>>We're back with the cube at Falcon 2022, Dave ante and Dave Nicholson. We're at the aria. We do of course, a lot of events in Las Vegas. It's the, it's the place to do events. Dave, I think is my sixth or seventh time here this year. At least. I don't know. I lose track. Jeff Swain is here. He's the vice president of global programs store and tech alliances at CrowdStrike. Jeff. Good to see you again. We saw each other at reinvent in July in Boston. >>Yes. Yeah, it was great to see you again, Dave, thank >>Very much. And we talked about making this happen so thrilled to be here at, at, at CrowdStrike Falcon. We're gonna talk today about the CrowdStrike XDR Alliance partners. First of all, what's XDR >>Well, I hope you were paying attention to George's George's keynote this morning. I guess. You know, the one thing we know is that if you ask 10, five people, what XDR is you'll get 10 answers. >>I like this answer a holistic approach to endpoint security. I, that was, >>It was good. Simple. >>That was a good one at black hat. So, but tell us about the XDR Alliance partners program. Give us the update there. >>Yeah, so I mean, we spoke about it reinforced, you know, the XDR program is really predicated on having a robust ecosystem of partners to help us share that telemetry across all of the different parts of our customers' environment. So we've done a lot of work over the last few weeks and trying to bolster that environment specifically, putting a lot of focus on firewall. You'll see that Cisco and fortunate have both joined the XD XDR Alliance. So we're working on that right now. A lot of customer demand for firewall data into the telemetry set. You know, obviously it's a very rich data environment. There's a lot of logs on firewalls. And so it drives a lot of, of, of information that we can, we can leverage. So we're continuing to grow that. And what we're doing is building out different content packs that support different use cases. So firewall is one CAS B is another emails another and we're building, building out the, the partner set right across the board. So it's, it's, it's been a, a great set of >>Activity. So it's it's partners that have data. Yep. There's probably some, you know, Joe Tuchi year old boss used to say that that overlap is better than gaps. So there's sometimes there's competition, but that's from a customer standpoint, overlap is, is better than gaps. So as gonna mention Cisco forte and there are a number of others, they've got data. Yes. And they're gonna pump it into your system, our platform, and you've got the, your platform. You've got the ability to ingest. You've got the cloud native architecture, you've got the analytics and you've got the near real time analysis capability. Right, right. >>Augmented by people as well, which is a really important part of our value proposition. You know, we, it's not just relying purely on AI, but we have a human, a human aspect to it as well to make sure we're getting extremely accurate responses. And then there's the final phase is the response phase. So being able to take action on a CASB, for example, when we have a known bad actor operating in the cloud is a really important, easy action for our customer to take. That's highly valuable. You're >>Talking about your threat hunting capability, right? >>So it's threat hunting and our Intel capability as well. We use all of that information as well as the telemetry to make sure we're making good, actionable >>Decisions, Intel being machine intelligence or, or human and machine >>Human and human and machine intelligence that we have. We have a whole business that's out there gathering Intel. I believe you think to Adam Myers who runs that business. And you know, that Intel is critical to making good decisions for our customers. >>So the X and XDR is extended, correct. Extending to things like firewalls. That's pretty obvious in the security space. Are there some less obvious data sources that you look to extend to at some point? >>Yeah, I think we're gonna continually go with where the customer demand is. And firewalls is one of the first and is very significant. Other one, you'll see that we're announcing support for Microsoft 365 as well as part of this, this announcement, but then we'll still grow out into the other areas. NDR is, you know, a specific area where we've already got a number of partners in that, in that space. And, and we'll grow that as we go. I think one of the really exciting additional elements is the, the OCS F announcement that we made at at, at, at, at reinforced, which also is a shared data scheme across a number of vendors as well. So talking to Mike's point, Microsoft ST's point this morning in his keynote, it's really about the industry getting together to do better job for our customers. And XDR is the platform to do that. And crowd strikes it way of doing it is the only really true, visible way for a customer to get their hands on all that information, make the decision, see the good from the bad and take the action. So I feel like we're really well placed to help our customers in >>That space. Well, Kevin mania referenced this too today, basically saying the industry's doing a better job of collaborations. I mean, sometimes I'm skeptical because we've certainly seen people try to, you know, commercialize private information, private reports. Yeah. But, but, but you're talking about, you know, some of your quasi competitors cooperatives, you know, actually partnering with you now. So that's a, that's a good indicator. Yeah. I want to step back a little bit, talk about the macro, the big conversation on wall street. Everybody wants to talk about the macro of course, for obvious reasons, we just published our breaking analysis, talking about you guys potentially being a generational company and sort of digging into that a little bit. We've seen, you know, cyber investments hold up a little bit better, both in terms of customer spending and of course the stock market better than tech broadly. Yeah. So in that case it would, it would suggest that cyber investments are somewhat non-discretionary. So, but that is my question are cyber investments non-discretionary if, if so, how, >>You know, I think George George calls that out directly in our analyst reports as well that, you know, we believe that cyber is a non-discretionary spend, but I, I actually think it's more than that. I think in this current macro or economic environment where CIOs and CSOs are being asked to sweat their assets for significantly longer period of time, that actually creates vulnerabilities because they have older kit, that's running for a longer period that they normally, you know, round out or churn out of their environment. They're not getting the investment to replace those laptops. They're not getting the, I placement to replace those servers. We have to sweat them for a little bit longer, longer, which means they need to be on top of the security posture of those devices. So that means that we need the best possible telemetry that we can get to protect those in the best possible way. So I actually think not only is it makes it non-discretionary, it actually increases the, the business case for, for, for taking on a, a cyber project. >>And I buy that. I buy that the business case is better potentially for cyber business case. And cyber is about, about risk reduction, right? It's about, it's about reducing expected loss. I, I, I, I, but the same time CISOs don't have an open wallet. They have to compete with other P and L managers. I also think the advantage for CrowdStrike I'm, I'm getting deeper into the architecture and beginning to understand the power of a lightweight agent that can do handle. I think you're up to 22 modules now, correct? Yes. I've got questions on how you keep that lightweight, but, but nonetheless, if you can consolidate the point tools, which is, you know, one of the biggest challenges that, that SecOps teams face that strengthens the ROI as well. >>Absolutely. And if you look at what George was saying this morning in the keynote, the combination of being able to provide tools, not only to the SecOps team, but the it ops team as well, being able to give the it ops team visibility on how many assets they have. I mean, these simple, these are simple questions that we should be able to answer. But often when we ask, you know, an operations leader, can you answer it? It sometimes it's hard for them. We actually have a lot of that information. So we are able to bring that into the platform. We're able to show them, we're able to show them where the assets are, where the vulnerabilities are against those assets and help it ops do a better job as well as SecOps. So the, the strength, the case strengthens, as you said, the CSO can also be talking to the it ops budget. >>The edge is getting more real. We're certainly hearing a lot about it now we're seeing a lot more and you kind of got the, the near edge, like the home Depot and the lows, you know, stores. Yeah. Okay. That I, I can get a better handle on, okay. How do I secure that? I've got some standards, but that's the far edge. It's, it's the, the OT yes. Piece of it. That's sort of the brave new world. What are you seeing there? How do you protect those far flowing estates? >>I think this gets back to the question of what's what's new or what's coming and where do we see the, the next set of workloads that we have to tackle? You know, when we came along first instance, we were really doing a lot of the on-prem on-prem and, and, and known cloud infrastructure suites. Then we started really tackling the broader crowd market with tools and technology to give visibility and control of the overall cloud environment. OT represents that next big addressable market for us, because there are so many questions around devices where they are, how old they are, what they're running. So visibility into the OT network is extremely, extremely important. And, you know, the, the wall that has existed again between the CISO and the OT environments coming down, we're seeing that's closer, closer alignment between the security on both those worlds. So the announcement that we've made around extending our Falcon discover product, to be able to receive and understand device information from the OT network and bring it into the same console as the, the it and the OT in the same console to give one cohesive picture of, of visibility of all of our devices is a major step forward for our customers and for, for the industry as well. >>And we see that being, being able to get the visibility will then lead us to a place of being able to build our AI models, build our response frameworks. So then we can go to a full EDR and then beyond that, there's, you know, all the other things that CrowdStrike do so well, but this is the first step to really the first step on control is visibility. And >>The OT guys are engineers. So they're obviously conscious of this stuff. It's, it's more it's again, you're extending that culture, isn't >>It? Yeah, yeah, yeah. Now when you're looking at threats, great, you want to do things to protect against those threats, but how much, how much of CrowdStrike's time is spent thinking about the friction that's involved in transactions? If I wanna go to the grocery store, think of me as an end point. If I wanna go to the grocery store, if I had to drive through three DUI checkpoints or car safety inspections. Yeah. Every time I went to the grocery store, I wouldn't be happy as an end point as an end user in this whole thing. Ideally, we'd be able just to be authenticated and then not have to worry about anything moving forward. Do you see that as your role, reducing friction 1%, >>That's again, one of the core tenants of, of, of why George founded the company. I mean, he tells the story of sitting on an airplane and seeing an executive who was also on the airplane, trying to boot their machine up and try and get an email out before the plane took off and watching the scanning happen, you know, old school virus scanning happening on the laptop and, and that executive not making it because, and he is like in this day and age, how can we be holding people back with that much friction in their day to day life? So that's one of the, again, founding principles of what we do at CrowdStrike was the security itself needs to support business growth, support, user growth, and actually get out of the way of how people do things. And we've seen progression along that lines. I think the zero trust work that we're doing right now really helps with that as well. >>Our integrations into other companies that play within the zero trust space makes that frictionless experience for the user, because yeah, we, we, we want to be there. We want to know everything that's happening, but we don't wanna see where we always want control points, but that's the value of the telemetry we take. We're taking all the data so we can see everything. And then we pick what we want to review rather than having to do the, the checkpoint approach of stop here. Now, let me see your credentials. Stop here. Let me see your credentials because we have a full field of, of knowledge and information on what the device is doing and what the user is doing. We're able to then do the trust with verify style approach. >>So coming back to the, to the edge in IOT, you know, bringing that zero trust concept to the, to the edge you've got, you've got it. And OT. Okay. So that's a new constituency, but you're consolidating that view. Your job gets harder. Doesn't it? So, so, so talk about how you resolve that. Do do the, do the concepts that you apply to traditional it endpoints apply at the edge. >>So first things we have to do is gain the visibility. And, and so the way in which we're doing that is effectively drawing information out from the OT environment at, by, by having a collector that's sitting there and bringing that into our console, which then will give us the ability to run our AI models and our other, you know, indications of attack or our indicators of misconfiguration into the model. So we can see whether something's good or bad whilst we're doing that. Obviously we're also working on building specific senses that will then sit in OT devices down, you know, one layer down from rather being collected and pulled and brought into the platform, being collected at the individual sensor level when we have that completed. And that requires a whole different ecosystem for us, it means that we have to engage with organizations like Rockwell and Siemens and Schneider, because they're the people who own the equipment, right? Yeah. And we have to certify with them to make sure that when we put technology onto their equipment, we're not going to cause any kind of critical failure that, you know, that could have genuine real world physical disastrous consequences. So we have to be super careful with how we build that, which we're we're in the process of >>Doing are the IOA signatures indicator as a tax. So I don't have to throw a dollar in the jar. Are the IOA signatures substantially similar at, at the edge, or >>I think we learn as we go, you know, first we have to gain the information and understand what good and bad looks like, what the kind of behaviors are there. But what we will see is that, you know, as someone's trying to, there's an actor, you know, making an attack, you know, will be able to see how they're affecting each of those endpoints individually, whether they're trying to take some form of control, whether they're switching them on and off in the edge and the far edge, it's a little bit more binary in terms of the kind of function of the device. It is the valve open or is the valve closed? It's is the production line running or is the production not line running, not running. So we need to be able to see that it's more about protecting the outcomes there as well. But again, you know, it's about first, we have to get the information. That's what this product will help us do, get it into the platform, get our teams over the top of it, learn more about what's going on there and then be able to take action. >>But the key point is the architecture will scale. And that's where the cloud native things comes >>Into. Yeah, it'll, it'll it'll scale. But to your, to your point about the lack of investment and infrastructure means older stuff means potentially wider gaps, bigger security holes, more opportunity for the security sector. Yep. I buy that. That makes sense. I think if it's a valid argument, when you, when you, when you know, we, we loosely talk about internet of things, edge, a lot of those things on the edge, there's probably a trillion dollars worth of a hundred year old garbage, and I'm only slightly exaggerating on the trillion and the a hundred years old, a lot of those critical devices that need to be sensed that are controlling our, our, our, our electrical grid. For example, a lot of those things need to be updated. So, so as you're pushing into that frontier, are you, you know, are, are you extending out developer kits and APIs to those people as they're developing those new things? Well, because some of the old stuff will never work. >>And that's what we're we're seeing is that there is a movement within the industrial control side of things to actually start, you know, doing this. Some, some simple things like removing the air gap from certain systems because you, now we can build a system around it. That's trustable and supportable. So now we can get access there over, over and over a network over the internet to, to, to kind of control a valve set that's down a pipeline or something like that. So there is, there is, there is willingness within the ecosystem, the, the IOT provider ecosystem to give us access to some of those, those controls, which, which wasn't there, which has led to some of some of these issues. Are we gonna be able to get to all of them? No, we're gonna have to make decisions based on customer demand, based on where the big, the big rock lie. And, and so we will continue to do that based on customer feedback on again, on what we see >>And the legacy air gaps in the OT worlds were by design for security reasons, or just sort of >>Mostly because there was no way to, to do before. Right. So it was, was like black >>Connectivity is >>So, so, so it was, people felt more comfortable sending an engineer route to the field truck roll. Yeah, yeah, yeah. To do it rather than expensive, rather. And, and exactly that, again, going back to our macro economic situation, you know, it's a very expensive way of managing and maintaining your fleet if you have to send someone to it every time. So there is a lot of there's, there's a lot of customer demand for change, and we're engaging in that change. And we want, we see a huge opportunity there >>Coming back to the X XDR Alliance, cuz that's kind of where we started. Where do you wanna see that go? What's your vision for that? >>So the Alliance itself has been fundamental in terms of now where we go with the overall platform. We are always constantly looking for customer feedback on where we go next on what additional elements to add that the Alliance members have been this fantastic time and effort in terms of engaging with us so that we can build in responses to their platforms, into, you know, into, into what we do. And they're seeing the value of it. I, I feel that over the next, you know, over the next two year period, we're gonna see those, our XDR Alliance and other XDR alliances growing out to get to each other and they will they'll touch each other. We will have to do it like the OSF project at AWS. And as that occurs, we're gonna be able to focus on customer outcomes, which is, you know, again, if you listen to George, you listen to Mike protecting the customers, the mission of CrowdStrike. So I think that's core to that, to, to that story. What we will see now is it's a great vehicle for us to give a structured approach to partnership. So we'll continue to invest in that. We've, we've got, we've got a pipeline of literally hundreds of, of partners who want to join. We've just gotta do that in a way that's consumable for us and consumable for the customer. >>Jeff Swain. Thanks so much for coming back in the cube. It's great to have you. Yeah. Thanks guys. Thank you. Okay. And thank you for watching Dave Nicholson and Dave ante. We'll be back right after this short break. You're watching the cube from Falcon 22 in Las Vegas, right back.

(intro music) >> Hi everybody. Dave Vellante, back with Day Two coverage, we're live at the ARIA Hotel in Las Vegas for fal.con '22. Several thousand people here today. The keynote was, it was a little light. I think people were out late last night, but the keynote was outstanding and it's still going on. We had to break early because we have to strike early today, but we're really excited to have Stephan Goldberg here, Vice President of Technology Alliances at Claroty. And we're going to talk about an extremely important topic, which is the internet of things, the edge, we talk about it a lot. We haven't covered securing the edge here at theCUBE this week. And so Stephan really excited to have you on. >> Thank you for having me. >> You're very welcome. Tell us more about Claroty, C-L-A-R-O-T-Y, a very interesting spelling, but what's it all about? >> Claroty is cybersecurity company that specializes in cyber physical systems, also known as operational technology systems and the extended internet of things. The difference between the traditional IoT and what what everyone calls an IoT in the cyber physical system is that an IoT device has anything connected on the network that traditionally cannot carry an agent, a security camera, a card reader. A cyber physical system is a system that has influence and operates in the physical world but is controlled from the cyberspace. An example would be a controller, a turbine, a robotic arm, or an MRI machine. >> Yeah, so those are really high-end systems, run, are looked after by engineers, not necessarily consumers. So what's what's happening in that world? I mean, we've talked a lot on theCUBE about the schism between OT and IT, they haven't really talked a lot, but in the last several years, they've started to talk more. You look at the ecosystem of IoT providers. I mean, it's companies like Hitachi and PTC and Siemens. I mean, it's the different names than we're used to in IT. What are the big trends that you're seeing the macro? >> So, first of all, traditionally, most manufacturers and environments that were heavy on operations, operational technology, they had the networks air-gapped, completely separated. You had your IT network for business administration, you had the OT network to actually build stuff. Today with emerging technologies and even modern switching architecture everything is being converged. You have the same physical infrastructure in terms of networking, that carries both networks. Sometimes a human error, sometimes a business logic that needs to interconnect these networks to transmit data from the OT side of the house, to the IT side of the house, exposes the OT environment to cyber threats. >> Was that air-gap by design or was it just that there wasn't connectivity? >> It was air-gap by design, due to security and operational reasons, and also ownership in these organizations. The IT-managed space was completely separate from the OT-managed space. So whoever built a network for the controllers to build a car, for example, was an automation engineer and the vendors, that have built these networks, were automation vendors, unlike the traditional Ciscos of the world, that we're specializing in IT. Today we're seeing the IT vendors on the OT side, and the OT vendors, they're worried about the IT side. >> But I mean, tradition, I mean, engineers are control freaks. No offense, but, I'm glad they are, I'm thankful for that. So there must have been some initial reticence to them connecting up these air-gap systems. They went wanted to make sure that they were secure, that they did it right, and presumably that's where you guys come in. What are the exposures and risks of these, of this critical infrastructure that we should be aware of? >> So you're completely right. And from an operational perspective let let's call it change control is very rigorous. So they did not want to go on the internet and just, we're seeing it with adoption of cloud technologies, for example. Cloud as in industry four ago, five ago, cloud as in cyber security. We all heard Amol's keynote from this morning talking about critical infrastructures and we'll touch upon our partnership in a second, but CrowdStrike, CrowdStrike being considered and deployed within these environments is a new thing. It's a new thing because the OT operation managers and the chief information security officers, they understand that air-gap is no longer a valid strategy. From a business perspective, these networks are already connected. We're seeing the trends of cyber attacks, IT cyber attacks, like not Patreon, I'm not talking about the Stoxnet, the targeted OT. I'm talking about WannaCry, EternalBlue, IT vulnerabilities that did not target OT, but due to the outdated and the specification of OT posture on the networks, they hit healthcare, they hit OT much harder than they did IT. >> Was Log4J, did that sleep into OT, or any IT that. >> So, absolutely. >> So Log4J right, which was so pervasive, like so many of these malwares. >> All these vulnerabilities that, it's a windows vulnerability, it has nothing to do with OT. But then when you stop and you say, hold on, my human machine interface workstation, although it has some proprietary software by Rockwell or Siemens running on it, what is the underlying operating system? Oh, hold on, it's Windows. We haven't updated that for like eight years. We were focused on updating the software but not the underlying operating system. The vulnerabilities exist to a greater extent on the OT side of the house because of the same characteristic of operational technology environments. >> So the brute force air-gap approach was no longer viable because the business imperative came in and said, no, we have to connect these systems to digitally transform, or advance our business, there's opportunities to monetize, whatever it was. The business laid that out as an imperative. So now OT engineers have to rethink how they secure it. So what are the steps that they're taking and how does Claroty help? Is there a sort of a playbook, a sequential playbook? >> Absolutely, so before we discussed the maturity curve of adopting an CPS security, or OT security technology, let's touch upon the characteristic of the space and what it led vendors like Claroty to build. So you have the rigorous chain control. You have the security in mind, operations, lowered the risk state of mind. That led vendors, likes of Claroty, to build a solution. And I'm talking about seven, eight years ago, to be passive, mostly passive or passive only to inspect network and to analyze network and focus on detection rather than taking action like response or preventative maintenance. >> Um-hmm. >> It made vendors to build on-prem solutions because of the cloud-averse state of mind of this industry. And because OT is very specific, it led vendors to focus only on OT devices, overlooking what we discussed as IoT, Unfortunately, besides HMI and PLC, the controller in the plant, you also have the security camera. So when you install an OT security solution I'm talking about the traditional ones, they traditionally overlook the security camera or anything that is not considered traditional OT. These three observations, although they were necessary in the beginning, you understand the shortcomings of it today. >> Um-hmm. >> So cloud-averse led to on-prem which leads to war security. It's like comparing CrowdStrike and one of its traditional competitors in the antivirus space. What CrowdStrike innovated is the SaaS first, cloud-native solution that is continuously being updated and provide the best in cloud security, right? And that is very much like what Claroty's building. We decided to go SaaS first and cloud-native solution. >> So, because of cloud-aversion, the industry shows somewhat outdated deployment models, on-prem, which limited scale and created greater diversity, more stovepipes, all the problems that we always talk about. Okay, and so is the answer to that, just becoming more cloud, having more of an affinity to cloud? That was a starting point, right. >> This is exactly it. Air-gap is perceived as secured, but you don't get updates and you don't really know what's going on in your network. If you have a Claroty or a crosswork installer, you have much higher probability detecting fast and responding fast. If you don't have it, you are just blind. You will be bridged, that's the. >> I was going to say, plus, air-gap, it's true, but people can get through air-gaps, too. I mean, it's harder, but Stoxnet. Yeah, look at Stoxnet right, oh, it's mopping the floor, boom, or however it happened, but so yeah. >> Correct. >> So, but the point being, you know, assume that breach, even though I know CrowdStrike thinks that the unstoppable breach is a myth, but you know, you talk to people like Kevin Mandia, it's like, we assume you're going to get breached, right? Let's make that assumption. Yeah, okay, and so that means you've got to have visibility into the network. So what are those steps that you would, what's that maturity model that you referenced before? >> So on top of these underlying principles, which is cloud-native, comprehensive, not OT only, but XIoT, and then bring that the verticalization and OT specificity. On top of that, you're exactly right. There is a maturity curve. You cannot boil the ocean, deploy protections, and change the environment within one day. It starts with discovering everything that is connected to your network. Everything from the traditional workstations to the cameras, and of course ending up with the cyber physical systems on the network. That discovery cannot be only a high level profile, it needs to be in depth to the level you need to know application versions of these devices. If you cannot tell the application version you cannot correlate it to a vulnerability, right? Just knowing that's an HMI or that's a PLC by Siemens is insufficient. You need to know the app version, then you can correlate to vulnerability, then you can correlate to risk. This is the next step, risk assessment. You need to put up a score basically, on each one of these devices. A vulnerability score, risk score, in order to prioritize action. >> Um-hmm. >> These two steps are discovery and thinking about the environment. The next two steps are taking action. After we have the prioritized devices discovered on your network, our approach is that you need to ladle in and deploy protections from a preventative perspective. Claroty delivers recommended policies in the form of access control lists or rules. >> Right. >> That can leverage existing infrastructure without touching a device without patching it, just to protect it. The next step would be detection and response. Once you have these policies deployed you also can leverage them to spot policy deviations. >> And that's where CrowdStrike comes in. So talk about how you guys partner with CrowdStrike, what that integration looks like and what the differentiation is. >> So actually the integration with CrowdStrike crosses the the entire customer journey. It starts with visibility. CrowdStrike and us exchange data on the asset level. With the announcement during FalCon, with Falcon Discover for IoT, we are really, really proud working on that with CrowdStrike. Traditionally CrowdStrike discovered and provided data about the IT assets. And we did the same thing with CPS and OT. Today with Falcon Discover for IoT, and us expanding to the XIoT space, both of us look at all devices but we can discover different things. When you merge these data sets you have an unparalleled visibility into any environment, and specifically OT. The integrations continue, and maybe the second spotlight I'll put, but without diminishing the other ones, is detection and response. It's the XDR Alliance. Claroty is very proud to be one of the first partners, XDR Alliance partners, for CrowdStrike, fitting in to the XDR, to CrowdStrike's XDR, the data that is needed to mitigate and respond and get more context about breaches in these OT environments, but also take action. Also trigger action, via Claroty and leverage Claroty's network-centric capabilities to respond. >> We hear a lot. We heard a lot in today's keynote note about the data, the importance of data, of the graph database. How unique is this Stephan, in the industry, in your view? >> The uniqueness of what exactly? >> Of this joint solution, if you will, this capability. >> I told my counterparts from CrowdStrike yesterday, the go-to market ones and the product management ones. If we are successful with Falcon Discover for IoT, and that product matures, as we plan for it to mature, it will change the industry, the OT security industry, for all of us. Not only for Claroty, for all players in this space. And this is why it's so important for us to stay coordinated and support this amazing company to enter this space and provide better security to organizations that really support our lives. >> We got to leave it there, but this is such an important topic. We're seeing in the war in Ukraine, there's a cyber component in the future of war. >> Yes. >> Today. And what do they do? They go after critical infrastructure. So protecting that critical infrastructure is so important, especially for a country like the United States, which has so much critical infrastructure and a lot to lose. So Stephan, thanks so much. >> Thank you. >> For the work that you're doing. It was great to have you on theCUBE. >> Thank you. >> All right, keep it right there. Dave Vellante for theCUBE. We'll be right back from fal.con '22. We're live from the ARIA in Las Vegas. (techno music)

>>Hi, we're back. We're watching, you're watching the cube coverage of Falcon 2022 live from the aria in Las Vegas, Dave Valante with Dave Nicholson and we, yes, folks, there are females in the cyber security industry. Amanda Adams is here. So the vice president of America Alliance at CrowdStrike. Thanks for coming on. >>Thank you so much for having me. >>We it's, it's fantastic to, to actually, as I was starting to wonder, but we >>Do have females in leadership. >>Wait, I'm just kidding. There are plenty of females here, but this cybersecurity industry in general, maybe if we have time, we can talk about that, but I wanna talk about the, the Alliance program, but before I do, yeah. You know, you, you got a nice career here at CrowdStrike, right? You've kind of seen the ascendancy, the rocket ship you've been on it for five years. Yep. So what's that been like? And if you had to put on the binoculars and look five years forward, what can you tell us in that 10 year span? Oh >>My goodness. What a journey it's been over the last five, six years. I've been with CrowdStrike almost six years and really starting with our first core group of partners and building out the alliances, seen obviously the transformation with our sales organization. And as we scaled, I think of our, of our technology. We started with, I think, two products at that time, we were focused on reinventing how our customers thought about NextGen AB but also endpoint detection response. From there, the evolution is really driving towards that cloud security platform, right? How our partners fit into that. And, and how we've evolved is it's not just resell. It's not just focusing on the margin and transactions. We really have focused on building the strategic relationships with our partners, but also our customers and fitting them in that better together story with that CrowdStrike platform. It's been the biggest shift. Yeah. >>And you've got that. The platform chops for that. It's just, I think you're up to 22 modules now. So you're not a point product. You guys make that, that, that point lot now in terms of the, the partners and the ecosystem, you know, it's, it's, it's good here. I mean, it's, this it's buzzing. I've said it's like service. I've said, number of times, it's like service. Now back in 2013, I was there now. They didn't have the down market, the SMB that you have that's right. And I think you you're gonna have an order. You got 20,000 customers. That's right. I predict CrowdStrike's gonna have 200,000. I, I'm not gonna predict when I need to think about that. But, but in thinking about the, the, the co your colleagues and the partners and the skill sets that have evolved, what's critical today. And, and, and what do you see as critical in the future? >>So from a skill set standpoint, if I'm a partner and engaging with CrowdStrike and our customers, if you think about, again, evolving away from just resell, we have eight routes to market. So while that may sound complicated, the way that I like to think about it is that we truly flex to our partners, go to market their business models of what works best for their organization, but also their customers. The way that they've changed, I think from a skillset standpoint is looking beyond just the technology from a platform, building a better together story with our tech Alliance partners or store, if thinking about the XDR Alliance, which we are focusing on, there's so much great value in bringing that to our customers from a skillset standpoint, beyond those services services, we've talked about every day. I know that this is gonna be a top topic for the week yesterday through our partner summit, George, our CEO, as well as Jim Cidel, that's really the opportunity as we expand in new modules. If you think about humo or log scale identity, and then cloud our partners play a critical role when it comes into the cloud migration deployment integration services, really, we're not gonna get bigger from a services organization. And that's where we need our partners to step in. >>Yeah. And, you know, we we've talked a lot about XDR yeah. Already in day one here. Yeah. With, with the X extending into other areas. That's right. I think that services be, would become even more critical at that point, you know, as you spread out into the, really the internet of things that's right. Especially all of the old things that are out there that maybe should be on the internet, but aren't yet. Yeah. But once they are security is important. So what are you doing in that arena from a services perspective to, to bolster that capability? Is it, is it, is it internally, or is it through partners generally? >>It's definitely, I think we look to our partners to extend beyond the core of what we do. We do endpoint really well, right? Our services is one of the best in the business. When you look at instant response, our proactive services, supporting our customers. If you think to XDR of integration, building out those connect air packs with our customers, building the alliances, we really do work with our partners to drive that successful outcome with our customers. But also too, I think about it with our tech alliances of building out the integration that takes a lot of effort and work. We have a great team internally, which will help guide those services to be, to be built. Right. You have to have support when you're building the integrations, which is great, but really from like a tech Alliance and store standpoint, looking to add use cases, add value to more store apps for our customers, that's where we're headed. Right. >>What about developers? Do you see that as a component of the ecosystem in the future? Yeah, >>Without a doubt. I mean, I think that as our partner program evolves right now working with our, our developers, I mean, there's different personas that we work with with our customer standpoint, but from a partner working with them to build our new codes, the integration that's gonna be pretty important. >>So we were, we sort of tongue in cheek at the beginning of this interview yeah. With women in tech. And it's a, it's a topic that, on the cube that we've been very passionate about since day one yep. On the cube. So how'd you get in to this business? H how did your, your career progress, how did you get to where you are? >>You know, I have been incredibly fortunate to have connections, and I think it's who, you know, and your network, not necessarily what, you know, to a certain extent, you have to be smart to make it long term. Right. You have to have integrity. Do what you're saying. You're gonna do. I first started at Cisco and I had a connection of, it was actually a parent of somebody I grew up with. And they're like, you would fit in very nicely to Cisco. And I started with their channel marketing team, learned a ton about the business, how to structure, how to support. And that was the first step into technology. If you would've asked me 20 years ago, what did I wanna do? I actually wanted to be a GM of an organization. And I was coming outta I come on, which is great, which I'm, it really is right up. >>If you knew me, you're like, that actually makes a lot of sense. But coming outta college, I had an opportunity. I was interviewing with the golden state warriors in California, and I was interviewing with Cisco and that I had two ops and I was living in San Jose at the time. The golden state warriors of course paid less. It was a better opportunity in sales, but it was obviously where I wanted to go from athletics. And I grew up in athletics, playing volleyball. Cisco paid me more, and it was in San Jose. And really the, the golden state warriors seemed that I was having that conversation. They said, one year community is gonna be awful. It's awful from San Jose to Oakland, but also too, like you have more money on the table. Go take that. And so I could have very much ended up in athletics, most likely in the back office, somewhere. Like I would love that. And then from there, I went from Cisco. I actually worked for a reseller for quite some time, looking at, or selling into Manhattan when I moved from California to Manhattan, went to tenable. And that was when I shifted really into channel management. I love relationships, getting snow people, building partnerships, seeing that long term, that's really where I thrive. And then from there came to CrowdStrike, which in itself has been an incredible journey. I bet. Yeah. >>Yeah. I think there's an important thread there to pull on. And that is, we, we put a lot of emphasis on stem, which people, some sometimes translate into one thing, writing code that's right. There are, but would you agree? There are many, many, many opportunities in tech that aren't just coding. >>Absolutely. >>And I think I, as a father of three daughters, it's, it's a message that I have shared with them. Yeah. They are not interested in the coding part of things, but still, they need to know that there are so many opportunities and, and it's always, sometimes it's happenstance in terms of finding the opportunity in your case, it was, you know, cosmic connection that's right. But, but that's, you know, that's something that we can foster is that idea that it's not just about the hardcore engineering and coding aspect, it's business >>That's right. So if, if there was one thing that I can walk away from today is I say that all the time, right? If you look at CrowdStrike in our mission, we really don't have a mission statement. We stop breaches every single day. When I come to work and I support our partners, I'm not super technical. I obviously know our technology and I, I enable and train our partners, but I'm not coding. Right. And I make an impact to our business, our partners, more importantly, our customers, every single day, we have folks that you can come from a marketing operations. There is legal, there's finance. I deal with folks all across the business that aren't super technical, but are making a huge impact. And I, I don't think that we talk about the opportunities outside of engineering with the broader groups. We talk about stem a lot, but within college, and I look to see like getting those early in career folks, either through an intern program could be sales, but too, if they don't like, like sales, then they shift into marketing or operations. It's a great way to get into the industry. >>Yeah. But I still think you gotta like tech to be in the tech business. Oh, you >>Do? Yeah. You do. I'm >>Not saying it's like deep down is like, not all of us, but a lot of us are kind of just, you know, well, at least you, >>At least you can't hate it. >>Right. Okay. But so women, 50% of the population, I think the stat is 17% in the technology. Yeah. Industry, maybe it's changed a little bit, but you know, 20% or, or less, why do you think that is? >>I, you know, I always go back to within technology, people hire from their network and people that they know, and usually your network are people that are very like-minded or similar to you. I have referred females into CrowdStrike. It's a priority of mine. I also have a circle that is also men, but also too, if you look at the folks that are hired into CrowdStrike, but also other technology companies, that's the first thing that I go to also too. I think it's a little bit intimidating. Right. I have a very strong personality and I'm very direct, but also too, like I can keep up with our industry when it comes to that stereotypes essentially. And some people maybe are introverted and they're not quite sure where they fit in. Right. Whether it's marketing operations, et cetera. So they, they're not sure of the opportunities or even aware of where to get started. You know what I mean? >>Yeah. I mean, I think there is a, a, a stereotype today, but I'm not sure why it's, is it unique to the, to the technology industry? No. Is it not? Right? It happens >>Thinking, I mean, there's so many industries where healthcare, >>Maybe not so much. Right. Because you know, >>You have nurses versus doctors. I feel like that is flipped. >>Yeah. That's true. Nurses versus doctors. Right. Well, I, I know a lot of women doctors though, but >>Yeah. That's kind of flipped. It's better. >>Yeah. Says >>Flipped over. Yeah. I think it's more women in medical school now, but than than men. But, >>And, and I do think in our industry, you know, when you look at companies like IBM, HPE, Cisco, Dell, and, and, and many others. Yeah. They are making a concerted effort for on round diversity. They typically have somebody who's in charge of diversity. They report, you know, maybe not directly to the CEO, but they certainly have a seat at the table. That's right. And you know, maybe you call it, oh, it's quotas. Maybe the, the old white guys feel, you know, a little slighted, whatever. It's like, nobody's crying for us. I mean, it's not like we got screwed. >>See, I know problema we can do this in Spanish. Oh, oh, >>Oh, you're not a old white guy. Sorry. We can do >>This in Spanish if you want. >>Okay. Here we go. So, no, but, but, but I, so I do think that, that the industry in general, I talked to John Chambers about this recently and he was like, look, we gotta do way better. And I don't disagree with that. But I think that, I think the industry is doing better, but I wonder if like a rocket ship company, like CrowdStrike who has so many other things going on, you know, maybe they gotta get you a certain size. I mean, you've reached escape velocity. You're doing obviously a lot of corporate, you know, good. Yeah. You know, and, and, and, and we just had earlier on we, you know, motor motor guides was very cool. Yeah. So maybe it's a maturity thing. Maybe these larger companies with you crowd size $40 billion market cap, but maybe the, the hundred plus billion dollar market cap companies. I don't know. I don't know. You guys got a bigger market cap than Dell. So >>I, I don't think it's necessarily related to market cap. I think it's the size of the organization of how many roles are open that we currently write. So we're at just over 6,000 employees. If you look at Cisco, how many thousands of employees they have there's >>Right. Maybe a hundred thousand employees. >>That's right. There's >>More opportunities. How many, what's a headcount of crowd strike >>Just over 6,000, >>6,000. So, okay. But >>If you think about the, the areas of opportunity for advancement, and we were talking about this earlier, when you look at early and career or entry level, it's actually quite, even right across the Americas of, we do have a great female population. And then as progression happens, that's where it, it tees off from a, a female in leadership. And we're doing, we're focusing on that, right? Under JC Herrera's leadership, as well as with George. One of the things that I always think is important though, is that you're mindful as, as the female within the organization and that you're out seeking somebody, who's not only a mentor, but is a direct champion for you when you're not in the room. Right. This is true of CrowdStrike. It's true of every organization. You're not gonna be aware of the opportunities as the roles are being created. And really, as the roles are being created, they probably have somebody in mind. Right. And so if you have somebody that's in that room says, you know what, Amanda Adams would be perfect for that. Let's go talk to her about it. You have to have somebody who's your champion. Yeah. >>There there's, there's, there's a saying that 80% of the most important moments in your life happen in your absence. Yeah. And that's exactly right. You know, when they're, when someone needs to be there to champion, you, >>Did that happen for you? >>Yes. I have a very strong champion. >>So I mean, I, my observation is if, if you are a woman in tech and you're in a senior leadership position, like you are, or you're a, you're a general manager or a P and L manager or a CEO, you have to be so incredibly talented because all things being equal, maybe it's changing somewhat in some of those companies I talked about, but for the last 30 years, all takes be equal. A, a, a woman is gonna lose out to a man who is as qualified. And, and I think that's maybe slowly changing. Maybe you agree with that, maybe you don't. And maybe that's, some people think that's unfair, but you know, think about people of color. Right. They, they, they, they grew up with less op opportunities for education. And this is just the statistics that's right. Right. So should society overcompensate for that? I personally think, yes, the, the answer is just, they should, there should still be some type of meritocracy that's right. You know, but society has a responsibility to, you know, rise up all ships. >>I think there's a couple ways that you can address that through Falcon funds, scholarship programs, absolutely. Looking at supporting folks that are coming outta school, our internship program, providing those opportunities, but then just being mindful right. Of whether or not you publish the stats or not. We do have somebody who's responsible for D I, within CrowdStrike. They are looking at that and at least taking that step to understand what can we do to support the advancement across minorities. But also women is really, really important. >>Did you not have a good educational opportunity when you were growing up where you're like you had to me? Yeah, no, seriously, >>No. Seriously. I went to pretty scary schools. Right. >>Okay. So you could have gone down a really bad path. >>I, a lot of people that I grew up with went down really, really bad paths. I think the inflection point at, at least for me what the inflection point was becoming aware of this entire universe. Yeah. I was, I was headed down a path where I wasn't aware that any of this existed, when I got out of college, they were advertising in the newspaper for Cisco sales engineers, $150,000 a year. We will train. I'm a smart guy. I had no idea what that meant. Right. I could have easily gone and gotten one of those jobs. It was seven or eight years before I intersected with the tech world again. And so, you know, kind of parallel with your experience with you had someone randomly, it's like, you'd be great at Cisco. Yeah. But if, if you're not around that, and so you take people in different communities who are just, this might as well be a different planet. Yes. Yeah. The idea of eating in a restaurant where someone is serving you, food is uncomfortable, right? The idea of checking into a hotel, the idea of flying somewhere on an airplane, we talk about imposter syndrome. That's right. There are deep seated discomfort levels that people have because they just, this is completely foreign, but >>You're saying you could have foreign, you could have gone down a path where selling drugs or jacking cars was, was, was lucrative. >>I had, I had, yeah. I mean, we're getting, we're getting like deep into societal things. I was, I was very lucky. My parents were very, very young, but they're still together to this day. I had loving parents. We were very, very poor. We were surrounded by really, really, really bad stuff. So. >>Okay. So, so, okay. So this, >>I, I don't, I don't compare my situation to others. >>White woman. That's I guess this is my point. Yeah. The dynamic is different than, than a kid who grew up in the inner city. Yes. Right. And, and, and they're both important to address, but yeah. I think you gotta address them in different ways. >>Yes. But if they're, but if they're both completely ignorant of this, >>They don't know it. So it's lack of >>A, they'll never be here. >>You >>Never be here. And it's such a huge, this is such a huge difference from the rest of the world and from the rest, from the rest of our economy. >>So what would you tell a young girl? My daughters, aren't interested in tech. They want to go into fashion or healthcare, whatever Dave's daughters maybe would be a young girl, preteen, maybe teen interested in, not sure which path, why tech, what would advice would you give? >>I think just understanding what you enjoy about life, right? Like which skills are you great at? What characteristics about roles and not really focusing on a specific product. Definitely not cybersecurity versus like the broader network. I mean, literally what do you enjoy doing? And then the roles of, you know, from the skillset that's needed, whether that be marketing, and then you can start to dive into, do I wanna support marketing for a corporate environment for retail, for technology like that will come and follow your passion, which I know is so easy to say, right? But if you're passionate about certain things, I love relationships. I think that holding myself from integrity standpoint, leading with integrity, but building strong relationships on trust, that's something I take really pride in and what I get enjoyment with. It's >>Obviously your superpower. >>It, >>It is. >>But >>Then it will go back to OST too, just being authentic in the process of building those relationships, being direct to the transparency of understanding, like again, knowing what you're good at and then where you can fit into an organization, awareness of technology opportunities, I think will all lend that to. But I also wouldn't worry, like when I was 17 year old, I, I thought I would be playing volleyball in college and then going to work for a professional sports team. You know, life works out very differently. Yeah. >>Right. And then, and for those of you out there, so I love that. Thank you for that great interview. Really appreciate letting us go far field for those of you might say, well, I don't know, man. I don't know what my passion is. I'll give you a line from my daughter, Alicia, you don't learn a lot for your kids. She said, well, if you don't know what your passion is, follow your curiosity. That's great. There you go. Amanda Adams. Thanks so much. It was great to have you on. Okay. Thank you. Keep it right there. We're back with George Kurtz. We're to the short break. Dave ante, Dave Nicholson. You watching the cube from Falcon 22 in Las Vegas.

>>We're back with the cube at Falcon 2022, Dave ante and Dave Nicholson. We're at the aria. We do obvious of course, a lot of events in Las Vegas. It's the, it's the place to do events. Dave, I think is my sixth or seventh time here this year. At least. I don't know. I lose track. Jeff Swayne is here. He's the vice president of global programs store and tech alliances at CrowdStrike. Jeff. Good to see again. We saw each other at reinvent in July in Boston. >>Yes. Have it's great to see you again, Dave. Thank you very >>Much. And we talked about making this happen, so it's thrilled to be here at, at, at CrowdStrike Falcon. We're gonna talk today about the CrowdStrike XDR Alliance partners. First of all, what's XDR >>Well, I hope you were paying attention to George's George's keynote this morning. I guess. You know, the one thing we know is that if you ask 10, five people, what XDR is you'll get 10 answers. >>I like this answer a holistic approach to endpoint security. I, that was a, >>It was good. Simple. That >>Was a good one at black hat. So, but tell us about the XDR Alliance partners program. Give us the update there. >>Yeah, so I mean, we spoke about it reinforced, you know, the XDR program is really predicated on having a robust ecosystem of partners to help us share that telemetry across all of the different parts of our customers' environment. So we've done a lot of work over the last few weeks and trying to bolster that environment, specifically, putting a, a lot of focus on firewall. You'll see that Cisco and fortunate have both joined the XD XDR Alliance. So we're working on that right now. A lot of customer demand for firewall data into the telemetry set. You know, obviously it's a very rich data environment. There's a lot of logs on firewalls. And so it drives a lot of, of, of information that we can, we can leverage. So we're continuing to grow that. And what we're doing is building out different content packs that support different use cases. So firewall is one CAS B is another emails another and we're building, building out the, the partner set right across the board. So it's, it's, it's been a, a great set of >>Activity. So it's it's partners that have data. Yep. There's probably some, you know, Joe, Tuchi your old boss used to say that that overlap is better than gaps. So there's sometimes there's competition, but that's from a customer standpoint, overlap is, is better than gaps. So you gonna mention Cisco forte and there are a number of others. They've got data. Yes. And they're gonna pump it into your system, our platform, and you've got the, your platform. You've got the ability to ingest. You've got the cloud native architecture, you've got the analytics and you've got the near real time analysis capability, right. >>Augmented by people as well, which is a really important part of our value proposition. You know, we, it's not just relying purely on AI, but we have a human, a human aspect to it as well to make sure we're getting extremely accurate responses. And then there's the final phase is the response phase. So being able to take action on a CASB, for example, when we have a known bad actor operating in the cloud is a really important, easy action for our customer to take. That's highly valuable. You're >>Talking about your threat hunting capability, right? >>So threat hunting and our Intel capability as well. We use all of that information as well as the telemetry to make sure we're making good, actionable >>Decisions, Intel being machine intelligence or, or human in >>Machine human and human and machine intelligence that we have. We have a whole business that's out there gathering Intel. I believe you're thinking to Adam Myers who runs that business. And you know, that Intel is critical to making good decisions for our customers. >>So the X and XDR is extended, correct. Extending to things like firewalls. That's pretty obvious in the security space. Are there some less obvious data sources that you look to extend to at some point? >>Yeah, I think we're gonna continually go with where the customer demand is. Firewalls is one of the first and email is very significant. Other one, you'll see that we're announcing support for Microsoft 365 as well as part of this, this announcement, but then we'll still grow out into the other areas. NDR is, you know, a specific area where we've already got a number of partners in that, in that space. And, and we'll grow that as we go. I think one of the really exciting additional elements is the, the OCS F announcement that we made at at, at, at, at reinforced, which also is a shared data scheme across a number of vendors as well. So talking to Mike's point Microsoft's point this morning in his keynote, it's really about the industry getting together to do better job for our customers. And XDR is the platform to do that. And crowd strikes it way of doing it is the only really true, visible way for a customer to get their hands on all that information, make the decision, see the good from the bad and take the action. So I feel like we're really well placed to help our customers in >>That space. Well, Kevin, Mandy referenced this too today, basically saying the industry's doing a better job of collaboration. I mean, sometimes I'm skeptical because we've certainly seen people try to, you know, commercialize private information, private reports. Yeah. But, but, but you're talking about, you know, some of your quasi competitors cooperatives, you know, actually partnering with you now. So that's a, that's a good indicator. Yeah. I want to step back a little bit, talk about the macro, the big conversation on wall street. Everybody wants to talk about the macro of course, for obvious reasons, we just published our breaking analysis, talking about you guys potentially being a generational company and sort of digging into that a little bit. We've seen, you know, cyber investments hold up a little bit better, both in terms of customer spending and of course the stock market better than tech broadly. Yeah. So in that case it would, it would suggest that cyber investments are somewhat non-discretionary. So, but that's is my question are cyber investments non-discretionary if so, how, >>You know, I think George George calls that out directly in our analyst reports as well that, you know, we believe that cyber is a non-discretionary spend, but I, I actually think it's more than that. I think in this current macro of economic environment where CIOs and CSOs are being asked to sweat their assets for a significantly longer period of time, that actually creates vulnerabilities because they have older kit, that's running for a longer period that they normally, you know, round out or churn out of their environment. They're not getting the investment to replace those laptops. They're not getting the investment to replace those servers. We have to sweat them for a little bit longer, longer, which means they need to be on top of the security posture of those devices. So that means that we need the best possible telemetry that we can get to protect those in the best possible way. So I actually think not only is it makes it non-discretionary, it actually increases the, the business case for, for, for taking on a, a cyber project. >>And I buy that. I buy that the business case is better potentially for cyber business case. And cyber is about, about risk reduction, right? It's about, it's about reducing expected loss. I, I, I, I, but the same time CISOs don't have an open wallet. They have to compete with other P and L managers. I also think the advantage for CrowdStrike I'm, I'm getting deeper into the architecture and beginning to understand the power of a lightweight agent that can do handle. I think you're up to 22 modules now, correct? Yes. I've got questions on how you keep that lightweight, but, but nonetheless, if you can consolidate the point tools, which is, you know, one of the biggest challenges that, that SecOps teams face that strengthens the ROI as well. >>Absolutely. And if you look at what George was saying this morning in the keynote, the combination of being able to provide tools, not only to the SecOps team, but the it ops team as well, being able to give the it ops team visibility on how many assets they have. I mean, these simple, these are simple questions that we should be able to answer. But often when we ask, you know, an operations leader, can you answer it? It sometimes it's hard for them. We actually have a lot of that information. So we are able to bring that into the platform. We're able to show them, we're able to show them where the assets are, where the vulnerabilities are against those assets and help it ops do a better job as well as SecOps. So the, the strength, the case strengths, as you said, the CSO can also be talking to the it ops budget. >>The edge is getting more real. We're certainly hearing a lot about it. Now we're seeing a lot more and you kind of got the, the near edge. It's like the home Depot and the lows, you know, stores okay. That I, I can get a better handle on, okay. How do I secure that? I've got some standards, but that's the far edge. It's, it's the, the OT yes. Piece of it. That's sort of the brave new world. What are you seeing there? How do you protect those far flung estates? >>I think this gets back to the question of what's what's new what's coming and where do we see the, the next set of workloads that we have to tackle? You know, when we came along first instance, we were really doing a lot of the on-prem on-prem and, and, and known cloud infrastructure suites. Then we started really tackling the broader cloud market with tools and technology to give visibility and control of the overall cloud environment. OT represents that next big addressable market for us, because there are so many questions around devices where they are, how old they are, what they're running. So visibility into the OT network is extremely, extremely important. And, you know, the, the wall that has existed again between the CISO and the OT environments coming down, we're seeing that's closer, closer alignment between the security on both those worlds. So the announcement that we've made around extending our Falcon discover product, to be able to receive and understand device information from the OT network and bring it into the same console as the, the it and the OT in the same console to give one cohesive picture of, of visibility of all of our devices is a major step forward for our customers and for, for the industry as well. >>And we see that being, being able to get the visibility will then lead us to a place of being able to build our AI models, build our response frameworks. So then we can go to a full EDR and then beyond that, there's, you know, all the other things that CrowdStrike do so well, but this is the first step to really the first step on control is visibility. And >>The OT guys are engineers. So they're obviously conscious of this stuff. It's, it's more it's again, you're extending that culture, isn't it? >>Yeah, yeah, yeah. Now when you're looking at threats, great, you want to do things to protect against those threats, but how much, how much of CrowdStrike's time is spent thinking about the friction that's involved in transactions? If I wanna go to the grocery store, think of me as an end point. If I wanna go to the grocery store, if I had to drive through three DUI checkpoints or car safety inspections, every time I went to the grocery store, I wouldn't be happy as an end point as an end user in this whole thing. Ideally, we'd be able just to be authenticated and then not have to worry about anything moving forward. Do you see that as your role, reducing friction >>100%, that's again, one of the core tenants of, of, of why George founded the company. I mean, he tells the story of sitting on an airplane and seeing an executive who was also on the airplane, trying to boot their machine up and trying, and get an email out before the plane took off and watching the scanning happen, you know, old school virus scanning happening on the laptop and, and that executive not making it because, and he is like in this day and age, how can we be holding people back with that much friction in their day to day life? So that's one of the, again, founding principles of what we do at CrowdStrike was the security itself needs to support business growth, support, user growth, and actually get out of the way of how people do things. And we've seen progression along that lines. I think the zero trust work that we're doing right now really helps with that as well. >>Our integrations into other companies that play within the zero trust space makes that frictionless experience for the user, because yeah, we, we, we want to be there. We want to know everything that's happening, but we don't want to see where we always want control points, but that's the value of the telemetry we take. We're taking all the data so that we can see everything. And then we pick what we want to review rather than having to do the, the checkpoint approach of stop here. Now, let me see your credentials stop here. And let me see your credentials because we have a full field of, of knowledge and information on what the device is doing and what the user is doing. We're able to then do the trust with verify style approach. >>So coming back to the, to the edge and IOT, you know, bringing that zero trust concept to the, to the edge you've got, you've got it and OT. Okay. So that's a new constituency, but you're consolidating that view. Your job gets harder. Doesn't it? So, so, so talk about how you resolve that. Do do the, do the concepts that you apply to traditional it endpoints apply at the edge. >>So first things we have to do is gain the visibility. And, and so the way in which we're doing that is effectively drawing information out from the OT environment at, by, by having a collector that's sitting there and bringing that into our console, which then will give us the ability to run our AI models and our other, you know, indications of attack or our indications of misconfiguration into the model. So we can see whether something's good or bad whilst we're doing that. Obviously we're also working on building specific sensors that will then sit in OT devices down, you know, one layer down from rather being collected and pulled and brought into the platform, being collected at the individual sensor level when we have that completed. And that requires a whole different ecosystem for us, it means that we have to engage with organizations like Rockwell and Siemens and Schneider, because they're the people who own the equipment, right? Yeah. And we have to certify with them to make sure that when we put technology onto their equipment, we're not going to cause any kind of critical failure that, you know, that could have genuine real world physical disastrous consequences. So we have to be super careful with how we build that, which we're we're in the process of doing >>Are the IOA signatures indicator as a tax. So I don't have to throw a dollar in the jar, are the IOA signatures substantially similar at, at the edge? I think >>We learn as we go, you know, first we have to gain the information and understand what good and bad looks like, what the kind of behaviors are there. But what we will see is that, you know, as someone's trying to make, if there's an actor, you know, making an attack, you know, we'll be able to see how they're affecting each of those end points individually, whether they're trying to take some form of control, whether they're switching them on and off in the edge and the far edge, it's a little bit more binary in terms of the kind of function of the device. It is the valve open or is the valve closed? It's is the production line running or is the production not line running, not running. So we need to be able to see that it's more about protecting the outcomes there as well. But again, you know, it's about first, we have to get the information. That's what this product will help us do. Get it into the platform, get our teams over the top of it, learn more about what's going on there and then be able to take action. >>But the key point is the architecture will scale. That's where the cloud native things >>Comes into. Yeah, it'll, it'll it'll scale. But to your, to your point about the lack of investment and infrastructure means older stuff means potentially wider gaps, bigger security holes, more opportunity for the security sector. Yep. I buy that. That makes sense. I think if it's a valid argument, when you, when you, when you know, we, we loosely talk about internet of things, edge, a lot of those things on the edge, there's probably a trillion dollars worth of a hundred year old garbage, and I'm only slightly exaggerating on the trillion and the a hundred years old, a lot of those critical devices that need to be sensed that are controlling our, our, our, our electrical grid. For example, a lot of those things need to be updated. So, so as you're pushing into that frontier, are you, you know, are, are you extending out developer kits and APIs to those people as they're developing those new things, right? Because some of the old stuff will never work. >>And that's what we're we're seeing is that there is a movement within the industrial control side of things to actually start, you know, doing this. Some, some simple things like removing the air gap from certain systems, because now we can build a system around it, that's trustable and supportable. So now we can get access there over, over and over a network over the internet to, to, to kind of control a valve set that's down a pipeline or something like that. So there is a, there is, there is willingness within the ecosystem, the, the IOT provider ecosystem to give us access to some of those, those controls, which, which wasn't there, which has led to some of some of these issues. Are we gonna be able to get to all of them? No, we're gonna have to make decisions based on customer demand, based on where the big, the big rock lie. And, and so we will continue to do that based on customer feedback on again, on what we see >>And the legacy air gaps in the OT worlds were by design for security reasons, or just sort of, >>I see. Because there was no way to, to do before. Right. So it was, was like >>Lack connectivity is, >>Yeah. So, so, so it was, people felt more comfortable sending an engineer route to the field truck roll. Yeah, yeah, yeah. To do it rather than expensive, rather. And, and exactly that, again, going back to our macro economic situation, you know, it's a very expensive way of managing and maintaining your fleet if you have to send someone to it every time. So there is a lot of there's, there's a lot of customer demand for change, and we're engaging in that change. And we want to see a huge opportunity there >>Coming back to the XDR Alliance, cuz that's kind of where we started. Where do you wanna see that go? What's your vision for that? >>So the Alliance itself has been fundamental in terms of now where we go with the overall platform. We are always constantly looking for customer feedback on where we go next on what additional elements to add. The, the Alliance members have video this fantastic time and effort in terms of engaging with us so that we can build in responses to their platforms, into, you know, into, into what we do. And they're seeing the value of it. I, I feel that over the next, you know, over the next two year period, we're gonna see those, our XDR Alliance and other XDR alliances growing out to get to each other and they will they'll touch each other. We will have to do it like this O project at AWS. And as that occurs, we're gonna be able to focus on customer outcomes, which is, you know, again, if you listen to George, you listen to Mike protecting the customers, the mission of CrowdStrike. So I think that's core to that, to, to that story. What we will see now is it's a great vehicle for us to give a structured approach to partnership. So we'll continue to invest in that. We've, we've got, we've got a pipeline of literally hundreds of, of partners who want to join. We've just gotta do that in a way that's consumable for us and consumable for the customer. >>Jeff Swain. Thanks so much for coming back in the cube. It's great to have you. Yeah. Thanks guys. Thank you. Okay. And thank you for watching Dave Nicholson and Dave ante. We'll be back right to this short break. You're watching the cube from Falcon 22 in Las Vegas, right back.