercomputing where it's more speeds and feeds as people get more compute power, right? They can do more at the application level with developers. And one of the things we've been noticing I'd love to get your reaction to is as you guys have customers, millions of customers, are you seeing customers doing more with Stripe that's not just customers where they're more of an ecosystem partner of Stripe as people see that Stripe is not just a, a >>More comprehensive solution. >>Yeah. What's going on with the customer base? I can see the developers embedding it in, but once you get Stripe, you're like a, you're the plumbing, you're the financial bloodline if you will for the all the applications. Are your customers turning into partners, ecosystem partners? How do you see that? >>Yeah, so we definitely, that's what we're hoping to do. We're really hoping to be everything that a user needs when they wanna run an online business, be able to come in and maybe initially they're just using payments or they're just using billing to set up subscriptions but down the line, like as they grow, as they might go public, we wanna be able to scale with them and be able to offer them all of the products that they need to do. So Data Pipeline being a really important one for, you know, if you're a smaller company you might not be needing to leverage all of this big data and making important product decisions that you know, might come down to the very details, but as you scale, it's really something that we've seen a lot of our larger users benefit from. >>Oh and people don't wanna have to factor in too many different variables. There's enough complexity scaling a business, especially if you're headed towards IPO or something like that. Anyway, I love that the Stripe data pipeline is a no code solution as well. So people can do more faster. I wanna talk about it cuz it struck me right away on our lineup that we have engineering and product marketing on the stage with us. Now for those who haven't worked in a very high growth, massive company before, these teams can have a tiny bit of tension only because both teams want a lot of great things for the end user and their community. Tell me a little bit about the culture at Stripe and what it's like collaborating on the data pipeline. >>Yeah, I mean I, I can kick it off, you know, from, from the standpoint like we're on the same team, like we want to grow Stripe data pipeline, that is the goal. So whatever it takes to kind of get that job done is what we're gonna do. And I think that is something that is just really core to all of Stripe is like high collaboration, high trust, you know, this is something where we can all win if we work together. You don't need to, you know, compete with like products for like resourcing or to get your stuff done. It's like no, what's the, what's the, the team goal here, right? Like we're looking for team wins, not, you know, individual wins. >>Awesome. Yeah. And at the end of the day we have the same goal of connecting the product and the user in a way that makes sense and delivering the best product to that target user. So it's, it's really, it's a great collaboration and as Brian mentioned, the culture at Stripe really aligns with that as >>Well. So you got the engineering teams that get value outta that you guys are dealing with, that's your customer. But the security angle really becomes a big, I think catalyst cuz not just engineering, they gotta build stuff in so they're always building, but the security angle's interesting cuz now you got that data feeding security teams, this is becoming very secure security ops oriented. >>Yeah, you know, we are really, really tight partners with our internal security folks. They review everything that we do. We have a really robust security team. But I think, you know, kind of tying back to the Amazon side, like Amazon, Redshift is a very secure product and the way that we share data is really secure. You know, the, the sharing mechanism only works between encrypted clusters. So your data is encrypted at rest, encrypted and transit and excuse me, >>You're allowed to breathe. You also swallow the audience as well as your team at Stripe and all of us here at the Cube would like your survival. First and foremost, the knowledge we'll get to the people. >>Yeah, for sure. Where else was I gonna go? Yeah, so the other thing like you kind of mentioned, you know, there are these ETLs out there, but they, you know that that requires you to trust your data to a third party. So that's another thing here where like your data is only going from stripe to your cluster. There's no one in the middle, no one else has seen what you're doing, there's no other security risks. So security's a big focus and it kind of runs through the whole process both on our side and Amazon side. >>What's the most important story for Stripe at this event? You guys hear? How would you say, how would you say, and if you're on the elevator, what's going on with Stripe? Why now? What's so important at Reinvent for Stripe? >>Yeah, I mean I'm gonna use this as an opportunity to plug data pipelines. That's what we focus on. We're here representing the product, which is the easiest way for any user of aws, a user of Amazon, Redshift and a user of Stripe be able to connect the dots and get their data in the best way possible so that they can draw important business insights from that. >>Right? >>Yeah, I think, you know, I would double what North said, really grow Stripe data pipeline, get it to more customers, get more value for our customers by connecting them with their data and with reporting. I think that's, you know, my goal here is to talk to folks, kind of understand what they want to see out of their data and get them onto Stripe data pipeline. >>And you know, former Mike Mikela, former eight executive now over there at Stripe leading the charge, he knows a lot about Amazon here at aws. The theme tomorrow, Adams Leslie keynote, it's gonna be a lot about data, data integration, data end to end Lifeing, you see more, we call it data as code where engineering infrastructure as code was cloud was starting to see a big trend towards data as code where it's more of an engineering opportunity and solution insights. This data as code is kinda like the next evolution. What do you guys think about that? >>Yeah, definitely there is a ton that you can get out of your data if it's in the right place and you can analyze it in the correct ways. You know, you look at Redshift and you can pull data from Redshift into a ton of other products to like, you know, visualize it to get machine learning insights and you need the data there to be able to do this. So again, Stripe Data Pipeline is a great way to take your data and integrate it into the larger data picture that you're building within your company. >>I love that you are supporting businesses of all sizes and millions of them. No. And Brian, thank you so much for being here and telling us more about the financial infrastructure of the internet. That is Stripe, John Furrier. Thanks as always for your questions and your commentary. And thank you to all of you for tuning in to the Cubes coverage of AWS Reinvent Live here from Las Vegas, Nevada. I'm Savannah Peterson and we look forward to seeing you all week.

>>The Cube Presents UI Path Forward five. Brought to you by UI Path. >>Welcome back to the Cube's Coverage of Forward five UI Path Customer event. This is the fourth forward that we've been at. We started in Miami, had some great events. It's all about the customer stories. Dave Valante with Dave Nicholson, Flow Yees here. She's the director of engineering and development at dsu and Kate Hall is to her right. And Kate is the director of Automation Solutions at dsu. Ladies, welcome to the Cube. Thanks so much. Thanks >>You to >>Be here. Tell us about dsu. You guys are huge company, but but give us the focus. >>Yeah, absolutely. Dentsu, it's one of the largest advertising networks out there. One of the largest in the world with over 66,000 employees and we're operating in a hundred plus countries. We're really proud to serve 95% of the Fortune 100 companies. Household names like Microsoft Factor and Gamble. If you seen the Super Bowls ads last year, Larry, Larry Davids ads for the crypto brand. That's a hilarious one for anyone who haven't seen it. So we're just really proud to be here and we really respect the creatives of our company. >>That was the best commercial, the Super Bowl by far. For sure. I, I said at the top of saying that Dave and I were talking UI pass, a cool company. You guys kinda look like cool people. You got cool jobs. Tell, tell us about your respective roles. What do you guys do? Yeah, >>Absolutely, absolutely. Well, I'm the director of engineering and automation, so what I really do is to implement the automation operating model and connecting developers across five continents together, making sure that we're delivering and deploying automation projects up to our best standards setting by the operating model. So it's a really, really great job. And when we get to see all these brilliant minds across the world >>And, And Kate, what's your role? Yeah, >>And the Automation Solutions vertical that I head up, the focus is really on converting business requirements into technical designs for flows, developers to deliver. So making sure that we are managing our pipeline, sourcing the right ideas, prioritizing them according to the business businesses objectives and making sure that we route them to the right place. So is it, does it need to be an automation first? Do we need to optimize the process? Does this make sense for citizen developers or do we need to bring in the professional resources on flow's >>Team? So you're bilingual, you speak, you're like the translator, you speak geek and wall, right? Is that fair? Okay. So take me back to the, let's, let's do a little mini case study here. How did you guys get started? I'm always interested, was this a top down? Is, is is top down required to be successful? Cuz it does feel like you can have bottom up bottoms up with rpa, but, but how did you guys get started? What was the journey like? >>Yeah, we started back in 2017, very traditional top down approach. So we delivered a couple POCs working directly with UiPath. You know, going back those five years, delivered those really highly scalable top down solutions that drove hundreds of thousands of hours of ROI for the business. However, as people kind of began to embrace automation and they learned that this is something that they could, that could help them, it's not something that they should be afraid of to take away their jobs. You know, DSU is a young company with a lot of young, young creatives. They wanna make their lives better. So we were absolutely inundated with all of these use cases of, hey I, I need a bot to do this. I need a bot to do that i's gonna save me, you know, 10 hours a week. It's gonna save my team a hundred hours a month, et cetera, et cetera. All of these smaller use cases that were gonna be hugely impactful for the individuals, their teams, even in entire department, but didn't have that scalable ROI for us to put professional development resources against it. So starting in 2020 we really introduced the citizen development program to put the power into those people's hands so that they could create their own solutions. And that was really just a snowball effect to tackle it from the bottom up as well as the top down. >>So a lot of young people, Dave, they not not threatened by robots that racing it. So >>They've grown up with the technology, they know that they can order an Uber from their phone, right? Why am I, you know, sitting here at MITs typing data from Excel into a program that might be older than some of our youngest employees. >>Yeah. Now, now the way you described it, correct me if I'm wrong, the way you described it, it sounds like there's sort of a gating function though. You're not just putting these tools in the hands of people sitting, especially creatives who are there to create. You're not saying, Oh you want things automated, here are the tools. Go ahead. Automated. We'll we, for those of you who want to learn how to use the tools, we'll have you automate that there. Did I hear that right? You're, you're sort of making decisions about what things will be developed even by citizen developers. >>Let me, Do you wanna talk to them about governance? Yeah, absolutely. >>Yeah, so I think we started out with assistant development program, obviously the huge success, right? Last year we're also here at the Cubes. We're very happy to be back again. But I think a lot, a lot had changed and we've grown a lot since last year. One, I have the joy being a part of this team. And then the other thing is that we really expanded and implemented an automation operating model that I mentioned briefly just earlier. So what that enabled us to do is to unite developers from five continents together organically and we're now able to tap into their talent at a global scale. So we are really using this operating model to grow our automation practice in a scalable and also controlled manner. Okay. What I mean by that is that these developer originally were sitting in 18 plus markets, right? There's not much communication collaboration between them. >>And then we went in and bridged them together. What happened is that originally they were only delivering projects and use cases within their region and sometimes these use cases could be very, very much, you know, small scale and not really maximizing their talent. What we are now able to do is tap into a global automation pipeline. So we connecting these highly skilled people to the pipeline elsewhere, the use cases elsewhere that might not be within their regions because one of our focus, a lot of change I mentioned, right? One thing that will never change with our team, it's used automation to elevate people's potential. Now it's really a win-win situation cuz we are connecting the use cases from different pipelines. So the business is happy cuz we are delivering these high scalable solutions. We also utilizing these developers and they're happy because their skills are being maximized and then at the same time growing our automation program. So then that way the citizen development program so that the lower complexities projects are being delivered at a local level and we are able to innovate at a local level. >>I, I have so many questions flow based on what you just said. It's blowing my mind >>Here. It's a whole cycle. >>So let me start with how do you, you know, one of the, one of the concerns I had initially with RPA, cuz just you're talking about some very narrow use cases and your goal is to expand that to realize the potential of each individual, right? But early days I saw a lot of what I call paving the cow path, taking a process that was not a great process and then automating it, right? And that was limiting the potential. So how do you guys prioritize which processes to focus on and maybe which processes should be rethought, >>Right? Exactly. A lot of time when we do automation, right, we talk about innovations and all that stuff, but innovation doesn't happen with the same people sitting in the same room doing the same thing. So what we are doing now, able to connect all these people, different developers from different groups, we really bring the diversity together. That's diversity D diverse diversity in the mindset, diversity in the skill. So what are we really able to do and we see how we tackle this problem is to, and that's a problem for a lot of business out there is the short-termism. So there's something, what we do is that we take two approaches. One, before we, you know, for example, when we used to receive a use case, right? Maybe it's for the China market involving a specific tool and we just go right into development and start coding and all that good stuff, which is great. >>But what we do with this automation framework, which we think it's a really great service for any company out there that want to grow and mature their automation practice, it's to take a step back, think about, okay, so the China market would be beneficial from this automation. Can we also look at the Philippine market? Can we also look at the Thailand market? Because we also know that they have similar processes and similar auto tools that they use. So we are really able to make our automation in a more meaningful way by scaling a project just beyond one market. Now it's impacting the entire region and benefiting people in the entire region. That is what we say, you know, putting automation for good and then that's what we talked about at dsu, Teaming without limits. And that's a, so >>By taking, we wanna make sure that we're really like taking a step back, connecting all of the dots, building the one thing the right way, the first time. Exactly. And what's really integral into being able to have that transparency, that visibility is that now we're all working on the same platform. So you know, Brian spoke to you last year about our migration into automation cloud, having everything that single pipeline in the cloud. Anybody at DSU can often join the automation community and get access to automation hub, see what's out there, submit their own ideas, use the launchpad to go and take training. Yeah. And get started on their own automation journey as a citizen developer and you know, see the different paths that are available to them from that one central space. >>So by taking us a breath, stepping back, pausing just a bit, the business impact at the tail end is much, much higher. Now you start in 2017 really before you UI path made it's big enterprise play, it acquired process gold, you know, cloud elements now most recently referenced some others. How much of what you guys are, are, are doing is platform versus kind of the initial sort of robot installation? Yeah, >>I mean platforms power people and that's what we're here to do as the global automation team. Whether it's powering the citizen developers, the professional developers, anybody who's interacting with our automations at dsu, we wanna make sure that we're connecting the docs for them on a platform basis so that developers can develop and they don't need to develop those simple use cases that could be done by a citizen developer. You know, they're super smart technical people, they wanna do the cool shit with the new stuff. They wanna branch into, you know, using AI center and doing document understanding. That's, you know, the nature of human curiosity. Citizen developers, they're thrilled that we're making an investment to upscale them, to give them a new capability so that they can automate their own work. And they don't, they, they're the process experts. They don't need to spend a month talking to us when they could spend that time taking the training, learning how to create something themselves. >>How, how much sort of use case runway when you guys step back and look at your business, do you see a limit to the use cases? I mean where are you, if you had on a spectrum of, you know, maturity, how much more opportunity is there for DSU to automate? >>There's so much I think the, you feel >>Like it's limitless? >>No, I absolutely feel like it's limitless because there one thing, it's, there's the use cases and I think it's all about connecting the talent and making sure that something we do really, you know, making sure that we deliver these use cases, invest the time in our people so we make sure our professional developers part of our team spending 10 to 20% of the time to do learning and development because only limitless if our people are getting the latest and the greatest technology and we want to invest the time and we see this as an investment in the people making sure that we deliver the promise of putting people first. And the second thing, it's also investment in our company's growth. And that's a long term goal. And overcoming just focusing on things our short term. So that is something we really focus to do. And not only the use cases we are doing what we are doing as an operating model for automation. That is also something that we really value because then this is a kind of a playbook and a success model for many companies out there to grow their automation practice. So that's another angle that we are also focusing >>On. Well that, that's a relief because you guys are both seem really cool and, and I'm sitting here thinking they don't realize they're working themselves out of a job once they get everything automated, what are they gonna do? Right? But, but so, so it sounds like it's a never ending process, but because you guys are, are such a large global organization, it seems like you might have a luxury of being able to benchmark automations from one region and then benchmark them against other regions that aren't using that automation to be able to see very, very quickly not only realize ROI really quickly from the region where it's been implemented, but to be able to compare it to almost a control. Is that, is that part of your process? Yeah, >>Absolutely. Because we are such a global brand and with the automation, automation operating model, what we are able to do, not only focusing on the talent and the people, but also focusing on the infrastructure. So for example, right, maybe there's a first use case developing in Argentina and they have never done these automation before. And when they go to their security team and asking for an Okta bypass service account and the security team Argentina, like we never heard of automation, we don't know what UiPath is, why would I give you a service account for good reason, right? They're doing their job right. But what we able to do with automation model, it's to establish trust between the developers and the security team. So now we have a set up standing infrastructure that we are ready to go whenever an automation's ready to deploy and we're able to get the set up standing infrastructure because we have the governance to make sure the quality would delivered and making sure anything that we deployed, automation that we deploy are developed and governed by the best practice. So that's how we able to kind of get this automation expand globally in a very control and scalable manner because the people that we have build a relationship with. What are >>The governors to how fast you can adopt? Is it just expertise or bandwidth of that expertise or what's the bottleneck? >>Yeah, >>If >>You wanna talk more about, >>So in terms of the pipeline, we really wanna make sure that we are taking that step back and instead of just going, let's develop, develop, develop, here are the requirements like get started and go, we've prove the value of automation at Densu. We wanna make sure we are taking that step back and observing the pipeline. And it's, it's up to us to work with the business to really establish their priorities and the priorities. It's a, it's a big global organization. There might be different priorities in APAC than there are in EM for a good reason. APAC may not be adopted on the same, you know, e r P system for example. So they might have those smaller scale ROI use cases, but that's where we wanna work with them to identify, you know, maybe this is a legitimate need, the ROI is not there, let's upscale some citizen developers so that they can start, you know, working for themselves and get those results faster for those simpler use cases. >>Does, does the funding come from the line of business or IT or a combination? I mean there are obviously budget constraints are very concerned about the macro and the recession. You guys have some global brands, you know, as, as things ebb and flow in the economy, you're competing with other budgets. But where are the budgets coming from inside of dsu? Is it the business, is it the tech >>Group? Yeah, we really consider our automation group is the cause of doing business because we are here connecting people with bridging people together and really elevating. And the reason why we structure it that way, it's people, we do automation at dsu not to reduce head count, not to, you know, not, not just those matrix number that we measure, but really it's to giving time back to the people, giving time back to our business. So then that way they can focus on their wellbeing and that way they can focus on the work-life balance, right? So that's what we say. We are forced for good and by using automation for good as one really great example. So I think because of this agenda and because DSU do prioritize people, you know, so that's why we're getting the funding, we're getting the budget and we are seeing as a cause of doing business. So then we can get these time back using innovation to make people more fulfilling and applying automation in meaningful ways. >>Kate and Flo, congratulations. Your energy is palpable and really great success, wonderful story. Really appreciate you sharing. Thank you so >>Much for having us today. >>You're very welcome. All keep it right there. Dave Nicholson and Dave Ante. We're live from UI path forward at five from Las Vegas. We're in the Venetian Consent Convention Center. Will be right back, right for the short break.

(upbeat music) >> Hi, everyone, welcome to this program sponsored by HPE. I'm your host, Lisa Martin. We're here talking about being confident and trusting your server security with HPE. I have two guests here with me to talk about this important topic. Cole Humphreys joins us, global server security product manager at HPE, and Ann Potten, trusted supply chain program lead at HPE. Guys, it's great to have you on the program, welcome. >> Hi, thanks. >> Thank you. It's nice to be here. >> Ann let's talk about really what's going on there. Some of the trends, some of the threats, there's so much change going on. What is HPE seeing? >> Yes, good question, thank you. Yeah, you know, cybersecurity threats are increasing everywhere and it's causing disruption to businesses and governments alike worldwide. You know, the global pandemic has caused limited employee availability originally, this has led to material shortages, and these things opens the door perhaps even wider for more counterfeit parts and products to enter the market, and these are challenges for consumers everywhere. In addition to this, we're seeing the geopolitical environment has changed. We're seeing rogue nation states using cybersecurity warfare tactics to immobilize an entity's ability to operate, and perhaps even use their tactics for revenue generation. The Russian invasion of Ukraine is one example. But businesses are also under attack, you know, for example, we saw SolarWinds' software supply chain was attacked two years ago, which unfortunately went unnoticed for several months. And then, this was followed by the Colonial Pipeline attack and numerous others. You know, it just seems like it's almost a daily occurrence that we hear of a cyberattack on the evening news. And, in fact, it's estimated that the cyber crime cost will reach over $10.5 trillion by 2025, and will be even more profitable than the global transfer of all major illegal drugs combined. This is crazy. You know, the macro environment in which companies operate in has changed over the years. And, you know, all of these things together and coming from multiple directions presents a cybersecurity challenge for an organization and, in particular, its supply chain. And this is why HPE is taking proactive steps to mitigate supply chain risk, so that we can provide our customers with the most secure products and services. >> So, Cole, let's bring you into the conversation. Ann did a great job of summarizing the major threats that are going on, the tumultuous landscape. Talk to us, Cole, about the security gap. What is it, what is HPE seeing, and why are organizations in this situation? >> Hi, thanks, Lisa. You know, what we're seeing is as this threat landscape increases to, you know, disrupt or attempt to disrupt our customers, and our partners, and ourselves, it's a kind of a double edge, if you will, because you're seeing the increase in attacks, but what you're not seeing is an equal to growth of the skills and the experiences required to address the scale. So it really puts the pressure on companies, because you have a skill gap, a talent gap, if you will, you know, for example, there are projected to be 3 1/2 million cyber roles open in the next few years, right? So all this scale is growing, and people are just trying to keep up, but the gap is growing, just literally the people to stop the bad actors from attacking the data. And to complicate matters, you're also seeing a dynamic change of the who and the how the attacks are happening, right? The classic attacks that you've seen, you know, in the espionage in all the, you know, the history books, those are not the standard plays anymore. You'll have, you know, nation states going after commercial entities and, you know, criminal syndicates, as Ann alluded to, that there's more money in it than the international drug trade, so you can imagine the amount of criminal interest in getting this money. So you put all that together and the increasing of attacks it just is really pressing down as literally, I mean, the reports we're reading over half of everyone. Obviously, the most critical infrastructure cares, but even just mainstream computing requirements need to have their data protected, "Help me protect my workloads," and they don't have the people in-house, right? So that's where partnership is needed, right? And that's where we believe, you know, our approach with our partner ecosystem this is not HPE delivering everything ourself, but all of us in this together is really what we believe the only way we're going to be able to get this done. >> So, Cole, let's double-click on that, HPE and its partner ecosystem can provide expertise that companies in every industry are lacking. You're delivering HPE as a 360-degree approach to security. Talk about what that 360-degree approach encompasses. >> Thank you, it is an approach, right? Because I feel that security it is a thread that will go through the entire construct of a technical solution, right? There isn't a, "Oh, if you just buy this one server with this one feature, you don't have to worry about anything else." It's really it's everywhere, at least the way we believe it, it's everywhere. And in a 360-degree approach, the way we like to frame it, is it's this beginning with our supply chain, right? We take a lot of pride in the designs, you know, the really smart engineering teams, the designer, technology, our awesome, world-class global operations team working in concert to deliver some of these technologies into the market, that is, you know, a great capability, but also a huge risk to customers. 'Cause that is the most vulnerable place that if you inject some sort of malware or tampering at that point, you know, the rest of the story really becomes mute, because you've already defeated, right? And then, you move in to you physically deployed that through our global operations, now you're in an operating environment. That's where automation becomes key, right? We have software innovations in, you know, our iLO product of management inside those single servers, and we have really cool new GreenLake for compute operations management services out there that give customers more control back and more information to deal with this scaling problem. And then, lastly, as you begin to wrap up, you know, the natural life cycle, and you need to move to new platforms and new technologies, we think about the exit of that life cycle, and how do we make sure we dispose of the data and move those products into a secondary life cycle, so that we can move back into this kind of circular 360-degree approach. We don't want to leave our customers hanging anywhere in this entire journey. >> That 360-degree approach is so critical, especially given, as we've talked about already in this segment, the changes, the dynamics in the environment. Ann, as Cole said, this 360-degree approach that HPE is delivering is beginning in the manufacturing supply chain, seems like the first line of defense against cyberattackers. Talk to us about why that's important and where did the impetus come from? Was that COVID, was that customer demand? >> Yep, yep. Yeah, the supply chain is critical, thank you. So in 2018, we could see all of these cybersecurity issues starting to emerge and predicted that this would be a significant challenge for our industry. So we formed a strategic initiative called the Trusted Supply Chain Program designed to mitigate cybersecurity risk in the supply chain, and really starting with the product life cycle, starting at the product design phase and moving through sourcing and manufacturing, how we deliver products to our customers and, ultimately, a product's end of life that Cole mentioned. So in doing this, we're able to provide our customers with the most secure products and services, whether they're buying their servers for their data center or using our own GreenLake services. So just to give you some examples, something that is foundational to our Trusted Supply Chain Program we've built a very robust cybersecurity supply chain risk management program that includes assessing our risk at all factories and our suppliers, okay? We're also looking at strengthening our software supply chain by developing mechanisms to identify software vulnerabilities and hardening our own software build environments. To protect against counterfeit parts, that I mentioned in the beginning, from entering our supply chain, we've recently started a blockchain program so that we can identify component provenance and trace parts back to their original manufacturers. So our security efforts, you know, continue even after product manufacturing. We offer three different levels of secured delivery services for our customers, including, you know, a dedicated truck and driver, or perhaps even an exclusive use vehicle. We can tailor our delivery services to whatever the customer needs. And then, when a product is at its end of life, products are either recycled or disposed using our approved vendors. So our servers are also equipped with the One-Button Secure Erase that erases every byte of data, including firmware data. And talking about products, we've taken additional steps to provide additional security features for our products. Number one, we can provide platform certificates that allow the user to cryptographically verify that their server hasn't been tampered with from the time it left the manufacturing facility to the time that it arrives at the customer's facility. In addition to that, we've launched a dedicated line of trusted supply chain servers with additional security features, including Secure Configuration Lock, Chassis Intrusion Detection, and these are assembled at our U.S. factory by U.S. vetted employees. So lots of exciting things happening within the supply chain not just to shore up our own supply chain risk, but also to provide our customers with the most secure product. And so with that, Cole, do you want to make our big announcement? >> All right, thank you. You know, what a great setup though, because I think you got to really appreciate the whole effort that we're putting into, you know, bringing these online. But one of the, just transparently, the gaps we had as we proved this out was, as you heard, this initial proof was delivered with assembly in the U.S. factory employees. You know, fantastic program, really successful in all our target industries and even expanding to places we didn't really expect it to. But it's kind of going to the point of security isn't just for one industry or one set of customers, right? We're seeing it in our partners, we're seeing it in different industries than we have in the past. But the challenge was we couldn't get this global right out the gate, right? This has been a really heavy, transparently, a U.S. federal activated focus, right? If you've been tracking what's going on since May of last year, there's been a call to action to improve the nation's cybersecurity. So we've been all in on that, and we have an opinion and we're working hard on that, but we're a global company, right? How can we get this out to the rest of the world? Well, guess what? This month we figured it out and, well, it's take a lot more than this month, we did a lot of work, but we figured it out. And we have launched a comparable service globally called Server Security Optimization Service, right? HPE Server Security Optimization Service for ProLiant. I like to call it, you know, SSOS Sauce, right? Do you want to be clever? HPE Sauce that we can now deploy globally. We get that product hardened in the supply chain, right? Because if you take the best of your supply chain and you take your technical innovations that you've innovated into the server, you can deliver a better experience for your customers, right? So the supply chain equals server technology and our awesome, you know, services teams deliver supply chain security at that last mile, and we can deliver it in the European markets and now in the Asia Pacific markets, right? We could ship it from the U.S. to other markets, so we could always fulfill this promise, but I think it's just having that local access into your partner ecosystem and stuff just makes more sense. But it is a big deal for us because now we have activated a meaningful supply chain security benefit for our entire global network of partners and customers and we're excited about it, and we hope our customers are too. >> That's huge, Cole and Ann, in terms of the significance of the impact that HPE is delivering through its partner ecosystem globally as the supply chain continues to be one of the terms on everyone's lips here. I'm curious, Cole, we just couple months ago, we're at Discover, can you talk about what HPE is doing here from a security perspective, this global approach that it's taking as it relates to what HPE was talking about at Discover in terms of we want to secure the enterprise to deliver these experiences from edge to cloud. >> You know, I feel like for me, and I think you look at the shared-responsibility models and, you know, other frameworks out there, the way I believe it to be is it's a solution, right? There's not one thing, you know, if you use HPE supply chain, the end, or if you buy an HPE ProLiant, the end, right? It is an integrated connectedness with our as-a-service platform, our service and support commitments, you know, our extensive partner ecosystem, our alliances, all of that comes together to ultimately offer that assurance to a customer, and I think these are specific meaningful proof points in that chain of custody, right? That chain of trust, if you will. Because as the world becomes more zero trust, we are going to have to prove ourselves more, right? And these are those kind of technical credentials, and identities and, you know, capabilities that a modern approach to security need. >> Excellent, great work there. Ann, let's go ahead and take us home. Take the audience through what you think, ultimately, what HPE is doing really infusing security at that 360-degree approach level that we talked about. What are some of the key takeaways that you want the audience that's watching here today to walk away with? >> Right, right, thank you. Yeah, you know, with the increase in cybersecurity threats everywhere affecting all businesses globally, it's going to require everyone in our industry to continue to evolve in our supply chain security and our product security in order to protect our customers and our business continuity. Protecting our supply chain is something that HPE is very committed to and takes very seriously. So, you know, I think regardless of whether our customers are looking for an on-prem solution or a GreenLake service, you know, HPE is proactively looking for and mitigating any security risk in the supply chain so that we can provide our customers with the most secure products and services. >> Awesome, Anne and Cole, thank you so much for joining me today talking about what HPE is doing here and why it's important, as our program is called, to be confident and trust your server security with HPE, and how HPE is doing that. Appreciate your insights and your time. >> Thank you so much for having us. >> Thank you, Lisa. >> For Cole Humphreys and Anne Potten, I'm Lisa Martin, we want to thank you for watching this segment in our series, Be Confident and Trust Your Server Security with HPE. We'll see you soon. (gentle upbeat music)

>> The rapid rise of ransomware attacks has added yet another challenge that business technology executives have to worry about these days, cloud storage, immutability, and air gaps have become a must have arrows in the quiver of organization's data protection strategies. But the important reality that practitioners have embraced is data protection, it can't be an afterthought or a bolt on it, has to be designed into the operational workflow of technology systems. The problem is, oftentimes, data protection is complicated with a variety of different products, services, software components, and storage formats, this is why object storage is moving to the forefront of data protection use cases because it's simpler and less expensive. The put data get data syntax has always been alluring, but object storage, historically, was seen as this low-cost niche solution that couldn't offer the performance required for demanding workloads, forcing customers to make hard tradeoffs between cost and performance. That has changed, the ascendancy of cloud storage generally in the S3 format specifically has catapulted object storage to become a first class citizen in a mainstream technology. Moreover, innovative companies have invested to bring object storage performance to parity with other storage formats, but cloud costs are often a barrier for many companies as the monthly cloud bill and egress fees in particular steadily climb. Welcome to Secure Storage Hot Takes, my name is Dave Vellante, and I'll be your host of the program today, where we introduce our community to Wasabi, a company that is purpose-built to solve this specific problem with what it claims to be the most cost effective and secure solution on the market. We have three segments today to dig into these issues, first up is David Friend, the well known entrepreneur who co-founded Carbonite and now Wasabi will then dig into the product with Drew Schlussel of Wasabi, and then we'll bring in the customer perspective with Kevin Warenda of the Hotchkiss School, let's get right into it. We're here with David Friend, the President and CEO and Co-founder of Wasabi, the hot storage company, David, welcome to theCUBE. >> Thanks Dave, nice to be here. >> Great to have you, so look, you hit a home run with Carbonite back when building a unicorn was a lot more rare than it has been in the last few years, why did you start Wasabi? >> Well, when I was still CEO of Wasabi, my genius co-founder Jeff Flowers and our chief architect came to me and said, you know, when we started this company, a state of the art disk drive was probably 500 gigabytes and now we're looking at eight terabyte, 16 terabyte, 20 terabyte, even 100 terabyte drives coming down the road and, you know, sooner or later the old architectures that were designed around these much smaller disk drives is going to run out of steam because, even though the capacities are getting bigger and bigger, the speed with which you can get data on and off of a hard drive isn't really changing all that much. And Jeff foresaw a day when the architectures sort of legacy storage like Amazon S3 and so forth was going to become very inefficient and slow. And so he came up with a new, highly parallelized architecture, and he said, I want to go off and see if I can make this work. So I said, you know, good luck go to it and they went off and spent about a year and a half in the lab, designing and testing this new storage architecture and when they got it working, I looked at the economics of this and I said, holy cow, we can sell cloud storage for a fraction of the price of Amazon, still make very good gross margins and it will be faster. So this is a whole new generation of object storage that you guys have invented. So I recruited a new CEO for Carbonite and left to found Wasabi because the market for cloud storage is almost infinite. You know, when you look at all the world's data, you know, IDC has these crazy numbers, 120 zetabytes or something like that and if you look at that as you know, the potential market size during that data, we're talking trillions of dollars, not billions and so I said, look, this is a great opportunity, if you look back 10 years, all the world's data was on-prem, if you look forward 10 years, most people agree that most of the world's data is going to live in the cloud, we're at the beginning of this migration, we've got an opportunity here to build an enormous company. >> That's very exciting. I mean, you've always been a trend spotter, and I want to get your perspectives on data protection and how it's changed. It's obviously on people's minds with all the ransomware attacks and security breaches, but thinking about your experiences and past observations, what's changed in data protection and what's driving the current very high interest in the topic? >> Well, I think, you know, from a data protection standpoint, immutability, the equivalent of the old worm tapes, but applied to cloud storage is, you know, become core to the backup strategies and disaster recovery strategies for most companies. And if you look at our partners who make backup software like Veeam, Convo, Veritas, Arcserve, and so forth, most of them are really taking advantage of mutable cloud storage as a way to protect customer data, customers backups from ransomware. So the ransomware guys are pretty clever and they, you know, they discovered early on that if someone could do a full restore from their backups, they're never going to pay a ransom. So, once they penetrate your system, they get pretty good at sort of watching how you do your backups and before they encrypt your primary data, they figure out some way to destroy or encrypt your backups as well, so that you can't do a full restore from your backups. And that's where immutability comes in. You know, in the old days you, you wrote what was called a worm tape, you know, write once read many, and those could not be overwritten or modified once they were written. And so we said, let's come up with an equivalent of that for the cloud, and it's very tricky software, you know, it involves all kinds of encryption algorithms and blockchain and this kind of stuff but, you know, the net result is if you store your backups in immutable buckets, in a product like Wasabi, you can't alter it or delete it for some period of time, so you could put a timer on it, say a year or six months or something like that, once that data is written, you know, there's no way you can go in and change it, modify it, or anything like that, including even Wasabi's engineers. >> So, David, I want to ask you about data sovereignty. It's obviously a big deal, I mean, especially for companies with the presence overseas, but what's really is any digital business these days, how should companies think about approaching data sovereignty? Is it just large firms that should be worried about this? Or should everybody be concerned? What's your point of view? >> Well, all around the world countries are imposing data sovereignty laws and if you're in the storage business, like we are, if you don't have physical data storage in-country, you're probably not going to get most of the business. You know, since Christmas we've built data centers in Toronto, London, Frankfurt, Paris, Sydney, Singapore, and I've probably forgotten one or two, but the reason we do that is twofold; one is, you know, if you're closer to the customer, you're going to get better response time, lower latency, and that's just a speed of light issue. But the bigger issue is, if you've got financial data, if you have healthcare data, if you have data relating to security, like surveillance videos, and things of that sort, most countries are saying that data has to be stored in-country, so, you can't send it across borders to some other place. And if your business operates in multiple countries, you know, dealing with data sovereignty is going to become an increasingly important problem. >> So in May of 2018, that's when the fines associated with violating GDPR went into effect and GDPR was like this main spring of privacy and data protection laws and we've seen it spawn other public policy things like the CCPA and think it continues to evolve, we see judgments in Europe against big tech and this tech lash that's in the news in the U.S. and the elimination of third party cookies, what does this all mean for data protection in the 2020s? >> Well, you know, every region and every country, you know, has their own idea about privacy, about security, about the use of even the use of metadata surrounding, you know, customer data and things of this sort. So, you know, it's getting to be increasingly complicated because GDPR, for example, imposes different standards from the kind of privacy standards that we have here in the U.S., Canada has a somewhat different set of data sovereignty issues and privacy issues so it's getting to be an increasingly complex, you know, mosaic of rules and regulations around the world and this makes it even more difficult for enterprises to run their own, you know, infrastructure because companies like Wasabi, where we have physical data centers in all kinds of different markets around the world and we've already dealt with the business of how to meet the requirements of GDPR and how to meet the requirements of some of the countries in Asia and so forth, you know, rather than an enterprise doing that just for themselves, if you running your applications or keeping your data in the cloud, you know, now a company like Wasabi with, you know, 34,000 customers, we can go to all the trouble of meeting these local requirements on behalf of our entire customer base and that's a lot more efficient and a lot more cost effective than if each individual country has to go deal with the local regulatory authorities. >> Yeah, it's compliance by design, not by chance. Okay, let's zoom out for the final question, David, thinking about the discussion that we've had around ransomware and data protection and regulations, what does it mean for a business's operational strategy and how do you think organizations will need to adapt in the coming years? >> Well, you know, I think there are a lot of forces driving companies to the cloud and, you know, and I do believe that if you come back five or 10 years from now, you're going to see majority of the world's data is going to be living in the cloud and I think storage, data storage is going to be a commodity much like electricity or bandwidth, and it's going to be done right, it will comply with the local regulations, it'll be fast, it'll be local, and there will be no strategic advantage that I can think of for somebody to stand up and run their own storage, especially considering the cost differential, you know, the most analysts think that the full, all in costs of running your own storage is in the 20 to 40 terabytes per month range, whereas, you know, if you migrate your data to the cloud, like Wasabi, you're talking probably $6 a month and so I think people are learning how to deal with the idea of an architecture that involves storing your data in the cloud, as opposed to, you know, storing your data locally. >> Wow, that's like a six X more expensive in the clouds, more than six X, all right, thank you, David,-- >> In addition to which, you know, just finding the people to babysit this kind of equipment has become nearly impossible today. >> Well, and with a focus on digital business, you don't want to be wasting your time with that kind of heavy lifting. David, thanks so much for coming in theCUBE, a great Boston entrepreneur, we've followed your career for a long time and looking forward to the future. >> Thank you. >> Okay, in a moment, Drew Schlussel will join me and we're going to dig more into product, you're watching theCUBE, the leader in enterprise and emerging tech coverage, keep it right there. ♪ Whoa ♪ ♪ Brenda in sales got an email ♪ ♪ Click here for a trip to Bombay ♪ ♪ It's not even called Bombay anymore ♪ ♪ But you clicked it anyway ♪ ♪ And now our data's been held hostage ♪ ♪ And now we're on sinking ship ♪ ♪ And a hacker's in our system ♪ ♪ Just 'cause Brenda wanted a trip ♪ ♪ She clicked on something stupid ♪ ♪ And our data's out of our control ♪ ♪ Into the hands of a hacker's ♪ ♪ And he's a giant asshole. ♪ ♪ He encrypted it in his basement ♪ ♪ He wants a million bucks for the key ♪ ♪ And I'm pretty sure he's 15 ♪ ♪ And still going through puberty ♪ ♪ I know you didn't mean to do us wrong ♪ ♪ But now I'm dealing with this all week long ♪ ♪ To make you all aware ♪ ♪ Of all this ransomware ♪ ♪ That is why I'm singing you this song ♪ ♪ C'mon ♪ ♪ Take it from me ♪ ♪ The director of IT ♪ ♪ Don't click on that email from a prince Nairobi ♪ ♪ 'Cuz he's not really a prince ♪ ♪ Now our data's locked up on our screen ♪ ♪ Controlled by a kid who's just fifteen ♪ ♪ And he's using our money to buy a Ferrari ♪ (gentle music) >> Joining me now is Drew Schlussel, who is the Senior Director of Product Marketing at Wasabi, hey Drew, good to see you again, thanks for coming back in theCUBE. >> Dave, great to be here, great to see you. >> All right, let's get into it. You know, Drew, prior to the pandemic, Zero Trust, just like kind of like digital transformation was sort of a buzzword and now it's become a real thing, almost a mandate, what's Wasabi's take on Zero Trust. >> So, absolutely right, it's been around a while and now people are paying attention, Wasabi's take is Zero Trust is a good thing. You know, there are too many places, right, where the bad guys are getting in. And, you know, I think of Zero Trust as kind of smashing laziness, right? It takes a little work, it takes some planning, but you know, done properly and using the right technologies, using the right vendors, the rewards are, of course tremendous, right? You can put to rest the fears of ransomware and having your systems compromised. >> Well, and we're going to talk about this, but there's a lot of process and thinking involved and, you know, design and your Zero Trust and you don't want to be wasting time messing with infrastructure, so we're going to talk about that, there's a lot of discussion in the industry, Drew, about immutability and air gaps, I'd like you to share Wasabi's point of view on these topics, how do you approach it and what makes Wasabi different? >> So, in terms of air gap and immutability, right, the beautiful thing about object storage, which is what we do all the time is that it makes it that much easier, right, to have a secure immutable copy of your data someplace that's easy to access and doesn't cost you an arm and a leg to get your data back. You know, we're working with some of the best, you know, partners in the industry, you know, we're working with folks like, you know, Veeam, Commvault, Arc, Marquee, MSP360, all folks who understand that you need to have multiple copies of your data, you need to have a copy stored offsite, and that copy needs to be immutable and we can talk a little bit about what immutability is and what it really means. >> You know, I wonder if you could talk a little bit more about Wasabi's solution because, sometimes people don't understand, you actually are a cloud, you're not building on other people's public clouds and this storage is the one use case where it actually makes sense to do that, tell us a little bit more about Wasabi's approach and your solution. >> Yeah, I appreciate that, so there's definitely some misconception, we are our own cloud storage service, we don't run on top of anybody else, right, it's our systems, it's our software deployed globally and we interoperate because we adhere to the S3 standard, we interoperate with practically hundreds of applications, primarily in this case, right, we're talking about backup and recovery applications and it's such a simple process, right? I mean, just about everybody who's anybody in this business protecting data has the ability now to access cloud storage and so we've made it really simple, in many cases, you'll see Wasabi as you know, listed in the primary set of available vendors and, you know, put in your private keys, make sure that your account is locked down properly using, let's say multifactor authentication, and you've got a great place to store copies of your data securely. >> I mean, we just heard from David Friend, if I did my math right, he was talking about, you know, 1/6 the cost per terabyte per month, maybe even a little better than that, how are you able to achieve such attractive economics? >> Yeah, so, you know, I can't remember how to translate my fractions into percentages, but I think we talk a lot about being 80%, right, less expensive than the hyperscalers. And you know, we talked about this at Vermont, right? There's some secret sauce there and you know, we take a different approach to how we utilize the raw capacity to the effective capacity and the fact is we're also not having to run, you know, a few hundred other services, right? We do storage, plain and simple, all day, all the time, so we don't have to worry about overhead to support, you know, up and coming other services that are perhaps, you know, going to be a loss leader, right? Customers love it, right, they see the fact that their data is growing 40, 80% year over year, they know they need to have some place to keep it secure, and, you know, folks are flocking to us in droves, in fact, we're seeing a tremendous amount of migration actually right now, multiple petabytes being brought to Wasabi because folks have figured out that they can't afford to keep going with their current hyperscaler vendor. >> And immutability is a feature of your product, right? What the feature called? Can you double-click on that a little bit? >> Yeah, absolutely. So, the term in S3 is Object Lock and what that means is your application will write an object to cloud storage, and it will define a retention period, let's say a week. And for that period, that object is immutable, untouchable, cannot be altered in any way, shape, or form, the application can't change it, the system administration can't change it, Wasabi can't change it, okay, it is truly carved in stone. And this is something that it's been around for a while, but you're seeing a huge uptick, right, in adoption and support for that feature by all the major vendors and I named off a few earlier and the best part is that with immutability comes some sense of, well, it comes with not just a sense of security, it is security. Right, when you have data that cannot be altered by anybody, even if the bad guys compromise your account, they steal your credentials, right, they can't take away the data and that's a beautiful thing, a beautiful, beautiful thing. >> And you look like an S3 bucket, is that right? >> Yeah, I mean, we're fully compatible with the S3 API, so if you're using S3 API based applications today, it's a very simple matter of just kind of redirecting where you want to store your data, beautiful thing about backup and recovery, right, that's probably the simplest application, simple being a relative term, as far as lift and shift, right? Because that just means for your next full, right, point that at Wasabi, retain your other fulls, you know, for whatever 30, 60, 90 days, and then once you've kind of made that transition from vine to vine, you know, you're often running with Wasabi. >> I talked to my open about the allure of object storage historically, you know, the simplicity of the get put syntax, but what about performance? Are you able to deliver performance that's comparable to other storage formats? >> Oh yeah, absolutely, and we've got the performance numbers on the site to back that up, but I forgot to answer something earlier, right, you said that immutability is a feature and I want to make it very clear that it is a feature but it's an API request. Okay, so when you're talking about gets and puts and so forth, you know, the comment you made earlier about being 80% more cost effective or 80% less expensive, you know, that API call, right, is typically something that the other folks charge for, right, and I think we used the metaphor earlier about the refrigerator, but I'll use a different metaphor today, right? You can think of cloud storage as a magical coffee cup, right? It gets as big as you want to store as much coffee as you want and the coffee's always warm, right? And when you want to take a sip, there's no charge, you want to, you know, pop the lid and see how much coffee is in there, no charge, and that's an important thing, because when you're talking about millions or billions of objects, and you want to get a list of those objects, or you want to get the status of the immutable settings for those objects, anywhere else it's going to cost you money to look at your data, with Wasabi, no additional charge and that's part of the thing that sets us apart. >> Excellent, so thank you for that. So, you mentioned some partners before, how do partners fit into the Wasabi story? Where do you stop? Where do they pick up? You know, what do they bring? Can you give us maybe, a paint a picture for us example, or two? >> Sure, so, again, we just do storage, right, that is our sole purpose in life is to, you know, to safely and securely store our customer's data. And so they're working with their application vendors, whether it's, you know, active archive, backup and recovery, IOT, surveillance, media and entertainment workflows, right, those systems already know how to manage the data, manage the metadata, they just need some place to keep the data that is being worked on, being stored and so forth. Right, so just like, you know, plugging in a flash drive on your laptop, right, you literally can plug in Wasabi as long as your applications support the API, getting started is incredibly easy, right, we offer a 30-day trial, one terabyte, and most folks find that within, you know, probably a few hours of their POC, right, it's giving them everything they need in terms of performance, in terms of accessibility, in terms of sovereignty, I'm guessing you talked to, you know, Dave Friend earlier about data sovereignty, right? We're global company, right, so there's got to be probably, you know, wherever you are in the world some place that will satisfy your sovereignty requirements, as well as your compliance requirements. >> Yeah, we did talk about sovereignty, Drew, this is really, what's interesting to me, I'm a bit of a industry historian, when I look back to the early days of cloud, I remember the large storage companies, you know, their CEOs would say, we're going to have an answer for the cloud and they would go out, and for instance, I know one bought competitor of Carbonite, and then couldn't figure out what to do with it, they couldn't figure out how to compete with the cloud in part, because they were afraid it was going to cannibalize their existing business, I think another part is because they just didn't have that imagination to develop an architecture that in a business model that could scale to see that you guys have done that is I love it because it brings competition, it brings innovation and it helps lower clients cost and solve really nagging problems. Like, you know, ransomware, of mutability and recovery, I'll give you the last word, Drew. >> Yeah, you're absolutely right. You know, the on-prem vendors, they're not going to go away anytime soon, right, there's always going to be a need for, you know, incredibly low latency, high bandwidth, you know, but, you know, not all data's hot all the time and by hot, I mean, you know, extremely hot, you know, let's take, you know, real time analytics for, maybe facial recognition, right, that requires sub-millisecond type of processing. But once you've done that work, right, you want to store that data for a long, long time, and you're going to want to also tap back into it later, so, you know, other folks are telling you that, you know, you can go to these like, you know, cold glacial type of tiered storage, yeah, don't believe the hype, you're still going to pay way more for that than you would with just a Wasabi-like hot cloud storage system. And, you know, we don't compete with our partners, right? We compliment, you know, what they're bringing to market in terms of the software vendors, in terms of the hardware vendors, right, we're a beautiful component for that hybrid cloud architecture. And I think folks are gravitating towards that, I think the cloud is kind of hitting a new gear if you will, in terms of adoption and recognition for the security that they can achieve with it. >> All right, Drew, thank you for that, definitely we see the momentum, in a moment, Drew and I will be back to get the customer perspective with Kevin Warenda, who's the Director of Information technology services at The Hotchkiss School, keep it right there. >> Hey, I'm Nate, and we wrote this song about ransomware to educate people, people like Brenda. >> Oh, God, I'm so sorry. We know you are, but Brenda, you're not alone, this hasn't just happened to you. >> No! ♪ Colonial Oil Pipeline had a guy ♪ ♪ who didn't change his password ♪ ♪ That sucks ♪ ♪ His password leaked, the data was breached ♪ ♪ And it cost his company 4 million bucks ♪ ♪ A fake update was sent to people ♪ ♪ Working for the meat company JBS ♪ ♪ That's pretty clever ♪ ♪ Instead of getting new features, they got hacked ♪ ♪ And had to pay the largest crypto ransom ever ♪ ♪ And 20 billion dollars, billion with a b ♪ ♪ Have been paid by companies in healthcare ♪ ♪ If you wonder buy your premium keeps going ♪ ♪ Up, up, up, up, up ♪ ♪ Now you're aware ♪ ♪ And now the hackers they are gettin' cocky ♪ ♪ When they lock your data ♪ ♪ You know, it has gotten so bad ♪ ♪ That they demand all of your money and it gets worse ♪ ♪ They go and the trouble with the Facebook ad ♪ ♪ Next time, something seems too good to be true ♪ ♪ Like a free trip to Asia! ♪ ♪ Just check first and I'll help before you ♪ ♪ Think before you click ♪ ♪ Don't get fooled by this ♪ ♪ Who isn't old enough to drive to school ♪ ♪ Take it from me, the director of IT ♪ ♪ Don't click on that email from a prince in Nairobi ♪ ♪ Because he's not really a prince ♪ ♪ Now our data's locked up on our screen ♪ ♪ Controlled by a kid who's just fifteen ♪ ♪ And he's using our money to buy a Ferrari ♪ >> It's a pretty sweet car. ♪ A kid without facial hair, who lives with his mom ♪ ♪ To learn more about this go to wasabi.com ♪ >> Hey, don't do that. ♪ Cause if we had Wasabi's immutability ♪ >> You going to ruin this for me! ♪ This fifteen-year-old wouldn't have on me ♪ (gentle music) >> Drew and I are pleased to welcome Kevin Warenda, who's the Director of Information Technology Services at The Hotchkiss School, a very prestigious and well respected boarding school in the beautiful Northwest corner of Connecticut, hello, Kevin. >> Hello, it's nice to be here, thanks for having me. >> Yeah, you bet. Hey, tell us a little bit more about The Hotchkiss School and your role. >> Sure, The Hotchkiss School is an independent boarding school, grades nine through 12, as you said, very prestigious and in an absolutely beautiful location on the deepest freshwater lake in Connecticut, we have 500 acre main campus and a 200 acre farm down the street. My role as the Director of Information Technology Services, essentially to oversee all of the technology that supports the school operations, academics, sports, everything we do on campus. >> Yeah, and you've had a very strong history in the educational field, you know, from that lens, what's the unique, you know, or if not unique, but the pressing security challenge that's top of mind for you? >> I think that it's clear that educational institutions are a target these days, especially for ransomware. We have a lot of data that can be used by threat actors and schools are often underfunded in the area of IT security, IT in general sometimes, so, I think threat actors often see us as easy targets or at least worthwhile to try to get into. >> Because specifically you are potentially spread thin, underfunded, you got students, you got teachers, so there really are some, are there any specific data privacy concerns as well around student privacy or regulations that you can speak to? >> Certainly, because of the fact that we're an independent boarding school, we operate things like even a health center, so, data privacy regulations across the board in terms of just student data rights and FERPA, some of our students are under 18, so, data privacy laws such as COPPA apply, HIPAA can apply, we have PCI regulations with many of our financial transactions, whether it be fundraising through alumni development, or even just accepting the revenue for tuition so, it's a unique place to be, again, we operate very much like a college would, right, we have all the trappings of a private college in terms of all the operations we do and that's what I love most about working in education is that it's all the industries combined in many ways. >> Very cool. So let's talk about some of the defense strategies from a practitioner point of view, then I want to bring in Drew to the conversation so what are the best practice and the right strategies from your standpoint of defending your data? >> Well, we take a defense in-depth approach, so we layer multiple technologies on top of each other to make sure that no single failure is a key to getting beyond those defenses, we also keep it simple, you know, I think there's some core things that all organizations need to do these days in including, you know, vulnerability scanning, patching , using multifactor authentication, and having really excellent backups in case something does happen. >> Drew, are you seeing any similar patterns across other industries or customers? I mean, I know we're talking about some uniqueness in the education market, but what can we learn from other adjacent industries? >> Yeah, you know, Kevin is spot on and I love hearing what he's doing, going back to our prior conversation about Zero Trust, right, that defense in-depth approach is beautifully aligned, right, with the Zero Trust approach, especially things like multifactor authentication, always shocked at how few folks are applying that very, very simple technology and across the board, right? I mean, Kevin is referring to, you know, financial industry, healthcare industry, even, you know, the security and police, right, they need to make sure that the data that they're keeping, evidence, right, is secure and immutable, right, because that's evidence. >> Well, Kevin, paint a picture for us, if you would. So, you were primarily on-prem looking at potentially, you know, using more cloud, you were a VMware shop, but tell us, paint a picture of your environment, kind of the applications that you support and the kind of, I want to get to the before and the after Wasabi, but start with kind of where you came from. >> Sure, well, I came to The Hotchkiss School about seven years ago and I had come most recently from public K12 and municipal, so again, not a lot of funding for IT in general, security, or infrastructure in general, so Nutanix was actually a hyperconverged solution that I implemented at my previous position. So when I came to Hotchkiss and found mostly on-prem workloads, everything from the student information system to the card access system that students would use, financial systems, they were almost all on premise, but there were some new SaaS solutions coming in play, we had also taken some time to do some business continuity, planning, you know, in the event of some kind of issue, I don't think we were thinking about the pandemic at the time, but certainly it helped prepare us for that, so, as different workloads were moved off to hosted or cloud-based, we didn't really need as much of the on-premise compute and storage as we had, and it was time to retire that cluster. And so I brought the experience I had with Nutanix with me, and we consolidated all that into a hyper-converged platform, running Nutanix AHV, which allowed us to get rid of all the cost of the VMware licensing as well and it is an easier platform to manage, especially for small IT shops like ours. >> Yeah, AHV is the Acropolis hypervisor and so you migrated off of VMware avoiding the VTax avoidance, that's a common theme among Nutanix customers and now, did you consider moving into AWS? You know, what was the catalyst to consider Wasabi as part of your defense strategy? >> We were looking at cloud storage options and they were just all so expensive, especially in egress fees to get data back out, Wasabi became across our desks and it was such a low barrier to entry to sign up for a trial and get, you know, terabyte for a month and then it was, you know, $6 a month for terabyte. After that, I said, we can try this out in a very low stakes way to see how this works for us. And there was a couple things we were trying to solve at the time, it wasn't just a place to put backup, but we also needed a place to have some files that might serve to some degree as a content delivery network, you know, some of our software applications that are deployed through our mobile device management needed a place that was accessible on the internet that they could be stored as well. So we were testing it for a couple different scenarios and it worked great, you know, performance wise, fast, security wise, it has all the features of S3 compliance that works with Nutanix and anyone who's familiar with S3 permissions can apply them very easily and then there was no egress fees, we can pull data down, put data up at will, and it's not costing as any extra, which is excellent because especially in education, we need fixed costs, we need to know what we're going to spend over a year before we spend it and not be hit with, you know, bills for egress or because our workload or our data storage footprint grew tremendously, we need that, we can't have the variability that the cloud providers would give us. >> So Kevin, you explained you're hypersensitive about security and privacy for obvious reasons that we discussed, were you concerned about doing business with a company with a funny name? Was it the trial that got you through that knothole? How did you address those concerns as an IT practitioner? >> Yeah, anytime we adopt anything, we go through a risk review. So we did our homework and we checked the funny name really means nothing, there's lots of companies with funny names, I think we don't go based on the name necessarily, but we did go based on the history, understanding, you know, who started the company, where it came from, and really looking into the technology and understanding that the value proposition, the ability to provide that lower cost is based specifically on the technology in which it lays down data. So, having a legitimate, reasonable, you know, excuse as to why it's cheap, we weren't thinking, well, you know, you get what you pay for, it may be less expensive than alternatives, but it's not cheap, you know, it's reliable, and that was really our concern. So we did our homework for sure before even starting the trial, but then the trial certainly confirmed everything that we had learned. >> Yeah, thank you for that. Drew, explain the whole egress charge, we hear a lot about that, what do people need to know? >> First of all, it's not a funny name, it's a memorable name, Dave, just like theCUBE, let's be very clear about that, second of all, egress charges, so, you know, other storage providers charge you for every API call, right? Every get, every put, every list, everything, okay, it's part of their process, it's part of how they make money, it's part of how they cover the cost of all their other services, we don't do that. And I think, you know, as Kevin has pointed out, right, that's a huge differentiator because you're talking about a significant amount of money above and beyond what is the list price. In fact, I would tell you that most of the other storage providers, hyperscalers, you know, their list price, first of all, is, you know, far exceeding anything else in the industry, especially what we offer and then, right, their additional cost, the egress costs, the API requests can be two, three, 400% more on top of what you're paying per terabyte. >> So, you used a little coffee analogy earlier in our conversation, so here's what I'm imagining, like I have a lot of stuff, right? And I had to clear up my bar and I put some stuff in storage, you know, right down the street and I pay them monthly, I can't imagine having to pay them to go get my stuff, that's kind of the same thing here. >> Oh, that's a great metaphor, right? That storage locker, right? You know, can you imagine every time you want to open the door to that storage locker and look inside having to pay a fee? >> No, that would be annoying. >> Or, every time you pull into the yard and you want to put something in that storage locker, you have to pay an access fee to get to the yard, you have to pay a door opening fee, right, and then if you want to look and get an inventory of everything in there, you have to pay, and it's ridiculous, it's your data, it's your storage, it's your locker, you've already paid the annual fee, probably, 'cause they gave you a discount on that, so why shouldn't you have unfettered access to your data? That's what Wasabi does and I think as Kevin pointed out, right, that's what sets us completely apart from everybody else. >> Okay, good, that's helpful, it helps us understand how Wasabi's different. Kevin, I'm always interested when I talk to practitioners like yourself in learning what you do, you know, outside of the technology, what are you doing in terms of educating your community and making them more cyber aware? Do you have training for students and faculty to learn about security and ransomware protection, for example? >> Yes, cyber security awareness training is definitely one of the required things everyone should be doing in their organizations. And we do have a program that we use and we try to make it fun and engaging too, right, this is often the checking the box kind of activity, insurance companies require it, but we want to make it something that people want to do and want to engage with so, even last year, I think we did one around the holidays and kind of pointed out the kinds of scams they may expect in their personal life about, you know, shipping of orders and time for the holidays and things like that, so it wasn't just about protecting our school data, it's about the fact that, you know, protecting their information is something do in all aspects of your life, especially now that the folks are working hybrid often working from home with equipment from the school, the stakes are much higher and people have a lot of our data at home and so knowing how to protect that is important, so we definitely run those programs in a way that we want to be engaging and fun and memorable so that when they do encounter those things, especially email threats, they know how to handle them. >> So when you say fun, it's like you come up with an example that we can laugh at until, of course, we click on that bad link, but I'm sure you can come up with a lot of interesting and engaging examples, is that what you're talking about, about having fun? >> Yeah, I mean, sometimes they are kind of choose your own adventure type stories, you know, they stop as they run, so they're telling a story and they stop and you have to answer questions along the way to keep going, so, you're not just watching a video, you're engaged with the story of the topic, yeah, and that's what I think is memorable about it, but it's also, that's what makes it fun, you're not just watching some talking head saying, you know, to avoid shortened URLs or to check, to make sure you know the sender of the email, no, you're engaged in a real life scenario story that you're kind of following and making choices along the way and finding out was that the right choice to make or maybe not? So, that's where I think the learning comes in. >> Excellent. Okay, gentlemen, thanks so much, appreciate your time, Kevin, Drew, awesome having you in theCUBE. >> My pleasure, thank you. >> Yeah, great to be here, thanks. >> Okay, in a moment, I'll give you some closing thoughts on the changing world of data protection and the evolution of cloud object storage, you're watching theCUBE, the leader in high tech enterprise coverage. >> Announcer: Some things just don't make sense, like showing up a little too early for the big game. >> How early are we? >> Couple months. Popcorn? >> Announcer: On and off season, the Red Sox cover their bases with affordable, best in class cloud storage. >> These are pretty good seats. >> Hey, have you guys seen the line from the bathroom? >> Announcer: Wasabi Hot Cloud Storage, it just makes sense. >> You don't think they make these in left hand, do you? >> We learned today how a serial entrepreneur, along with his co-founder saw the opportunity to tap into the virtually limitless scale of the cloud and dramatically reduce the cost of storing data while at the same time, protecting against ransomware attacks and other data exposures with simple, fast storage, immutability, air gaps, and solid operational processes, let's not forget about that, okay? People and processes are critical and if you can point your people at more strategic initiatives and tasks rather than wrestling with infrastructure, you can accelerate your process redesign and support of digital transformations. Now, if you want to learn more about immutability and Object Block, click on the Wasabi resource button on this page, or go to wasabi.com/objectblock. Thanks for watching Secure Storage Hot Takes made possible by Wasabi. This is Dave Vellante for theCUBE, the leader in enterprise and emerging tech coverage, well, see you next time. (gentle upbeat music)

(upbeat music) >> Good evening, guys. Welcome back to Las Vegas, theCUBE is here live at AWS re:Invent 2021. I'm Lisa Martin. We have two live sets, two remote sets, over 100 guests on theCUBE talking with AWS, and its massive ecosystem of partners bringing you this hybrid tech event, probably the biggest of the year, and I'm pleased to welcome Stephen Kovac next, the Chief Compliance Officer at Zscaler. Stephen, how's it going? >> Well, it's going well, Lisa. Thank you for asking, enjoying Vegas, loving the conference, unbelievable. >> Isn't it great to be back in person? >> Oh, it's so great, I've seen people. >> Conversations you can't replicate on video conferencing, you just can't. >> Can't, and you see people you haven't seen in two years, and it's like all of a sudden you're best buddies again. It's just wonderful, it's so great to back. >> It is, and AWS in typical fashion has done a great job of getting everybody in here safely. I'm not at all surprised, that's what I expected, but it's been great. And I hope that this can demonstrate to other companies, you can do this safely. >> You can, I think so. I mean, there's a lot of effort going into this, but as usual AWS does it right. So, you expect that. >> They do. Talk to me about the Zscaler-AWS partnership. What's going on? >> Well, it's a great partnership. So AWS and Zscaler have been partners since the beginning of Zscaler. We are the largest security cloud in the world. We're born and bred in the cloud security company. So literally we wrote one application that does global security, everything from firewall to proxy, secure web gateway, to DLP, to all this in one piece of software. So, in the past where people would buy appliances for all these devices and put them in their own data center, we wrote a software that allows us to put that in the cloud, run it on the cloud globally around the world. And our partnership with AWS is, we originally built that on AWS, and today still AWS is our prime partner, especially in the zero trust side of our business. So, great relationship, long-term and great I think for both of us, it's been a very, very... >> Fruitful partnership, synergistic? >> Synergistic, love that, so yes. >> You mentioned zero trust, and we have seen such massive changes to the security and the threat landscape the last 20, 22 months. Talk to me about the recent executive order calling for zero trust, how does Zscaler's partnership with AWS help you enable organizations, fed, SLED, DoD, to be able to actually bring in and apply zero trust? >> Yeah, great question. Five years ago I was tasked to bring Zscaler into the government side of the business. So I was employee one to do that. It was a great honor to do it. And the first thing we did is we partnered with AWS because we needed to get FedRAMP compliant. We knew we were going to go into DoD. So we needed to go to the Impact Level five. And eventually we'll be able to go up level six with AWS. And so it was our partnership started there. And as you've seen in five years with all the change that's happened, that obviously the breaches like SolarWinds, and the people up here talking about them all week with you I'm sure. The executive order came down from the Biden Administration, who I completely salute for being just tremendous leaders in the cybersecurity space. And the executive order, one of the big pieces of the executive order was every agency must produce a plan for zero trust. So our cloud platform that is on AWS is a zero trust platform. It is the first and only zero trust platform to get authorized by the federal government at the FedRAMP level, and now the IL five level. So, together we are literally capturing and taking over the, being the leader in the zero trust space for the federal government. And I'm going to get a sip of water, so forgive me, I've been here all week talking to a lot of people, so forgive me for that. >> That's one thing that we don't have to deal with when we're on Zoom, right, is you don't really have the risk of losing your voice. >> Stephen: There you go. >> But in terms of the executive order, something that you mentioned, SolarWinds, Colonial Pipeline, we only hear about some of the big ones. The fact that ransomware happens one attack every 10, 11 seconds, it's a matter of when we get hit, not if. >> As you know, the story coming up from me, coming up on stage with you today, I just got myself breached just this morning, just individually. So yes, it's going to get all of us. And especially, I think when you look at zero trust and ransomware and how they worked out how zero trust can prevent it, you look at the SLED market, you know, state, local governments, they don't have the dollars to go spend like DHS does, or say, some of the DoD does. So, our partnership with AWS allows us to produce a product that is very cost-effective on a per user basis, consumption model, which is what AWS has been famous for since day one, right, the consumption model, use it when you need it, don't use it when you don't. We built our software the same way. So, at some point in a year, in a school year, we'll ramp up with some schools up to a hundred thousand users in the district, and over the summer we'll ramp down to a thousand, and we just bill them for that. So it's a beautiful relationship that we partner in not just the executive order, but being a partner in SLED, fed in the sense that matches making our business together, match the government's business. And that makes us a true leader and makes us a cost-effective solution. And if you think about it just for a moment, yesterday, I told you I was testifying in front of the Senate. And one of the questions I got asked was, oh, how many security updates do you guys see a year? I said, a year, well, we do over 200,000 a day. 200,000 security updates from potential hackers every single day. And we're doing that over 200 billion transactions a day run on AWS. So it's tremendous partnership, and to be able to work like that, and at that kind of volume, and be able to go up and down with the, and you got AWS able to scope up and down, and us to be able to ride that wave with them. It's been great. >> One of the things that we always talk about when we talk AWS is they're customer focused or customer obsession that, hey, we start backwards, we work backwards from the customer. Same thing, synergistic from a cultural perspective? >> Absolutely, I mean, one of the things I always love about AWS and I've been a customer of AWS for many years, even prior to my Zscaler days, I love the way they approach things, right? If they're not trying to go out and sell it, they're trying to meet with the customer and find out what the customer needs, and then build a solution. We're the same way. I always tell, you know, when you think of our solutions, Zscaler, I always tell my sales teams, I say it takes four sales calls for people to really understand what we do. And AWS, in the beginning of AWS, it was kind of the same thing. In the old days, you know, we all just built data centers and we had all these racks, and all this expense and mesh is what you did. It was unusual back in the day, 10 years ago, and I've been to every single re:Invent. I mean, the first one there was like, you're actually going to put all your stuff in this unknown cloud thing, and it will be available when you need it? So yes, you know, the way that they did it is the same way we do it together today. And we do it together today. We partner on many deals today where we're both, our teams are in there together, selling together, whether it's the DoD, federal agencies, SLED agencies, and commercial, you know, selling it hand-in-hand because it's that same philosophy is we're going to build what a customer needs. We're not going to tell the customer what they need. We're going to hear what they need, and that's the same relationship. So I'm going to get another sip real quick. >> Go for it. One of the things that has been a theme that we've heard the last couple of days is every company needs to be a data company or private sector, public sector, and if they're not, they're probably not going to be around much longer. How do you help customers get their handle around that? Because the security threats are only increasing. I mean, it's ransomware as a service. The fact that these criminals are getting much more brazen, you just had this happen to yourself, but enabling them to become data-driven organizations and use the data, extract the value from it securely, that's hard. >> It is, I mean, if you think back in the day, I mean, companies didn't have chief compliance officers that worked in the space that we do. Their chief compliance officer back in the day was the guy that was writing your HR issues and what OSHA issues, and of course, I still deal with some of that stuff, but my true job is really around the data, right? You know, how do we build our platforms, what decisions we make on our platforms, how we're going to certify them to support that, and I mean, chief data officers, chief security officers, I mean, you go into companies today, even car dealerships today. I mean, I'm picking one, you never thought of them having a security officer, but they do, they have to, they have to. And I mean, basic school districts, I mean, I don't about you, when I was a kid and went to school, they didn't have computers, but when my kid went to school, they did, but they didn't have a security officer. Now today, every single school district has security officers. I mean, I love how you said it, that data-driven, that data thought is there. It has to be, it's a real threat. And the sad thing is of these ransomware attacks, how many don't get reported. >> Oh, right, we're only hearing about a select few. >> The numbers are something like 88% don't get reported. It's that big. So that just tells you, we hear the big ones, right, Colonial Pipeline, things like that. We don't hear about West Texas or Middle Illinois school district that paid five grand because somebody had something on the school. That's how, as you said, this ransomware as a service security, we call it a security as a service, there's SaaS, which is software as a service, we're security software as a service, and AWS is the infrastructure as a service that we run on. And that's how it works well together. >> Do you guys go into accounts together from a go-to-market perspective? >> We, do, we can always do a better job. And my good friend here at AWS, who's probably listening, we can always do better. But yeah, so it is become something that, especially in the government space we do, in federal, DoD, because the certifications are really important, certifications are important everywhere, and we have many, we talked about all the certifications we have in federal, FedRAMP and IL five, and we have a plethora of those certifications in the commercial space. But they mean in a federal space, they're really the ticket. They call them the ENERGY STAR of approval, good housekeeping piece. So, you know, having that, teaming up with AWS who we partner together and because AWS has the same certs, we can sell at the same levels. And we do a really great job of co-selling in that space together. And I think when they look at us and they say, well, you're AWS, they've got their FedRAMP high, IL five, and you're Zscaler, you got your FedRAMP high, IL five. Yes, we can do business with these guys, and that's important. >> So you guys both open doors for each other. >> We do, we do in many cases, yeah. As a matter of fact, re:Invent five years ago, a buddy of mine here opened a big, big account for us, which is today our largest account in federal came from re:Invent, where came up to me and said, hey, my customer wants to, he's looking to do something, they're an agency that has global footprint, and they're like, we want to do something as a security as a service. They don't want to ship boxes all over the place. And we just met the customer for a coffee, and next thing you know, became our, still today, our probably largest customer in federal. >> Wow, well, this is the 10th re:Invent, you said you've been to all of them. >> Stephen: I have been to all of them. I can't lie, but I can't say I did all the virtual ones. I mean, I was logged in. (laughs) >> That's okay, we'll wink on that one. But, one of the things then, we've just got about a minute left here, is in new leadership, Andy Jassy being promoted to the CEO of Amazon, we've got Adam Selipsky, heard lot of announcements and news from Adam yesterday, but some of the things that we've been talking about on theCUBE is the first 15 years of innovation at AWS, that's going to accelerate. Do you see that also, like if you look forward to the next decade, do you see things moving much faster than they did the past decade? >> I don't think they can't. I mean, I shouldn't say they have to. And the change of the guard as you might call it here, is it's always good to have a change of the guard I think. You know, the question is when's Andy going to go to space? I mean, that's the next. (Lisa laughs) I think you have the guys who got AWS to the dance, and now the dance, who's going to become the belle of the ball. And this next generation of leadership coming in is fabulous. I think they've made great decisions, and I think they're going to do really well. And we're behind them, we support it. I got a chance to meet with most of them, love a chance to meet with Andy, I haven't met with him yet. So Andy, I'd love to meet you sometime soon. But I'm very impressed with what they've done. And yes, I think it's going to be, the last 10 years of growth is going to be a year next year. I think literally, you take 10 years be compressed to a year, and then next year it will be compressed to a day. So it's moving that fast. >> Yep, get your neck brace on, prepare for that whiplash. >> Yeah, right? That's what I said to Jeff when Jeff went to space, that's how fast we're about to travel, right? But it's really relative. >> It is, there is no limit. Well, Stephen, thank you for joining me, talking about Zscaler, AWS, what you guys are doing, how you're helping to revolutionize the public sector, fed, SLED, a lot of great stuff there. Security is an ever-evolving topic, and we appreciate all of your insights. >> Well, it was wonderful to be here. Great to see you again. And great to be back with all our friends at re:Invent. >> All of our friends, exactly. >> Stephen: Thank you so much for the time today. >> My pleasure. For Stephen Kovac, I'm Lisa Martin. You're watching theCUBE, the global leader in live tech coverage. (pleasant music)

(upbeat music) >> Welcome to theCube's continuous coverage of AWS re:Invent 2021. I'm Dave Nicholson, and we are running one of the industry's most important and largest hybrid tech events this year with AWS and its partners with two live sets on the scene. In addition to two remote studios. And we'll have somewhere in the neighborhood of a hundred guests on the program this year at re:Invent. I'm extremely delighted to welcome a very, very special guest. Right now. He served as the director of the NSA under two presidents, and was the first commander of the U.S Cyber Command. He's a Cube alumni, he's founder and co-CEO of IronNet Cybersecurity. General Keith Alexander. Thanks for joining us today General. >> Thanks, David. It's an honor to be here at re:Invent, you know, with AWS. All that they're doing and all they're making possible for us to defend sector states, companies and nations in cyber. So an honor to be here. >> Well, welcome back to theCube. Let's dive right in. I'd like to know how you would describe the current cyber threat landscape that we face. >> Well, I think it's growing. Well, let's start right out. You know, the good news or the bad news, the bad news is getting worse. We're seeing that. If you think about SolarWinds, you think about the Hafnium attacks on Microsoft. You think about this rapid growth in ransomware. We're seeing criminals and nation states engaging in ways that we've never seen in the past. It's more blatant. They're going after more quickly, they're using cyber as an element of national power. Let's break that down just a little bit. Do you go back to two, July. Xi Jinping, talked about breaking heads in bloodshed when he was referring to the United States and Taiwan. And this has gone hot and cold, that's a red line for him. They will do anything to keep Taiwan from breaking away. And this is a huge existential threat to us into the region. And when this comes up, they're going to use cyber to go after it. Perhaps even more important and closer right now is what's going on with Russia in the Donbas region of eastern Ukraine. We saw this in 2014, when Russia took over the Crimea. The way they did it, staging troops. They did that in 2008 against Georgia. And now there are, by some reports over a hundred thousand troops on the border of Eastern Ukraine. Some call it an exercise, but that's exactly what they did in Georgia. That's what they did in the Crimea. And in both those cases, they preceded those attacks, those physical attacks with cyber attacks. If you go to 2017, when Russia hit the Ukrainian government with the NotPetya attack that had global repercussions. Russia was responsible for SolarWinds, they have attacked our infrastructure to find out what our government is doing and they continue going. This is getting worse. You know, it's interesting when you think about, so what do you do about something like that? How do we stop that? And the answer is we've got to work together. You know, Its slam commissioner addressed it. The meeting with the president on August 25th. This is a great statement by the CEO and chairman of Southern Company, Tom Fanning. He said this, "the war is being waged on our nation's critical infrastructure in particular, our energy sector, our telecommunications sector and financial sector." The private sector owns and operates 87% of the critical infrastructure in the United States, making collaboration between industry and the federal government imperative too, for these attacks. SO >> General, I want to dig just a little bit on that point that you make for generations, people have understood that the term is 'kinetic war', right? Not everyone has heard that phrase, but for generations we've understood the concept of someone dropping a bomb on a building as being an attack. You've just mentioned that, that a lot of these attacks are directed towards the private sector. The private sector doesn't have an army to respond to those attacks. Number one, that's our government's responsibility. So the question I have is, how seriously are people taking these kinds of threats when compared to the threat of kinetic war? Because my gosh, you can take down the entire electrical grid now. That's not something you can do with a single bomb. What are your, what are your thoughts on that? >> So you're hitting on a key point, a theoretical and an operational point. If you look back, what's the intent of warfare? It's to get the mass of people to give up. The army protects the mass of people in that fight. In cyber, there's no protection. Our critical infrastructure is exposed to our adversaries. That's the problem that we face. And because it's exposed, we have a tremendous vulnerability. So those who wish us harm, imagine the Colonial Pipeline attack an order of magnitude or two orders of magnitude bigger. The impact on our country would paralyze much of what we do today. We are not ready for that. That's the issue that Tom Fanning and others have brought up. We don't practice between the public sector and the private sector working together to defend this country. We need to do that. That's the issue that we have to really get our hands around. And when we talk about practice, what do we mean? It means we have to let that federal government, the ones that are going to protect us, see what's going on. There is no radar picture. Now, since we're at re:Invent, the cloud, where AWS and others have done, is create an infrastructure that allows us to build that bridge between the public and private sector and scale it. It's amazing what we can now do. We couldn't do that when I was running Cyber Command. And running Cyber Command, we couldn't see threats on the government. And we couldn't see threats on critical infrastructure. We couldn't see threats on the private sector. And so it all went and all the government did was say, after the fact you've been attacked. That's not helpful. >> So >> It's like they dropped a bomb. We didn't know. >> Yeah, so what does IronNet doing to kind of create this radar capability? >> So, well, thanks. That's a great question because there's four things that you really got to do. First. You've got to be able to detect the SolarWinds type attacks, which we did. You've got to have a hunt platform that can see what it is. You've got to be able to use machine learning and AI to really cut down the number of events. And the most important you need to be able to anonymize and share that into the cloud and see where those attacks are going to create that radar picture. So behavioral analytics, then you use signature based as well, but you need those sets of analytics to really see what's going on. Machine learning, AI, a hunt platform, and cloud. And then analytics in the cloud to see what's going on, creates that air traffic control, picture radar, picture for cyber. That's what we're doing. You see, I think that's the important part. And that's why we really value the partnership with AWS. They've been a partner with us for six years, helping us build through that. You can see what we can do in the cloud. We could never do in hardware alone. Just imagine trying to push out equipment and then do that for hundreds of companies. It's not viable. So SaaS, what we are as a SaaS company, you can now do that at scale, and you can push this out and we can create, we can defend this nation in cyber if we work together. And that's the thing, you know, I really, had a great time in the military. One of the things I learned in the military, you need to train how you're going to fight. They're really good at that. We did that in the eighties, and you can see what happened in 1990 in the Gulf war. We need to now do that between the public and private sector. We have to have those training. We need to continuously uplift our capabilities. And that's where the cloud and all these other things make that possible. That's the future of cybersecurity. You know, it's interesting David, our country developed the internet. We're the ones that pioneered that. We ought to be the first to secure. >> Seems to make sense. And when you talk about collective defense in this private public partnership, that needs to happen, you get examples of some folks in private industry and what they're doing, but, but talk a little bit more about, maybe what isn't happening yet. What do we need to do? I don't want you to necessarily get political and start making budgetary suggestions, but unless you want to, but what, but where do you see, where do we really need to push forward from a public perspective in order to make these connections? And then how is that connection actually happen? This isn't someone from the IronNet security service desk, getting on a red phone and calling the White House, how are the actual connections made? >> So it has to be, the connections have to be just like we do radar. You know, when you think about radars across our nation or radar operator doesn't call up one of the towers and say, you've got an aircraft coming at you at such and such a speed. I hope you can distinguish between those two aircraft and make sure they don't bump into each other. They get a picture and they get a way of tracking it. And multiple people can see that radar picture at a speed. And that's how we do air traffic control safety. We need the same thing in cyber, where the government has a picture. The private sector has a picture and they can see what's going on. The private sector's role is I'm going to do everything I can, you know, and this is where the energy sector, I use that quote from Tom Fanning, because what they're saying is, "it's our job to keep the grid up." And they're putting the resources to do it. So they're actually jumping on that in a great way. And what they're saying is "we'll share that with the government", both the DHS and DOD. Now we have to have that same picture created for DHS and DOD. I think one of the things that we're doing is we're pioneering the building of that picture. So that's what we do. We build the picture to bring people together. So think of that is that's the capability. Everybody's going to own a piece of that, and everybody's going to be operating in it. But if you can share that picture, what you can begin to do is say, I've got an attack coming against company A. Company A now sees what it has to do. It can get fellow companies to help them defend, collective defense, knowledge sharing, crowdsourcing. At the same time, the government can see that attack going on and say, "my job is to stop that." If it's DHS, I could see what I have to do. Within the country, DOD can say, "my job is to shoot the archers." How do we go do what we're authorized to do under rules of engagement? So now you have a way of the government and the private sector working together to create that picture. Then we train them and we train them. We should never have had an event like SolarWinds happen in the future. We got to get out in front. And if we do that, think of the downstream consequences, not only can we detect who's doing it, we can hold them accountable and make them pay a price. Right now. It's pretty free. They get in, pap, that didn't work. They get away free. That didn't work, we get away free. Or we broke in, we got, what? 18,000 companies in 30,000 companies. No consequences. In the future there should be consequences. >> And in addition to the idea of consequences, you know, in the tech sector, we have this concept of a co-op petition, where we're often cooperating and competing. The adversaries from, U.S perspective are also great partners, trading partners. So in a sense, it sounds like what you're doing is also kind of adhering to the old adage that, that good fences make for great neighbors. If we all know that our respective infrastructures are secure, we can sort of get on with the honest business of being partners, because you want to make the cost of cyber war too expensive. Is that, is that a fair statement? >> Yes. And I would take that analogy and bend it slightly to the following. Today every company defends itself. So you take 90 companies with 10 people, each doing everything they can to defend themselves. Imagine in the world we trying to build, those 90 companies work together. You have now 900 people working together for the collective defense. If you're in the C-suite or the board of those companies, which would rather have? 900 help new security or 10? This isn't hard. And so what we say is, yes. That neighborhood watch program for cyber has tremendous value. And beyond neighborhood watch, I can also share collaboration because, I might not have the best people in every area of cyber, but in those 900, there will be, and we can share knowledge crowdsource. So it's actually let's work together. I would call it Americans working together to defend America. That's what we need to do. And the states we going to have a similar thing what they're doing, and that's how we'll work this together. >> Yeah. That makes a lot of sense. General Alexander it's been a pleasure. Thanks so much for coming on to theCube as part of our 2021 AWS re:Invent coverage. Are you going to get a chance to spend time during the conference in Las Vegas? So you just flying in, flying out. Any chance? >> Actually yeah. >> It's there, we're still negotiating working that. I've registered, but I just don't know I'm in New York city for two meetings and seeing if I can get to Las Vegas. A lot of friends, you know, Adam Solski >> Yes >> and the entire AWS team. They're amazing. And we really liked this partnership. I'd love to see you there. You're going to be there, David? Absolutely. Yes, absolutely. And I look forward to that, so I hope hopefully we get that chance again. Thank you so much, General Alexander, and also thank you to our title sponsor AMD for sponsoring this year's re:Invent. Keep it right here for more action on theCube, you're leader in hybrid tech event coverage, I'm Dave Nicholson for the Cube. Thanks. (upbeat music)

>> From theCUBE studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE in ETR. This is Breaking Analysis with Dave Vellante. >> Despite the more than $100 billion spent each year fighting Cyber-crime. When we do an end-of-the year look back and ask "How did we do?" The answer is invariably the same, "Worse than last year." Pre pandemic, the picture was disheartening, but since March of 2020 the situation has only worsened as cyber-criminals have become increasingly sophisticated, better funded and more brazen. SecOps pros continue to fight, but unlike conventional wars, this one has no end. Now the flip side of course, is that markets continue to value cybersecurity firms at significant premiums. Because this huge market will continue to grow by double digits for the foreseeable future. Hello and welcome to this week's Wikibon theCUBE Insights powered by ETR. In this Breaking Analysis, we look at the state of cybersecurity in 2021 and beyond. We'll update you with the latest survey data from enterprise technology research and share the fundamentals that have investors piling into the security space like never before. Let's start with the customer view. Cybersecurity remains the number one priority for CIOs and CSOs. This latest ETR survey, once again asked IT buyers to rank their top priorities for the next 12 months. Now the last three polling period dating back to last March. Cybersecurity has outranked every top spending category, including cloud, data analytics, productivity software, networking, AI, and automation or RPA. Now this shouldn't surprise anybody, but it underscores the challenges that organizations face. Not only are they in the midst of a non-optional digital transformation, but they have to also fund a cyber war that has no ceasefires, no truces, and no exit path. Now there's much more going on in cybersecurity than ransomware, but certainly that has the attention of executives. And it's becoming more and more lucrative for attackers. Here's a snapshot of some of the more well-documented attacks this decade many which have occurred in very recent months. CNA Financial, they got hit earlier this year and paid a $40 million ransom. The Ireland Health Service also got hit this year and refused to pay the ransom, but it's estimated that the cost to recover and the damage to the organization exceeded half a billion dollars. The request was for a $20 million ransom. The JBS meat company hack, they paid $11 million. CWT travel paid $5 million. The disruption from the Colonial Pipeline company, was widely reported they paid more than $4 million, as the Brenntag, the chemical company. The NBA got hit. Computer makers, Quanta and Acer also. More than 2,000 random attacks were reported to the FBI in the first seven months of 2021. Up more than 60% from 2020. Now, as I've said many times, you don't have to be a genius to be a ransomware as today. Anyone can go on the dark web, tap into ransomware as a service. Attackers, they have insidious names like darkside, evil, the cobalt, crime gang, wizard spider, the Lazarus gang, and numerous others. Criminals they have negotiation services is most typically the attackers, they'll demand a specific amount of money but they're willing to compromise in an exchange of cryptocurrency for decryption keys. And as mentioned, it's not just ransomware supply chain attacks like the solar winds hack hit organizations within the U.S government and companies like Mimecast this year. Now, while these attacks often do end up in a ransom situation. The attackers sometimes find it more lucrative to live off the land and stealth fashion and ex filtrates sensitive data that can be sold or in the case of many financial institution attacks they'll steal information from say a chief investment officer that signals an upcoming trading strategy and then the attackers will front run that trade in the stock market. Now, of course phishing, remains one of the most prominent threats. Only escalated by the work from home trend as users bring their own devices and of course home networks are less secure. So it's bad, worse than ever before. But you know, if there's a problem, entrepreneurs and investors, they're going to be there to solve it. So here's a LinkedIn post from one of the top investors in the business, Mike Speiser. He was a founding investor in Snowflake. He helped get pure storage to escape velocity and many, many other successes. This hit my LinkedIn feed the other day, his company Sutter Hill Ventures is co-leading a 1.3 Series D on an $8.3 billion valuation. They're putting in over $200 million. Now Lacework is a threat detection software company that looks at security as a data problem and they monitor exposures across clouds. So very timely. So watch that company. They're going to soar. Now the right hand chart shows venture investments in cybersecurity over the past several years. You can see it exploded in 2019 to $7.6 billion. And people thought the market was peaking at that time, if you recall. But then investments rose a little bit to $7.8 billion in 2020 right in the middle of lockdown. And then the hybrid work, the cloud, the new normal thesis kicked in big time. It's in full gear this year. You can see nearly $12 billion invested in cybersecurity in the first half of 2021 alone. So the money keeps coming in as the problem gets worse and the market gets more crowded. Now we'd like to show this slide from Optiv, it's their security taxonomy. It'll make your eyes cross. It's so packed with companies in different sectors. We'll put a link in our posts, so you can stare at this. We've used this truck before. It's pretty good. It's comprehensive and it's worth spending some time to see what that landscape looks like. But now let's reduce this down a bit and bring in some of the ETR data. This is survey data from October that shows net score or spending momentum on the vertical axis and market share or pervasiveness in the dataset on the horizontal axis. That's a measure of mentioned share if you will. Now this is just isolated on the information security sector within the ETR taxonomies. No filters in terms of the number of responses. So it's every company that ETR picks up in cybersecurity from its buyer surveys. Now companies above that red line, we consider them to have a highly elevated spending momentum for their products and services. And you can see, there are a lot of companies that are in this map first of all, and several above that magic mark. So you can see the momentum of Microsoft and Palo Alto. That's most impressive because of their size, their pervasiveness in the study, Cisco and Splunk are also quite prominent. They don't have as much spending momentum, but they're pretty respectable. And you can see the companies that have been real movers in this market that we've been reporting on for a while. Okta, CrowdStrike, Zscaler, CyberArk, SailPoint, Authzero, all companies that we've extensively covered in previous breaking analysis episodes as the up and comers. And isn't it interesting that Datadog is now showing up in the vertical axis. You see that in the left-hand side up high, they're becoming more and more competitive to Splunk in this space as an alternative and lines are blurring between observability, log analytics, security, and as we previously reported even backup and recovery. But now let's simplify this picture a bit more and filter down a little bit further. This chart shows the same X, Y view. Same data construct and framework, but we required more than a hundred responses to hit the chart. So the companies, they have to have a notable market presence in the ETR survey. It's perhaps a bit less crowded, but still very packed. Isn't it? You can see firms that are less prominent in the space like Datadog fell off. The big companies we mentioned, obviously still prominent Microsoft, Palo Alto, Cisco and Splunk and then those with real momentum, they stand out a little bit. There's somewhat smaller, but they're gaining traction in the market. As we felt they would Okta and Auth zero, which Okta acquired as we reported on earlier this year, both showing strength as our CrowdStrike, Zscaler, CyberArk, which does identity and competition with Okta and SentinelOne, which went public mid this year. The company SentinelOne uses AI to do threat detection and has been doing quite well. SalePoint and Proofpoint are right on that red elevated line and then there's a big pack in the middle. Look, this is not an easy market to track. It's virtually every company plays in security. Look, AWS says some of the most advanced security in the business but they're not in the chart specifically, but you see Microsoft is. Because much of AWS security is built into services. Amazon customers heavily rely on the Amazon ecosystem which is in the Amazon marketplace for security products. And often they associate their security spend with those partners and not necessarily Amazon. And you'll see networking companies you see right there, like Juniper and the bottom there and in the ETR data set and the players like VMware in the middle of the pack. They've been really acquisitive for example, with carbon black. And the, of course, you've got a lot of legacy players like McAfee and RSA and IBM. Look, virtually every company has a security story and that will only become more common in the coming years. Now here's another look at the ETR data it's in the raw form, but it'll give you a sense of two things; One is how the data from the previous chart is plotted. And two, it gives you a time series of the data. So the data lists the top companies in the ETR data sets sorted by the October net score in the right most column. Again, that measures spending momentum. So to make the cut here, you had to have more than a hundred mentions which is shown on the left-hand side of the chart that shared N, IE that's shared accounts in the dataset. And you can track the data from last October, July of this year and the most recent October, 2021 survey. So we, drew that red line just about at the 40% net score market coincidentally, there are 10 companies that are over that figure over that bar. We sometimes call out the four star companies. We give four stars to those companies that both are in the top 10 and spending momentum and the top in prominence are shared N in the dataset. So some of these 10 would fit into that profile by that methodology, specifically, Microsoft, Okta, CrowdStrike, and Palo Alto networks. They would be the four star companies. Now a couple of other things to point out here, DDoS attacks, they're still relevant, and they're real threat. So a company like CloudFlare which is just above that red line they play in that space. Now we've also shaded the companies in the fat middle. A lot of these companies like Cisco and Splunk for example, they're major players in the security space with very strong offerings and customer affinity. We sometimes give them two stars. So this is what makes this market so interesting. It's not like the high end discourage market where literally every vendor in the Gartner magic quadrant is up in the right, okay. And there's only five or four or five, six vendors there. This market is diverse with many, many segments and sub segments, and it's such a vital space. And there's so many holes to fill with an ever changing threat landscape as we've seen in the last two years. So this is in part which makes it such a good market for investors. There's a lot of room for growth and not just from stealing market share. That's certainly an opportunity there, but things like cloud, multi-cloud, shifting end points, the edge ,and so forth make this space really ripe for investments. And to underscore this, we put together this little chart of some of the pure play security firms to see how their stock performance has done recently. So you can see that here, you know, it's a little hard to read, but it's not hard to see that Okta, CrowdStrike, Zscaler on the left have been big movers. These charts where possible all show a cross here, starting at the lockdown last year. The only exception is SentinelOne which IPO mid this year. So that's the point March, 2020 when the whole world changed and security priorities really started to shift to accommodate the work from home. But it's quite obvious that since the pandemic, these six companies have been on a tear for the fundamental reason that hybrid work has created a shift in spending priorities for CSOs. No longer are organizations just spending on hardening a perimeter, that perimeter has been blown away. The network is flattening. Work is what you do, it's no longer a place. As such threats are on the rise and cloud, endpoint security, identity access tools there become increasingly vital and the vendors who provide them are on the rise. So it's no surprise that the players that we've listed here which play quite prominently in those markets are all on fire. So now in summary, I want to stress that while the picture is sometimes discouraging. The entire world is becoming more and more tuned in to the cyber threat. And that's a good thing. Money is pouring in. Look, technology got us into this problem and technology is a defensive weapon that will help us continue this fight. But it's going to take more than technology. And I want to share something. We get dozens and dozens of in bounds this time of the year because we do an annual predictions posts. So folks and they want to help us out. So now most of the in bounds and the predictions that we get, they're just kind of observations or frankly, non predictions that can't really be measured as like where you right, or where you're wrong. So for the most part I like predictions that are binary. For example, last December we predicted their IT spending in 2021 would rebound and grow at 4% relative to 2020. Well, it did rebound but that prediction really wasn't as accurate as I'd like. It was frankly wrong. We think it's actually the market's going to actually grow. Spending's going to grow more like 7% this year. Not to worry plenty of our predictions came true, but we'll leave that for another day. Anyway, I got an email from Dean Fisk of Fisk partners. It's a PR firm representing an individual named Lyndon Brown chief of strategy officer of Pondurance. Pondurance is a security consultancy. And the email had the standard, Hey, in case you're working on a predictions post this year end, blah, blah, blah. But instead of sharing with me, a bunch of non predictions, the notes said here's some trends in cybersecurity that might be worth thinking about. And there were a few predictions sprinkled in there, but I wanted to call it a couple of the comments from Linden Brown, whom I don't know, I never met the guy, but I really thought his trends were spot on. The first was a stat I'll share that the United Nations report cyber crime is up 600% due to the pandemic. If as if I couldn't feel worse already. His first point though was that the hybrid workplace will be the new frontier for cyber. Yes, we totally agree. There are permanent shifts taking place. And we actually predicted that last year, but he further cited that many companies went from zero to full digital transformation overnight and many are still on that journey. And his point is that hybrid work is going to require a complete overhaul of how we think about security. We think this is very true. Now the other point that stood out is that governments are going to crack down on this behavior. And we've seen this where criminals have had their critical infrastructure dismantled by governments. No doubt the U.S government has the capabilities to do so. And it is very much focused on this issue. But it's tricky as Robert Gates, who was the former defense secretary, told me a few years back in theCUBE. He said, well, we have the best offense. We also have the most to lose. So we have to be very careful, but Linden's key point was you are going to see a much more forward and aggressive public policy and new laws that give crime fighters more latitude . Again, it's tricky kind of like the Patriot act was tricky but it's coming. Now, another call-out from Linden shares his assertion that natural disasters will bring increased cyber risk. And I thought this was a really astute point because natural disasters they're on the rise. And when there's chaos, there's cash opportunities for criminals. And I'll add to this that the supply chain risk is far from over. This is going to be continuing theme this coming year and beyond. And one of the things that Linden Brown said in his note to me is essentially you can't take humans out of the equation. Automation alone can't solve the problem, but some companies operate as though they can. Just as bad human behavior, can tramp good security, Good human education and behavior is going to be a key weapon in this endless war. Now the last point is we're going to see continued escalation government crackdowns are going to bring retaliation and to Gates' point. The U.S has a lot at stake. So expect insurance premiums are going to go through the roof. That's assuming you can even get cyber insurance. And so we got to hope for the best, but for sure, we have to plan for the worst because it's coming. Deploy technology aggressively but people in process will ultimately be the other ingredients that allow us to live to battle for another day. Okay. That's a wrap for today. Remember these episodes they're all available as podcasts, wherever you listen just search "breaking analysis" podcast. Check out ETR his website at ETR.plus. We also publish a full report every week on Wikibond.com and siliconangle.com. You can get in touch. Email me @david.volante@tsiliconangle.com or you can DM me @dvellante. Comment on our LinkedIn posts. This is Dave Vellante for theCUBE insights powered by ETR. Have a great week. everybody stay safe, be well. And we'll see you next time. (techno music)

hello and welcome to this special cube conversation i'm dave nicholson and this is part of our continuing coverage of google cloud next 2021 i have two very special guests with me and we are going to talk about the topic of security uh i have sunil potti who is vice president and general manager of google cloud security uh who in a previous life had senior leadership roles at nutanix and citrix along with lior div who is the ceo and co-founder of cyber reason lior was formerly a commander in the much famed unit 8200 uh part of the israeli defense forces uh where he was actually a medal of honor recipient uh very uh honored to have him here this morning sunil and lior welcome to the cube sunil welcome back to the cube yeah great to be here david and and to be in the presence of a medal of honor recipient by the way a good friend of mine leor so be here well good to have both of you here so uh i'm the kind of person who likes my dessert before my uh before my entree so why don't we just get right to it you're the two of you are here to announce something very very significant uh in the field of security uh sunil do you want to start us out what are we here to talk about yeah i mean i think maybe uh you know just to set this context um as as many of you know about a decade ago a nation's sponsored attack you know actually got into google plus a whole bunch of tech companies you know the project aurora was quite uh you know infamous for a certain period of time and actually google realized almost a decade ago that look you know security can't just be a side thing it has to be the primary thing including one of the co-founders becoming for lack of a better word the chief security officer for a while but one of the key takeaways from that whole incident was that look you have to be able to detect everything and trust nothing and and the underpinning for at least one of them led to this whole zero trust architectures that everybody now knows about but the other part which is not as popular at least in industry vernacular but in many ways equally important and some ways more important is the fact that you need to be able to detect everything so that you can actually respond and that led to the formation of you know a project internal to google to actually say that look let's democratize uh storage and make sure that nobody has to pay for capturing security events and that led to the formation of this uh new industry concept called a security data lake in chronicle was born and then as we started evolving that over into the enterprise segment partnering with you know cyber reason on one hand created a one plus one equals three synergy between say the presence around what do you detect from the end point but also generally just so happens that as lior will tell you the cyber reason technology happens to start with endpoint but it's actually the core tech is around detecting events but doing it in a smart way to actually respond to them in much more of a contextual manner but beyond just that you know synergy between uh you know a world-class planet scale you know security data like forming the foundation and integrating you know in a much more cohesive way with uh cyber reasons detection response offering the spirit was actually that this is the first step of a long journey to really hit the reset button in terms of going from reactive mode of security to a proactive mode of security especially in a nation-state-sponsored attack vector so maybe leo you can speak a few minutes on that as well absolutely so um as you said i'm coming from a background of uh nation state hacking so for us at cyberism it's uh not is foreign uh what the chinese are doing uh on a daily basis and the growing uh ransomware cartel that's happening right now in russia um when we looked at it we said then uh cyberism is very famous by our endpoint detection and response capability but when we establish cyber reason we establish the cyberism on a core or almost fundamental idea of finding malicious operation we call it the male idea so basically instead of looking for alerts or instead of looking for just pieces of data we want to find the hackers we want to find the attack we want to be able to tell basically the full story of what's going on uh in order to do that we build the inside cyberism basically from day one the ability to analyze any data in real time in order to stitch it into the story of the male the malicious operation but what we realize very quickly that while our solution can process more than 27 trillion events a week we cannot feed it fast enough just from end point and we are kind of blind when it comes to the rest of the attack surface so we were looking uh to be honest quite a while for the best technology that can feed this engine and to as sunil said the one plus one equal three or four or five to be able to fight against those hackers so in this journey uh we we found basically chronicle and the combination of the scale that chronicle bringing the ability to feed the engine and together basically to be able to find those hackers in real time and real time is very very important and then to response to those type of attack so basically what is uh exciting here we created a solution that is five times faster than any solution that exists right now in the market and most importantly it enables us to reverse the atmospheric advantage and basically to find them and to push them out so we're moving from hey just to tell you a story to actually prevent hackers to being in your environment so leor can you i want to double click on that just just a little bit um can you give give us a kind of a concrete example of this difference between simply receiving alerts and uh and actually um you know taking taking uh uh correlating creating correlations and uh and actually creating actionable proactive intelligence can you give us an example of that working in in the real world yeah absolutely we can start from a simple example of ransomware by the time that i will tell you that there is a ransomware your environment and i will send an alert uh it will be five computers that are encrypted and by the time that you gonna look at the alert it's gonna be five thousand uh basically machines that are encrypted and by the time that you will do something it's going to be already too little too late and this is just a simple example so preventing that thing from happening this is critical and very timely manner in order to prevent the damage of ransomware but if you go aside from ransomware and you look for example of the attack like solarwind basically the purpose of this attack was not to create damage it was espionage the russian wanted to collect data on our government and this is kind of uh the main purpose that they did this attack so the ability to be able to say hey right now there is a penetration this is the step that they are doing and there is five ways to push them out of the environment and actually doing it this is something that today it's done manually and with the power of chronicle and cyberism we can do it automatically and that's the massive difference sunil are there specific industries that should be really interested in this or is this a is this a broad set of folks that should be impacted no you know in some ways uh you know the the the saying these days to learn's point on ransomware is that you know if if a customer or an enterprise has a reasonable top-line revenue you're a target you know you're a target to some extent so in that sense especially given that this has moved from pure espionage or you know whether it be you know government oriented or industrial espionage to a financial fraud then at that point in time it applies to pretty much a wide gamut of industries not just financial services or you know critical infrastructure companies like oil and gas pipeline or whatever it could be like any company that has any sort of ip that they feel drives their top line business is now a target for such attacks so when you talk about the idea of partnership and creating something out of a collaboration what's the meat behind this what what what do you what are you guys doing beyond saying you know hey sunil lior these guys really like each other and they respect what the other is doing what's going on behind the scenes what are you actually implementing here moving forward so every partnership is starting with love so it's good [Laughter] but then it need to translate to to really kind of pure value to our customers and pure value coming from a deep integration when it's come to the product so basically uh what will happen is every piece of data that we can collect at cyber is in uh from endpoint any piece of data that the chronicle can collect from any log that exists in the world so basically this is kind of covering the whole attack surface so first we have access to every piece of information across the full attack surface then the main question is okay once you collect all this data what you're gonna do with it and most of companies or all the companies today they don't have an answer they're saying oh we're gonna issue an alert and we hope that there is a smart person behind the keyboard that can understand what just happened and make a decision and with this partnership and with this integration basically we're not asking and outsourcing the question what to do to the user we're giving them the answer we're telling them hey this is the story of the attack this is all the pieces that's going on right now and in most cases we're gonna say hey and by the way we just stopped it so you can prevent it from the future when will people be able to leverage this capability in an integrated way and and and by the way restate how this is going to market as an integrated solution what is what is the what is what are we going to call this moving forward so basically this is the cyber reason xdr uh powered by chronicle and we are very very um uh happy about it yeah and i think just to add to that i would say look the the meta strategy here and the way it'll manifest is in this offering that comes out in early 2022 um is that if you think about it today you know a classical quote-unquote security pipeline is to detect you know analyze and then respond obviously you know just just doing those three in a good way is hard doing it in real time at scale is even harder so just that itself was where cyber reason and chronicle would add real value where we are able to collect a lot of events react in real time but a couple of things that i think that you know to your original point of why this is probably going to be a little for game changer in the years to come is we're trying to change that from detect analyze respond to detect understand and anticipate so because ultimately that's really how we can change you know the profile from being reactive in a world of ransomware or anything else to being proactive against a nation sponsored or nation's influenced attacks because they're not going to stop right so the only way to do this is to rather than just go back up the hatches is just really you know change change the profile of how you'll actually anticipate what they were probably going to do in 6 months or 12 months and so the the graph technology that powers the heart of you know cyber reason is going to be intricately woven in with the contextual information that chronicle can get so that the intermediate step is not just about analysis but it's about truly understanding the overall strategy that has been employed in the past to predict what could happen in the future so therefore then actions could be taken downstream that you can now say hey most likely this these five buckets have this kind of personal information data there's a reasonable chance that you know if they're exposed to the internet then as you create more such buckets in that project you're going to be susceptible to more ransomware attacks or some other attacks right and that's the the the kind of thinking or the transformation that we're trying to bring out with this joint office so lior uh this this concept of uh of mallops and uh cyber reason itself you weren't just born yesterday you've been you've been uh you have thousands of customers around the globe he does look like he was born i i know i know i know well you you know it used to be that the ideal candidate for ceo of a startup company was someone who dropped out of stanford i think it's getting to the point where it's people who refused admission to stanford so uh the the dawn of the 14 year old ceo it's just it's just around the corner but uh but lior do you get frustrated when you see um you know when you become aware of circumstances that would not have happened had they implemented your technology as it exists today yeah we have a for this year it was a really frustrating year that starting with solarwind if you analyze the code of solarwind and we did it but other did it as well basically the russians were checking if cyberism is installed on the machine and if we were installed on the machine they decided to stop the attack this is something that first it was a great compliment for us from you know our not friend from the other side that decided to stop the attack but on a serious note it's like we were pissed because if people were using this technology we know that they are not going to be attacked when we analyze it we realize that we have three different ways to find the solar wind hackers in a three different way so this is just one example and then the next example in the colonial pipeline hack we were the one that found darkseid as a group that we were hacking we were the first one that released a research on them and we showed how we can prevent the basically what they are doing with our technology so when you see kind of those type of just two examples and we have many of them on a daily basis we just know that we have the technology in order to do that now when we're combining uh the chronicle technology into the the technology that we already have we basically can reverse the adversary advantage this is something that you're not doing in a single day but this is something that really give power to the defenders to the communities of siso that exist kind of across the us um and i believe that if we're going to join forces and lean into this community and and basically push the solution out the ability for us to fight against those cartels specifically the ransomware cartels is going to be massive sunil this time next year when we are in uh google cloud next 2022 um are you guys going to come back on and offer up the we told you so awards because once this is actually out there and readily available the combination of chronicle and cyber reasons technology um it's going to be hard for some csos to have an excuse uh it may be it may be a uncomfortable to know that uh they could have kept the door secure uh but didn't yeah where's that bad business is that bad business to uh hand out awards for doing dumb things i don't know about uh you know a version of darwin awards probably don't make sense but but but generally speaking so i do think uh you know we're all like as citizens in this right because you know we talk about customers i mean you know alphabet and google is a customer in some ways cyber reason is a customer the cube is a customer right so i think i think the robot hitting the road a year from now will be we should we should do this where i don't know if the cube does more than two folks at the same time david but we should i mean i'm sure we'll have enough to have at least a half a dozen in in the room to kind of talk about the solution because i think the the you know as you can imagine this thing didn't materialize i mean it's been being cooked for a while between your team and our team and in fact it was inspired by feedback from some joint customers out in the market and all that good stuff so so a year from now i think the best thing would be not just having customers to talk about the solution but to really talk about that transformation from respond to anticipate and do they feel better on their security posture in a world that they know like and leo should probably spend a few minutes on this is i think we're on the tip of the sphere of this nation-state era and what we've just seen in the last few years is what maybe the nation-states have seen over two decades ago and they're going to run those playbooks on the enterprise for the next decade or so yeah leor talk about that for a minute yeah it's it's really you know just to continue the sunil thought it's it's really about finding the unknown because what's happening on the other side it's like specifically china and russia and lately we saw iran starting to gain uh power um basically their job is to become better and better and to basically innovate and create a new type of attack on a daily basis as technology has evolved so basically there is a very simple equation as we're using more technology and relying more on technology the other side is going to exploit it in order to gain more power espionage and create financial damage but it's important to say that this evolution it's not going to stop this is just the beginning and a lot of the data that was belong just to government against government fight basically linked in the past few years now criminals starting to use it as well so in a sense if you think about it what's happening right now there is basically a cold war that nobody is talking about it between kind of the giant that everybody is hacking everybody and in the crossfire we see all of those enterprises across the world it was not a surprise that um you know after the biden and putin uh meeting suddenly it was a quiet it was no ransomware for six weeks and after something changing the politics suddenly we can see a a groin kind of attack when it's come to ransomware that we know that was directed from russia in order to create pressure on the u.s economy sunil wrap us up what are your f what are what are your final thoughts and uh what's what's the what's the big takeaway here no i think you know i i think the key thing for everyone to know is look i think we are going into an era of state-sponsored uh not espionage as much as threat vectors that affect every business and so in many ways the chiefs the chief information security officer the chief risk officer in many ways the ceo and the board now have to pay attention to this topic much like they paid attention to mobile 15 years ago as a transformation thing or maybe cloud 10 years ago i think cyber has been one of those it's sort of like the wireless error david like it existed in the 90s but didn't really break around until iphone hit or the world of consumerization really took off right and i think we're at the tip of the spear of that cyber really becoming like the era of mobile for 15 years ago and so i think that's the if there's like a big takeaway i think yes there's lots of solutions the good news is great innovations are coming through companies like cyber reason working with you know proven providers like google and so forth and so there's a lot of like support in the ecosystem but i think if there was one takeaway that was that everybody should just be ready internalized we don't have to be paranoid about it but we anticipate that this is going to be a long game that we'll have to play together well with that uh taking off my journalist hat for a moment and putting on my citizen hat uh it's reassuring to know that we have really smart people working on this uh because when we talk about critical infrastructure control systems and things like that being under threat um that's more significant than simply having your social security number stolen in a in a data breach so um with that uh i'd like to thank you sunil leor thank you so much for joining us on this special cube conversation this is dave nicholson signing off from our continuing coverage of google cloud next 2021 [Music] you

(upbeat music) >> Hey, welcome to this Cube conversation with NetScout. I'm Lisa Martin. Excited to talk to you. Richard Hummel, the manager of threat research for Arbor Networks, the security division of NetScout. Richard, welcome to theCube. >> Thanks for having me, Lisa, it's a pleasure to be here. >> We're going to unpack the sixth NetScout Threat Intelligence Report, which is going to be very interesting. But something I wanted to start with is we know that and yes, you're going to tell us, COVID and the pandemic has had a massive impact on DDoS attacks, ransomware. But before we dig into the report, I'd like to just kind of get some stories from you as we saw last year about this time rapid pivot to work from home, rapid pivot to distance learning. Talk to us about some of the attacks that you saw in particular that literally hit close to home. >> Sure and there's one really good prime example that comes to mind because it impacted a lot of people. There was a lot of media sensation around this but if you go and look, just Google it, Miami Dade County and DDoS, you'll see the first articles that pop up is the entire district school network going down because the students did not want to go to school and launched a DDoS attack. There was something upwards of 190,000 individuals that could no longer connect to the school's platform, whether that's a teacher, a student or parents. And so it had a very significant impact. And when you think about this in terms of the digital world, that impacted very severely, a large number of people and you can't really translate that to what would happen in a physical environment because it just doesn't compute. There's two totally different scenarios to talk about here. >> Amazing that a child can decide, "I don't want to go to school today." And as a result of a pandemic take that out for nearly 200,000 folks. So let's dig into, I said this is the sixth NetScout Threat Intelligence Report. One of the global trends and themes that is seen as evidence in what happened last year is up and to the right. Oftentimes when we're talking about technology, you know, with analyst reports up and to the right is a good thing. Not so in this case. We saw huge increases in threat vectors, more vectors weaponized per attack sophistication, expansion of threats and IOT devices. Walk us through the overall key findings from 2020 that this report discovered. >> Absolutely. And if yo glance at your screen there you'll see the key findings here where we talk about record breaking numbers. And just in 2020, we saw over 10 million attacks, which, I mean, this is a 20% increase over 2019. And what's significant about that number is COVID had a huge impact. In fact, if we go all the way back to the beginning, right around mid March, that's when the pandemic was announced, attacks skyrocketed and they didn't stop. They just kept going up and to the right. And that is true through 2021. So far in the first quarter, typically January, February is the down month that we observe in DDoS attacks. Whether this is, you know, kids going back to school from Christmas break, you have their Christmas routines and e-commerce is slowing down. January, February is typically a slow month. That was not true in 2021. In fact, we hit record numbers on a month by month in both January and February. And so not only do we see 2.9 million attacks in the first quarter of 2021, which, I mean, let's do the math here, right? We've got four quarters, you know, we're on track to hit 12 million attacks potentially, if not more. And then you have this normal where we said 800,000 approximately month over month since the pandemic started, we started 2021 at 950,000 plus. That's up and to the right and it's not slowing down. >> It's not slowing down. It's a trend that it shows, you know, significant impact across every industry. And we're going to talk about that but what are some of the new threat vectors that you saw weaponized in the last year? I mean, you talked about the example of the Miami-Dade school district but what were some of those new vectors that were really weaponized and used to help this up and to the right trend? >> So there's four in particular that we were tracking in 2020 and these nets aren't necessarily new vectors. Typically what happens when an adversary starts using this is there's a proof of concept code out there. In fact, a good example of this would be the RDP over UDP. So, I mean, we're all remotely connected, right? We're doing this over a Zoom call. If I want to connect to my organization I'm going to use some sort of remote capability whether that's a VPN or tunneling in, whatever it might be, right? And so remote desktop is something that everybody's using. And we saw actors start to kind of play around with this in mid 2020. And in right around September, November timeframe we saw a sudden spike. And typically when we see spikes in this kind of activity it's because adversaries are taking proof of concept code, that maybe has been around for a period of time, and they're incorporating those into DDoS for hire services. And so any person that wants to launch a DDoS attack can go into underground forums in marketplaces and they can purchase, maybe it's $10 in Bitcoin, and they can purchase an attack. That leverage is a bunch of different DDoS vectors. And so adversaries have no reason to remove a vector as new ones get discovered. They only have the motivation to add more, right? Because somebody comes into their platform and says, "I want to launch an attack that's going to take out my opponent." It's probably going to look a lot better if there's a lot of attack options in there where I can just go through and start clicking buttons left and right. And so all of a sudden now I've got this complex multi-vector attack that I don't have to pay anything extra for. Adversary already did all the work for me and now I can launch an attack. And so we saw four different vectors that were weaponized in 2020. One of those are notably the Jenkins that you see listed on the screen in the key findings. That one isn't necessarily a DDoS vector. It started out as one, it does amplify, but what happens is Jenkins servers are very vulnerable and when you actually initiate this attack, it tips over the Jenkins server. So it kind of operates as like a DoS event versus DDoS but it still has the same effect of availability, it takes a server offline. And then now just in the first part of 2021 we're tracking multiple other vectors that are starting to be weaponized. And when we see this, we go from a few, you know, incidents or alerts to thousands month over month. And so we're seeing even more vectors added and that's only going to continue to go up into the right. You know that theme that we talked about at the beginning here. >> As more vectors get added, and what did you see last year in terms of industries that may have been more vulnerable? As we talked about the work from home, everyone was dependent, really here we are on Zoom, dependent on Zoom, dependent on Netflix. Streaming media was kind of a lifeline for a lot of us but it also was healthcare and education. Did you see any verticals in particular that really started to see an increase in the exploitation and in the risk? >> Yeah, so let's start, let's separate this into two parts. The last part of the key findings that we had was talking about a group we, or a campaign we call Lazarus Borough Model. So this is a global DDoS extortion campaign. We're going to cover that a little bit more when we talk about kind of extorted events and how that operates but these guys, they started where the money is. And so when they first started targeting industries and this kind of coincides with COVID, so it started several months after the pandemic was announced, they started targeting a financial organizations, commercial banking. They went after stock exchange. Many of you would hear about the New Zealand Stock Exchange that went offline. That's this LBA campaign and these guys taking it off. So they started where the money is. They moved to a financial agation targeting insurance companies. They targeted currency exchange places. And then slowly from there, they started to expand. And in so much as our Arbor Cloud folks actually saw them targeting organizations that are part of vaccine development. And so these guys, they don't care who they hurt. They don't care who they're going after. They're going out there for a payday. And so that's one aspect of the industry targeting that we've seen. The other aspect is you'll see, on the next slide here, we actually saw a bunch of different verticals that we really haven't seen in the top 10 before. In fact, if you actually look at this you'll see the number one, two and three are pretty common for us. We almost always are going to see these kinds of telecommunications, wireless, satellite, broadband, these are always going to be in the top. And the reason for that is because gamers and DDoS attacks associated with gaming is kind of the predominant thing that we see in this landscape. And let's face it, gamers are on broadband operating systems. If you're in Asian communities, often they'll use mobile hotspots. So now you start to have wireless come in there. And so that makes sense seeing them. But what doesn't make sense is this internet publishing and broadcasting and you might say, "Well, what is that?" Well, that's things like Zoom and WebEx and Netflix and these other streaming services. And so we're seeing adversaries going after that because those have become critical to people's way of life. Their entertainment, what they're using to communicate for work and school. So they realized if we can go after this it's going to disrupt something and hopefully we can get some recognition. Maybe we can show this as a demonstration to get more customers on our platform or maybe we can get a payday. In a lot of the DDoS attacks that we see, in fact most of them, are all monetary focused. And so they're looking for a payday. They're going to go after something that's going to likely, you know, send out that payment. And then just walk down the line. You can see COVID through this whole thing. Electronic shopping is number five, right? Everybody turned to e-commerce because we're not going to in-person stores anymore. Electronic computer manufacturing, how many more people have to get computers at home now because they're no longer in a corporate environment? And so you can see how the pandemic has really influenced this industry target. >> Significant influencer and I also wonder too, you know, Zoom became a household name for every generation. You know, we're talking to five generations and maybe the generations that aren't as familiar with computer technology might be even more exploitable because it's easy to click on a phishing email when they don't understand how to look for the link. Let's now unpack the different types of DDoS attacks and what is on the rise. You talked about in the report the triple threat and we often think of that in entertainment. That's a good thing, but again, not here. Explain that triple threat. >> Yeah, so what we're seeing here is we have adversaries out there that are looking to take advantage of every possible angle to be able to get that payment. And everybody knows ransomware is a household name at this point, right? And so ransomware and DDoS have a lot in common because they both attack the availability of network resources, where computers or devices or whatever they might be. And so there's a lot of parallels to draw between the two of these. Now ransomware is a denial of service event, right? You're not going to have tens of thousands of computers hitting a single computer to take it down. You're going to have one exploitation of events. Somebody clicked on a link, there was a brute force attempt that managed to compromise a little boxes, credentials, whatever it might be, ransomware gets put on a system, it encrypts all your files. Well, all of a sudden, you've got this ransom note that says "If you want your files decrypted you're going to send us this amount of human Bitcoin." Well, what adversaries are doing now is they're capitalizing on the access that they already gained. So they already have access to the computer. Well, why not steal all the data first then let's encrypt whatever's there. And so now I can ask for a ransom payment to decrypt the files and I can ask for an extortion to prevent me from posting your data publicly. Maybe there's sensitive corporate information there. Maybe you're a local school system and you have all of your students' data on there. You're a hospital that has sensitive PI on it, whatever it might be, right? So now they're going to extort you to prevent them from posting that publicly. Well, why not add DDoS to this entire picture? Now you're already encrypted, we've already got your files, and I'm going to DDoS your system so you can't even access them if you wanted to. And I'm going to tell you, you have to pay me in order to stop this DDoS attack. And so this is that triple threat and we're seeing multiple different ransomware families. In fact, if you look at one of the slides here, you'll see that there's SunCrypt, there's Ragnar Cryptor, and then Maze did this initially back in September and then more recently, even the DarkSide stuff. I mean, who hasn't heard about DarkSide now with the Colonial Pipeline event, right? So they came out and said, "Hey we didn't intend for this collateral damage but it happened." Well, April 24th, they actually started offering DDoS as part of their tool kits. And so you can see how this has evolved over time. And adversaries are learning from each other and are incorporating this kind of methodology. And here we have triple extortion event. >> It almost seems like triple extortion event as a service with the opportunities, the number of vectors there. And you're right, everyone has heard of the Colonial Pipeline and that's where things like ransomware become a household term, just as much as Zoom and video conferencing and streaming media. Let's talk now about the effects that the threat report saw and uncovered region by region. Were there any regions in particular that were, that really stood out as most impacted? >> So not particularly. So one of the phenomena that we actually saw in the threat report, which, you know, we probably could have talked about it before now but it makes sense to talk about it regionally because we didn't see any one particular region, one particular vertical, a specific organization, specific country, none was more heavily targeted than another. In fact what we saw is organizations that we've never seen targeted before. We've seen industries that have never been targeted before all of a sudden are now getting DDoS attacks because we went from a local on-prem, I don't need to be connected to the internet, I don't need to have my employees remote access. And now all of a sudden you're dependent on the internet which is really, let's face it, that's critical infrastructure these days. And so now you have all of these additional people with a footprint connected to the internet then adversary can figure out and they can poke at it. And so what we saw here is just overall, all industries, all regions saw these upticks. The exception would be in China. We actually, in the Asia Pacific region specifically, but predominantly in China. But that often has to do with visibility rather than a decrease in attacks because they have their own kind of infrastructure in China. Brazil's the same way. They have their own kind of ecosystems. And so often you don't see what happens a lot outside the borders. And so from our perspective, we might see a decrease in attacks but, for all we know, they actually saw an increase in the attacks that is internal to their country against their country. And so across the board, just increases everywhere you look. >> Wow. So let's talk about what organizations can do in light of this. As we are here, we are still doing this program by video conferencing and things are opening up a little bit more, at least in the states anyway, and we're talking about more businesses going back to some degree but there's going to still be some mix, some hybrid of working from home and maybe even distance learning. So what can enterprises do to prepare for this when it happens? Because it sounds to me like with the sophistication, the up and to the right, it's not, if we get attacked, it's when. >> It's when, exactly. And that's just it. I mean, it's no longer something that you can put off. You can't just assume that I've never been DDoS attacked, I'm never going to be DDoS attacked anymore. You really need to consider this as part of your core security platform. I like to talk about defense in depth or a layer defense approach where you want to have a layered approach. So, you know, maybe they target your first layer and they don't get through. Or they do get through and now your second layer has to stop it. Well, if you have no layers or if you have one layer, it's not that hard for an adversary to figure out a way around that. And so preparation is key. Making sure that you have something in place and I'm going to give you an operational example here. One of the things we saw with the LBA campaigns is they actually started doing network of conasense for their targets. And what they would do is they would take the IP addresses belonging to your organization. They would look up the domains associated with that and they would figure out like, "Hey, this is bpn.organization.com or VPN two." And all of a sudden they've found your VPN concentrator and so that's where they're going to focus their attack. So something as simple as changing the way that you name your VPN concentrators might be sufficient to prevent them from hitting that weak link or right sizing the DDoS protection services for your company. Did you need something as big as like OnPrem Solutions? We need hardware. Do you instead want to do a managed service? Or do you want to go and talk to a cloud provider because there's right solutions and right sizes for all types of organizations. And the key here is preparation. In fact, all of the customers that we've worked with for the LBA extortion campaigns, if they were properly prepared they experienced almost no downtime or impact to their business. It's the people like the New Zealand Stock Exchange or their service provider that wasn't prepared to handle the attacks that were sent out them that were crippled. And so preparation is key. The other part is awareness. And that's part of what we do with this threat report because we want to make sure you're aware what adversaries are doing, when new attack vectors are coming out, how they're leveraging these, what industries they're targeting because that's really going to help you to figure out what your posture is, what your risk acceptance is for your organization. And in fact, there's a couple of resources that that we have here on the next slide. And you can go to both both of these. One of them is the threat report. You can view all of the details. And we only scratched the surface here in this Cube interview. So definitely recommend going there but the other one is called Horizon And netscout.com/horizon is a free resource you can register but you can actually see near real-time attacks based on industry and based on region. So if your organization out there and you're figuring, "Well I'm never attacked." Well go look up your industry. Go look up the country where you belong and see is there actually attacks against us? And I think you'll be quite surprised that there's quite a few attacks against you. And so definitely recommend checking these out >> Great resources netscout.com/horizon, netscout.com/threatreport. I do want to ask you one final question. That's in terms of timing. We saw the massive acceleration in digital transformation last year. We've already talked about this a number of times on this program. The dependence that businesses and consumers, like globally in every industry, in every country, have on streaming on communications right now. In terms of timing, though, for an organization to go from being aware to understanding what adversaries are doing, to being prepared, how quickly can an organization get up to speed and help themselves start reducing their risks? >> So I think that with DDoS, as opposed to things like ransomware, the ramp up time for that is much, much faster. There is a finite period of time with DDoS attacks that is actually going to impact you. And so maybe you're a smaller organization and you get DDoS attacked. There's a, probably a pretty high chance that that DDoS attack isn't going to last for multiple days. So maybe it's like an hour, maybe it's two hours, and then you recover. Your network resources are available again. That's not the same for something like ransomware. You get hit with ransomware, unless you pay or you have backups, you have to do the rigorous process of getting all your stuff back online. DDoS is more about as soon as the attack stops, the saturation goes away and you can start to get back online again. So it might not be as like immediate critical that you have to have something but there's also solutions, like a cloud solution, where it's as simple as signing up for the service and having your traffic redirected to their scrubbing center, their detection center. And then you may not have to do anything on-prem yourself, right? It's a matter of going out to an organization, finding a good contract, and then signing up, signing on the dotted line. And so I think that the ramp up time for mitigation services and DDoS protection can be a lot faster than many other security platforms and solutions. >> That's good to know cause with the up and to the right trend that you already said, the first quarter is usually slow. It's obviously not that way as what you've seen in 2021. And we can only expect what way, when we talk to you next year, that the up and to the right trend may continue. So hopefully organizations take advantage of these resources, Richard, that you talked about to be prepared to mediate and protect their you know, their customers, their employees, et cetera. Richard, we thank you for stopping by theCube. Talking to us about the sixth NetScout Threat Intelligence Report. Really interesting information. >> Absolutely; definitely a pleasure to have me here. Lisa, anytime you guys want to do it again, you know where I live? >> Yes. It's one of my favorite topics that you got and I got to point out the last thing, your Guardians of the Galaxy background, one of my favorite movies and it should be noted that on the NetScout website they are considered the Guardians of the Connected World. I just thought that connection was, as Richard told me before we went live, not planned, but I thought that was a great coincidence. Again, Richard, it's been a pleasure talking to you. Thank you for your time. >> Thank you so much. >> Richard Hummel, I'm Lisa Martin. You're watching this Cube conversation. (relaxing music)

(calm electronic music) >> Welcome to this CUBE Conversation with Fortinet. I'm Lisa Martin. John Madison joins me, the CMO and EVP of products. John, welcome back to the program. >> Thanks Lisa. Good to be here. >> Good to see you. So, so much has changed since I last saw you. The move to remote work caused by the pandemic led so many organizations to invest in modern networking and security technologies. And we see, you know, the rise in the threat landscape that protecting digital assets is becoming even more and more urgent because the threats are continuing to escalate. Talk to me about some of the things that you're seeing with this current threat landscape. >> Yeah. Well, it keeps changing that's for sure. You saw some recent surveys where, you know, now companies are seeing, in terms of where employees are located, you know, 25% expecting to be in the office, 25% expected to be permanently in the home. And then there's this big 50% of hybrid, which we think will move a bit more towards the office as people get back in the office. But that's going to take some time. We're actually starting to move back in the office here in Santa Clara, Sunnyvale. but it's very different in every region in the U.S and regulations and laws around the world. And so we think it's going to be very much work from anywhere. There's a bit of travel starting as well. And so this work from anywhere concept is going to be very important to customers going forward. And the ability to change the dynamics of that ratio as they go forward. >> (indistinct) This work from anywhere that over- last year overnight sort of became an absolute essential. But now, as you said, we're going to have this hybrid model of some going back, some staying home and the security and the perimeter is dissolving. When you look at supporting customers and their remote work from anywhere, their new work from anywhere model, what are some of the things that are top of mind that you're hearing from customers? >> Well, I, you know, I sometimes hear this premise is disappearing. I think in some ways it's moving to the user and the devices. And there's this concept called zero trust network access which I've said in many occasions should be zero trust application access, but they named it that way which is going to be an important technology because as I said, it kind of moves that premise then to that user and previous technology that we had VPN technology was good technology. And in fact, a lot of companies, if you go back to when the pandemic started last year, put a lot of people on the VPN technology as quick as possible and it was reasonably robust. But as we go forward, what we're going to have to do is make sure that perimeter- at that perimeter, that users only get access to the applications they're using rather than the whole network. Eventually when they're on the network you need to make sure that it's segmented so they can't go everywhere as well. And so this zero trust network access or zero trust or zero trust access, there's lots of kind of different versions of it, is going to be very important concept for users. The other piece of it, I think, is also that it needs to be more intuitive to use, as anything you kind of have users do like the VPN where you had to kind of dial in and- or bring up- you're bringing up your connection and your IPsec connection, et cetera, et cetera means that people tend not to use it. And so to make it intuitive and automatic is going to be really important. >> Intuitive and automatic. One of the things that we also saw was this massive rise in digital transformation last year, right? SAS adoption, these SAS applications keeping many of us in collaboration. So I'm thinking, you know, in that sense with the perimeter changing and the work from anywhere, this consistent, secure internet connection among users at the branch or the branch of one has to be there to keep organizations productive and safe. How is the Fortinet enabling the ZTNA- this evolution of VPN? >> Yeah. That's another piece of it. So not only are users on and off the network or traveling so that- or both, so the applications are moving. So a lot of them are moved from data centers to public cloud in the form of infrastructure or SAS. We're now seeing customers actually move some applications towards the building or building compute or edge compute. So the applications keep moving which also causes this problem. And so another function of zero trust access or ZTNA is to not care where the application is. You rely on some technology and it's called proxy technology, which allows the proxy to track where the applications are. And for us, that sits inside of our firewalls. And that makes it very flexible. And so we've been able to kind of just ramp up that proxy against the policy engine, whether it be in the data center or in the cloud, or even on your premise. Even integrated inside a branch or something like that. That's going to be very important because, as you just said, those applications will just keep moving into different areas and different zones as you go forward. >> (Lisa) And that's probably going to be permanent for a lot of organizations. So it- so they haven't renamed it zero trust application access, like you think it should be. But when organizations are looking into zero trust network access, what should- what are some of the key things that they need to be looking for and mindful of? >> Yeah, (indistinct) And so it's probably the, you know, the number one conversation they've had over the last six months. I think people initially just had to get something working. Now they're looking seriously at a longer term architecture for their access, their user access and device access. I think what I find is that something like zero trust network access is more of a use case across multiple components. And so if you look inside it, you need a client component endpoint; you need a proxy that in front of the cloud capabilities; you need a policy engine; you need to use identity-based systems. If you haven't got- if you can't get an agent on the device, you may need a NAC system. And so usually what customers find is I've got four or five current- different vendors in those areas. And cybersecurity vendors are not the best at working together, which they were, because then we do better for customers. And so trying to get two vendors to work is hard enough, trying to get five or six is really hard. And so what they're looking at over time is to say, maybe I get the minimum basic ZTNA working. And then as I go forward, for example, what they really want is this continuing posture assessment. Well, you can do that with some EDR technology, but is that EDR technology integrated into your policy engine? No. So I think what customers are saying is, let me start with the base ZTNA with maybe two vendors. And then as I go forward implement a, you know, a fabric or a platform approach to get everything working together. 'Cause it's just too hard with five or six vendors. >> Right. Is there, I'm curious if there's a shared responsibility model with customers working with different vendors; what actions and security responsibilities fall on the customer that they need to be aware of? >> Well, and it also comes back to this, you know, there's convergence of networking and security. And I've said a few times I'm definitely seeing CIOs and CSOs, security teams, and networking teams working much more closely. And especially when you've got a use case now that goes across security items and networking items and networking, the proxy has always been in the control of the networking team. Endpoint security is always been in the- you know, the security team. It's just forcing this convergence not just of the technologies itself but of the organizations inside enterprises. >> (Lisa) Well, and that's a challenging one for every organization is getting, you know, if you're talking about it in general, the business folks, the IT folks. Now this is not just a security problem. This is a problem for the entire corporation, as we just saw with the Colonial Pipeline. Ransomware is now becoming a household name. These are business-critical board-level discussions I imagine on the security side. How is Fortinet helping customers kind of bridge that gap between the biz folks and the IT folks where security is concerned? >> Yeah. You know, ransomware has been around quite a while. I think two years ago, we saw a lot of it in the schools. K-12 schools in the U.S. I think they're picking some richer targets now. The colonial one, I think there was a 4 million ransom. I think that they managed to get some of that money back. But, you know, instead of, you know, demanding $5,000 or $10,000 from a small business or a school they're obviously demanding millions from these larger companies. And you know, one of the problems with ransomware is, you know, it still relies heavily on social engineering. I don't think you can eliminate that people clicking on stuff, you know, a very small percentage still. I think what it means is you have to put some more proactive things in place, like the zero trust, like micro-segmentation, like web application file warning. All these capabilities to try and make your systems as strong as possible. So then put in detection and response systems to assume that someone's clicking on something somewhere just to help. But it's definitely the environment. You know, the threat environment. It's not really gotten more sophisticated; yes, there are still advanced threats. I fear more about those weaponized APTs and state sponsored, but there's definitely a huge volume of ransomware now going after, you know, not only, you know, meat processing factories, but pipelines and critical infrastructure as we go forward. That's the more worrying. >> (Lisa) Right. You bring up a good point about, sort of, people being one of the biggest challenges from a security perspective. Clicking on links, not checking to see if a link is bogus or legitimate. So, help me understand a little bit more how is zero trust can help maybe take some of that human error out of the equation? >> Well, because I think before, you know, when you got access, when you're off the network and you've got access to the network, you've got access to everything, okay. So once you're on the network, and I think the Colonial Pipeline was a good example where traditionally, operational technology networks, physical networks sort of separate from the IT network and they had something called an air gap. And that air gap meant you really couldn't get to it. Now when people had to be remote because of the pandemic, they started taking these air gaps. And so now we had remote access. And so again, when you- when they got that remote access and they got into the network, they could- the network was very flat and you could see everything you can go anywhere. And so that's what zero trust does. It kind of says, I kind of did the zero trust approach to you that I'm only going to allow you access to this application. And I'm going to keep checking on you to make sure you are you are who you say you are on a continuous basis. And that really provides a bit more safety. Now, I still- we still think you need to put things like segmentation in place and some other capabilities and monitoring everything else, but it just narrows the attack surface down from this giant network approach to a specific application >> Narrowing that is the right direction. How do organizations, when you're working with customers, how do they go- How do they evolve from a traditional VPN to zero trust? What are some of the steps involved in that? >> Well, I think it's, you know, what's interesting is customers still have data centers. In fact, you know, some of the customers who have legacy applications will have a data center for a long time. And in fact, what I find is even if you've implemented zero trust to a certain population, employee population, they still have VPNs in place. And sometimes they use them for the IT folks. Sometimes they use them for a specialized developers and stuff like that. And so I think it's going to be like everything, everything goes a hundred percent this way and it stays this way. And so it's going to be hybrid for a while where we see VPN technology and zero trust together. You know- our approach is that you can have both together and it's both on the same platform and it'll just gradually evolve as you go forward. >> What are some of the things you're looking forward to in the next year as this hybrid environment continues, but hopefully things start to open up more? What are some of the things that we can expect to hear and see from Fortinet? >> Well, I'm looking forward to getting out of my home office, that's for sure. >> (Lisa laughing) >> It's like I've been imprisoned here for eighteen months. >> I agree with you on that! So we'll try that. And, you know, I always thought I traveled too much before and now I'm contemplating on the travel piece. But from, you know, Fortinet's perspective, you know, our goal is to make sure that, you know, our customers can increase. We'll make sure they can protect themselves. And so we want to help them and keep working with them such that they put best practices in place and they start architecting longer-term to implement things like zero trust or sassy or some of these other capabilities. And so, you know, I think the- we've had a lot of interest with customers on these virtual sessions. I'm really looking forward to getting them back in our new building, our new executive briefing center, which we're opening up in the next few weeks. You may have more of those face-to-face and white boarding conversations with customers. >> Oh, that sounds so exciting. I agree with you on the travel front, but going from traveling a ton to none was a big challenge. But also, I imagined it'll be great to actually get to collaborate with customers again, and partners. You know, you can only do so much by Zoom. Talk to me a little bit about some of the things on the partnership front that we might be seeing. >> Yeah, our partners, you know, we're a hundred percent partner-driven company and partners are very important to us. And, you know, and that's why we always, when we introduce new technology, we work with the partners to make sure that they understand it. So for example, we provide free what they call an NSE training to all our partners. And then we also work with them very closely to put systems in their labs and the demos and make sure they can architect. And so partners are really important to us and, you know, making sure that they can provide value as part of a solution set to our customers, because customers trust them. And so we want to make sure that we work with our partners closely so they can help the customer implementing architect solutions as they go forward. >> That trust is critical. Right? I mean, we can talk about that at every event, every CUBE Conversation, the trust that an a customer has in you, the trust that you have in a partner and vice versa. That whole trust circle kind of goes along the lines with what we're talking about in terms of being able to establish that trust. So that threat landscape that's probably only going to continue to get bigger is in the trusted hands of folks like Fortinet and your partners to be able to enable those customers to narrow that threat landscape. >> Yeah, yeah. And so it could be the smallest partner to the largest service provider. We don't mind. We want to make sure that we're working with them to provide that implementation from the customers. And again, the word trust is sometimes overused, but that's what customers are looking for. >> (Lisa) So, John, point me to when our audience is some of the information that they can find on Dotcom about zero trust. What are some of the things that you think are great calls to action for the audience? >> Yeah. I mean, it depends. I think it depends on what level you want to get into where we have a bunch of assets, videos, and training but start at the very highest level, you know, why is zero trust something you need to implement? And then it goes down into more details and then even the architecture, long-term architecture and connectivity and implementation. So there's a lot of assets on Fortinet.com If you go on our training sessions, there's- all our training's free to our customers. And so you can go in all those NSE levels and look at the capabilities. So yeah, definitely it's a- it's an area of high interest from our customers. But as I say to them, it's more of a journey. Yes, you can implement something today really quickly, but will that work for you over the long-term in making sure you can take all the information from the, like I said, you know, how is the voice, the posture of that device? What is the device with an agent doing, you know, as my contextual engine integrated as well? So it's a journey for customers and, but you can start with something simple but you need to have that plan for that journey in place. >> I imagine though, John, it's a journey that is either accelerating, or with the threat landscape and some of the things that we've already talked about, is becoming an absolutely board-critical conversation. So, and on that journey, does Fortinet work with customers to accelerate certain parts of it? Because you know, these businesses have been pivoting so much in the last year and they've got to not just survive, but now thrive in this new landscape, this new hybrid work from home, work from anywhere environment and also with more threats. >> Yeah, no, it's a good point. And so, you know, even those internally are implementing it starting the most critical assets first. So let's say, you know, I've got somebody working on source code, they should be the first ones to get the zero trust implementation. I've got somebody asking from the internet to search for stuff. Maybe they're okay for now, but yeah. So you kind of prioritize your assets and users against, you know, the threat and then implement. That's why I'm saying you can roll it out across everyone as, you know, a certain version of it. But I think it's better to prioritize first the most important assets in IP and then roll it out that way. >> (Lisa) Great advice. >> Because some of- a lot of those assets are still sitting in the data center. >> Right. >> So they're not sitting in the cloud. >> Right. John, great advice. Thank you so much for joining me. Good to see you, glad all is well and that you will be able to get out of your home office. You're just days away from that. I'm sure that's going to feel great. >> Certainly is. And thank you, Lisa. >> Nice to see you. For John Madison, I'm Lisa Martin. You're watching this CUBE Conversation. (calm electronic music with piano)

(bright music) >> Hello and welcome to today's session of the 2021 AWS Global Public Sector Partner Awards for the award for Best Partner Transformation, Best Cybersecurity Solution. I'm now honored to welcome our next guests, General Keith Alexander, Founder, and Co-CEO of IronNet Cybersecurity, as well as Gil Quiniones, President and CEO of the New York Power Authority. Welcome to the program gentlemen, delighted to have you here. >> Good to be here. >> Terrific. Well, General Alexander, I'd like to start with you. Tell us about the collective defense program or platform and why is it winning awards? >> Well, great question and it's great to have Gil here because it actually started with the energy sector. And the issue that we had is how do we protect the grid? The energy sector CEOs came together with me and several others and said, how do we protect this grid together? Because we can't defend it each by ourselves. We've got to defend it together. And so the strategy that IronNet is using is to go beyond what the conventional way of sharing information known as signature-based solutions to behavioral-based so that we can see the events that are happening, the unknown unknowns, share those among companies and among both small and large in a way that helps us defend because we can anonymize that data. We can also share it with the government. The government can see a tax on our country. That's the future, we believe, of cybersecurity and that collective defense is critical for our energy sector and for all the companies within it. >> Terrific. Well, Gil, I'd like to shift to you. As the CEO of the largest state public power utility in the United States, why do you think it's so important now to have a collective defense approach for utility companies? >> Well, the utility sector lied with the financial sector as number one targets by our adversaries and you can't really solve cybersecurity in silos. We, NYPA, my company, New York Power Authority alone cannot be the only one and other companies doing this in silos. So what's really going to be able to be effective if all of the utilities and even other sectors, financial sectors, telecom sectors cooperate in this collective defense situation. And as we transform the grid, the grid is getting transformed and decentralized. We'll have more electric cars, smart appliances. The grid is going to be more distributed with solar and batteries charging stations. So the threat surface and the threat points will be expanding significantly and it is critical that we address that issue collectively. >> Terrific. Well, General Alexander, with collective defense, what industries and business models are you now disrupting? >> Well, we're doing the energy sector, obviously. Now the defense industrial base, the healthcare sector, as well as international partners along the way. And we have a group of what we call technical and other companies that we also deal with and a series of partner companies, because no company alone can solve this problem, no cybersecurity company alone. So partners like Amazon and others partner with us to help bring this vision to life. >> Terrific. Well, staying with you, what role does data and cloud scale now play in solving these security threats that face the businesses, but also nations? >> That's a great question. Because without the cloud, bringing collective security together is very difficult. But with the cloud, we can move all this information into the cloud. We can correlate and show attacks that are going on against different companies. They can see that company A, B, C or D, it's anonymized, is being hit with the same thing. And the government, we can share that with the government. They can see a tax on critical infrastructure, energy, finance, healthcare, the defense industrial base or the government. In doing that, what we quickly see is a radar picture for cyber. That's what we're trying to build. That's where everybody's coming together. Imagine a future where attacks are coming against our country can be seen at network speed and the same for our allies and sharing that between our nation and our allies begins to broaden that picture, broaden our defensive base and provide insights for companies like NYPA and others. >> Terrific. Well, now Gil, I'd like to move it back to you. If you could describe the utility landscape and the unique threats that both large ones and small ones are facing in terms of cybersecurity and the risks, the populous that live there. >> Well, the power grid is an amazing machine, but it is controlled electronically and more and more digitally. So as I mentioned before, as we transform this grid to be a cleaner grid, to be more of an integrated energy network with solar panels and electric vehicle charging stations and wind farms, the threat is going to be multiple from a cyber perspective. Now we have many smaller utilities. There are towns and cities and villages that own their poles and wires. They're called municipal utilities, rural cooperative systems, and they are not as sophisticated and well-resourced as a company like the New York Power Authority or our investor on utilities across the nation. But as the saying goes, we're only as strong as our weakest link. And so we need- >> Terrific. >> we need to address the issues of our smaller utilities as well. >> Yeah, terrific. Do you see a potential for more collaboration between the larger utilities and the smaller ones? What do you see as the next phase of defense? >> Well, in fact, General Alexander's company, IronNet and NYPA are working together to help bring in the 51 smaller utilities here in New York in their collective defense tool, the IronDefense or the IronDome as we call it here in New York. We had a meeting the other day, where even thinking about bringing in critical state agencies and authorities. The Metropolitan Transportation Authority, Port Authority of New York and New Jersey, and other relevant critical infrastructure state agencies to be in this cloud and to be in this radar of cybersecurity. And the beauty of what IronNet is bringing to this arrangement is they're trying to develop a product that can be scalable and affordable by those smaller utilities. I think that's important because if we can achieve that, then we can replicate this across the country where you have a lot of smaller utilities and rural cooperative systems. >> Yeah. Terrific. Well, Gil, staying with you. I'd love to learn more about what was the solution that worked so well for you? >> In cybersecurity, you need public-private partnerships. So we have private companies like IronNet that we're partnering with and others, but also partnering with state and federal government because they have a lot of resources. So the key to all of this is bringing all of that information together and being able to react, the General mentioned, network speed, we call it machine speed, has to be quick and we need to protect and or isolate and be able to recover it and be resilient. So that's the beauty of this solution that we're currently developing here in New York. >> Terrific. Well, thank you for those points. Shifting back to General Alexander. With your depth of experience in the defense sector, in your view, how can we stay in front of the attacks, mitigate them, and then respond to them before any damage is done? >> So having run our nations, the offense. I know that the offense has the upper hand almost entirely because every company and every agency defends itself as an isolated entity. Think about 50 mid-sized companies, each with 10 people, they're all defending themselves and they depend on that defense individually and they're being attacked individually. Now take those 50 companies and their 10 people each and put them together and collect the defense where they share information, they share knowledge. This is the way to get out in front of the offense, the attackers that you just asked about. And when people start working together, that knowledge sharing and crowdsourcing is a solution for the future because it allows us to work together where now you have a unified approach between the public and private sectors that can share information and defend each of the sectors together. That is the future of cybersecurity. What makes it possible is the cloud, by being able to share this information into the cloud and move it around the cloud. So what Amazon has done with AWS has exactly that. It gives us the platform that allows us to now share that information and to go at network speed and share it with the government in an anonymized way. I believe that will change radically how we think about cybersecurity. >> Yeah. Terrific. Well, you mention data sharing, but how is it now a common tactic to get the best out of the data? And now, how is it sharing data among companies accelerated or changed over the past year? And what does it look like going forward when we think about moving out of the pandemic? >> So first, this issue of sharing data, there's two types of data. One about the known threats. So sharing that everybody knows because they use a signature-based system and a set of rules. That shared and that's the common approach to it. We need to go beyond that and share the unknown. And the way to share the unknown is with behavioral analytics. Detect behaviors out there that are anonymous or anomalous, are suspicious and are malicious and share those and get an understanding for what's going on in company A and see if there's correlations in B, C and D that give you insights to suspicious activity. Like solar winds, recognizes solar winds at 18,000 companies, each defending themselves. None of them were able to recognize that. Using our tools, we did recognize it in three of our companies. So what you can begin to see is a platform that can now expand and work at network speed to defend against these types of attacks. But you have to be able to see that information, the unknown unknowns, and quickly bring people together to understand what that means. Is this bad? Is this suspicious? What do I need to know about this? And if I can share that information anonymized with the government, they can reach in and say, this is bad. You need to do something about it. And we'll take the responsibility from here to block that from hitting our nation or hitting our allies. I think that's the key part about cybersecurity for the future. >> Terrific. General Alexander, ransomware of course, is the hottest topic at the moment. What do you see as the solution to that growing threat? >> So I think, a couple things on ransomware. First, doing what we're talking about here to detect the phishing and the other ways they get in is an advanced way. So protect yourself like that. But I think we have to go beyond, we have to attribute who's doing it, where they're doing it from and hold them accountable. So helping provide that information to our government as it's going on and going after these guys, making them pay a price is part of the future. It's too easy today. Look at what happened with the DarkSide and others. They hit Colonial Pipeline and they said, oh, we're not going to do that anymore. Then they hit a company in Japan and prior to that, they hit a company in Norway. So they're attacking and they pretty much operate at will. Now, let's indict some of them, hold them accountable, get other governments to come in on this. That's the way we stop it. And that requires us to work together, both the public and private sector. It means having these advanced tools, but also that public and private partnership. And I think we have to change the rhetoric. The first approach everybody takes is, Colonial, why did you let this happen? They're a victim. If they were hit with missiles, we wouldn't be asking that, but these were nation state like actors going after them. So now our government and the private sector have to work together and we need to change that to say, they're victim, and we're going to go after the guys that did this as a nation and with our allies. I think that's the way to solve it. >> Yeah. Well, terrific. Thank you so much for those insights. Gil, I'd also like to ask you some key questions and of course, certainly people today have a lot of concerns about security, but also about data sharing. How are you addressing those concerns? >> Well, data governance is critical for a utility like the New York Power Authority. A few years ago, we declared that we aspire to be the first end-to-end digital utility. And so by definition, protecting the data of our system, our industrial controls, and the data of our customers are paramount to us. So data governance, considering data or treating data as an asset, like a physical asset is very, very important. So we in our cybersecurity, plans that is a top priority for us. >> Yeah. And Gil thinking about industry 4.0, how has the surface area changed with Cloud and IoT? >> Well, it's grown significantly. At the power authority, we're installing sensors and smart meters at our power plants, at our substations and transmission lines, so that we can monitor them real time, all the time, know their health, know their status. Our customers we're monitoring about 15 to 20,000 state and local government buildings across our states. So just imagine the amount of data that we're streaming real time, all the time into our integrated smart operations center. So it's increasing and it will only increase with 5G, with quantum computing. This is just going to increase and we need to be prepared and integrate cyber into every part of what we do from beginning to end of our processes. >> Yeah. And to both of you actually, as we see industry 4.0 develop even further, are you more concerned about malign actors developing more sophistication? What steps can we take to really be ahead of them? Let's start with General Alexander. >> So, I think the key differentiator and what the energy sector is doing, the approach to cybersecurity is led by CEOs. So you bring CEOs like Gil Quiniones in, you've got other CEOs that are actually bringing together forums to talk about cybersecurity. It is CEO led. That the first part. And then the second part is how do we train and work together, that collective defense. How do we actually do this? I think that's another one that NYPA is leading with West Point in the Army Cyber Institute. How can we start to bring this training session together and train to defend ourselves? This is an area where we can uplift our people that are working in this process, our cyber analysts if you will at the security operations center level. By training them, giving them hard tests and continuing to go. That approach will uplift our cybersecurity and our cyber defense to the point where we can now stop these types of attacks. So I think CEO led, bring in companies that give us the good and bad about our products. We'd like to hear the good, we need to hear the bad, and we needed to improve that, and then how do we train and work together. I think that's part of that solution to the future. >> And Gil, what are your thoughts as we embrace industry 4.0? Are you worried that this malign actors are going to build up their own sophistication and strategy in terms of data breaches and cyber attacks against our utility systems? What can we do to really step up our game? >> Well, as the General said, the good thing with the energy sector is that on the foundational level, we're the only sector with mandatory regulatory requirements that we need to meet. So we are regulated by the Federal Energy Regulatory Commission and the North American Electric Reliability Corporation to meet certain standards in cyber and critical infrastructure. But as the General said, the good thing with the utility is by design, just like storms, we're used to working with each other. So this is just an extension of that storm restoration and other areas where we work all the time together. So we are naturally working together when it comes to to cyber. We work very closely with our federal government partners, Department of Homeland Security, Department of Energy and the National Labs. The National Labs have a lot of expertise. And with the private sector, like great companies like IronNet, NYPA, we stood up an excellence, center of excellence with private partners like IronNet and Siemens and others to start really advancing the art of the possible and the technology innovation in this area. And as the governor mentioned, we partnered with West Point because just like any sporting or just any sport, actual exercises of the red team, green team, and doing that constantly, tabletop exercises, and having others try and breach your walls. Those are good exercises to really be ready against the adversaries. >> Yeah. Terrific. Thank you so much for those insights. General Alexander, now I'd like to ask you this question. Can you share the innovation strategy as the world moves out of the pandemic? Are we seeing new threats, new realities? >> Well, I think, it's not just coming out of the pandemic, but the pandemic actually brought a lot of people into video teleconferences like we are right here. So more people are working from home. You add in the 5G that Gil talked about that gives you a huge attack surface. You're thinking now about instead of a hundred devices per square kilometer up to a million devices. And so you're increasing the attack surface. Everything is changing. So as we come out of the pandemic, people are going to work more from home. You're going to have this attack surface that's going on, it's growing, it's changing, it's challenging. We have to be really good about now, how we trained together, how we think about this new area and we have to continue to innovate, not only what are the cyber tools that we need for the IT side, the internet and the OT side, operational technology. So those kinds of issues are facing all of us and it's a constantly changing environment. So that's where that education, that training, that communication, working between companies, the customers, the NYPA's and the IronNet's and others and then working with the government to make sure that we're all in sync. It's going to grow and is growing at an increased rate exponentially. >> Terrific. Thank you for that. Now, Gil, same question for you. As a result of this pandemic, do you see any kind of new realities emerging? What is your position? >> Well, as the General said, most likely, many companies will be having this hybrid setup. And for company's life like mine, I'm thinking about, okay, how many employees do I have that can access our industrial controls in our power plants, in our substations, and transmission system remotely? And what will that mean from a risk perspective, but even on the IT side, our business information technology. You mentioned about the Colonial Pipeline type situation. How do we now really make sure that our cyber hygiene of our employees is always up-to-date and that we're always vigilant from potential entry whether it's through phishing or other techniques that our adversaries are using. Those are the kinds of things that keep myself like a CEO of a utility up at night. >> Yeah. Well, shifting gears a bit, this question for General Alexander. How come supply chain is such an issue? >> Well, the supply chain, of course, for a company like NYPA, you have hundreds or thousands of companies that you work with. Each of them have different ways of communicating with your company. And in those communications, you now get threats. If they get infected and they reach out to you, they're normally considered okay to talk to, but at the same time that threat could come in. So you have both suppliers that help you do your job. And smaller companies that Gil has, he's got the 47 munis and four co-ops out there, 51, that he's got to deal with and then all the state agencies. So his ecosystem has all these different companies that are part of his larger network. And when you think about that larger network, the issue becomes, how am I going to defend that? And I think, as Gil mentioned earlier, if we put them all together and we operate and train together and we defend together, then we know that we're doing the best we can, especially for those smaller companies, the munis and co-ops that don't have the people and a security ops centers and other things to defend them. But working together, we can help defend them collectively. >> Terrific. And I'd also like to ask you a bit more on IronDefense. You spoke about its behavioral capabilities, it's behavioral detection techniques, excuse me. How is it really different from the rest of the competitive landscape? What sets it apart from traditional cybersecurity tools? >> So traditional cybersecurity tools use what we call a signature-based system. Think of that as a barcode for the threat. It's a specific barcode. We use that barcode to identify the threat at the firewall or at the endpoint. Those are known threats. We can stop those and we do a really good job. We share those indicators of compromise in those barcodes, in the rules that we have, Suricata rules and others, those go out. The issue becomes, what about the things we don't know about? And to detect those, you need behavioral analytics. Behavioral analytics are a little bit noisier. So you want to collect all the data and anomalies with behavioral analytics using an expert system to sort them out and then use collected defense to share knowledge and actually look across those. And the great thing about behavioral analytics is you can detect all of the anomalies. You can share very quickly and you can operate at network speed. So that's going to be the future where you start to share that, and that becomes the engine if you will for the future radar picture for cybersecurity. You add in, as we have already machine learning and AI, artificial intelligence, people talk about that, but in this case, it's a clustering algorithms about all those events and the ways of looking at it that allow you to up that speed, up your confidence in and whether it's malicious, suspicious or benign and share that. I think that is part of that future that we're talking about. You've got to have that and the government can come in and say, you missed something. Here's something you should be concerned about. And up the call from suspicious to malicious that gives everybody in the nation and our allies insights, okay, that's bad. Let's defend against it. >> Yeah. Terrific. Well, how does the type of technology address the President's May 2021 executive order on cybersecurity as you mentioned the government? >> So there's two parts of that. And I think one of the things that I liked about the executive order is it talked about, in the first page, the public-private partnership. That's the key. We got to partner together. And the other thing it went into that was really key is how do we now bring in the IT infrastructure, what our company does with the OT companies like Dragos, how do we work together for the collective defense for the energy sector and other key parts. So I think it is hit two key parts. It also goes on about what you do about the supply chain for software were all needed, but that's a little bit outside what we're talking about here today. The real key is how we work together between the public and private sector. And I think it did a good job in that area. >> Terrific. Well, thank you so much for your insights and to you as well, Gil, really lovely to have you both on this program. That was General Keith Alexander, Founder and Co-CEO of IronNet Cybersecurity, as well as Gil Quiniones, the President and CEO of the New York Power Authority. That's all for this session of the 2021 AWS Global Public Sector Partner Awards. I'm your host for theCUBE, Natalie Erlich. Stay with us for more coverage. (bright music)

(gentle music) >> Welcome to this Cube Conversation, I'm Lisa Martin. Laura Dubois joins me next, VP of product management at Dell Technologies, Laura, welcome back to the program. >> Yeah, thank you so much Lisa, it's just fantastic to be here and talking about data protection now that we're coming out of COVID, it's just wonderful to be here, thank you so much. >> Isn't it so refreshing. So, you're going to provide some updates on Dell's data protection software, some of the innovation, how you're working with customers and prospects. So let's go ahead and dig right in, let's talk about some of the innovation and the enhancements that Dell is making to its data protection suite of software and also how customers are influencing that. >> Yeah, so it's a great question Lisa and you're right. We have driven a lot of innovation and enhancements in our data protection suite. And let me just level a second. So data protection suite, is a solution that is deployed by really tens of thousands of customers. And we continue to innovate and enhance that data protection suite. Data protection suite is comprised primarily of three main data protection software capabilities. So, longstanding capabilities and customer adoption of Avamar, which continues to be a central capability on our portfolio. The second one is Networker. So Networker is also an enterprise grade, highly scalable and performance data protection solution. And then a couple of years ago, we launched a new data protection capability called power protect data manager. So, all three of these capabilities, really the foundation of our data protection suite. And as I said, enterprises around the world rely on these three sets of capabilities to protect their data, regardless of wherever it resides. And it's really central now more than ever in the face of increasing security, risks and compliance and the need to be able to have an always kind of available environment that customers rely on the capabilities and data protection suite to really make sure their enterprises resilient. >> Absolutely, and make sure that that data is recoverable if anything happens, you mentioned cybersecurity. We'll get into that in a second. But so thousands of Avamar and Networker customers, what are some of the key workloads and data that these customers are protecting with these technologies? >> Yeah, I mean, so, actually tens of thousands. >> Tens of thousands. >> Tens of thousands of customers that rely on data protection suite. And it really, I think the strength and advantage of our portfolio is its breadth, breadth in terms of client operating environments, in terms of applications and databases, in terms of workloads and specifically use cases. So I mean, the breadth that we offer is unparalleled, pretty much whether Windows, Linux, OpenVMS, NetWare, kind of going back in time a long tail of kind of operating environments and then databases, right. So everything from SQL and Oracle and Sybase and DB2 to new types of databases, like the NoSQL or content store and key value store types of NoSQL schemas, if you will. And so, and then lastly is the word they use cases, right? So being able to protect data, whether that be data that's in a data center, out in remote or branch locations or data that's out in the cloud, right. And of course, increasingly customers are placing their data in a variety of locations; on Edge, on core data centers and in cloud environments. And we actually have over six exabytes of capacity under management, across public cloud environments. So pretty extensive deployment of our data protection suite in public clouds, you know, the leading hyperscalers, cloud environments and premises as well. >> So let's talk a little bit about the customer influence 'cause obviously there's a very cooperative relationship that Dell has with its customers that help you achieve things. Like, for example, I saw that according to IDC, Dell Technologies is number one in data protection, appliances, and software, leader in the Gartner Magic Quadrant for data center backup and recovery for over 20 years now. Talk to us a little bit more about that symbiotic customer, Dell relationship. >> Yeah, so it's a great question. We see our customers as strategic partners, and we really want to understand their business, their requirements. We engage on a quarterly basis with customers and partners in advisory councils. And then of course, we are always engaging with customers outside of those cycles on a kind of a one-on-one basis. And so we are really driving the innovation and the backlogs and the roadmap for data protection suite based upon customer feedback. And approximately 79% of the fortune 100 customers, our Dell data, Dell Technologies data protection customers. Now that's not to say that that's our only customer base. We have customers in commercial accounts, in mid-market in federal agencies, but, you know, we take our customer relationships really, really seriously, and we engage with them on a regular basis, both in a group forum to provide feedback as well as in a one-on-one basis. And we're building our roadmaps and our product release is based on feedback from customers, and again, know large customer base that we take very seriously. >> Right to the customer listening obviously it is critical for Dell. So you talked a little bit about what that cycle looks like in terms of quarterly meetings and then those individual meetings. What are some of the enhancements and advancements that customers have actually influenced? >> Yeah, so we, I mean, we, I think continuing to provide simplicity and ease of use is a key element of our portfolio and our strategy, right? So continuing to modernize and update the software in terms of workflows, in terms of, you know, common experiences also increasingly customers want to automate their data protection process. So really taking an API-first strategy for how we deliver capabilities to customers, continuing to expand our client database, hypervisor environments, continue to extend out our cloud support, you know, things like protection of cloud native applications with increasingly customers containerizing and building scale-out applications. We want to be able to protect Kubernetes environment. So that's kind of an area of focus for us. Another area of focus for us is going deeper with our key strategic partners, whether that'd be a cloud partner or a hypervisor partner. And then of course, customers, in fact, one of the top three things that we consistently hear from these councils that we do is the criticality of security, security and our data protection environment but the criticality of being able to be resilient from, and in the event of a cyber attack to be able to resilient recover from that cyber attack. So that is an area where we continue to make innovations and investments in the data protection suite as well. >> And that's so critical. One of the things that we saw in the last year, 15 months plus Laura, is this massive rise in ransomware. It's now a household word, the Colonial Pipeline for example, the meat packing plant, it's now many businesses knowing it's not, if we get attacked, but it's when. So having the ability to be resilient and recover that data is table stakes for, I imagine a business in any organization. I want to understand a little bit more. So you talked about tens of thousands of customers using Avamar and Networker. So now they have the capability of also expanding and using more of the suite. Talk to me a little bit about that. >> Yeah, so, I mean, I think it starts with the customer environment and what workloads and use cases they have. And because of the breadth of capabilities indeed the data protection suite, we really optimize the solution based upon their needs, right. So if they have a large portfolio of applications that they need to maintain but they're also building applications or systems for the future, we have a solution there. If they have a single hypervisor strategy or a multiple hypervisor strategy, we have a strategy there, if they have data that's on-premise and across a range of public clouds, one large customer we have as a, kind of three-plus one strategy around cloud. So they're leveraging three different public cloud, IS environments, and then they're also have their on-premise cloud environment. So, you know, we, it really starts with the customer workload and the data, and where it lives; whether that's be out in an Edge location in a remote or branch office, on an end point somewhere, they need to protect whether it be in a core data center or multiple data centers, or rather be in the cloud. That's how we think about optimizing the solution for the customers. >> Curious if you can give me any examples of customers maybe by industry that were, have been with Dell for a long time with Avamar and Networker for a long time and how they've expanded, being able to pick, as you say, as their, or as their environment grows and we've got, now this blur of right. It's now worked from anywhere, data centers, Edge. Talk to me about some customers examples that you think really articulate the value of what Dell is delivering. >> Yeah, so, I mean, I think one customer in the financial services sector comes to mind. They have a large amount of unstructured data that they need to protect, you know, petabytes, petabytes and petabytes of data they need to protect. And so I think that's one customer that comes to mind is someone we've been with for a long time, been partnering with for a long time. Another customer I mentioned in the, it was a kind of a three-letter software company that is a really strategic partner for us with on-premise, in the cloud. You know, healthcare is a big and important sector for Dell. We have integrations into kind of leading healthcare applications. So that's another big, whether they be a healthcare provider or a healthcare insurance company, and had a fourth example, but it's escaping my mind right now, but, I would say going back to the cyber discussion, I mean, one thing that we, where we see really customers looking for guidance from us around cyber recovery and cyber resilience is in what the, you know, of course president Biden just released this executive board on his mandate for ensuring that the federal agencies but also companies in the millisecond sector, sectors be able to ensure resilience from cyber attacks. So that's companies in financial services, that's companies in healthcare, energy, oil, and gas transportation, right. Obviously in companies and industries that are critical to our economy and our infrastructure. And so that has been an area where we've seen, recently in the last, I would say 12 months increased in engagement, you mentioned Colonial Pipeline, for example. So those are some high salient highlights I think of in terms of, you know, kind of key customers. But pretty much every sector. I mean, the U.S. government, all of the the agencies, whether they be civilian, or DOD or key kind of engagement partners of ours. >> Yeah, and as you said in the last year, what a year it's been. But really a business in every industry has got to be able to be resilient and recover when something happens. Can you talk a little bit about some of the specific enhancements that you guys have made to the suite? >> Yeah, sure. So, you know, we continue to enhance our hypervisor capabilities. So we continue to enhance not only the core VMware or hyperbaric capabilities but we continue to enhance some of the extensions or plugins that we have for those. So whether that be things like our VRealized plugin or a vCloud director plugin for say, VMware. So that's kind of a big focus for us. Continuing to enhance capabilities around leveraging the cloud for long-term retention. So that's another kind of enhancement area for us. But cloud in general is an ara where we continue to drive more and more enhancement. Improving performance in cloud environments for a variety of use cases, whether that be DR to the cloud, backup or replications of the cloud or backing up workloads that are already in the cloud. There's a key use cases for us, as well as the archive to cloud use cases. So there's just some examples or areas where we've driven enhancements and you can expect to see more, you know we have a six month release cadence for Avamar and Networker, and we continue with that momentum. And at the end of this month, we have the next major release of our data protection suite. And then six months later, we'll have the next update and so on and so forth. And we've been doing that actually for the last three to four years. This is a six month release cadence for data protection suite. We continue with that momentum. And like I said, simplicity and modernity, APIs and automation, extending our workloads and hypervisors and use cases. And then cloud is a big focusing area as well, as well as security and cyber resilience. >> Right, and so a lot of flexibility in choice for Avamar and Networker customers. As things change the world continues to pivot and we know it's absolutely essential to be able to recover that data. You mentioned 70, I think 79% of the Fortune 100 are using Dell technologies for data protection software. That's probably something that's only going to continue to grow. Lots of stuff coming up. As you mention, what are some of the things that you're personally excited about as the world starts to open up and you get to actually go out and engage with customers? >> I'm in just looking forward to like in-person meetings. I mean, I just loved going and trying to understand what problems the customers are trying to solve and how we can help address those. I think, you know, what I see customers sort of struggling with is how do they kind of manage their current environment while they're building for the future? So there's a lot of interest in questions around, how do they protect some of these new types of workloads, whether they're deployed on premise or in the public cloud. So that continues to be an area where we continue to engage with customers. I'm also really personally excited about the extensions that we're doing in our cyber recovery capabilities so as you can expect to hear more about some of those in the next 12 months, because we're really seeing that as a key driver to kind of increased policies around and implementations around data protection is because of these, you know, the needs to be able to be resilient from cyber attacks. I would say we're also doing some very interesting integrations with VMware. We're going to have some first and only announcements around VMware and managing protection for VMware, you know, VM environments. So you can look forward to hearing more about that. And we have customers that have deployed our data protection solutions at scale. One customer has 150,000 clients who they're protecting with our data protection offerings, 150,000. And so we're continuing to improve the, and enhance the products to meet those kinds of scale requirements. And I'm excited by the fact that we've had this long standing relationship with this one particular customer and continue to help in flowing up where their needs go. >> And that's something that even a great job of talking about is just not just a longstanding relationships but really that dedication that Dell has to innovating with its customers. Laura, thank you for sharing some of the updates of what's new, what you're continuing to do with customers, and what you're looking forward to in the future. It sounds like we might hear some news around the VMworld timeframe. >> Yes, I think so. >> All right, Laura, thank you so much for joining me today. Appreciate your time. >> Yeah, it's been great to be here. Thanks so much. >> Excellent from Laura Dubois and Lisa Martin, you're watching this Cube Conversation. (soft music)

(upbeat music) >> Hey, welcome to this Cube conversation with NetScout. I'm Lisa Martin. Excited to talk to you. Richard Hummel, the manager of threat research for Arbor Networks, the security division of NetScout. Richard, welcome to theCube. >> Thanks for having me, Lisa, it's a pleasure to be here. >> We're going to unpack the sixth NetScout Threat Intelligence Report, which is going to be very interesting. But something I wanted to start with is we know that and yes, you're going to tell us, COVID and the pandemic has had a massive impact on DDoS attacks, ransomware. But before we dig into the report, I'd like to just kind of get some stories from you as we saw last year about this time rapid pivot to work from home, rapid pivot to distance learning. Talk to us about some of the attacks that you saw in particular that literally hit close to home. >> Sure and there's one really good prime example that comes to mind because it impacted a lot of people. There was a lot of media sensation around this but if you go and look, just Google it, Miami Dade County and DDoS, you'll see the first articles that pop up is the entire district school network going down because the students did not want to go to school and launched a DDoS attack. There was something upwards of 190,000 individuals that could no longer connect to the school's platform, whether that's a teacher, a student or parents. And so it had a very significant impact. And when you think about this in terms of the digital world, that impacted very severely, a large number of people and you can't really translate that to what would happen in a physical environment because it just doesn't compute. There's two totally different scenarios to talk about here. >> Amazing that a child can decide, "I don't want to go to school today." And as a result of a pandemic take that out for nearly 200,000 folks. So let's dig into, I said this is the sixth NetScout Threat Intelligence Report. One of the global trends and themes that is seen as evidence in what happened last year is up and to the right. Oftentimes when we're talking about technology, you know, with analyst reports up and to the right is a good thing. Not so in this case. We saw huge increases in threat vectors, more vectors weaponized per attack sophistication, expansion of threats and IOT devices. Walk us through the overall key findings from 2020 that this report discovered. >> Absolutely. And if yo glance at your screen there you'll see the key findings here where we talk about record breaking numbers. And just in 2020, we saw over 10 million attacks, which, I mean, this is a 20% increase over 2019. And what's significant about that number is COVID had a huge impact. In fact, if we go all the way back to the beginning, right around mid March, that's when the pandemic was announced, attacks skyrocketed and they didn't stop. They just kept going up and to the right. And that is true through 2021. So far in the first quarter, typically January, February is the down month that we observe in DDoS attacks. Whether this is, you know, kids going back to school from Christmas break, you have their Christmas routines and e-commerce is slowing down. January, February is typically a slow month. That was not true in 2021. In fact, we hit record numbers on a month by month in both January and February. And so not only do we see 2.9 million attacks in the first quarter of 2021, which, I mean, let's do the math here, right? We've got four quarters, you know, we're on track to hit 12 million attacks potentially, if not more. And then you have this normal where we said 800,000 approximately month over month since the pandemic started, we started 2021 at 950,000 plus. That's up and to the right and it's not slowing down. >> It's not slowing down. It's a trend that it shows, you know, significant impact across every industry. And we're going to talk about that but what are some of the new threat vectors that you saw weaponized in the last year? I mean, you talked about the example of the Miami-Dade school district but what were some of those new vectors that were really weaponized and used to help this up and to the right trend? >> So there's four in particular that we were tracking in 2020 and these nets aren't necessarily new vectors. Typically what happens when an adversary starts using this is there's a proof of concept code out there. In fact, a good example of this would be the RDP over UDP. So, I mean, we're all remotely connected, right? We're doing this over a Zoom call. If I want to connect to my organization I'm going to use some sort of remote capability whether that's a VPN or tunneling in, whatever it might be, right? And so remote desktop is something that everybody's using. And we saw actors start to kind of play around with this in mid 2020. And in right around September, November timeframe we saw a sudden spike. And typically when we see spikes in this kind of activity it's because adversaries are taking proof of concept code, that maybe has been around for a period of time, and they're incorporating those into DDoS for hire services. And so any person that wants to launch a DDoS attack can go into underground forums in marketplaces and they can purchase, maybe it's $10 in Bitcoin, and they can purchase an attack. That leverage is a bunch of different DDoS vectors. And so adversaries have no reason to remove a vector as new ones get discovered. They only have the motivation to add more, right? Because somebody comes into their platform and says, "I want to launch an attack that's going to take out my opponent." It's probably going to look a lot better if there's a lot of attack options in there where I can just go through and start clicking buttons left and right. And so all of a sudden now I've got this complex multi-vector attack that I don't have to pay anything extra for. Adversary already did all the work for me and now I can launch an attack. And so we saw four different vectors that were weaponized in 2020. One of those are notably the Jenkins that you see listed on the screen in the key findings. That one isn't necessarily a DDoS vector. It started out as one, it does amplify, but what happens is Jenkins servers are very vulnerable and when you actually initiate this attack, it tips over the Jenkins server. So it kind of operates as like a DoS event versus DDoS but it still has the same effect of availability, it takes a server offline. And then now just in the first part of 2021 we're tracking multiple other vectors that are starting to be weaponized. And when we see this, we go from a few, you know, incidents or alerts to thousands month over month. And so we're seeing even more vectors added and that's only going to continue to go up into the right. You know that theme that we talked about at the beginning here. >> As more vectors get added, and what did you see last year in terms of industries that may have been more vulnerable? As we talked about the work from home, everyone was dependent, really here we are on Zoom, dependent on Zoom, dependent on Netflix. Streaming media was kind of a lifeline for a lot of us but it also was healthcare and education. Did you see any verticals in particular that really started to see an increase in the exploitation and in the risk? >> Yeah, so let's start, let's separate this into two parts. The last part of the key findings that we had was talking about a group we, or a campaign we call Lazarus Borough Model. So this is a global DDoS extortion campaign. We're going to cover that a little bit more when we talk about kind of extorted events and how that operates but these guys, they started where the money is. And so when they first started targeting industries and this kind of coincides with COVID, so it started several months after the pandemic was announced, they started targeting a financial organizations, commercial banking. They went after stock exchange. Many of you would hear about the New Zealand Stock Exchange that went offline. That's this LBA campaign and these guys taking it off. So they started where the money is. They moved to a financial agation targeting insurance companies. They targeted currency exchange places. And then slowly from there, they started to expand. And in so much as our Arbor Cloud folks actually saw them targeting organizations that are part of vaccine development. And so these guys, they don't care who they hurt. They don't care who they're going after. They're going out there for a payday. And so that's one aspect of the industry targeting that we've seen. The other aspect is you'll see, on the next slide here, we actually saw a bunch of different verticals that we really haven't seen in the top 10 before. In fact, if you actually look at this you'll see the number one, two and three are pretty common for us. We almost always are going to see these kinds of telecommunications, wireless, satellite, broadband, these are always going to be in the top. And the reason for that is because gamers and DDoS attacks associated with gaming is kind of the predominant thing that we see in this landscape. And let's face it, gamers are on broadband operating systems. If you're in Asian communities, often they'll use mobile hotspots. So now you start to have wireless come in there. And so that makes sense seeing them. But what doesn't make sense is this internet publishing and broadcasting and you might say, "Well, what is that?" Well, that's things like Zoom and WebEx and Netflix and these other streaming services. And so we're seeing adversaries going after that because those have become critical to people's way of life. Their entertainment, what they're using to communicate for work and school. So they realized if we can go after this it's going to disrupt something and hopefully we can get some recognition. Maybe we can show this as a demonstration to get more customers on our platform or maybe we can get a payday. In a lot of the DDoS attacks that we see, in fact most of them, are all monetary focused. And so they're looking for a payday. They're going to go after something that's going to likely, you know, send out that payment. And then just walk down the line. You can see COVID through this whole thing. Electronic shopping is number five, right? Everybody turned to e-commerce because we're not going to in-person stores anymore. Electronic computer manufacturing, how many more people have to get computers at home now because they're no longer in a corporate environment? And so you can see how the pandemic has really influenced this industry target. >> Significant influencer and I also wonder too, you know, Zoom became a household name for every generation. You know, we're talking to five generations and maybe the generations that aren't as familiar with computer technology might be even more exploitable because it's easy to click on a phishing email when they don't understand how to look for the link. Let's now unpack the different types of DDoS attacks and what is on the rise. You talked about in the report the triple threat and we often think of that in entertainment. That's a good thing, but again, not here. Explain that triple threat. >> Yeah, so what we're seeing here is we have adversaries out there that are looking to take advantage of every possible angle to be able to get that payment. And everybody knows ransomware is a household name at this point, right? And so ransomware and DDoS have a lot in common because they both attack the availability of network resources, where computers or devices or whatever they might be. And so there's a lot of parallels to draw between the two of these. Now ransomware is a denial of service event, right? You're not going to have tens of thousands of computers hitting a single computer to take it down. You're going to have one exploitation of events. Somebody clicked on a link, there was a brute force attempt that managed to compromise a little boxes, credentials, whatever it might be, ransomware gets put on a system, it encrypts all your files. Well, all of a sudden, you've got this ransom note that says "If you want your files decrypted you're going to send us this amount of human Bitcoin." Well, what adversaries are doing now is they're capitalizing on the access that they already gained. So they already have access to the computer. Well, why not steal all the data first then let's encrypt whatever's there. And so now I can ask for a ransom payment to decrypt the files and I can ask for an extortion to prevent me from posting your data publicly. Maybe there's sensitive corporate information there. Maybe you're a local school system and you have all of your students' data on there. You're a hospital that has sensitive PI on it, whatever it might be, right? So now they're going to extort you to prevent them from posting that publicly. Well, why not add DDoS to this entire picture? Now you're already encrypted, we've already got your files, and I'm going to DDoS your system so you can't even access them if you wanted to. And I'm going to tell you, you have to pay me in order to stop this DDoS attack. And so this is that triple threat and we're seeing multiple different ransomware families. In fact, if you look at one of the slides here, you'll see that there's SunCrypt, there's Ragnar Cryptor, and then Maze did this initially back in September and then more recently, even the DarkSide stuff. I mean, who hasn't heard about DarkSide now with the Colonial Pipeline event, right? So they came out and said, "Hey we didn't intend for this collateral damage but it happened." Well, April 24th, they actually started offering DDoS as part of their tool kits. And so you can see how this has evolved over time. And adversaries are learning from each other and are incorporating this kind of methodology. And here we have triple extortion event. >> It almost seems like triple extortion event as a service with the opportunities, the number of vectors there. And you're right, everyone has heard of the Colonial Pipeline and that's where things like ransomware become a household term, just as much as Zoom and video conferencing and streaming media. Let's talk now about the effects that the threat report saw and uncovered region by region. Were there any regions in particular that were, that really stood out as most impacted? >> So not particularly. So one of the phenomenon that we actually saw in the threat report, which, you know, we probably could have talked about it before now but it makes sense to talk about it regionally because we didn't see any one particular region, one particular vertical, a specific organization, specific country, none was more heavily targeted than another. In fact what we saw is organizations that we've never seen targeted before. We've seen industries that have never been targeted before all of a sudden are now getting DDoS attacks because we went from a local on-prem, I don't need to be connected to the internet, I don't need to have my employees remote access. And now all of a sudden you're dependent on the internet which is really, let's face it, that's critical infrastructure these days. And so now you have all of these additional people with a footprint connected to the internet then adversary can figure out and they can poke it. And so what we saw here is just overall, all industries, all regions saw these upticks. The exception would be in China. We actually, in the Asia Pacific region specifically, but predominantly in China. But that often has to do with visibility rather than a decrease in attacks because they have their own kind of infrastructure in China. Brazil's the same way. They have their own kind of ecosystems. And so often you don't see what happens a lot outside the borders. And so from our perspective, we might see a decrease in attacks but, for all we know, they actually saw an increase in the attacks that is internal to their country against their country. And so across the board, just increases everywhere you look. >> Wow. So let's talk about what organizations can do in light of this. As we are here, we are still doing this program by video conferencing and things are opening up a little bit more, at least in the states anyway, and we're talking about more businesses going back to some degree but there's going to still be some mix, some hybrid of working from home and maybe even distance learning. So what can enterprises do to prepare for this when it happens? Because it sounds to me like with the sophistication, the up and to the right, it's not, if we get attacked, it's when. >> It's when, exactly. And that's just it. I mean, it's no longer something that you can put off. You can't just assume that I've never been DDoS attacked, I'm never going to be DDoS attacked anymore. You really need to consider this as part of your core security platform. I like to talk about defense in depth or a layer defense approach where you want to have a layered approach. So, you know, maybe they target your first layer and they don't get through. Or they do get through and now your second layer has to stop it. Well, if you have no layers or if you have one layer, it's not that hard for an adversary to figure out a way around that. And so preparation is key. Making sure that you have something in place and I'm going to give you an operational example here. One of the things we saw with the LBA campaigns is they actually started doing network of conasense for their targets. And what they would do is they would take the IP addresses belonging to your organization. They would look up the domains associated with that and they would figure out like, "Hey, this is bpn.organization.com or VPN two." And all of a sudden they've found your VPN concentrator and so that's where they're going to focus their attack. So something as simple as changing the way that you name your VPN concentrators might be sufficient to prevent them from hitting that weak link or right sizing the DDoS protection services for your company. Did you need something as big as like OnPrem Solutions? We need hardware. Do you instead want to do a managed service? Or do you want to go and talk to a cloud provider because there's right solutions and right sizes for all types of organizations. And the key here is preparation. In fact, all of the customers that we've worked with for the LBA extortion campaigns, if they were properly prepared they experienced almost no downtime or impact to their business. It's the people like the New Zealand Stock Exchange or their service provider that wasn't prepared to handle the attacks that were sent out them that were crippled. And so preparation is key. The other part is awareness. And that's part of what we do with this threat report because we want to make sure you're aware what adversaries are doing, when new attack vectors are coming out, how they're leveraging these, what industries they're targeting because that's really going to help you to figure out what your posture is, what your risk acceptance is for your organization. And in fact, there's a couple of resources that that we have here on the next slide. And you can go to both both of these. One of them is the threat report. You can view all of the details. And we only scratched the surface here in this Cube interview. So definitely recommend going there but the other one is called Horizon And netscout.com/horizon is a free resource you can register but you can actually see near real-time attacks based on industry and based on region. So if your organization out there and you're figuring, "Well I'm never attacked." Well go look up your industry. Go look up the country where you belong and see is there actually attacks against us? And I think you'll be quite surprised that there's quite a few attacks against you. And so definitely recommend checking these out >> Great resources netscout.com/horizon, netscout.com/threatreport. I do want to ask you one final question. That's in terms of timing. We saw the massive acceleration in digital transformation last year. We've already talked about this a number of times on this program. The dependence that businesses and consumers, like globally in every industry, in every country, have on streaming on communications right now. In terms of timing, though, for an organization to go from being aware to understanding what adversaries are doing, to being prepared, how quickly can an organization get up to speed and help themselves start reducing their risks? >> So I think that with DDoS, as opposed to things like ransomware, the ramp up time for that is much, much faster. There is a finite period of time with DDoS attacks that is actually going to impact you. And so maybe you're a smaller organization and you get DDoS attacked. There's a, probably a pretty high chance that that DDoS attack isn't going to last for multiple days. So maybe it's like an hour, maybe it's two hours, and then you recover. Your network resources are available again. That's not the same for something like ransomware. You get hit with ransomware, unless you pay or you have backups, you have to do the rigorous process of getting all your stuff back online. DDoS is more about as soon as the attack stops, the saturation goes away and you can start to get back online again. So it might not be as like immediate critical that you have to have something but there's also solutions, like a cloud solution, where it's as simple as signing up for the service and having your traffic redirected to their scrubbing center, their detection center. And then you may not have to do anything on-prem yourself, right? It's a matter of going out to an organization, finding a good contract, and then signing up, signing on the dotted line. And so I think that the ramp up time for mitigation services and DDoS protection can be a lot faster than many other security platforms and solutions. >> That's good to know cause with the up and to the right trend that you already said, the first quarter is usually slow. It's obviously not that way as what you've seen in 2021. And we can only expect what way, when we talk to you next year, that the up and to the right trend may continue. So hopefully organizations take advantage of these resources, Richard, that you talked about to be prepared to mediate and protect their you know, their customers, their employees, et cetera. Richard, we thank you for stopping by theCube. Talking to us about the sixth NetScout Threat Intelligence Report. Really interesting information. >> Absolutely; definitely a pleasure to have me here. Lisa, anytime you guys want to do it again, you know where I live? >> Yes. It's one of my favorite topics that you got and I got to point out the last thing, your Guardians of the Galaxy background, one of my favorite movies and it should be noted that on the NetScout website they are considered the Guardians of the Connected World. I just thought that connection was, as Richard told me before we went live, not planned, but I thought that was a great coincidence. Again, Richard, it's been a pleasure talking to you. Thank you for your time. >> Thank you so much. >> Richard Hummel, I'm Lisa Martin. You're watching this Cube conversation. (relaxing music)

>> Narrator: From around the globe, it's theCUBE with coverage of KubeCon and CloudNativeCon Europe 2021 virtual. Brought to you by Red Hat, The Cloud Native Computing Foundation, and ecosystem partners. >> Hey, welcome back to theCUBE's coverage of KubeCon 2021 CloudNativeCon Europe. Part of the CNCF and ongoing, could be in there from the beginning, love this community, theCUBE's proud to support and continue to cover it. We're virtual this year again because of the pandemic but it looks like we'll be right around the corner for a physical event, hopefully for the next one, fingers crossed. Got a great guest here from Red Hat. Siamak Sadeghianfar, a Senior Principal Product Manager. Welcome to theCUBE. Thanks for coming in. >> Thank you for having me. >> So, this topic's about GitOps, Pipelines, code. Obviously Infrastructure as Code has been the ethos since I can remember going back to 2008 and the original cloutaroti vision. And we were always talking about that. Now it's mainstream. Now it's DevSecOps. So, it's now, day two operations, shifting left with security. OpenShift is continuing to get, take ground. Congratulations on that. So my first question is you guys announced the general availability of OpenShift Pipelines and GitOps at KubeCon. What are, what's this about? And what's the benefits for the customer. Let's get into the news >> Thanks for, to begin with for the Congress and this, this is definitely a hot topic around the DevSecOps. And the different variations of that year about some versions that during in, in FinTech and other verticals as well. The idea is here really is that CI/CD has been around for a long time, continuous integration and continuous delivery, as one of the core practices of the DevOps movement. DevOps movement is quite widespread, now. You, you see reports of above 90% of organizations are in the process of adoption in their journey. And this is one of the main practices but something that has become quite apparent is that many of these organizations that are investing more and more in Cloud Native apps and adopting Cloud Native ways of building applications the tooling and technology that they use for CI/CD since CI/CD is nothing new is from 10 years old, five years old pre Kubernetes era which is not quite Cloud Native. So there is always a clash of how do I build Cloud Natives application using these technologies that are not really built for Cloud Native space and an OpenShift Pipelines OpenShift GitOps is really an opening in this direction and bring more Cloud Native ways of continuous integration and continuous delivery to customers on OpenShift. >> Got it, so I got to ask you, so a couple of questions on this topic, I really want to dig into. Can you describe the Cloud Native CI/CD process versus traditional CI/CD? >> Sure, so traditional when we think about CI/CD there is usually this monolithic solutions that are running on a virtual machine on a type of infrastructure that they use to deploy applications as well. 'Cause you, you need reliability and you have to be making an assumption about an infrastructure that you're running on. And when you come to Cloud Native infrastructure you have a much more dynamic infrastructure. We have a lot less assumptions. You might be running on a public cloud or on premise infrastructure or different types of public cloud. So these environments are often also containerized. So there are, there's a high chance you're running on a container platform, regardless if it's a public or on premises. And with the whole containers, you, you have different types of disciplines and principals to think in, about your infrastructure. So in the Cloud Native ways of CI/CD, you're running most likely in a container platform. You don't have dedicated infrastructure. You are running mostly on demand. You scale when there is a demand for running CI/CD, for example, rather than dedicated infrastructure to it. And also from the mode of operation from organization perspective, they are more adapted to this decentralized ways of ownership. As a part of the DevOps culture, this comes really with that movement, that more and more development teams are getting ownership of some portion of the delivery of their applications. And it's cognitive CS/CD solutions, they focus on supporting these models that you go away from that central model of control to decentralize and have more ownership, more capabilities within the development teams for delivering application. >> Okay, so I then have to ask you the next question. It's like you, like a resource, you'd say: Hey Siri, what is, what is GitOps? What is GitOps? 'Cause that's the topic that's been getting a lot of traction, everyone's talking about it. I mean we know DevOps. So what is the GitOps model? Can you define that? And is that what a, it that what comes after DevOps? Is it DevOps 2.0, what is the GitOps model? >> That's a very good question. GitOps is nothing really new. It's rather a more descriptive way of DevOps principles. DevOps talks about the cultural changes and mindset and ways of working. And when it comes to the, to the concrete work flow it is quite open for interpretation. So GitOps is one, a specific interpretation of how you, you do continuous integration and continuous delivery, how we implement DevOps. And the concept have been around for a couple of years. But just recently, it's got a lot of traction within the Cloud Native space. >> So how does GitOps fit into Kubernetes then? 'Cause that's going to be the next dot that we want to connect. What is that, what is, how, how. How does GitOps fit into Kubernetes? >> So GitOps is really the, the core principle of GitOps is that you, you, you think about everything in your infrastructure and application in a declarative manner. So everything needs to be declared in, in, in a number of gate repositories and you drive your operations through Git Workflows. Which if you think about it is quite similar to how Kubernetes operates. The, the reason Kubernetes became so popular is because of this declarative way of thinking about your infrastructure. You declare what you expect and Kubernetes actualizes that on, on some sort of infrastructure. So GitOps is, is, is exact same concept, but the, but applied not to the infrastructure itself, but to the operations of that infrastructure, operations of those applications. It becomes a really nice fit together. It's the same mindset really applied in different place. >> It's like Kubernetes is like the linchpin or the enabler for GitOps. Just a whole nother level of, I mean, I think GitOps essentially DevOps 2.0 in my opinion because it takes this whole nother level above that for the developer modern developer because it allows them to do more. So it's been around for a while. We've been talking about this, it's got a new name but GitOps is kind of concept has been around. Why is the increase adoption happening now in your opinion or do you have any data on or any facts or opinion on why it's such an increase in, in conversation and adoption? >> You had the, you had like very accurate point there that Kubernetes has been a great enabler for, for DevOps and later the same applies to GitOps as well because of that, that great fit. It has been, GitOps the concept has been there but implementation of that has been quite difficult before Kubernetes and also for non-containerized environments. Kubernetes is, is a very potent platform for this kind of operation because the the mindset and the ways of working is really native to how Kubernetes thinks. But there is also another driver that has been influential in, in the rise of GitOps in the last year or two. And this is an observation we see at a lot of our customers, that the number of clusters that organizations are deploying, Kubernetes clusters increasing. As their maturity increases they get more comfortable with Cloud Native way of working and transfer the workflows to become Cloud Native, they are, they are having, they move more and more of their infrastructure to Kubernetes clusters. So a new challenge rises with this. And now that I have a larger number of clusters how do I ensure consistency across all these, all these clusters? So before I had to deploy an application to production environment, perhaps, which meant two clusters across two geographical zones. Now I have to deploy to 20 clusters. And these 20 clusters also change over time. So this week is a different 20 clusters then three weeks from now. So this, this dynamic ways of working and the customers maturing in, in dealing with Kubernetes operating communities has increased really the pace of adoption of GitOps because it addresses a lot of those challenges that customers are dealing with in this space. >> Yeah, you bring up a really good challenge there. And I think that's worth calling out, this idea of expansion. And I won't say sprawl because it's not a sprawl of cluster. It's more a state provisioning and standing up clusters. And you said they they're changing because the environment has needs and the workloads might have requirements. This makes total sense in a DevOps kind of GitOps way. So I get that and I see that definitely happening. So this brings up the question, if I'm a customer, what I'm worried about is I don't want to have that Hadoop factor where I build a cluster and it takes too long to manage it, or I can't measure it, or understand the data, or have any observability. So I want to have an ease of provisioning and standing up and I want to have consistency that my apps who are using it, don't have to be, you know mangled with or coded with. So, you know, this combination of ease of deploying, ease of integrating, ease of consuming the clusters becomes a service model. Can you share your thoughts on how that gets solved? >> Yeah, absolutely. So that, that's a great point because as, as this is happening, there is also heterogenesis in this, this type of Kubernetes infrastructure window. Like, they're all Kubernetes but this problem also has multiple facets as customers running on multiple public clouds and, and combination of that with their on-premise Kubernetes clusters. And that is, they may as well be OpenShift across all this, all this infrastructure. But the, the problem that GitOps helps its customers advise that they can have the exact same operational model across all these apps and infrastructure, regardless of what kind of application it is. And regardless of where OpenShift is installed or if you're using that combined with a public cloud managed a Kubernetes stats, is the exact same process because you're relying on, on the Gits Workflows, right? And even beyond that, this standard workflow has the benefit of something that many organizations are already familiar with. So if you think about what GitOps operations mean it is essentially what developers have been always using for developing applications. So this standardizes the operations of both application and infrastructure as solvers. >> Listen to me, I got to ask you as the product manager on the whole pipelining in Kubernetes deployments. In your opinion, share your perspective on, real quick, on Kubernetes, where we're at? Because just the accelerated adoption has been phenomenal. We've seen it mature this year at KubeCon. And certainly when KubeCon North America happens, you're going to see more and more end user participation. You're going to see much more end-user use cases. You mentioned clusters are growing. What's the state of Kubernetes from your perspective, from a developer mindset? >> So Kubernetes, I think it has moved from a place that it was seen as only a, a type of infrastructure for Cloud Native applications because of the capability that it provides to a type of infrastructure for any type of application, any type of workload. I think what we have seen over the last two years is, is a shift to expansion of the use cases. And if, if you are, you talked about head open if you are a data scientist, or if you are an AIML type of developer or any type of workload really, see use cases that are coming to the Kubernetes platform as the targets type of infrastructure. So that's really where we see Kubernetes at right now is the really, the preferred infrastructure for any type of workload. And I believe this trend going to to keep continuing to address any of the challenge that exists that prevents maybe part of the, a particular type of workload to address that within the platform and opens that to add to, to developers. Which means for the developers now, once you learn the platform you are really proficient in a, you have this skills for any type of application or any type of infrastructure because they're all standardized, regardless of what type of application or workloads or technology you're specialized in. They're all going to the exact same platform. So it's very standardized type of skills across organizations, different type of teams that they have. >> Awesome, great, thanks for sharing that insight and definition. You're like a walking dictionary today for our CUBE audience. Thank you for all this good stuff. Appreciate it. Final question for you is, what does it mean for developers that are using Jenkins or other cloud-based CI solutions like GitHub Actions? What, what's the impact to them with all this from a working standpoint? 'Cause obviously you've got to make it workable. >> Right, so it's CI/CD also like it's, it's it's great to see like with DevOps adoption, there are many organizations that already have processes in place. They have, they're already using a CI tool or a CD tool. They might be using Jenkins. A lot of organizations really use, use Jenkins even though it comes with challenges and you might be using public cloud services or cloud-based CI tools, like you have Actions, you have pipelines and so on. So we are very well aware of the existing investment that many organizational teams have made. And we make sure that OpenShift as a platform works really well alongside all these different types of CI and CD technology that exists. We want to make sure that for developers starting on OpenShift, they, they have a really solid Cloud Native foundation for CI/CD. They have of strategies included but replaceable type of strategies. So they, they have a supportive platform that is Cloud Native, that gives them capability that matches the type of Cloud Native workloads that they have on the platform but also integrate well with existing tooling that exists around CI/CD. So that they can match and choose if they want to replace a piece of that with an existing investment that they have done, integrated with the rest of the platform. >> Awesome, well, great to have you on. Having the principal product manager is awesome, to talk about the two new announcements here. OpenShift pipe, Pipelines, and OpenShift GitOps. Final, final question, bumper sticker this for the audience. What's the bottom line with OpenShift Pipelines and GitOps? What's the, what's the bottom line benefit for customers? >> It's a, so OpenShift Pipeline and OpenShift GitOps makes it really simple for customers to create Cloud Native Pipelines and GitOps model for delivering application. And also making cluster changes across a large range of clusters that they have, make it really simple to grow from that point to many, many clusters and still manage the complexity of this complex infrastructure that it will be growing into. >> All right, Siamak Sadeghianfar, Senior Principal Product Manager at Red Hat. Here for the KubeCon + CloudNativeCon, Europe. CUBE conversation, thanks for coming on, appreciate it. >> Thanks John, thanks for having me. Okay, CUBE coverage continues. I'm John Farrow with theCUBE. Thanks for watching. (upbeat music)

>> Announcer: Live from Barcelona, Spain, it's theCube. Covering Cisco Live 2020. Brought to you by Cisco and its ecosystem partners. >> Hello everyone, welcome back to Cisco Live Barcelona 2020, kickin' off the new year. Of course, it's theCube's coverage of four days of Cube action. All day, I'm John Furrier, my host Stu Miniman, got two great guests, Thomas Scheibe, Vice President of Cisco and Yousuf Khan, Vice President Technical Marketing. All things data center and networking, these are the guys. Guys, good to see you again, welcome back. >> Thanks, always fun. >> Thank you very much. So, kicking off the show, I know there's some announcements coming so we're going to save the good stuff for tomorrow and Wednesday. But a lot of new things going on in data center and Cisco ecosystem. Give us the update. >> Yeah, again, thanks for having us on. So yeah, I mean there's actually a lot of good stuff on the data center side. Let me touch a couple of items. One we started two years ago, actually, was assurance. We're expanding our analytics portfolio, we're adding insights capability. So it's the assurance and network insights tool set. Very, very cool stuff. Really focused on the network operator. That was one of the messages we got, you guys need to help us here in these complex cloud environments. And so what we have is we built ACI extensions for our fabric controllers. Bolster NEXUS and ACI site. Same same. Pure software extension. And initial feedback from customers is very, very happy with what they see. So that's one piece. I don't know, Yousuf, you want to say a little bit on what we do with ecosystem partners? >> Thank you, yes we are very excited also to announce some of the new integrations that we have with our ecosystem partners. And for example AlgoSec and ACI integration. Terraform from HashiCorp and ACI integration. Continued expansion with our Splunk apps with the ecosystem. So these are some of the new things that we are working on. So that is excellent. And on top of it, Thomas, you can expand on it, but I think we are very happy that our 400 gig portfolio is shipping now, and we have customers in production on our 400 gig portfolio. So that is great news for us. >> Yeah, that's such a good point. >> You mentioned Splunk and Terraform, HashiCorp, you know, ecosystem partners. It's interesting, if you look at the performance of a lot of those companies, cloud is a tailwind for them. So, because the consumption is a service, the customers are all embracing it. But it's not just public cloud, the data center now is back. Can you guys just share your thoughts on your environment with your customers? Because the software is the key, get it as a subscription or consumable model. What are some of the trends with the consumer, I mean customers in the data center, because cloud and hybrid now is happening, and it's real growth. >> Oh, it's absolutely happening. So yeah, I mean, maybe a little bit of why this is happening, why we are having some of these integrations, you're absolutely right, cloud is happening, but really cloud means hybrid cloud or for some customers, multi-cloud hybrid because they're going to have two different cloud providers. But it's really hybrid cloud, so it's really distributed data center. And so the interesting piece happens, it's really two things that need to come together. There's this whole network automation analytics, which is, how do I get from my data center into a cloud and how do I treat this really like a utility. But that's the infrastructure. Then there's this front end, because what really drives this is the application refactoring. And this is where the application automation needs to come together with the infrastructure automation, and so that's one of the reasons why we have this integration with Terraform and the other one is like a Jenkins Pipeline tool. How do we actually take what the application was in the front end, and then seamlessly mix it into infrastructure, which is like a supernode, or infrastructure as a code thing. And that doesn't really matter whether that's in the cloud or on-prem, it has to work across. >> Automation is a huge thing. >> Yeah, and it's so nice to hear. Because Thomas, actually, when Cisco first came out with application-centric infrastructure, I kind of looked at it a little bit, I'm like, well, come on, how much are you actually tying to the application? Well, it was Cisco skating to where the puck was going. And I think the technology today and what you're talking about is closer to that application, and we have, we're here in the devNet zone, we're talking more about those pieces. Not just, oh, it's something that runs over the pipes and I've got buffers and traditional networking pieces. Would you say that's fair, that we're a little bit more application-centric today in 2020 than we might have been a couple of years ago? >> That's actually, that's a very good comment. I probably would spin it slightly different, because I'm the pragmatic guy. Yeah, do we want everything at the same time? Absolutely, right? But you do have to put some of the building blocks in place. And yes, application-centric really meant more we changed the configuration management scheme of infrastructure from thinking about network terms to using application terms. And that's really what application-centric means. It doesn't mean you change the application. It was more like, change the paradigm. How do you manage infrastructure to not just automate. Everybody does that. But actually have an abstraction layer that is meaningful to secure and apps people. And you're right, it takes time to get there. >> In the end, customers and users are looking to deploy applications faster, manage applications better. That's the whole purpose of building the data center, so that we can host the applications. So what we did is, we introduced constructs that can help you manage those applications better, deploy them faster, manage the life cycle of those applications faster, and that's why we introduced the concepts. And again, I mean, going back to your comment in terms of buffers and searches, we firmly believe that the plumbing which is the networking, has to be state of the art for us to abstract these things on top through software and exploit through software. So we have to have a best-in-class network and the searches and then we have to build the op section that we can exploit through the software means, right? >> And also, that highlights the partnerships that you mentioned. Companies like Splunk and HashiCorp, they're living in a multi-cloud environment. So, I shouldn't need to think about for some of them, oh, wait, is it hybrid cloud, public cloud A, or my data center, things like that. I'm going to have that common tooling and skill set across those environments. >> Right, because all the CIOs that we talk to, I mean, multi-cloud is a big part of their strategy. And they want to make sure that they have consistent security posture, whether it is on-prem, whether it is on multi-cloud, or like, consistent governance model across hybrid cloud. >> Yeah, that's a good point. I want to get your thoughts on that, because multi-cloud and hybrid we've both mentioned, it's interesting and what we were saying in our opening segment just earlier, multi-cloud is a business problem. It's what you have, it's a situation. Hybrid is technology, you're implementing new things for an operating model that hits core to what happens in your environment, whether it's software development, application awareness, network automation. So, they're two different things but they're kind of related, right? So you nail hybrid with public private or public on-premise, and then multi-cloud can be dealt with. This seems to be where you guys are fitting in, right? Because you can do the hybrid public, then you connect, just that's the outcome of the software. >> You're spot on, right. People use it and sometimes it means the same, and sometimes it's really not. And hybrid cloud is really around, how can I extend my data center to a public cloud infrastructure, right? And that's more of a technology discussion. What do I need to do to make that happen? Then there's the multi-cloud discussions really around how do I have consistent policy, because I want to get to a situation where I don't have to worry. And so I can deploy this, subscribers can deploy whenever I want to. And so you're right, they're two distinct things that need to happen. But I do, sorry, I do want to come back to your comment because I can take up the energy there. Users are common there, right? I mean for half these application developers that want to use tools like Terraform or Jenkins or... >> Yousuf: Ansible. >> Or Ansible or Splunk, all of them expect that they have an API. And they expect actually a network API. What they all prefer to have is something that makes sense from an application construct perspective. And so that's why we had to put something in place to make that work, right? Was it they weren't all there? That the application team could jump? Clearly not, but it's very clear if if I look, we are now, what? Six years into this? If I look back, I think it really jolted the market and I think it got everybody moving in that direction. >> Yeah and again, when we use the term application-centric infrastructure, the whole purpose is it is conducive to deploy applications faster and manage applications better. That's why, right? >> Wonder if you can dig in a little bit on the 400 gig? Tell us, you know, it's not just the next step function. We're trying to go more to the applications, you talk about these changes. So, what do people need to understand about 400 gig? You know, what's the same? What does this unlock for me? Does this tie in with all my WIFI 6 and 5G, and everything else that I'm doing? You know, where and when is this most important? >> Wow, let me take it maybe, on 400 gig. A, it is available and shipping. A little sneak preview, we're actually going to have a customer with us on Wednesday talk about what they do with 400 gig, in their European data center. It's a French customer. 400 gig is really an evolution. The way I look at it, right, I mean, we had 1 gig, 10 gig, 40, 100, 400, right? It's literally an evolution. And we're always looking back and saying, wow, do you really need that much bandwidth? Then later, you know, when you ask the question, you look like you missed it. Where is it deployed today? Service provider. No data arm, it's all in the service provider space. It's primarily what we call a large scale cloud provider. But also, the initial more tech DCs are looking at this. It's an evolution. How do we build 400 gig? The way we approach it is, this is not something special. Everything that we do today around ACI, everything we do around analytics has to work, right? Because customers are not building their own speeds. Customers are building around the operational model, and whatever they have has to work. Just because I've got my 4x speed, that has to work the same way. And so 400 gig for us, is really an extension on what we have. And you will see it. It plucks indirectly. So, can I build a 400 gig ACI fabric? Yes you can, if you want to. >> With all that horsepower, obviously the next logical question that comes to my mind is, okay, faster means more data, that means more potential fat-finger mistakes on configurating. But if you automate that away, you need AI, right? So, analytics and AI become interesting to that. How does that fit into the customer journey when they go, okay, I'm going faster. If I'm application-aware, is there an analytics angle on this? >> Ah, yes there is. >> No, you're absolutely right. I think based on the survey that we received, US corporations are spending billions of dollars due to the IT outages, right? And most of those outages are human errors, right? 43% of the IT corporations are spending 43% of their time in troubleshooting those outages. So I think it is very, very important, as the data centers are scaling, as the fabrics are getting automated, is that we grab them and provide them with the operation tools that can look smartly and proactively predict the network changes. They can assure that in turn the business intent has been translated into the network and proactively tell them what are the problems they might run into. And when they run into the problems, also intelligently explain to them what is the correlation of the events that they see on their log files and what is the root cause of the problem, right? >> Yeah, you've got a lot of data to work with there. And experience, right? That's where the predictive analytics-- >> Maybe let me expand it a little bit. So, I started off as saying we have this interesting extension and network insight which is precisely that, what Yousuf just elaborated on. It's really an engine that takes telemetry data and we're going actually one step further than everybody else that I know. Everybody talks telemetry, but they're talking about software telemetry, network state. We actually can marry that up with actual traffic data, in real time, and we can give you that correlation. And now I'm getting actually where you are kind of going to, is, I can actually tell you what's the root cause between why do I have a congestion, why do I have a problem and who is impacted, and who caused this? And I can actually predict the stuff. I can actually see this before it happens, and now help a customer. I can look at other customer experience and I do really more with machine learning. There's really an opportunity there. We're just scratching the surface, if you ask me. There's so much upside-- >> I mean, historically speaking, if you look at it, I mean, we had all the show commands in the world, which can tell you that what the (mumbles) looks like. What the CAM utilization is. But the co-relation, or the time-based co-relation was missing, in terms of when you're seeing some traffic degradation, you don't know whether it is dropped, dropped on what search, which type of traffic is getting affected. Now we have the ability to, using MLANI techniques to co-relate these events and give a meaningful picture back to the customer, so you can pinpoint that, look, my video traffic on search number five is getting affected because there is a drop in the output buffer, because my link is congested. >> And that only works if you have quality data. It's not so much volume. Volume, I mean, the faster you go, Facebook and these guys prove it, you can use machine learning. But if the data's good, then the outcomes are better on the predictive. >> You need to have the flow data. If you don't have it, there's nothing you can do. >> So, scale is something we talk a lot about in the network. When I walk through the show floor, I'm starting to see some of the small scale, because we're talking about edge computing, we talked about shrinking down some of the things we're doing. When I hear telemetry data and AI and everything, I'm like, oh, here's some big opportunities that we need to attack at the edge. So, what can you tell us about where your group is with some of the edge pieces? >> Well, interesting, actually I just came out of the service provider opening session, and I was there together with T-Systems, actually, on stage. It was a customer of ours, he's using actually an ACI fabric together with a (mumbles) environment, which is like a virtual infrastructure management on x86. And they're using that in a Taco Cloud environment. And clearly, as an interconnect for networking services and it's going to move, if you look at what they have in mind, moving into more edge services. And that's an SP example, that we have today deployed. But clearly, I think you're going to see this in enterprises. You see this pretty much in every customer base, right? Because what you do have is you have this trade off between do I want to get all my data back, centrally? Or do I want a computer on the edge? And what we have put in place was our ACI fabric. I can run this in a highly distributed and still scalable environment, managed centrally, with policy. So, not only is this actually where we think the world is going, we actually have customers doing this as we speak. >> Yeah, I think it's a tell sign too, and my final question for you guys is, and we've been saying this, I've been saying this in theCube with the team is, cloud helps everybody if hybrid kicks in, which we now have proven that hybrid cloud is a reality. That's what's going on, technically, operationally. If you believe that, then you go to the next level which is cloudification value. So I want to rattle off some keywords for you guys, and I want you to respond to 'em. So, cloudification of networking. Network as a service. WAN to cloud versus internal. SD WAN, simplification of the edge, BGP. Security in networking. Common policy. >> It's a lot of technology and gobbledegook. >> That all sounds complex, but it's got to be simplified. What's your reaction to that, cloudification? How does that kind of direction package itself out for the benefit of customers? Because there's a lot in there, right? SD WAN alone. >> There's a lot in there. >> Yeah, simplify it. >> My easy way I look at this is in the end, it's a business. It's that simple, right? And what's going on, you want to generate more revenue, more services, which is where the profit and the money comes from. And you have to scale, which means more service individually. More scale, how many customers you're going to deliver to, how fast you can roll this out. Without having your costs going up the same way. And that's really what it comes down to, at least in my book. And then you make your decisions what you're going to pick, right? How do I figure out how to develop an app faster? Maybe you're going to go to the cloud, to start cloud-first, to develop. And then you figure out, oh, I need to hit a certain scale, I'm going to start having it running and running here, My dev here, my production here, I need to connect it. But all of these things again coming down, how do we roll out services faster without my costs actually going up, but preferably staying flat or going down. >> So, business model. >> It's a business problem, that's what it is. >> Yeah, and I think from my perspective, it is about us building tools for the customer so that we can simplify the whole process for them, right? So that these multi-cloud can be treated as another site. Whether you are deploying it on-prem, whether you are deploying in AWS or Azure, these are different sites to you. And you don't have, as a user, have to worry about the nuances of AWS versus Azure versus IBM versus on-prem, you should be able to say this is my intent, deploy it in AWS, deploy it in on-prem, and be able to move the workloads accordingly. >> So, if I extract what you guys just said is, if the hybrid and cloud equation operationally solves itself, technically and with software and automation, all that stuff, the business issues, the app development, basically, the apps drive everything. >> Thomas: Absolutely. That's a good summary. >> That's the nirvana, I mean, are we going to hear some of that on the show this week? >> Absolutely. >> I think you're going to hear some of these pieces, actually. How we're tying together business intelligence with infrastructure intelligence. I think you're going to hear of some it. >> And the good trend for the data center businesses is that the edge can look like a data center too. >> The data center is everywhere the data is. That is our mantra, and so that means we're everywhere. >> Okay, thanks for coming on theCube, really appreciate your insights. Great to have you on, thanks for joining us. Appreciate it. >> Thanks again. >> Thank you very much. >> I'm John Furrier, Stu Miniman. theCube kicking off, day one. Cisco Live 2020 in Barcelona, Spain. Thanks for watching.