>>Good afternoon everyone, and welcome back to the Cube. I am Savannah Peterson here, coming to you from Detroit, Michigan. We're at Cuban Day three. Such a series of exciting interviews. We've done over 30, but this conversation is gonna be extra special, don't you think, John? >>Yeah, this is gonna be a good one. Griffon Labs is here with us. We're getting the conversation of what's going on in the industry management, watching the Kubernetes clusters. This is large scale conversations this week. It's gonna be a good one. >>Yeah. Yeah. I'm very excited. He's also got a fantastic Twitter handle, twitchy. H Please welcome Richie Hartman, who is the director of community here at Griffon. Richie, thank you so much for joining us. Thanks >>For having me. >>How's the show been for you? >>Busy. I, I mean, I, I, >>In >>A word, I have a ton of talks at at like maintain a thing and like the covering board searches at the TLC panel. I run forme day. So it's, it's been busy. It, yeah. Monday, I didn't have to run anything. That was quite nice. But there >>You, you have your hands in a lot. I'm not even gonna cover it. Looking at your bio, there's, there's so many different things that you're working on. I know that Grafana specifically had some announcements this week. Yeah, >>Yeah, yeah. We had quite a few, like the, the two largest ones is a, we now have a field Kubernetes integration on Grafana Cloud. So our, our approach is generally extremely open source first. So we try to push stuff into the exporters, like into the open source exporters, into mixes into things which are out there as open source for anyone to use. But that's little bit like a tool set, not a ready made solution. So when we talk integrations, we actually talk about things where you get this like one click experience, You log into your Grafana cloud, you click, I have a Kubernetes, which probably most of us have, and things just work like you in just the data. You have to write dashboards, you have to write alerts, you have to write everything to just get started with extremely opinionated dashboards, SLOs, alerts, again, all those things made by experts, so anyone can use them. And you don't have to reinvent the view for every single user. So that's the one. The other is, >>It's a big deal. >>Oh yeah, it is. Yeah. It is. It, we, we has, its heavily in integrations course. While, I mean, I don't have to convince anyone that perme is a DD factor standard in everything. Cloudnative. But again, it's, it's, it's sometimes a little bit hard to handle or a little bit not easy to get into. So, so smoothing this, this, this path onto onboarding yourself onto this stack and onto those types of solutions. Yes. Is what a lot of people need. Course, if you, if you look at the statistics from coupon, and we just heard this in the governing board session yesterday. Yeah. Like 60% of the people here are first time attendees. So there's a lot of people who just come into this thing and who need, like, this is your path. This is where you should be going. Or at least if you want to go, go there. This is how to get there. >>Here's your runway for takeoff. Yes. Yeah. I think that's a really good point. And I love that you, you had those numbers. I was curious. I, I had seen on Twitter, speaking of Twitter, I had seen, I had seen that, that there were a lot of people here coming for the first time. You're a community guy. Are we at an inflection point where this community is about to continue to scale? >>That's a very good question. Which I can't really answer. So I mean, >>Obviously I bet you're gonna try. >>I covid changed a few things. Yeah. Probably most people, >>A couple things. I mean, you know, casually, it's like such a gentle way of putting that, that was >>Beautiful. I'm gonna say yes, just to explode. All these new ERs are gonna learn Prometheus. They're gonna roll in with a open, open metrics, open telemetry. I love it, >>You know, But, but at the same time, like Cuban is, is ramping back up. But if you look at the, if you look at the registration numbers between Valencia Andro, it was more or less the same. Interesting. Which, so it didn't go onto this, onto this flu trajectory, which it was on like, up to, up to 2019. I expect this to take up again. But also with the economic situation, everything, I, I don't think >>It's, I think the jury's still out on hybrid. I think there's a lot, lot more hybrid. Let's see how the projects are gonna go. That's what I think it's gonna be the tell sign. How many people are in participating? How are the project's advancing? Some of the momentum, >>I mean, from the project level, Most of this is online anyway. Of course. That's how open source, right. I've been working for >>Ages. That's >>Cause you don't have any trouble budget or, or any office or, It's >>Always been that way. >>Yeah, precisely. So the projects are arguably spearheading this, this development and the, the online numbers. I I, I have some numbers in my head, but I'm, I'm not a hundred percent certain to, but they're higher for this time in Detroit than in volunteer as far somewhere. Cool. So that is growing and it's grown in parallel, which also is great. Cause it's much more accessible, much more inclusive. You don't have to have a budget of at least, let's say, I don't know, two to five k to, to fly over the pond and, and attend this thing. You can just do it from your home. So that is, that's a lot more inclusive. And I expect this to, to basically be a second more or less orthogonal growth, growth path. But the best thing about coupon is the hallway track. I'm just meeting people, talking to people and that kind of thing is not really possible with, >>It's, it's great to see people >>In person. No, and it makes such a difference. I mean, yeah. Even and interviewing people in person too. I mean, it does a, it's, it's, and, and this, this whole, I mean cncf, this whole community, every company here is community first. It's how these projects come to be. I think it's awesome. I feel like you got something you're saying to say, Johnny. >>Yeah. And I love some of the advancements. Rich Richie, we talked last time about, you know, open telemetry, open metrics. You're involved in dashboards. Yeah. One of the themes here is ease of use, simplicity, developer productivity. Where do you see the ease of use going from a project standpoint? For me, as you mentions everywhere, it's pretty much, it is, it's almost all corners of the world. Yep. And new people coming in. How, how are you making it easier? What's going on? Give us the update on that. >>So we also, funnily enough at precisely this topic in the TC panel just a few hours ago, about ease of use and about how to, how to make things easier to, to handle how developers currently, like if they just want to get into the cloud native seen, they have like, like we, we did some neck and math, like maybe 10 tools at least, which you have to be somewhat proficient in to just get started, which is honestly horrendous. Yeah. Course. Like with a server, I just had my survey install my thing and it runs, maybe I need a database, but that's roughly it. And this needs to change again. Like it's, it's nice that everything is, is un unraveled. And you have, you, you, you, you don't have those service boundaries which you had before. You can do all the horizontal scaling, you can do all the automatic scaling, all those things that they're super nice. But at the same time, this complexity, which used to be nicely compartmentalized, was deliberately broken up. And so it's becoming a lot harder to, to, like, we, we need to find new ways to compartmentalize this complexity back to, to human understandable levels again, in particular, as we keep onboarding new and new and new, new people, of course it's just not good use of anyone's time to, to just like learn the basics again and again and again. This is something which should be just compartmentalized and automated away. We're >>The three, We were talking to Matt Klein earlier and he was talking about as projects become mature and all over the place and have reach and and usage, you gotta work on the boring stuff. Yes. And when it's boring, that means you have success. Yes. But then you gotta work on the plumbing. What are some of the things that you guys are working on? Because people are relying on the product. >>Oh yeah. So for with my premises head on, the highlight feature is exponential or native or spars. Histograms. There's like three different names for one single concept. If you know Prometheus, you ha you currently have hard bucket boundaries where I say my latency is lower equal two seconds, one second, a hundred milliseconds, what have you. And I can put stuff into those histogram buckets accordingly to those predefined levels, which is extremely efficient, but like on the, on the code level. But it's not very nice for the humans course you need to understand your system before you're able to, to, to choose good cutoff points. And if you, if you, if you add new ones, that's completely fine. But if you want to actually change them, course you, you figured out that you made a fundamental mistake, you're going to have a break in the continue continuity of your observability data. And you cannot undo this in, into the past. So this is just gone native histograms. On the other hand, allow me to, to, okay, I'm not going to get get into the math, but basically you define a single formula, which there comes a good default. If you have good reasons, then you can change it. But if you don't, just don't talk, >>The people are in the math, Hit him up on Twitter. Twitter, h you'll get you that math. >>So the, >>The thing is people want the math, believe me. >>Oh >>Yeah. I mean we don't have time, but hit him up. Yeah. >>There's ProCon in two weeks in Munich and there will be whole talk about like the, the dirty details of all of the stuff. But the, the high level answer is it just does what people would expect it to do. And with very little overhead, you become, you get highly, highly or high resolution histograms, which is really important for a lot of use cases. But this is not just Prometheus with my open metrics head on the 2.0 feature, like the breaking highlight feature of Open Metrics 2.0 will be you guested precisely the same with my open telemetry head on. Low and behold the same underlying technology is being put or has been put into open telemetry. And we've worked for month and month and month and even longer between all different projects to, to assert that we have one single standard which is actually compatible with each other course. One of the worst things which you can have in the cloud ecosystem is if you have soly different things and they break in subtly wrong ways, like it's much better to just not work than to break in a way, which is just a little bit wrong. Of course you won't figure this out until it's too late. So we spent, like with all three hats, we spent insane amounts of time on making this happen and, and making this nice. >>Savannah, one of the things we have so much going on at Cube Con. I mean just you're unpacking like probably another day of cube. We can't go four days, but open time. >>I know, I know. I'm the same >>Open telemetry >>Challenge acceptance open. >>Sorry, we're gonna stay here. All the, They >>Shut the lights off on us last night. >>They literally gonna pull the plug on us. Yeah, yeah, yeah, yeah. They've done that before. It's not the first time we go until they kick us out. We love, love doing this. But Open telemetry is got a lot of news too. So that's, We haven't really talked much about that. >>We haven't at >>All. So there's a lot of stuff going on that, I won't call it boring. That's like code word's. That's cube talk for, for it's working. Yeah. So it's not bad, but there's a lot of stuff going on. Like open telemetry, open metrics, This is the stuff that matters cuz when you go in large scale, that's key. It's just what, missing all the, all the stuff. >>No, >>What are we missing? What are people missing? What's going on in the show that you think that's not actually being reported on? I mean it's a lot of high web assembly for instance got a lot >>Of high. Oh yeah, I was gonna say, I'm glad you're asking this because you, you've already mentioned about seven different hats that you wear. I can only imagine how many hats are actually in your hat cabinet. But you, you are someone with your, with your fingers in a lot of different things. So you can kind of give us a state of the union. Yeah. So go ahead. Let's talk about >>It. So I think you already hit a few good points. Ease of use is definitely one of them. And, and improving the developer experience and not having this like a value of pain. Yeah. That is one of the really big ones. It's going to be interesting cause it is boring. It is janitorial and it needs a different type of persona. A lot of, or maybe not most, but a large fraction of developers like the shiny stuff. And we could see this in Prometheus where like initially the people who contributed this the most where like those restless people who need to fix that one thing, this is impossible, are going to do it. Which changed over the years where the people who now contribute the most are off the janitorial. Like keep things boring, keep things running, still have substantial changes. But but not like more on the maintenance level. >>Yeah. The maintainers. I was just gonna bring that >>Up. Yeah. On the, on the keep things boring while still pushing 'em forward. Yeah. And the thing about ease of use is a lot of this is boring. A lot of this is strategy. A lot of this is toil. A lot of this takes lots of research also in areas where developers are not really good at, like UX for example, and ui like most software developers are really bad at those cause they just think differently from normal humans, I guess. >>So that's an interesting observation that you just made. I we could unpack that on a whole nother show as well. >>So the, the thing is this is going to be interesting for the open source scene course. This needs deliberate investment by companies who assign people to those projects and say, okay, fix that one thing or make it easier to use what have you. That is a lot easier with, with first party products and projects from companies cuz they can invest directly into the thing and they see much more of a value prop. It's, it's kind of normal by now to, to allow developers or even assigned developers onto open source projects. That's not so much the case for the tpms, for the architects, for the UX and your I people like for the documentation people that there's not as much awareness of that this is also driving value for everyone. Yes. And also there's not much as much. >>Yeah, that's a great point. This whole workflow production system of open source, which has grown and keeps growing and we'll keep growing. These be funded. And one of the things we were talking earlier in another session about is about the recession potentially we're hitting and the global issues, macroeconomics that might force some of these projects or companies not to get VC >>Funding. It's such a theme at the show. So, >>So to me, I said it's just not about VC funding. There's other funding mechanisms that's community oriented. There's companies participating, there's other meccas. Richie, if you could have your wishlist of how things could progress an open source, what would you want to see happen in terms of how it's, how things are funded, how things are executed. Cuz developers are going to run businesses. Cuz ultimately if you follow digital transformation to completion, it and developers aren't a department serving the business. They are the business. And that's coming fast. You know, what has to happen in your opinion, if you had the wish magic wand, what would you, what would you snap your fingers to make happen? >>If I had a magic wand that's very different from, from what is achievable. But let, let's >>Go with, Okay, go with the magic wand first. Cause we'll, we'll, we'll we'll riff on that. So >>I'm here for dreams. Yeah, yeah, >>Yeah. I mean I, I've been in open source for more than two, two decades, but now, and most of the open source is being driven forward by people who are not being paid for those. So for example, Gana is the first time I'm actually paid by a company to do my com community work. It's always been on the side. Of course I believe in it and I like doing it. I'm also not bad at it. And so I just kept doing it. But it was like at night on the weekends and everything. And to be honest, it's still at night and in the weekends, but the majority of it is during paid company time, which is awesome. Yeah. Most of the people who have driven this space forward are not in this position. They're doing it at night, they're doing it on the weekends. They're doing it out of dedication to a cause. Yeah. >>The commitment is insane. >>Yeah. At the same time you have companies mostly hyperscalers and either they have really big cloud offerings or they have really big advertisement business or both. And they're extracting a huge amount of value, which has been created in large part elsewhere. Like yes, they employ a ton of developers, but a lot of the technologies they built on and the shoulders of the giants they stand upon it are really poorly paid. And there are some efforts to like, I think the core foundation like which redistribute a little bit of money and such. But if I had my magic wand, everyone who is an open source and actually drives things forwards, get, I don't know, 20% of the value which they create just magically somehow. Yeah. >>Or, or other companies don't extract as much value and, and redistribute more like put more full-time engineers onto projects or whichever, like that would be the ideal state where the people who actually make the thing out of dedication are not more or less left on the sideline. Of course they're too dedicated to just say, Okay, I'm, I'm not doing this anymore. You figure this stuff out and let things tremble and falter. So I mean, it's like with nurses and such who, who just like, they, they know they have something which is important and they keep doing it. Of course they believe in it. >>I think this, I think this is an opportunity to start messaging this narrative because yeah, absolutely. Now we're at an inflection point where there's a big community, there is a shared responsibility in my opinion, to not spread the wealth, but make sure that it's equally balanced and, and the, and I think there's a way to do that. I don't know how yet, but I see that more than ever, it's not just come in, raid the kingdom, steal all the jewels, monetize it, and throw some token token money around. >>Well, in the burnout. Yeah, I mean I, the other thing that I'm thinking about too is it's, you know, it's, it's the, it's the financial aspect of this. It's the cognitive load. And I'm curious actually, when I ask you this question, how do you avoid burnout? You do a million different things and we're, you know, I'm sure the open source community that passion the >>Coach. Yeah. So it's just write code, >>It's, oh, my, my, my software engineering days are firmly over. I'm, I'm, I'm like, I'm the cat herer and the janitor and like this type of thing. I, I don't really write code anymore. >>It's how do you avoid burnout? >>So a i I didn't curse ahead burnout a few years ago. I was not nice, but that was still when I had like a full day job and that day job was super intense and on top I did all the things. Part of being honest, a lot of the people who do this are really dedicated and are really bad at setting boundaries between work >>And process. That's why I bring it up. Yeah. Literally why I bring it up. Yeah. >>I I I'm firmly in that area and I'm, I'm, I don't claim I have this fully figured out yet. It's also even more risky to some extent per like, it's, it's good if you're paid for this and you can do it during your work time. But on the other hand, if it's so nice and like if your hobby and your job are almost completely intersectional, it >>Becomes really, the lines are blurry. >>Yeah. And then yeah, like have work from home. You, you don't even commute anything or anymore. You just sit down at your computer and you just have fun doing your stuff and all of a sudden it's deep at night and you're still like, I want to keep going. >>Sounds like God, something cute. I >>Know. I was gonna say, I was like, passion is something we all have in common here on this. >>That's the key. That is the key point There is a, the, the passion project becomes the job. But now the contribution is interesting because now yeah, this ecosystem is, is has a commercial aspect. Again, this is the, this is the balance between commercialization and keeping that organic production system that's called open source. I mean, it's so fascinating and this is amazing. I want to continue that conversation. It's >>Awesome. Yeah. Yeah. This is, this is great. Richard, this entire conversation has been excellent. Thank you so much for joining us. How can people find you? I mean, I give em your Twitter handle, but if they wanna find out more about Grafana Prometheus and the 1700 things you do >>For grafana grafana.com, for Prometheus, promeus.io for my own stuff, GitHub slash richie age slash talks. Of course I track all my talks in there and like, I don't, I currently don't have a personal website cause I stop bothering, but my, like that repository is, is very, you find what I do over, like for example, the recording link will be uploaded to this GitHub. >>Yeah. Great. Follow. You also run a lot of events and a lot of community activity. Congratulations for you. Also, I talked about this last time, the largest IRC network on earth. You ran, built a data center from scratch. What happened? You done >>That? >>Haven't done a, he even built a cloud hyperscale compete with Amazon. That's the next one. Why don't you put that on the >>Plate? We'll be sure to feature whatever Richie does next year on the cube. >>I'm game. Yeah. >>Fantastic. On that note, Richie, again, thank you so much for being here, John, always a pleasure. Thank you. And thank you for tuning in to us here live from Detroit, Michigan on the cube. My name is Savannah Peterson and here's to hoping that you find balance in your life this weekend.

>>Good evening, brilliant humans. My name is Savannah Peterson and very delighted to be streaming to you. Live from the Cube Studios here in Motor City, Michigan. I've got John Furrier on my left. John, this is our last interview of the day. Energy just seems to keep oozing. How >>You doing? Take two, Three days of coverage, the queue love segments. This one's great cuz we have a practitioner who's implementing all the hard core talks to be awesome. Can't wait to get into it. >>Yeah, I'm very excited for this one. If it's not very clear, we are a community focused community is a huge theme here at the show at Cape Con. And our next guests are actually a provider and a customer. Turning it over to you. Lisa and Jake, welcome to the show. >>Thank you so much for having us. >>It's great to be here. It is our pleasure. Lisa, you're with Cockroach. Just in case the audience isn't familiar, give us a quick little sound bite. >>We're a distributed sequel database. Highly scalable, reliable. The database you can't kill, right? We will survive the apocalypse. So very resilient. Our customers, mostly retail, FinTech game meet online gambling. They, they, they need that resiliency, they need that scalability. So the indestructible database is the elevator pitch >>And the success has been very well documented. Valuation obviously is a scorp guard, but huge customers. We were at the Escape 19. Just for the record, the first ever multi-cloud conference hasn't come back baby. Love it. It'll come back soon. >>Yeah, well we did a similar version of it just a month ago and I was, that was before Cockroach. I was a different company there talking a lot about multi-cloud. So, but I'm, I've been a car a couple of years now and I run community, I run developer relations. I'm still also a CNCF ambassador, so I lead community as well. I still run a really large user group in the San Francisco Bay area. So we've just >>Been in >>Community, take through the use case. Jake's story set us up. >>Well I would like Jake to take him through the use case and Cockroach is a part of it, but what they've built is amazing. And also Jake's history is amazing. So you can start Jake, >>Wherever you take >>Your Yeah, sure. I'm Jake, I'm CEO and co-founder of Offset. Oted is the commercial entity behind Spice Dvy and Spice Dvy is a permission service. Cool. So a permission service is something that lets developers and let's platform teams really unlock the full potential of their applications. So a lot of people get stuck on My R back isn't flexible enough. How do I do these fine grain things? How do I do these complex sharing workflows that my product manager thinks is so important? And so our service enables those platform teams and developers to do those kinds of things. >>What's your, what's your infrastructure? What's your setup look like? What, how are you guys looking like on the back end? >>Sure. Yeah. So we're obviously built on top of Kubernetes as well. One of the reasons that we're here. So we use Kubernetes, we use Kubernetes operators to orchestrate everything. And then we use, use Cockroach TV as our production data store, our production backend data store. >>So I'm curious, cause I love when these little matchmakers come together. You said you've now been presenting on a little bit of a road show, which is very exciting. Lisa, how are you and the team surfacing stories like Jakes, >>Well, I mean any, any place we can obviously all the social medias, all the blogs, How >>Are you finding it though? >>How, how did you Oh, like from our customers? Yeah, we have an open source version so people start to use us a long time before we even sometimes know about them. And then they'll come to us and they'll be like, I love Cockroach, and like, tell me about it. Like, tell me what you build and if it's interesting, you know, we'll we'll try to give it some light. And it's always interesting to me what people do with it because it's an interesting technology. I like what they've done with it. I mean the, the fact that it's globally distributed, right? That was like a really important thing to you. Totally. >>Yeah. We're also long term fans of Cockroach, so we actually all work together out of Workbench, which was a co-working space and investor in New York City. So yeah, we go way back. We knew the founders. I, I'm constantly saying like if I could have invested early in cockroach, that would've been the easiest check I could have ever signed. >>Yeah, that's awesome. And then we've been following that too and you guys are now using them, but folks that are out there looking to have the, the same challenges, what are the big challenges on selecting the database? I mean, as you know, the history of Cockroach and you're originating the story, folks out there might not know and they're also gonna choose a database. What's the, what's the big challenge that they can solve that that kind of comes together? What, what would you describe that? >>Sure. So we're, as I said, we're a permission service and per the data that you store in a permission service is incredibly sensitive. You need it to be around, right? You need it to be available. If the permission service goes down, almost everything else goes down because it's all calling into the permission service. Is this user allowed to do this? Are they allowed to do that? And if we can't answer those questions, then our customer is down, right? So when we're looking at a database, we're looking for reliability, we're looking for durability, disaster recovery, and then permission services are one of the only services that you usually don't shard geographically. So if you look at like AWS's iam, that's a global service, even though the individual things that they run are actually sharded by region. So we also needed a globally distributed database with all of those other properties. So that's what led us >>To, this is a huge topic. So man, we've been talking about all week the cloud is essentially distributed database at this point and it's distributed system. So distributed database is a hot topic, totally not really well reported. A lot of people talking about it, but how would you describe this distributed trend that's going on? What are the key reasons that they're driving it? What's making this more important than ever in your mind, in your opinion? >>I mean, for our use case, it was just a hard requirement, right? We had to be able to have this global service. But I think just for general use cases, a distributed database, distributed database has that like shared nothing architecture that allows you to kind of keep it running and horizontally scale it. And as your requirements and as your applications needs change, you can just keep adding on capacity and keep adding on reliability and availability. >>I'd love to get both of your opinion. You've been talking about the, the, the, the phases of customers, the advanced got Kubernetes going crazy distributed, super alpha geek. Then you got the, the people who are building now, then you got the lagers who are coming online. Where do you guys see the market now in terms of, I know the Alphas are all building all the great stuff and you guys had great success with all the top logos and they're all doing hardcore stuff. As the mainstream enterprise comes in, where's their psychology, what's on their mind? What's, you share any insight into your perspective on that? Because we're seeing a lot more of it folks becoming like real cloud players. >>Yeah, I feel like in mainstream enterprise hasn't been lagging as much as people think. You know, certainly there's been pockets in big enterprises that have been looking at this and as distributed sequel, it gives you that scalability that it's absolutely essential for big enterprises. But also it gives you the, the multi-region, you know, the, you have to be globally distributed. And for us, for enterprises, you know, you need your data near where the users are. I know this is hugely important to you as well. So you have to be able to have a multi-region functionality and that's one thing that distributed SQL lets you build and that what we built into our product. And I know that's one of the things you like too. >>Yeah, well we're a brand new product. I mean we only founded the company two years ago, but we're actually getting inbound interest from big enterprises because we solve the kinds of challenges that they have and whether, I mean, most of them already do have a cockroach footprint, but whether they did or didn't, once they need to bring in our product, they're going to be adopting cockroach transitively anyway. >>So, So you're built on top of Cockroach, right? And Spice dv, is that open source or? >>It >>Is, yep. Okay. And explain the role of open source and your business model. Can you take a minute to talk about the relevance of that? >>Yeah, open source is key. My background is, before this I was at Red Hat. Before that we were at CoreOS, so CoreOS acquisition and before that, >>One of the best acquisitions that ever happened for the value. That was a great, great team. Yeah, >>We, we, we had fun and before that we built Qua. So my co-founders and I, we built Quay, which is a, a first private docker registry. So CoreOS and, and all of those things are all open source or deeply open source. So it's just in our dna. We also see it as part of our go-to market motion. So if you are a database, a lot of people won't even consider what you're doing without being open source. Cuz they say, I don't want to take a, I don't want to, I don't want to end up in an Oracle situation >>Again. Yeah, Oracle meaning they go, you get you locked in, get you in a headlock, Increase prices. >>Yeah. Oh yeah, >>Can, can >>I got triggered. >>You need to talk about your PTSD there >>Or what. >>I mean we have 20,000 stars on GitHub because we've been open and transparent from the beginning. >>Yeah. And it >>Well, and both of your projects were started based on Google Papers, >>Right? >>That is true. Yep. And that's actually, so we're based off of the Google Zans of our paper. And as you know, Cockroach is based off of the Google Span paper and in the the Zanzibar paper, they have this globally distributed database that they're built on top of. And so when I said we're gonna go and we're gonna make a company around the Zabar paper, people would go, Well, what are you gonna do for Span? And I was like, Easy cockroach, they've got us covered. >>Yeah, I know the guys and my friends. Yeah. So the question is why didn't you get into the first round of Cockroach? She said don't answer that. >>The question he did answer though was one of those age old arguments in our community about pronunciation. We used to argue about Quay, I always called it Key of course. And the co-founder obviously knows how it's pronounced, you know, it's the et cd argument, it's the co cuddl versus the control versus coo, CTL Quay from the co-founder. That is end of argument. You heard it here first >>And we're keeping it going with Osted. So awesome. A lot of people will say Zeed or, you know, so we, we just like to have a little ambiguity >>In the, you gotta have some semantic arguments, arm wrestling here. I mean, it keeps, it keeps everyone entertained, especially on the over the weekend. What's, what's next? You got obviously Kubernetes in there. Can you explain the relationship between Kubernetes, how you're handling Spice dv? What, what does the Kubernetes piece fit in and where, where is that going to be going? >>Yeah, great question. Our flagship product right now is a dedicated, and in a dedicated, what we're doing is we're spinning up a single tenant Kubernetes cluster. We're installing all of our operator suite, and then we're installing the application and running it in a single tenant fashion for our customers in the same region, in the same data center where they're running their applications to minimize latency. Because of this, as an authorization service, latency gets passed on directly to the end user. So everybody's trying to squeeze the latency down as far as they can. And our strategy is to just run these single tenant stacks for people with the minimal latency that we can and give them a VPC dedicated link very similar to what Cockroach does in their dedicated >>Product. And the distributed architecture makes that possible because it's lighter way, it's not as heavy. Is that one of the reasons? >>Yep. And Kubernetes really gives us sort of like a, a level playing field where we can say, we're going going to take the provider, the cloud providers Kubernetes offering, normalize it, lay down our operators, and then use that as the base for delivering >>Our application. You know, Jake, you made me think of something I wanted to bring up with other guests, but now since you're here, you're an expert, I wanna bring that up, but talk about Super Cloud. We, we coined that term, but it's kind of multi-cloud, is that having workloads on multiple clouds is hard. I mean there are, they are, there are workloads on, on clouds, but the complexity of one clouds, let's take aws, they got availability zones, they got regions, you got now data issues in each one being global, not that easy on one cloud, nevermind all clouds. Can you share your thoughts on how you see that progression? Because when you start getting, as its distributed database, a lot of good things might come up that could fit into solving the complexity of global workloads. Could you share your thoughts on or scoping that problem space of, of geography? Yeah, because you mentioned latency, like that's huge. What are some of the other challenges that other people have with mobile? >>Yeah, absolutely. When you have a service like ours where the data is small, but very critical, you can get a vendor like Cockroach to step in and to fill that gap and to give you that globally distributed database that you can call into and retrieve the data. I think the trickier issues come up when you have larger data, you have huge binary blobs. So back when we were doing Quay, we wanted to be a global service as well, but we had, you know, terabytes, petabytes of data that we were like, how do we get this replicated everywhere and not go broke? Yeah. So I think those are kind of the interesting issues moving forward is what do you do with like those huge data lakes, the huge amount of data, but for the, the smaller bits, like the things that we can keep in a relational database. Yeah, we're, we're happy that that's quickly becoming a solved >>Problem. And by the way, that that data problem also is compounded when the architecture goes to the edge. >>Totally. >>I mean this is a big issue. >>Exactly. Yeah. Edge is something that we're thinking a lot about too. Yeah, we're lucky that right now the applications that are consuming us are in a data center already. But as they start to move to the edge, we're going to have to move to the edge with them. And it's a story that we're gonna have to figure out. >>All right, so you're a customer cockroach, what's the testimonial if I put you on the spot, say, hey, what's it like working with these guys? You know, what, what's the, what's the, you know, the founders, so you know, you give a good description, little biased, but we'll, we'll we'll hold you on it. >>Yeah. Working with Cockroach has been great. We've had a couple things that we've run into along the way and we've gotten great support from our account managers. They've brought in the right technical expertise when we need it. Cuz what we're doing with Cockroach is not you, you couldn't do it on Postgres, right? So it's not just a simple rip and replace for us, we're using all of the features of Cockroach, right? We're doing as of system time queries, we're doing global replication. We're, you know, we're, we're consuming it all. And so we do need help from them sometimes and they've been great. Yeah. >>And that's natural as they grow their service. I mean the world's changing. >>Well I think one of the important points that you mentioned with multi-cloud, we want you to have the choice. You know, you can run it in in clouds, you can run it hybrid, you can run it OnPrem, you can do whatever you want and it's just, it's one application that you can run in these different data centers. And so really it's up to you how do you want to build your infrastructure? >>And one of the things we've been talking about, the super cloud concept that we've been issue getting a lot of contrary, but, but people are leaning into it is that it's the refactoring and taking advantage of the services. Like what you mentioned about cockroach. People are doing that now on cloud going the lift and shift market kind of had it time now it's like hey, I can start taking advantage of these higher level services or capability of someone else's stack and refactoring it. So I think that's a dynamic that I'm seeing a lot more of. And it sounds like it's working out great in this situation. >>I just came from a talk and I asked them, you know, what don't you wanna put in the cloud and what don't you wanna run in Kubernetes or on containers and good Yeah. And the customers that I was on stage with, one of the guys made a joke and he said I would put my dog in a container room. I could, he was like in the category, which is his right, which he is in the category of like, I'll put everything in containers and these are, you know, including like mis critical apps, heritage apps, since they don't wanna see legacy anymore. Heritage apps, these are huge enterprises and they wanna put everything in the cloud. Everything >>You so want your dog that gets stuck on the airplane when it's on the tarmac. >>Oh >>God, that's, she was the, don't take that analogy. Literally don't think about that. Well that's, >>That's let's not containerize. >>There's always supply chain concern. >>It. So I mean going macro and especially given where we are cncf, it's all about open source. Do y'all think that open source builds a better future? >>Yeah and a better past. I mean this is, so much of this software is founded on open source. I, we wouldn't be here really. I've been in open source community for many, many years so I wouldn't say I'm biased. I would say this is how we build software. I came from like in a high school we're all like, oh let's build a really cool application. Oh you know what? I built this cuz I needed it, but maybe somebody else needs it too. And you put it out there and that is the ethos of Silicon Valley, right? That's where we grew up. So I've always had that mindset, you know, and social coding and why I have three people, right? Working on the same thing when one person you could share it's so inefficient. All of that. Yeah. So I think it's great that people work on what they're really good at. You know, we all, now you need some standardization, you need some kind of control around this whole thing. Sometimes some foundations to, you know, herd the cats. Yeah. But it's, it's great. Which is why I'm a c CF ambassador and I spend a lot of time, you know, in my free time talking about open source. Yeah, yeah. >>It's clear how passionate you are about it. Jake, >>This is my second company that we founded now and I don't think either of them could have existed without the base of open source, right? Like when you look at I have this cool idea for an app or a company and I want to go try it out, the last thing I want to do is go and negotiate with a vendor to get like the core data component. Yeah. To even be able to get to the >>Prototypes. NK too, by the way. Yeah. >>Hey >>Nk >>Or hire, you know, a bunch of PhDs to go and build that core component for me. So yeah, I mean nobody can argue that >>It truly is, I gotta say a best time if you're a developer right now, it's awesome to be a developer right now. It's only gonna get better. As we were riff from the last session about productivity, we believe that if you follow the digital transformation to its conclusion, developers and it aren't a department serving the business, they are the business. And that means they're running the show, which means that now their entire workflow is gonna change. It's gonna be have to be leveraging services partnering. So yeah, open source just fills that. So the more code coming up, it's just no doubt in our mind that that's go, that's happening and will accelerate. So yeah, >>You know, no one company is gonna be able to compete with a community. 50,000 users contributing versus you riding it yourself in your garage with >>Your dogs. Well it's people driven too. It's humans not container. It's humans working together. And here you'll see, I won't say horse training, that's a bad term, but like as projects start to get traction, hey, why don't we come together as, as the world starts to settle and the projects have traction, you start to see visibility into use cases, functionality. Some projects might not be, they have to kind of see more kind >>Of, not every feature is gonna be development. Oh. So I mean, you know, this is why you connect with truly brilliant people who can architect and distribute sequel database. Like who thought of that? It's amazing. It's as, as our friend >>You say, Well let me ask you a question before we wrap up, both by time, what is the secret of Kubernetes success? What made Kubernetes specifically successful? Was it timing? Was it the, the unambitious nature of it, the unification of it? Was it, what was the reason why is Kubernetes successful, right? And why nothing else? >>Well, you know what I'm gonna say? So I'm gonna let Dave >>First don't Jake, you go first. >>Oh boy. If we look at what was happening when Kubernetes first came out, it was, Mesosphere was kind of like the, the big player in the space. I think Kubernetes really, it had the backing from the right companies. It had the, you know, it had the credibility, it was sort of loosely based on Borg, but with the story of like, we've fixed everything that was broken in Borg. Yeah. And it's better now. Yeah. So I think it was just kind and, and obviously people were looking for a solution to this problem as they were going through their containerization journey. And I, yeah, I think it was just right >>Place, the timing consensus of hey, if we just let this happen, something good might come together for everybody. That's the way I felt. I >>Think it was right place, right time, right solution. And then it just kind of exploded when we were at Cores. Alex Povi, our ceo, he heard about Kubernetes and he was like, you know, we, we had a thing called Fleet D or we had a tool called Fleet. And he's like, Nope, we're all in on Kubernetes now. And that was an amazing Yeah, >>I remember that interview. >>I, amazing decision. >>Yeah, >>It's clear we can feel the shift. It's something that's come up a lot this week is is the commitment. Everybody's all in. People are ready for their transformation and Kubernetes is definitely gonna be the orchestrator that we're >>Leveraging. Yeah. And it's an amazing community. But it was, we got lucky that the, the foundational technology, I mean, you know, coming out of Google based on Go conferences, based on Go, it's no to coincidence that this sort of nature of, you know, pods horizontally, scalable, it's all fits together. I does make sense. Yeah. I mean, no offense to Python and some of the other technologies that were built in other languages, but Go is an awesome language. It's so, so innovative. Innovative things you could do with it. >>Awesome. Oh definitely. Jake, I'm very curious since we learned on the way and you are a Detroit native? >>I am. Yep. I grew up in the in Warren, which is just a suburb right outside of Detroit. >>So what does it mean to you as a Michigan born bloke to be here, see your entire community invade? >>It is, I grew up coming to the Detroit Auto Show in this very room >>That brought me to Detroit the first time. Love n a I a s. Been there with our friends at Ford just behind us. >>And it's just so interesting to me to see the accumulation, the accumulation of tech coming to Detroit cuz it's really not something that historically has been a huge presence. And I just love it. I love to see the activity out on the streets. I love to see all the restaurants and coffee shops full of people. Just, I might tear up. >>Well, I was wondering if it would give you a little bit of that hometown pride and also the joy of bringing your community together. I mean, this is merging your two probably most core communities. Yeah, >>Yeah. Your >>Youth and your, and your career. It doesn't get more personal than that really. Right. >>It's just been, it's been really exciting to see the energy. >>Well thanks for going on the queue. Thanks for sharing. Appreciate it. Thanks >>For having us. Yeah, thank you both so much. Lisa, you were a joy of ball of energy right when you walked up. Jake, what a compelling story. Really appreciate you sharing it with us. John, thanks for the banter and the fabulous questions. I'm >>Glad I could help out. >>Yeah, you do. A lot more than help out sweetheart. And to all of you watching the Cube today, thank you so much for joining us live from Detroit, the Cube Studios. My name is Savannah Peterson and we'll see you for our event wrap up next.

(upbeat music) >> Welcome back to Fal.Con 2022. My name is Dave Vallante. We're here with my co-host Dave Nicholson. On the last earnings call George Kurts made a really big emphasis on the relationship with managed service providers. CrowdStrike has announced a new service provider capability. The powered service provider program. Jason Cook is here. He is the president of cyber defense labs. He's joined by Mike Riolo. Who's the vice president of global system integrators and service providers at CrowdStrike gents. Welcome to TheCube. Good to see you. >> Thank you very much. >> Thank you >> Jason, tell us about cyber defense labs. What do you guys do? Give us the bumper sticker, please. >> Cyber defense labs uses the best technology in the world to put together services that help protect our clients >> Simple. Like it. What's XDR? (people laughing) >> I've not heard of that before, sorry. >> So Mike, we've seen the rise of service providers. I saw a stat, I don't know, six, seven months ago that 50% of us companies don't even have a SOC. We're talking about mid to large companies. So service providers are crucial. What's the CrowdStrike powered service provider program all about? >> Well, it's an evolution for us. We've been dealing with this market for some time. And the idea is, is like how do we expand the opportunity to stop reaches? I mean, that's what it's all about. Like how more routes to market, more partners like cyber defense labs that can really go in and bring our technology coupled with their services to power their offerings to their customers and just help us reach every end user out there, to stop reaches. >> So Jason, how do you guys differentiate? Cause I see, you know, as an analyst, I'll look back, I'll read the press releases and they'll see, okay. They just look so similar. So how do you differentiate from the competition? What do you tell customers? >> So when it comes to our selection of technology we test it, we work it, we literally put it into real world situations with our clients. And then we differentiate ourselves with expert services. It's a white glove service from us. We embed ourselves right in with our clients. That's why we call 'em our client partners. And they see us as part of their team and extension of their team. They don't have the time to play with technology and work out what's best. They don't know the time to select it or even then the expertise to use it effectively in the environment. So that's where the trust comes in with us. And then for us, likewise, we are the technology provider such as CrowdStrick, we need to know the technology works and it does what it says. >> I always ask CISOs; What's your number one challenge? And they'll say lack of talent. The only time I didn't get that answer was at... The Mongo DB CISO at reinforced. I'm like yeah, it's cause you're Mongo, I guess reinforced or AWS doesn't have the same problem, but do you... Obviously you see that problem. And you compliment that, is that a fair? >> Yeah, absolutely. Many, many companies mid-market enterprises are really struggling to find talent and then retain the talent. So for us where that's all we are about and then we are there to enable your business to do what your business does. It is just working and I think more and more so you're going to see an industry clearly CrowdStrike's going in that direction. That it's the service provider that becomes a critical element of that trusted circle. >> Does that translate into a market segment by size of organization typically or? You mentioned the ever never ending quest for talent which is critical regardless of size but what does your target market look like? >> So I, I think the biggest gap in the market frankly, is still the mid-market. Many smaller companies still are really just struggling with 'what is the problem.' At least in the mid-market, in the enterprises they really beginning to understand the problem and want to invest and lean in. And here's the irony. They now want to partner to solve the problem cause they recognize they can't do it on their own. >> So Mike, what are the critical aspects of this program? I mean, got the press release out there, but put some meat on the bone for us. >> So if you look at what we were doing to enable managed service providers to go in and, and be powered by CrowdStrike before it was in a corporate market segment it was a specific set of product from us to really enable MDR, you know, sort of that, that generation of services that a lot of customers looked at MSPs for. And what the big message about this is is we are now expanding that. We're taking it out of corporate, we're going upmarket, we're going enterprise. We can leverage partners like cyber defense labs to package our software into their offering and help them power them more than just endpoint. Right? We've had a lot of exciting announcements and probably more to come around identity, you know XDR, the new buzz, right? Like what does it mean? And in, if you look at our approach, it's a very platform centric approach and that's something that partners can monetize. That's something that partners can really help clients grow with is that it's not just about endpoint. It's more about how do I make sure that I'm in a position with a partner that allows me to grow as a market decides it's necessary. So things like identity, cloud on and on and on, that we're investing in and continuing to grow. We are making that available to the CrowdStrike powered service about our marketplace. >> So Jason, service providers historically outsourcing, okay. And it used to be a lot of; 'okay, you know, I'll take over your mess for less kind of thing.' Right? And so the pattern was you would have one of everything and then, that limited your scale. The bigger you got, you had this economies of scale. So am I hearing that, like how do you partner with CrowdStrike? Are you kind of standardizing on that platform or not necessarily cause you have to be agnostic. What's your posture on that? >> So there's a level of, you have to be technology agnostic. We pride ourselves in just using the best technology that's out there. But at the same time, very much with the Fal.Con platform they're building out and maturing in a way that's making significant risk mitigation abilities for a solution provider like us to say we'll take one of those, one of those and put our service around it because that's the best fit service to reduce the risk of this particular client. And having that flexibility for us to do that really allows us then to stay within the same sort of product suite rather than going outside when integration is still one of the biggest challenges that you have. >> So you're one of those organizations that's consolidating a bevy of point tools. Is that right? I mean, you're going through that transformation now. Have you already gone through that? What's your journey look like there? >> Oh, we help companies do that. That's how they mitigate and reduce their risk. >> Okay. But you're using tools as, as well. Are you not? So I mean, you've got to also I mean you're like an extension of those clients. >> Absolutely. So it comes down to a lot of the time do you have the right team? We have a team of experts that deliver expert services. You get to a level of skillset and experience, which goes what's just the best tool out there. And it becomes that's our insight. So one of the reasons why we like the Fal.Con product is because regardless of what the mess is, that's happening you can rapidly deploy stuff to make a difference. And then you then work out how to fix the mess which is quite a change from how traditionally things are done, which is let's analyze the problem. Let's look at options around it. And by the time you've done that time has passed and you can't afford to just allow time to pass these days. So having the right technology allows you to rapidly deploy. Of course, we use what we sell. So we are proud to say that we use a number of the Fal.Con products to protect ourselves and consolidate onto that technology as we then offer that out as a service to our clients. >> So Mike, I'm thinking about the program in general and specifically how you are implementing this program thinking about the path to bringing the customer on board. There are a finite number of strategic seats at any customer's table. So who is at the customer's table? Is it CDL saying; 'Hey, I'm going to bring in my folks from CrowdStrike to have a conversation with you.' Is it CrowdStrike saying; 'Hey, it looks like a service provider might be the best solution for you. Let's go talk to CDL.' How does that work? >> It's a great question. And I think we talk a lot about how there's a gap in people to support cyber efforts inside of companies. But we don't talk about the gap in like experts that can go in and actually sit down with CISOs, with CIOs, with CFOs. And so for us, like it's all about the flexibility. It's it's what do you need in the moment? Because at the end of the day, it comes down to the people. If Jason has a great trusted relationship, he's like; 'Hey I just need some content.' 'Help me push why we're powered by CrowdStrike in this moment.' Great, go run. If we have an opportunity where we know that cyber defense labs has a presence then we go in together, right? Like that flexibility is there. We've done a lot. When you build a program like this, like it's easy to tell the market what they need. It's easy to tell everybody, but it's also you're looking at a cultural shift and how CrowdStrike goes to market, right? Like this is all about how do we get every possible route to market to stop reaches for customers of all size. >> I would echo that. there's three ways that that's working for our two companies at the moment. Many times a lot of the relationships that we have are trusted advisor at the owner or board level of these mid-market and enterprise companies. They're looking to ask for a number of things. And one of the things that we then say is, Hey for your technology roadmap, hey we want to bring in co-present coded us, co-discuss co-strategize with you what your roadmap is. And so we often bring CrowdStrike into the conversations that cyber defense lab is having at the board level. Then on the other side, CrowdStrike obviously has a significant sales force and trusted advisors. They go in with the product and then it's apparent that the you know, the client wants way more than just the product. They say, this is great. I love it. I've made my decision, but I can't operate it effectively. And so we then get pulled in from that perspective >> You get to all the time from product companies, right? It's like, okay, now what? How do I do this? And you go, oh, I'll call somebody. So this is going to accelerate. You go to market. >> Well, and everybody looks at it like, you know how does your sales play with their sales, right? Everyone's going after the same thing. And I'm, you know, that's important, but you have to look at CrowdStrike as more than sales, right? We have an amazing threat intel group that are helping clients understand the risk factors and what bad people are trying to do to them. We can bring so many experts to the side of a cyber defense labs in, in that realm. You know, we've been doing this a long time. >> This is what's interesting to me when I think about your threat hunting, because you guys are experts and you guys are experts. But the... Correct me if I'm wrong. But the advantage I see at the CrowdStrike has is your cloud platform allows you to have such a huge observation space. You got a ton of data and you bring that to the relationship as well and then you benefit from that? >> It's two way. It's absolutely two way. CrowdStrike has a whole bunch of experts and expertise in this space. So do cyber defense labs. We call it for us because we're providing a service to multiple clients. Many of them have a global presence. We call it our global threat view. And absolutely we are exchanging real time threat telemetry data with, with our friends at CrowdStrike Which is impacting the value that we have and the ability to respond extremely quickly when something's happening to one of our clients. >> Well, I just add to that, you know if you look at all of our alliances, right? We've got solution providers, tech reliant, everything. The one thing that's really interesting about the CrowdStrike powered service provider program; it lives in alliances, It's a partnership program, but they're our customer. They have chosen to standardize on our platform, right. To help drive the best results for their customers. And so we treat them like a partner because it's not for internal use. There's unlimited aspect to it. And so as that treating like partnership we have to enable them with more than just product. Right? We want to bring the right experts. We want to bring the right, you know, vision of where the market's going the threats out there, things of that nature. And that's something that we do every day with you guys. >> And it was even expressed earlier with the keynote speech that George gave. Look there's an ecosystem of very good technologies, very good providers. And there there's that sort of friend-of-me view here. You put the best thing together for the client at the end of the day. And if we all acknowledge, which I think is the maturity of our partnership, that one plus one equals, I always say at 51 now, if you play it right, then the partner sees... That the client sees the value of the partnership. And so they want more of that. >> So it sounds like... We got to wrap, but I wonder if we could close on this. It sounds like this was happening just organically in the field. Now you've codified it. So my question to each of you is; What's your vision for the future? Where do you guys want to take this thing? >> What a wrap question right there. I love it. Honestly, like we look at it in... Look at what does it mean to be a CrowdStrike powered service provider. It is more than just the platform. It's the program in general, offering them tools to go in and do early assessments. One thing about service providers, they're in there before vendors, right? We're still a vendor at the end of the day. And so they have that relationship, like how do we enable them to leverage our platform leverage our tools, leverage our programs in order to help a client understand, like, what is your risk factor Could a breach come, things of that nature. And so it's really building in really enabling a partner like cyber defense labs to take on the full suite of programs, services, platform that we can provide to them as a customer, treated them like a partner. >> And Jason, from your perspective, bring us on if you would. >> So our partnership with CrowdStrike is really enabling cyber defense labs to increase our share of wallet, our presence in very specific market segments; The mid-market to enterprise especially around banking, financial services auto dealerships, healthcare, manufacturing, where last year we saw a significant progress there. And we think we're going to double it between this year and next year. >> Jason Cook, Mike Riolo. thanks for coming in TheCube. Great story. >> Thank you for having us >> Alright, thank you for watching. Keep it right there. Dave Vallante and Dave Nicholson will be back right after this short break from Fal.Con 22. You're watching TheCube. (soft electronic music)

>> (bright music) >> Narrator: The Cube, presents Kubecon and Cloudnativecon, year of 2022, brought to you by Red Hat, the cloud native computing foundation and its ecosystem partners. >> Now what we're opening. Welcome to Valencia, Spain in Kubecon Cloudnativecon, Europe, 2022. I'm Keith Townsend, along with my host, Paul Gillin, who is the senior editor for architecture at Silicon angle, Paul. >> Keith you've been asking me questions all these last two days. Let me ask you one. You're a traveling man. You go to a lot of conferences. What's different about this one. >> You know what, we're just talking about that pre-conference, open source conferences are usually pretty intimate. This is big. 7,500 people talking about complex topics, all in one big area. And then it's, I got to say it's overwhelming. It's way more. It's not focused on a single company's product or messaging. It is about a whole ecosystem, very different show. >> And certainly some of the best t-shirts I've ever seen. And our first guest, Jim has one of the better ones. >> I mean a bit cockroach come on, right. >> Jim Walker, principal product evangelist at CockroachDB and Christian Huning, tech director of cloud technologies at Finleap Connect, a financial services company that's based out of Germany, now offering services in four countries now. >> Basically all over Europe. >> Okay. >> But we are in three countries with offices. >> So you're CockroachDB customer and I got to ask the obvious question. Databases are hard and started the company in 2015 CockroachDB, been a customer since 2019, I understand. Why take the risk on a four year old database. I mean that just sounds like a world of risk and trouble. >> So it was in 2018 when we joined the company back then and we did this cloud native transformation, that was our task basically. We had very limited amount of time and we were faced with a legacy infrastructure and we needed something that would run in a cloud native way and just blend in with everything else we had. And the idea was to go all in with Kubernetes. Though early days, a lot of things were alpha beta, and we were running on mySQL back then. >> Yeah. >> On a VM, kind of small setup. And then we were looking for something that we could just deploy in Kubernetes, alongside with everything else. And we had to stack and we had to duplicate it many times. So also to maintain that we wanted to do it all the same like with GitOps and everything and Cockroach delivered that proposition. So that was why we evaluate the risk of relatively early adopting that solution with the proposition of having something that's truly cloud native and really blends in with everything else we do in the same way was something we considered, and then we jumped the leap of faith and >> The fin leap of faith >> The fin leap of faith. Exactly. And we were not dissatisfied. >> So talk to me a little bit about the challenges because when we think of MySQL, MySQL scales to amazing sizes, it is the de facto database for many cloud based architectures. What problems were you running into with MySQL? >> We were running into the problem that we essentially, as a finTech company, we are regulated and we have companies, customers that really value running things like on-prem, private cloud, on-prem is a bit of a bad word, maybe. So it's private cloud, hybrid cloud, private cloud in our own data centers in Frankfurt. And we needed to run it in there. So we wanted to somehow manage that and with, so all of the managed solution were off the table, so we couldn't use them. So we needed something that ran in Kubernetes because we only wanted to maintain Kubernetes. We're a small team, didn't want to use also like full blown VM solution, of sorts. So that was that. And the other thing was, we needed something that was HA distributable somehow. So we also looked into other solutions back at the time, like Vitis, which is also prominent for having a MySQL compliant interface and great solution. We also got into work, but we figured, this is from the scale, and from the sheer amount of maintenance it would need, we couldn't deliver that, we were too small for that. So that's where then Cockroach just fitted in nicely by being able to distribute BHA, be resilient against failure, but also be able to scale out because we had this problem with a single MySQL deployment to not really, as it grew, as the data amounts grew, we had trouble to operatively keep that under control. >> So Jim, every time someone comes to me and says, I have a new database, I think we don't need it, yet another database. >> Right. >> What problem, or how does CockroachDB go about solving the types of problems that Christian had? >> Yeah. I mean, Christian laid out why it exists. I mean, look guys, building a database isn't easy. If it was easy, we'd have a database for every application, but you know, Michael Stonebraker, kind of godfather of all database says it himself, it takes seven, eight years for a database to fully gestate to be something that's like enterprise ready and kind of, be relied upon. We've been billing for about seven, eight years. I mean, I'm thankful for people like Christian to join us early on to help us kind of like troubleshoot and go through some things. We're building a database, it's not easy. You're right. But building a distributor system is also not easy. And so for us, if you look at what's going on in just infrastructure in general, what's happening in Kubernetes, like this whole space is Kubernetes. It's all about automation. How do I automate scale? How do I automate resilience out of the entire equation of what we're actually doing? I don't want to have to think about active passive systems. I don't want to think about sharding a database. Sure you can scale MySQL. You know, how many people it takes to run three or four shards of MySQL database. That's not automation. And I tell you what, this world right now with the advances in data how hard it is to find people who actually understand infrastructure to hire them. This is why this automation is happening, because our systems are more complex. So we started from the very beginning to be something that was very different. This is a cloud native database. This is built with the same exact principles that are in Kubernetes. In fact, like Kubernetes it's kind of a spawn of borg, the back end of Google. We are inspired by Spanner. I mean, this started by three engineers that worked at Google, are frustrated, they didn't have the tools, they had at Google. So they built something that was, outside of Google. And how do we give that kind of Google like infrastructure for everybody. And that's, the advent of Cockroach and kind of why we're doing, what we're doing. >> As your database has matured, you're now beginning a transition or you're in a transition to a serverless version. How are you doing that without disrupting the experience for existing customers? And why go serverless at all? >> Yeah, it's interesting. So, you know, serverless was, it was kind of a an R&D project for us. And when we first started on a path, because I think you know, ultimately what we would love to do for the database is let's not even think about database, Keith. Like, I don't want to think about the database. What we're building too is, we want a SQL API in the cloud. That's it. I don't want to think about scale. I don't want to think about upgrades. I literally like. that stuff should just go away. That's what we need, right. As developers, I don't want to think about isolation levels or like, you know, give me DML and I want to be able to communicate. And for us the realization of that vision is like, if we're going to put a database on the planet for everybody to actually use it, we have to be really, really efficient. And serverless, which I believe really should be infrastructure less because I don't think we should be thinking of just about service. We got to think about, how do I take the context of regions out of this thing? How do I take the context of cloud providers out of what we're talking about? Let's just not think about that. Let's just code against something. Serverless was the answer. Now we've been building for about a year and a half. We launched a serverless version of Cockroach last October and we did it so that everybody in the public could have a free version of a database. And that's what serverless allows us to do. It's all consumption based up to certain limits and then you pay. But I think ultimately, and we spoke a little bit about this at the very beginning. I think as ISVs, people who are building software today the serverless vision gets really interesting because I think what's on the mind of the CTO is, how do I drive down my cost to the cloud provider? And if we can basically, drive down costs through either making things multi-tenant and super efficient, and then optimizing how much compute we use, spinning things down to zero and back up and auto scaling these sort of things in our software. We can start to make changes in the way that people are thinking about spend with the cloud provider. And ultimately we did that, so we could do things for free. >> So, Jim, I think I disagree Christian, I'm sorry, Jim. I think I disagree with you just a little bit. Christian, I think the biggest challenge facing CTOs are people. >> True. >> Getting the people to worry about cost and spend and implementation. So as you hear the concepts of CoachDB moving to a serverless model, and you're a large customer how does that make you think or react to your people side of your resources? >> Well, I can say that from the people side of resources luckily Cockroach is our least problem. So it just kind of, we always said, it's an operator stream because that was the part that just worked for us, so. >> And it's worked as you have scaled it? without you having ... >> Yeah. I mean, we use it in a bit of a, we do not really scale out like the Cockroach, like really large. It's like, more that we use it with the enterprise features of encryption in the stack and our customers then demand. If they do so, we have the Zas offering and we also do like dedicated stacks. So by having a fully cloud native solution on top of Kubernetes, as the foundational layer we can just use that and stamp it out and deploy it. >> How does that translate into services you can provide your customers? Are there services you can provide customers that you couldn't have, if you were running, say, MySQL? >> No, what we do is, we run this, so the SAS offering runs in our hybrid private cloud. And the other thing that we offer is that we run the entire stack at a cloud provider of their choosing. So if they are an AWS, they give us an AWS account, we put it in there. Theoretically, we could then also talk about using the serverless variant, if they like so, but it's not strictly required for us. >> So Christian, talk to me about that provisioning process because if I had a MySQL deployment before I can imagine how putting that into a cloud native type of repeatable CICD pipeline or Ansible script that could be difficult. Talk to me about that. How CockroachDB enables you to create new onboarding experiences for your customers? >> So what we do is, we use helm charts all over the place as probably everybody else. And then each application team has their parts of services, they've packaged them to helm charts, they've wrapped us in a super chart that gets wrapped into the super, super chart for the entire stack. And then at the right place, somewhere in between Cockroach is added, where it's a dependency. And as they just offer a helm chart that's as easy as it gets. And then what the teams do is they have an inner job, that once you deploy all that, it would spin up. And as soon as Cockroach is ready it's just the same reconcile loop as everything. It will then provision users, set up database schema, do all that. And initialize, initial data sets that might be required for a new setup. So with that setup, we can spin up a new cluster and then deploy that stack chart in there. And it takes some time. And then it's done. >> So talk to me about life cycle management. Because when I have one database, I have one schema. When I have a lot of databases I have a lot of different schemas. How do you keep your stack consistent across customers? >> That is basically part of the same story. We have get offs all over the place. So we have this repository, we see the super helm chart versions and we maintain like minus three versions and ensure that we update the customers and keep them up to date. It's part of the contract sometimes, down to the schedule of the customer at times. And Cockroach nicely supports also, these updates with these migrations in the background, the schema migrations in the background. So we use in our case, in that integration SQL alchemy, which is also nicely supported. So there was also part of the story from MySQL to Postgres, was supported by the ORM, these kind of things. So the skill approach together with the ease of helm charts and the background migrations of the schema is a very seamless upgrade operations. Before that we had to have downtime. >> That's right, you could have online schema changes. Upgrading the database uses the same concept of rolling upgrades that you have in Kubernetes. It's just cloud native. It just fits that same context, I think. >> Christian: It became a no-brainer. >> Yeah. >> Yeah. >> Jim, you mentioned the idea of a SQL API in the cloud, that's really interesting. Why does such a thing not exist? >> Because it's really difficult to build. You know, SQL API, what does that mean? Like, okay. What I'm going to, where does that endpoint live? Is there one in California one on the east coast, one in Europe, one in Asia? Okay. And I'm asking that endpoint for data. Where does that data live? Can you control where data lives on the planet? Because ultimately what we're fighting in software today in a lot of these situations is the speed of light. And so how do you intelligently place data on this planet? So that, you know, when you're asking for data, when you're maybe home, it's a different latency than when you're here in Valencia. Does that data follow and move you? These are really, really difficult problems to solve. And I think that we're at that layer of, we're at this moment in time in software engineering, we're solving some really interesting, interesting things cause we are budding against this speed of light problem. And ultimately that's one of the biggest challenges. But underneath, it has to have all this automation like the ease at which we can scale this database like the always on resilient, the way that we can upgrade the entire thing with just rolling upgrades. The cloud native concepts is really what's enabling us to do things at global scale it's automation. >> Let's alk about that speed of light in global scale. There's no better conference for speed of light, for scale, than Kubecon. Any predictions coming out of the show? >> It's less a prediction for me and more of an observation, you guys. Like look at two years ago, when we were here in Barcelona at QCon EU, it was a lot of hype. It's a lot of hype, a lot of people walking around, curious, fascinated, this is reality. The conversations that I'm having with people today, there's a reality. There's people really doing, they're becoming cloud native. And to me, I think what we're going to see over the next two to three years is people start to adopt this kind of distributed mindset. And it permeates not just within infrastructure but it goes up into the stack. We'll start to see much more developers using, Go and these kind of the threaded languages, because I think that distributed mindset, if it starts at the chip all the way to the fingertip of the person clicking and you're distributed everywhere in between. It is extremely powerful. And I think that's what Finleap, I mean, that's exactly what the team is doing. And I think there's a lot of value and a lot of power in that. >> Jim, Christian, thank you so much for coming on the Cube and sharing your story. You know what we're past the hype cycle of Kubernetes, I agree. I was a nonbeliever in Kubernetes two, three years ago. It was mostly hype. We're looking at customers from Microsoft, Finleap and competitors doing amazing things with this platform and cloud native in general. Stay tuned for more coverage of Kubecon from Valencia, Spain. I'm Keith Townsend, along with Paul Gillin and you're watching the Cube, the leader in high tech coverage. (bright music)

>>Mm. Joining me is Aaron Suzuki, founder and CEO of Prowess. >>Aaron. Welcome. Thank you. Thanks so much for having me. >>Absolutely. Thanks for joining us. So let's dive right in. Tell us about prowess. >>Progress has been around for quite a while. We've been serving the technology industry from the very beginning, almost 20 years. We've always been able to bridge the gap between the story of the product and what it actually does. And a lot of times, there's a pretty fundamental disconnect between what engineering says and what marketing wants to claim. And so this is sort of how we got down this road of getting into testing and validation of products such as we do today quite quite extensively. And >>that's really what we're focusing on right now is this idea of your independence as a lab. And in this particular case, uh, it's a series of tests that you've done for, uh, you know, using Dell hardware combined with Broadcom cards. So talk a little more about that. About that the concept of independence and what that means. >>Yeah. You know, it's important to us that we stay vendor, agnostic, platform agnostic. Um, and there are a lot of things happening concurrently in the industry. A lot of people want to get a lot of work done really fast, and most customers are not sort of vendor exclusive. In fact, we're not sure we know of any. We always try to keep this objective point of view. That is to say that we don't allow our customers to buy results when we're doing quantitative testing. We really are out there trying to come up with a story or a narrative, and that really seemed to be The missing link in all of this is that there are the quantitative houses that do traditional benchmark testing on one side and then system integrators and kind of on the other extreme agencies. That would really do the narrative and the system integrator side build out a solution, but they wouldn't be able to tell you how it would perform. And so reconciling those two things really became challenging. So having a source that would be able to give you that insight that goes beyond just transactions, um, you know, per whatever unit of time and finding some of these metrics in between that we're more relevant to people's jobs. Where was really the inspiration for creating this unique practise that we call prowess? Labs? >>So, Erin, when I think about performance testing, uh, it's very easy to think of it from the perspective that it's a bunch of hardware slapped together in Iraq. You get some engineers, scientists to run some tests. Why prowess? What? What do you specifically bring to the table? That's meaningful? >>Performance testing is usually done in one of two ways, predominantly one way. It's a very academic approach, which says this specific benchmark test run this specific way gives us X. Another approach is more narrative in nature and more demonstrative. And there's this huge gap in between, and that's really what prowess labs exist to fulfil. >>So, Erin, give us an idea of the scale of prowess. How many of these projects have you worked on? How many how many customers have you worked with over >>over time? Um, we do this work with most of the leading global hardware and software manufacturers and a select number of emerging providers as well. So for us, you know, year to year dozens of projects of varying scope and scale. Various projects also running kind of programmatic form where we're kind of iterating constantly throughout the year. Um, so it's It's really a lot of fun for our team members to to do this. And some of them have been doing it for 10 or 12 years in continuity. >>Erin, Thanks for joining us to talk about practise today. >>My pleasure. Thanks for having me. Mhm. Yeah.

>>The cube presents, Dell technologies world brought to you by Dell. >>Welcome back to Dell tech world 2022. This is the cube alive. My name is Dave Volante. We're here with our wall to wall coverage. This is day two. We actually started last night. Uh, the, the cube after dark John furry is here. Lisa Martin, Dave Nicholson. We're gonna talk about apex. The business value of apex flex on demand. Darren fedora is here. He's the senior vice president of Dell financial services, and we're joined by a customer and a partner Jud Barron is R and D infrastructure architect at Silicon labs. And Steve end is the regional VP of copy center comp computer center. I say that like I'm from Boston guys. Welcome to the queue. >>Thank you, >>Darren, take us through what's going on with, with apex, you got custom solutions, you know, people are gonna ask, is this just a financial gimick? What is this? >>No gimmicks, no gimmicks, Dave. So I think when we think about technology, historically customers purchased, they bought and they owned and they may have financed it and paid over time, but it was really an ownership model, especially in infrastructure and apex is about subscription. So think about Dell apex, as you can either buy, or you can subscribe to your technology and under apex subscription, we have options for custom based solutions or an outcome base. And I know today we're gonna talk about flex on demand and, and custom based solutions. So it's a high level pay for what you use when you use it with a high level of choice and flexibility. All >>Right, Steve, I'm gonna ask you to play little >>Co-host all right. I like >>This. Okay. So add some color color commentary, Jud, tell us a little bit about, uh, Silicon labs. I'm really interested in what your requirements were, your challenges and kinda why you landed on, on apex. Sure. >>Uh, Silicon labs is a semiconductor company were headquartered in Austin, 10 Xs, uh, just under a billion dollars a year right now. And, uh, at any ed shop or, uh, that, that people who are doing electronic design automation, that's not just in the semiconductor industry, but we have these HPC farms who are running, you know, millions of jobs a day. And the, a balance that you have to strike when you're doing capacity planning in one of these environments is we have these things called tape outs, and that's where we're finishing a project and there's a much higher volume of jobs that we have to run and you have to decide, do we buy for peak or do we, you know, come under that some amount and say, oh, we're gonna buy 80% of what we think >>As an over, over, over under, right. Do we over buy for peak normally, right, correct. Right >>Hard. One is geo Overy the under buy. It's always a hard decision. >>There's a tradeoff. Right? And, and so the, the challenge there is that you'll end up kind of linking the time and potentially miss a tape out window. And there's costs associated with that because you work with the Foundry and you kind of schedule based off that tape out when you're gonna deliver the photo mask to them. So anyway, the point is we in the past using a traditional like camp X, we're gonna buy a bunch of servers. We, we tend to undershoot whatever our peaks are. Cause we may have a peak every couple of months during, you know, these tape outs. Uh, but you know, sometimes tape outs, slip. And so one slips two months, another one comes in a little bit early and now you have multiple tape outs in the same months. And what was gonna be a, a small, uh, difference in from peak to what you actually purchased ends up being a big peak. And, uh, the thing that was interesting to us about flex on demand is the ability to have a commit rate that, you know, the customer can work with Dell financial services to figure out is that 80% is at 60% whatever. And they give us additional servers that we pay just when we're using them. Now I'm somewhat oversimplifying the process. Um, but we're, we gotta talk about that, >>But, but the point is, if I understand it correctly, that infrastructure was dominoing the, the time to tape out in a negative way, and you you've been able to address that more cost effectively. >>It, it can, it, it has on occasion. And so this, this basically gives us a way to lever to pull, to say, well, we can spend some additional OPEX this month and open up this additional capacity. So it's not like bursting to the cloud. Exactly. Uh, because I mean, you have to have the equipment in your data center already for you to be able to use it. But, um, it's under a traditional acquisition model. It's, it's just not a, a, a thing that was available to us before and looking at leasing or other types of, uh, you know, financing was wasn't really attractive previously, but the flex on demand model, when we first heard about it, we're like, that's very interesting. Tell me more. And we ended up using it in, in Austin, and then we built a whole data center in Asia and did the whole thing on flex on demand and >>Got it. Okay, Steve, uh, talk a little bit about your role what's going on at, at computer center and you know, why apex give us the background? Yeah. >>Um, computer center is a, one of the largest global VAs on the planet, right? Um, we, we have a lot of global and international reach, but at the end of the day, it's about one on one customer of relationships. Um, talking to them, understanding what their challenges are. And we've had a multiyear relationship with Jud. I've known you for a long time. And, and, um, typically that relationship, or initially that relationship was about collaborating, working hand in hand, kind of figure out what the solutions were that best fit their environment to solve their issues they need. And it was typically a procurement, a, a purchase based relationship and, and it worked well for a long time, but it, when Jud posed the challenge to us about kind of more pay as you go, uh, uh, subscription based modeling for, for how he want to do acquire in the future. >>Um, we just, we huddle with the Dell team collectively, um, and, and talked about what we could offer and how we could solve the problem. Uh, apex is a really nice brand today, but this was two and a half years ago, Uhhuh. Okay. So it was a little, we were a little early on on putting it together. I feel good that we were able to, to put that type of solution together for Jud and it's, and it's working today, working wonderful today. And it was good for it's good for the whenever it's good for the customer, the manufacturer and the partner altogether. It's a wonderful solution. >>So you took a little risk, but it worked out and you helped. >>Yeah, that was probably the infancy as we were growing our, as a service, think of this, you know, there's a, a lot of big words out there, Dave, right? As a service utility cloud, it doesn't matter what it is super cloud it's super cloud. It doesn't really matter. Super. This is really Jud was talking about a really important element, which is around flexibility choice. There's uncertainty oftentimes in a, in an environment, but they want to control. They still want have a level of control and leveraging partnerships, being able to deliver flexibility and choice. Don't worry about the words. Don't worry about cloud utility as a service we end up solving the customer need, right? And when we talk about flex on demand, I'll give you a little bit deeper into flex on demand. So when we think about flex on demand, it really is about understanding the customer needs and our capability and Jed reference this, determining what a baseline is. So if you think about your own utility bill, right, you, you go home and even if you're on vacation for a month, I'm sure you went on vacation for a month right. Month at a time. If I ever. >>Yeah, >>I know, but if you leave you your utility bill, even if you don't turn on a light, you still get a utility bill, it's your baseline. So we, we determine a baseline with our customers, with computer center, to understand in your environment, you're gonna use this minimum amount and that becomes your baseline. And that baseline can go as low as 25%. And up to 80% in a environment, it usually is typically in this 70, 80%. And then we determine what is gonna be optimal based on that 25 or above we charge based on the usage on a day to day basis, average by a month. And if you go up one month during your peak, you get charged at that peak. If you then a couple months are lower, then you're gonna pay only for the usage. And so for a customer that's growing has variability or seasonality. >>Um, this is a great model cuz they can still control their environment either within their own domain or um, in a colo. They also have the capability to pick anything within the Dell ISG catalog, any product, configure it to meet their environment, be able to work with a trusted partner like computer center. That it's a solution based on a partner relationship and delivers choice and flexibility on the catalog of anything Dell sells within your control of how you can configure it. So it gives this ability to say, instead of buying and instead of paying a predictable payment, a I E a financing I'm gonna pay for use. Yeah. If I turn on my light switch more or if it's during the summer in Texas where I am the ACS a lot higher. So your utilities go up and if you are a much lower because you're on vacation in Hawaii, maybe you've been in vacation in Hawaii for a month, you're gonna have a much lower and you're gonna hit your baseline. Right. So it gives flexibility choice and it gives the control back to the customer. >>Okay. So the whole ISD portfolio. So you're like the tip of the spear for future apex, right? >>We, we, we absolutely are the tip and that's why, you know, Steve referenced a couple years ago as we were still in our infancy, growing, listening to our customers, listening to our partners, we've evolved to become a more robust program, um, 35 countries today. So we can cover 35 countries over the globe, all ISG you products that are sold with a high level of flexibility and it, and it's Jud and feedback over time that we've continued to evolve this program. Mm-hmm >>So Jud you, if I understood correctly, the business impact to you was gonna better predict predictability. You didn't have to over buy or undery and take all that risk. Is that right? You maybe could quantify. Did you ever quantify that? What can you tell us about the, the business impact? Yeah, >>Sure. So, I mean, traditionally we will, uh, base our capacity demands on, uh, complex calculation that effectively just boils down to number of engineers, like head count, uh, and you know, kind of personas within that. And we figure out, okay, well how many compute do we need? And then we say, okay, well how many tape outs are we doing? And when are those tape outs gonna land? And try to figure out which months are gonna be the hot months and the design teams have to kind of vary their tape out schedules so that they don't pile up all into like July or something. And then there's not enough compute capacity. So with, with something like flex on and where I can turn additional capacity on in our HBC farm, it, you know, we just go in and make some changes to the LSF configuration and say, Hey, you know, now you've got these extra nodes available. >>We don't really have to worry about that as much. Uh, in fact, last year we, we ended up with one month where for us, it was unusual. We had five tape outs, uh, at all land within two weeks of one and a other. And they all finished, which in previous years before we had deployed that that would not have been the outcome things we would've had multiple, uh, tape outs delayed. And you know, that that's a seven figure impact for each one of those commits that we miss with the foundries. So it it's a big deal. >>Yeah. That's real dollars. And >>It is. And you know what else, this, as, as Joe's going through this, we all know their supply chain chain constraints, right? And this solves a lot of supply constraints because Joe, if you would be purchasing today, you'd be buying, you're looking at had, and you're actually having to purchase today where if you go into an apex flex on demand, you don't have that full commitment of having to purchase, but you can get ahead of the supply chain. So you can be looking six months in advance, you can be doing capacity planning and I'm Jed. I'm sure you're doing that leveraging. Like what's my future and not be worried about, I have this huge burden upfront. >>Yeah. And I mean, we have two levers right now. One is we have this extra capacity there. I can, you know, pick up the phone and, and call our Dell rep and say, Hey, I'm gonna modify my commit rate. And so now that's, you know, the new baseline I can use all day every day. Uh, and, and, you know, we still have some burstability and then separately, we can say, we want to expand the contract or, or, or, you know, basically acquire more hardware for additional burst or additional commit. Both of those things are, are options. We only had the, we had to go buy it and we need to know when we have to have it available. So you kind of back into this ordering schedule for, uh, you know, like a traditional CapEx purchase. >>So Steve, obviously Silicon labs is, is leaning again. Are you seeing any other patterns in your customer base, uh, where this is being applied? What can you share >>With us there? Yeah, it's it, I believe this is a fairly horizontal solution. Any customer can really utilize it. I mean, traditionally people would buy for two and three years worth of capacity and slowly consume it over time, but you paid up front. Right. That's how it, that's kind of how it worked. Cause I didn't want to go back to the well year after year after year. Right. So, um, you know, and I, and I think, I think if anything, the, the, the cloud, the hyperscalers has, uh, taught the world, some things taught the industry. Some things, you know, in a, in a perfect world customers like to consume and pay for what they use, you know, and in the increments that they use it as much as possible as closely aligned to that as they could get. And what I see, what I see in this, you know, cuz I, I kind of put solu in my role, I'm putting solutions and customers and bringing those together other right. And, and complimenting that with services of our own. Right. But, but what I see over time that, that almost all the manufacturers and Dells does a wonderful job, but almost all the manufacturers will be delivering technology on a subscription basis. So the more I learn, the more I know, the more I understand about how to deliver those and provide those to customers is better off we are >>Because it aligns with business value. And that's what you're seeing Jud correct. >>Steve made an interesting comment in there. Uh, you know, he was talking about the cloud and for us, there's always pressure to say, Hey, you know, can we burst in the cloud? And for Edda workloads, every time we look at this, it's a data problem. It, it, it's not a computing problem for us. EA workloads tend to generate a lot of data and you know, there's a, there are a lot of tools, uh, you know, there's just a bunch of stuff that you have to have available to run those jobs. And so you have to look at that very carefully. The company that I work for Silicon labs has been around for a long time and we have a lot of development effort. That's been put into automating and simplifying things for our design engineering and trying to, you know, manipulate that and make it to where we can burst just certain jobs out to the cloud efficiently and cost effectively. Hasn't really resonated for us. But the flex on demand thing gave a us the ability to kind of achieve some of that burst ability. I mean, not to the same level of scale of course, but you know, we, we can do that at, you know, our own speed in our own data centers with our own data. And we don't have to worry about trying to, you know, peel an onion and put something new together, make it cloud friendly. It's >>Substantially similar. We gotta go. But to Aaron bring us home. >>Yeah. Hey, I think when we think about Dell, it's about listening to our customers and our partners. Mm-hmm <affirmative>, which we continue to do. We continue to evolve our products and, and apex is around choice and flexibility in delivering to customers an option to pay for what they use. It's a great solution. Appreciate the time guys. >>Great conversation. Thanks so much for coming on the cube. All right. Thank you. Good luck. All right. And thank you for watching. This is Dave VoLTE for the cube. We've been back with more wall to wall coverage. John furry, you'll be back Lisa Martin and Dave Nicholson. You're watching the queue >>And.

(upbeat music) >> Welcome to this cube conversation. I'm Lisa Martin. I'm joined by Aamir Lakhani, the Lead Researcher and Cybersecurity Expert at FortiGuard Labs at Fortinet. Aamir, welcome back to theCube. >> Hey, it's always good to be back on. >> It is, even though we're still in this work from anywhere environment, and that's one of the things that I want to talk to you about. We're in this environment now, I've lost count, 16 months, 17 months? And we now have this distribution of folks working still from home, maybe some in the office, and a good portion that probably want to remain remote. And one of the things that, that you guys have seen in this time is this huge uptick and sophistication in phishing attacks. Talk to me about what's going on. >> You know, it's a funny thing you mention that, Lisa, every attack that I've seen in the last 16 months usually has a phishing component, and over the last, even just the last couple of weeks, we've seen some really sophisticated attacks, attacks that are against industrial control systems, against critical infrastructure, against large corporations, government entities, and almost every one of those attacks, whether it's a ransomware attack, whether it's a denial of service attack, usually has a phishing component. And the sad part is usually the initial attack vector, how attackers are getting into the network, a lot of times as the first step is through phishing. And, you know, it works, it's a method that has always worked. It works just as well today as it always did, so attackers are basically going back to the well and basically making their phishing attacks more complicated, and more sophisticated, and it's much more effective than it ever used to be. >> Tell me how they're making it more sophisticated because I know, I've seen interesting examples through Twitter, for example, of people that are very well-versed, you might even consider them cybersecurity experts, who've just almost fallen for a phishing email that looks so legitimate. How is it getting more sophisticated? >> Well, what attackers are doing is they're definitely playing on your emotions. They understand that there's a lot of things happening in the world, and sometimes we get a little emotion about it, whether it's, "Hey, how do you get the latest vaccine?" Maybe information, you know, around getting jobs, going back to work, LinkedIn, is a good example. A lot of people are looking for jobs. When the U.S. elections were happening, and there was a lot of phishing attacks around, political donations, and affiliations. They kind of kind of find these hot button items that they know people are really going to not think first about security, and really think like, "Hey, how do I respond back to this?" and really attack them that way. The other thing that we're seeing on how it's getting complicated is, it used to be like a phishing attack. You know, it used to be pretty simple, like click on a link. Now what they're doing is they're actually targeting organizations and what you do as a job. For example, I've seen a lot of phishing attacks against the HR, the human resource departments, and I feel sad for anyone in human resources because their job all day is to basically open files, and emails from strangers, and that's what attackers are doing. They're like, "Hey, I want to apply for a cybersecurity position. "And by the way, my resume is encrypted. "Please click on this link to see "my secure version of my resume". And when they do that, you know, HR person may be thinking, "Hey, this is a cybersecurity guy, like good. "He's actually sending me an encrypted link." In reality, when they click on that button, it's attacking their machine, and actually getting into their organization. The attacks are getting into the organization. So they're using more and more tricks to actually technically bypass some of the security tools you may have. >> So getting more sophisticated by preying on emotions, and also using technology, and things that an HR person, like you said, would think, "Great, this is the level of sophistication that this applicant has. How do they, how do organizations start reducing those attacks, that are falling victim to these attacks? >> Yeah, so I was thinking, at Fortinet we always mention, like at FortiGuard labs, that training and security awareness is some of the best ways you can protect against this attack. At Fortinet we have our training advancement agenda, that's out of Fortinet.com/training/taa. Basically what that does, well what we emphasize, what we preach, is that training is the key and education is the key, in helping protect against those attacks. And, you know, you can train anyone these days, at least some level of, you know, awareness. My mom used to call me up, and used to tell me like, "Hey, I got the IRS calling me, "should I answer these questions?" I was like, "No, absolutely not, like this is dangerous, "the IRS doesn't call you up and asking you "for your credit card number." I actually had my mum go for our level, one of our training, and she actually gets it. She's like, "Okay, I get why I shouldn't call the, you know, "answer the questions from the IRS now." So I say any type of training, to anyone you can give, and you can start it off like with people in high school, with people in elementary school, all the way up to professionals, I think it helps in all levels. >> So first of all, your mom sounds like my mom, and I need to get my mom to do this training, I really do. But one of the things that kind of highlights is the fact that there are five generations in the workforce. So there, and in every industry, there is a huge variety of people that understand technology, and know to be suspicious. And that's one of the things I think that's challenging for organizations, because if a lot of that responsibility falls on the person, the more sophisticated, the more personalized this phishing email is, the more likely I'm to think this is legitimate instead of questioning it. So that training that you're talking about, tell me a little bit more about that. You mentioned a variety of ages and generations, that folks as young as high school kids, and then folks in our parents' generation can also go on and learn how to navigate through basic emails, for example, to look for, to see what to look for. >> Yeah, it's not only emails. So attackers, like I said, they are getting sophisticated. We are seeing phishing attacks, not only through emails, but through applications, mobile applications. There's actually like some advanced phishing techniques now on smart speakers. When you ask your smart speaker, a certain skill like, "Hey, tell me my balance, "tell me what the weather is." There's like some phishing attacks there. So there's phishing attacks all across the board. Obviously, when we talk about phishing we're mostly talking about email attacks, but every generation kind of has their tools kind of has their, you know, techniques or apps that they're comfortable with. So, and we're trained, like a lot of my friends are trained to basically click on any app, download any app, allow, they don't really read the pop-ups that say like, "Do you want to share information?" They'll just start sharing information. People in the workforce, like sometimes that are not paying attention, they're just clicking on emails, and attackers realize this, most of the time when attacks happen, it's not when you're paying attention. It's like when we're on our Zoom calls, and we're actually like looking at our phones, looking at emails, multitasking, and that's when your attention kind of diverts a little bit, And that's when attackers are really jumping in, and really trying to take advantage of that situation. And that's, I think that's a good idea about the training is because it opens up your eyes to understand, hey, it's more about just emails, it's really about every way we can use technology, can be a vector on how we get attacked, and we have a couple of good examples on that as well. >> Let's talk about that, cause I want to see how easy it is for the bad actors to create phishing attacks. You were saying, it's not just email, it's through apps, it's through my smart speaker, which is one of the reasons I don't have one. But talk to me about how easy it is for them to actually set these up. >> Yeah, so we have, I think we have a demo we can show, an example that we can show, of what's going on. And what I'm showing here is basically how easy you can download proof of concept apps. Now, what I'm showing here is actually a defensive tool, it's for defenders, and people that want to test for security on testing, phishing, and how susceptible their organization may be to phishing. But you can see like attackers could do something very similar. This tool is called Black Eye. And what it does is allows me to create multiple different types of phishing websites. I can create a custom one, or I can use a template that's already created. Once I use this template, for example I'm using the LinkedIn template here, it's going to create a website for me. It already, this website, I can embed into a link if I was, if I was potentially a bad guy, I could hide it behind a link. I could potentially change the website to make it look more like LinkedIn. But when I go to the LinkedIn fake website, this phishing website, which is hosted, you'll see, it kind of looks like LinkedIn. It actually has that little security box, that little green box, because it generates a certificate as well. And when I go to the real LinkedIn website, yes, the real LinkedIn website does look a little different. It's using a more updated template, a more updated website, but most people aren't going to notice the difference between the real LinkedIn website, and here, where we have the fake LinkedIn website. And I'll just show you like, if I log in and I'm going to log in with a demo account, this is actually a honeypot demo account that we have, just to showcase this tool. But I'll log in here, and you'll see from our test box, as soon as we log in, and we go back to the attacker's point of view, he's captured the username, the password, but not only that he has the IP address, the ISP, the location of where the victim is coming from. So they have a lot of different types of information that they've captured. And this is just one simple way of doing the attack. Now, one thing to remember, I know I speak very fast, but at the same time, this is real time. I didn't like copy and paste anything, I just recorded this in real time, and replayed this. And this is how easy it is for an attacker to potentially start setting up a system where they can attack victims. >> That's remarkable, because I mean, I'm in LinkedIn every day, and I don't know, you talked about, we're all busy, multitasking, and things like that. I don't know that I would've, nothing that you showed caught my attention. So how would I know to, what would I know to look for as a user, as a potential victim? How do I look for something on that page to tell me "think twice about this? >> Yeah, it's getting much more difficult these days. I mean, one of the things that I do is I try and make sure I type in like the addresses, especially when I get links in emails, I try not to like, just click on the link directly. I try and look at what's behind that link, is it really going to the LinkedIn website, you know, I'll try and go ahead and type in it, type in the website in the web browser. But mostly I think the thing that we can do to all protect ourselves is like kind of slow down. One of the reasons I mentioned LinkedIn is not because LinkedIn is doing anything bad. They're actually taking a lot precautions on being secure. But you know, people, these days are very emotion, they're going back to work, they're maybe looking for new jobs, or they're trying to get back into the workforce after a pandemic. So there's a lot of people that are getting phishing attacks from attackers, and it's a really mean thing. They're taking once again, advantage of that emotion, like someone needs a job, so let me go ahead and send them a LinkedIn link, and this time they're just stealing their username and passwords. >> That's remarkable. I think another thing you can do, can you hover over the link, and if it looks suspicious, if it doesn't go to like linkedin.com, for example, in this case, that's one way, right, is to check out what that actual URL is. >> Yeah, absolutely, and that's a great way of doing that, so we definitely recommend that. Look at the, hover over the link, look over the links, type in the links directly if you can. And you can see like, you know, attackers are getting sophisticated.. We used to tell people, look for that green lock box, attackers can now generate that green lockbox, so you have to do a little more due diligence. Just keep your eyes a little sharper these days. >> Do you thing phishing is, and I know a lot of us understand what it is, but do you think it's as common ransomware was up? I think Derek told me 7X in the second half of calendar year, 2020, Is phishing becoming more of a household word like ransomware is? Or is that something that you think actually will help more organizations, and more people and more generations be just more aware of let me just take a step back, and check that this is legitimate. >> Yeah, so phishing, you have to remember is it's like the initial attack. So the demo that I just showed you, you could say the true attack was me possibly stealing the username and password, but a phishing would be the way that someone would get to get to that. Like by essentially mimicking the LinkedIn website, as I showed in the example. So ransomware is an attack, it's the main attack. Usually the attack that attackers are going for, but how they get into the system is usually through a phishing site. They'll usually try and phish your username and password to your corporate site, maybe your VPN services, or your remote desktop services. So phishing is usually in conjunction with another attack, and that's the scary part is attackers have a lot of attacks that you can choose from, but the attacks that they're normally normally conducting to get that initial access to your system is phishing. >> So besides training, which is obviously absolutely critical, how can organizations protect themselves against this threat landscape that I imagine is only going to continue to grow? >> Yeah, no, it's definitely going to continue to grow. And as I said, I really believe education is the best thing you can do. But on top of that, you know, just I would say, you know, cyber hygiene. The basic things that we always mention every time, it was like, make sure like your security products are up to date, make sure they're installed, make sure your patches are up to date, which is very difficult, but that does start helping things. Make sure you're using the latest version of your web browser. There's a lot of web browsers these days has some sort of anti-phishing type of tools in them as well, especially for websites. So they can kind of detect things. There's a once again, a lot of just even free plugins, security plugins, that are available, that kind of detect a lot of phishing sites as well. So there's a lot of things I think people can do to protect themselves from a technology standpoint. You know, with basic cyber hygiene, as well as security awareness. >> So you think this is really preventable, essentially. >> I don't think it's 100% preventable, because I think, you know, attackers are always going to take advantage of those times in our emotion when our emotions are heightened, and they're going to take advantage of just us sometimes like not paying as much attention to as we can. But I think you can definitely reduce that attack surface. The more we educate ourselves. >> Absolutely, tell me that training website again. >> Sure things, so it's basically Fortinet.com/training/taa. >> Excellent, and can you access different levels? Like if I literally point my mom to that website, can she access something that would be at her 75 year old brain level? >> Absolutely, so we have different levels out there. I would suggest that I go trying, everyone should try basically Level 1, NSC Level 1. That's our Security Institute. So that's really good awareness for everyone on all sorts of different levels. But we have training, geared towards specific individuals, and different age groups as well. >> Excellent, and it's one of those things that culturally is difficult I think for Americans, slow down, right? We don't do that, especially when people are still working from home, and probably now it's summertime, kids are out of school, things are a little bit more chaotic. That that best practice of an organization really keeping up with their cyber hygiene and us as individuals slowing down, checking something are really some of the best ways. Aamir, this is such an interesting topic. Thank you for showing us how easy it is to create phishing attacks, and what some of the things are that we as individuals, and companies can do to protect ourselves against it. >> Hey, no problem, glad to be here. >> For Aamir Lakhani, I'm Lisa Martin, you're watching this Cube conversation. (soft music)

>>from around the >>globe. It's the >>cube with coverage of Kublai >>Khan and Cloud Native Con Europe 2021 >>virtual brought to >>you by red hat, the cloud native computing foundation and ecosystem partners. Hello, welcome back to the cubes coverage of coupon 21 Cloud Native Con 21 Virtual, I'm John Ferrier Host of the Cube. We're here with a great gas to break down one of the hottest trends going on in the industry and certainly around cloud native as this new modern architecture is evolving so fast. Richard Hartman, director of community at Griffon, a lab's involved with Prometheus as well um, expert and fun to have on and also is going to share a lot here. Richard, thanks for coming. I appreciate it. >>Thank you >>know, we were chatting before we came on camera about the human's ability to to handle all this new shift uh and the and the future of observe ability is what everyone has been talking about. But you know, some say the reserve abilities, just network management was just different, you know, scale Okay, I can buy that, but it's got a lot more than that. It involves data involves a new architecture, new levels of scale that cloud native has brought to the table that everyone is agreeing on. It scales their new capabilities, thus setting up new architectures, new expectations and new experiences are all happening. Take us through the future of observe ability. >>Mhm. Yes, so um 11 of the things which many people find when they onboard themselves onto the cloud native space is um you can scale along different and new axis, which you couldn't scale along before, uh which is great. Of course, it enables growth, it enables different operating models, it enables you to choose different or more modern engineering trade offs, like the underlying problems are still the same, but you just slice and dice your problems and compartmentalize your services differently. But the problem is um it becomes more spread out and the more classic tooling tends to be built for those more classic um setups and architectures as your architecture becomes more malleable and as you can can choose and pick how to grow it along with which access a lot more directly and you have to um that limits the ability of the humans actually operating that system to understand what is truly going on. Um Obviously everyone is is fully fully all in on A. I. M. L. And all those things. But one of the dirty secrets is you will keep needing domain specific experts who know what they're doing and what that thing should look like, what should be working hard to be working. But enable those people to actually to actually understand the current state of the system and compare this to the desired state of the system. Is highly nontrivial in particular, once you have not machine lifetimes of month or years which he had before, which came down to two sometimes hours and when you go to Microsoft to surveillance and such sometimes even into sub seconds. So a lot of this is about enabling this, this this higher volume of data, this higher scale of data, this higher cardinality of what what you actually attach as metadata on your data and then still be able to carry all this and makes sense of it at scale and at speed because if you just toss it into a data lake and do better analysis like half a day later no one cares about it anymore. It needs to be life it needs or at least the largest part of it needs to be life. You need to be able to alert right now if something is imminently customer facing. >>Well, that's awesome. I love totally agree this new observe ability horizontally scalable, more surface area, more axes, as you point out, changes the data equation on the automation plays a big role in mention machine learning and ai great, great grounds for that. I gotta ask you just well before we move on to the next topic around this is that the most people that come from the old world with the tooling and come from that old school vendor mentality or old soup architecture, old school architecture tend to kind of throw stones at the future and say, well the economics are all wrong and the performance metrics. So I want to ask you so I assume that we believe we do believe because assume that's going to happen. What is the economic picture? What's the impact that people are missing? When you look at the benefits of what this system is going to enable the impact? Specifically whether it's economics, productivity, efficient code, what are some of the things that maybe the VCS or other people in the naysayers side? Old school will, will throw stones at what's the, what's the big upside here? >>Mhm. So this will not be true for everyone and there will still be certain situations where it makes sense to choose different sets of of trade offs, but most everyone will be moving into the cloud for for convenience and speed reasons. And I'm deliberately not saying cost reasons. Um the reason being um usually or in the past you had simply different standard service delineations and all of the proserve, the consulting your hiring pool was all aligned with this old type of service delineation, which used to be a physical machine or a service or maybe even a service and you had a hot standby or something. If we, if we got like really a hugely respect from the same things still need to operate under laying what you do. But as we grow as an industry, more of more of this is commoditized and same as we commoditize service and storage network. We commoditized actually running off that machine and with service and such go even further. Um so it's not so much about about this fundamentally changing how it's built. It's just that a larger or a previously thing which was part of your value at and of what you did in your core is now just off the shelf infrastructure which you just by as much as you need again at certain scales and for certain specific use cases, this will not be true for the foreseeable future, but most everyone um will be moving there simply because where they actually add value and the people they can hire for and who are interested in that type of problem. I just mean that it's a lot more more sensical to to choose this different delineation but it's not cheaper >>and the commoditization and disintermediation is definitely happening, totally agree. And the complexity that's gonna be abstracted away with software is novell and it's also systematic. There's just it's new and there's some systems involved, so great insight there. I totally agree with you. The disruption is happening majority of almost all areas, so in all verticals and all industries, so so great point. I think this is where I think everyone's so excited and some people are paranoid actually frankly, but we cover that in depth on the Cuban other segments. But great point. We'll get back to what you're where you're spending your time right now. Um You're spending a lot of time on open metrics. What is that enabling take us through that? >>So um the super quick history of Prometheus, of course, we need that for open metrics. Promises was actually created in 2012. Um and the wire format which he used to in the exposition format, which he used to transport metrics into Prometheus is stable since 2014. Um But there is a large problem here. Um It carries the promise his name and a lot of competing projects and a lot of competing vendors of course there are vendors which compete with just the project. Um It's simply refused to to to take anything in which carried the promise his name. Of course, this doesn't align with their food um strategy, which they ran back then. So um together with scenes, the f we decided to just have a new different name for just that wire format for the underlying data model for everything which you need to make one complete exposition or a bunch of expositions towards towards permissions. So that's it at the corn, that's been ongoing since 2000 and 15 16 something. Um But there's also changes on the one hand, there is a super careful, a super super careful um Clean up and backwards compatible cleanup of a few things which the permit this exposition former serious here for didn't get right. But also we enable two features within this and as permitted chose open metrics as its official format. We also uplift committees and varying both heads. Obviously it's easier to get the synchronization. Um Ex employers stand out which is a completely new, at least outside of certain large search companies google. Um Who who used who use ex employers to do something different with with their traces. Um it was in 2017 when they told me that for them searching for traces didn't scale by labels. Uh and at that point I wanted to have both. I wanted to have traces and logs also with the same label set as permitting system. But when they tell you searching doesn't scale like they tell you you better listen. So uh the thing is this you have your index where you store all your data or your where you have the reference to enter your database and you have these label sets and they are super efficient and and quite powerful when compared to more traditional systems but they still carry a cost and that cost becomes non trivial at scale. So instead of storing the same labels for your metrics and your logs and your traces, the idea is to just store an I. D. For your trace which is super lightweight and it's literally just one idea. So your index is super tiny. Um And then you touch this information to your logs to your metrics and in the meantime also two year to year logs. Um So you know already that trace has certain properties because historically you have this needle estate problem. You have endless amounts of traces and you need to figure out what are the useful are they are the judicial and interesting aero state highlight and see some error occurring whatever if that information is already attached to your other signals. That's a lot easier. Of course. You see you're highlighting see bucket and you see a trace ID which is for that high latency bucket. So going into that trace, I already know it is a highlight and see trace for for a service which has a high latency, it has visited that labor. It was running this in that context, blah blah blah blah blah. Same for logs. There is an error. There is an exception, maybe a security breach, what have you and I can jump directly into a trace and I have all this mental context and the most expensive part is the humans. So enabling that human to not need to break mental uh train of thought to just jump directly from all the established state which they already have here in debugging just right into the trace, went back and just see why that thing behave that way. It's super powerful and it's also a lot cheaper to store this on the back and a four year traces which in our case internally we just run at 100% something. We do not throw data way, which means you don't have the super interesting thing. And by the way the trace just doesn't exist for us a good job. And that's the one thing to to from day one this intent to to marry those three pillars more closely. The other thing is by having a true lingua franca. It gave that concept of of of promises compatibility on the wire, its own name and it's its own distinct concept. And that is something which a lot of people simply attached to. So just by having that name, allow the completely different conversation over the last half decade or so and to close >>them close it >>up and to close that point because I come from the network, from the networking space and, and basically I T f r f C s are the currency within the networking space and how you force your vendors to support something, which is why I brought open metrics into the I. D. F. To to give it an official stamp of approval in Rfc number which is currently hopefully successful. Um So all of a sudden you can slip this into your tender and just tell your vendor, ex wife said okay, you need to support this. But I've seen all of a sudden by contract they're bound to to support communities native. So >>I support that Rfc yet or no, is that still coming? >>I, so at the last uh TF meeting, which was virtual, obviously I presented everything to the L. A W G. Um there was very good feedback. Um they want to adopt it as an informational uh I. D. Reason being it is most or it is a documentation of an already widely existed standard. So it gets different bits and pieces in the heather. Um Currently I'm waiting for a few rounds of feedback on specific wording how to make it more clear and such. Um looking >>good. It's looking good. >>Oh yes while presenting it. They actually told me that I have a conference with promises and performance. Well >>that's how you get things done in the old school internet. That's the way it was talking to Vince serving all of my friends and that generation we grew up, I mean I was telling a story on the clubhouse, just random that I grew up in the era. We used to pirate software used to deal software back in the old days. Pre open source. This is how things get done. So I gotta ask you the impact question. The, the deal with open metrics potentially could disrupt all those startups. So what, how does this impact all these stars because everyone is jockeying for land grabbing the observe ability space? Is that just because it's just too many people competing for one spot or do they all have differentiation? What happens to all those observe ability startups that got minted and funded? >>So I have, I think we have to split this into two answers, the first one open metrics and also Prometheus we're trying really hard to standardize what we're doing and to make this reusable as much as we possibly can um simply because premises itself does not have any any profit motivation or anything, it is just a project run by people. Um so we gain by, by users using our stuff and working in the way, which we think is a good way to operate. So anyone who just supports all those open standards, just on boards themselves onto a huge ecosystem of already installed base. And we're talking millions and millions and millions of installations, we don't have hard numbers, but the millions and millions I am certain of and thats installations, not users, so that's several orders of magnitude more. Um, so that that actually enables an ecosystem within which to move as to the second question. It is a super hot topic. So obviously that we see money starts coming in from all right. Um, I don't think that everyone will survive, but that is just how it usually is. There is a lot of of not very differentiated offerings, be the software, be they as a service, be their distributions? Well, you don't really see much much value and not not a lot of, not a lot of much anything in ways of innovation. So this is more about about making it easier to run or or taking that pain away, which obviously makes you open to attack by by all the hyper scale. Of course, they can just do this at a higher scale than you. Um, so unless you actually really in a way in that space and actually shape and lead in that space, at least to some extent, it will probably be relatively hard. That being said. >>Yeah, when you ride, when you ride the big waves like this, I mean, you you got to be on the right side of this. Uh, Pat Gelsinger's when he was that VM Where now is that intel told me on the cube one time. If you're not, you don't get it right on these waves, your driftwood, Right? So, so, you know, and we've seen this movie before, when you start to see the standards bodies like the I E T. F. Start to look at standards. You start to think there's a broader market opportunities, a need for some standards, which is good. It enables more value, right value creation, whether it's out in the open or if it's innovative from a commercialization standpoint, you know, these are good things and then you have everyone who's jockeying around from the land grab incomes, a standard momentum, you gotta be on the right side of these things. We know what we know it's gonna look like. If you're not on the right side of the standard, then your proprietary, >>precisely. >>And so that's the endgame. Okay, well, I really appreciate the impact. Final question. Um, as the world evolved post Covid as cloud Native goes mainstream, the enterprises in the cloud scale are demanding more things. Enterprises are are, you know, they want more stuff than just straight up in the cloud startups, for instance. So you start to see, you know, faster, more agility obviously, uh, with deploying modern apps, when you start getting into enterprise grade scale, you gotta start thinking, you know, this is an engineering and computer science discipline. Coming together, you've got to look at the architecture. What's your future vision of how the next gen programmable infrastructure looks like? >>You mean, as in actually manage those services or limited to observe ability to >>observe ability, role, observe ability. Just you're in the urine. The survivability speaks to the operating system of what's going on, distributed computing you're looking at, you gotta have a good observe ability if you want to deploy services. So, you know, as it evolves and this is not a fringe thing anymore. This is real deal. This observe abilities a key linchpin in the architecture. >>So, um, maybe to approach us from two sides. One of the things which, which, I mean I come from very much non cloud native background. One of the things which tends to be overlooked in cloud native is that not everything is green field. Matter of fact, legacy is the code word for makes actual money. Um, so a lot of brownfield installations, which still make money, which we keep making money and all of those existence, they will not go away anytime soon. And as soon as you go to actually industry trying to uplift themselves to industry that foreign, all those passwords you get a lot more complexity in, in just the availability of systems than just the cloud native scheme. So being able to to actually put all of those data types together and not just have you. Okay, nice. I have my micro service events fully instrumented and if anything happens on the layer below, I'm simply unable to make any any effort on debugging um things like for example, Prometheus course they are so widely adopted enable you to literally, and I did this myself um from the Diesel Genset of your data center over the network down to down to the office. If if someone is in there, if if if your station and your pager is is uh stepped in such to the database to the extra service which is facing your end customers, all of those use the same labels that use the same metadata to actually talk about this. So all of a sudden I can really drill down into my data, not only from you. Okay. I have my microservices, my database. Big deal. No, I can actually go down as deep in my infrastructure as my infrastructure is. And this is especially important for anyone who's from the more traditional enterprise because most of them will for the foreseeable future have tons and tons and tons of those installations and the ability to just marry all this data together no matter where it's coming from. Of course you have this lingual franklin, you have these widely adopted open standards. I think that is one of the main drivers in >>jail. I think you just nailed the hybrid and surprised use case, you know, operation at scale and integrating the systems. So great job Richard, thank you so much for coming on. Richard Hartman, Director of community Griffon A labs. I'm talking, observe ability here on the cube. I'm john for your host covering cube con 21 cognitive content. One virtual. Thanks for watching. Mhm Yeah. Mhm.

(upbeat music) >> Welcome to this CUBE conversation. I am Lisa Martin, excited to welcome back one of our distinguished alumni, Derek Manky joins me next. Chief security Insights and Global Threat Alliances at Fortinet's FortiGuard Labs. Derek, welcome back to the program. >> Yes, it's great to be here and great to see you again, Lisa. Thanks for having me. >> Likewise, yeah, so a lot has happened. I know we've seen you during this virtual world, but so much has happened with ransomware in the last year. It's unbelievable, we had this dramatic shift to a distributed workforce, you had personal devices on in network perimeters and non-trusted devices or trusted devices on home networks and lots of change there. Talk to me about some of the things that you and FortiGuard Labs have seen with respect to the evolution of ransomware. >> Yeah, sure, so it's becoming worse, no doubt. We highlighted this in our Threat Landscape Report. If we just take a step back looking at ransomware itself, it actually started in the late 1980s. And it didn't, that was very, they relied on snail mail. It was obviously there was no market for it at the time. It was just a proof of concept, a failed experiment if you will. But it really started getting hot a decade ago, 10 years ago but the technology back then wasn't the cryptography they're using, the technique wasn't as strong as easily reversed. And so they didn't really get to a lot of revenue or business from the cyber criminal perspective. That is absolutely not the case today. Now they have very smart cryptography they're experts when say they, the cyber criminals at their game. They know there's a lot of the attack surfaces growing. There's a lot of vulnerable people out there. There's a lot of vulnerable devices. And this is what we saw in our threat landscape group. What we saw at seven times increase in ransomware activity in the second half of 2020. And that momentum is continuing in 2021. It's being fueled by what you just talked about. By the work from anywhere, work from home environment a lot of vulnerable devices unpatched. And these are the vehicles that the ransomware is the payload of course, that's the way that they're monetizing this. But the reality is that the attack surface has expanded, there's more vulnerable people and cyber criminals are absolutely capitalizing on that. >> Right, we've even seen cyber criminals capitalizing on the pandemic fears with things that were around the World Health Organization or COVID-19 or going after healthcare. Did you see an uptick in healthcare threats and activities as well in the last year? >> Yeah, definitely, so I would start to say that first of all, the... Nobody is immune when it comes to ransomware. This is such again, a hot target or a technique that the cybercriminals are using. So when we look at the verticals, absolutely healthcare is in the top five that we've seen, but the key difference is there's two houses here, right? You have what we call the broad blanketed ransomware attacks. So these aren't going after any particular vertical. They're really just trying to spray as much as they can through phishing campaigns, not through... there's a lot of web traffic out there. We see a lot of things that are used to open playing on that COVID-19 theme we got, right? Emails from HR or taxes and scams. It's all related to ransomware because these are how they're trying to get the masses to open that up, pay some data sorry, pay some cryptocurrency to get access to their data back. Oftentimes they're being held for extortions. They may have photos or video or audio captures. So it's a lot of fear they're trying to steal these people but probably the more concern is just what you talked about, healthcare, operational technology. These are large business revenue streams. These are take cases of targeted ransoms which is much different because instead of a big volumetric attack, these are premeditated. They're going after with specific targets in mind specific social engineering rules. And they know that they're hitting the corporate assets or in the case of healthcare critical systems where it hurts they know that there's high stakes and so they're demanding high returns in terms of ransoms as well. >> With respect to the broad ransomware attacks versus targeted a couple of questions to kind of dissect that. Are the targeted attacks, are they in like behind the network firewall longer and faster, longer and getting more information? Are they demanding higher ransom versus the broader attacks? What's what are some of the distinctions there besides what you mentioned? >> Yeah, absolutely so the targeted texts are more about execution, right? So if we look at the attack chain and they're doing more in terms of reconnaissance, they're spending more cycles and investment really on their end in terms of weaponization, how they can actually get into the system, how they can remain undetected, collecting and gathering information. What we're seeing with groups like Ragnar Locker as an example, they're going in and they're collecting in some cases, terabytes of information, a lot, they're going after definitely intellectual property, things like source code, also PII for customers as an example, and they're holding them. They have a whole business strategy and plan in mind on their place, right? They hold them for ransom. They're often, it's essentially a denial of service in some cases of taking a revenue stream or applications offline so a business can't function. And then what they're doing is that they're actually setting up crime services on their end. They, a lot of the the newest ransom notes that we're seeing in these targeted attacks are setting up channels to what they call a live chat support channel that the victim would log into and actually talk directly live to the cybercriminal or one of their associates to be able to negotiate the ransom. And they're trying to have in their point of view they're trying frame this as a good thing and say, we're going to show you that our technology works. We can decrypt some of the files on your system as an example just to prove that we are who we say we are but then they go on to say, instead of $10 million, we can negotiate down to 6 million, this is a good deal, you're getting 30% off or whatever it is but the fact is that they know by the time they've gotten to this they've done all their homework before that, right? They've done the targets, they've done all the things that they can to know that they have the organization in their grasp, right? >> One of the things that you mentioned just something I never thought about as ransomware as a business, the sophistication level is just growing and growing and growing and growing. And of course, even other bad actors, they have access to all the emerging technologies that the good guys do. But talk to me about this business of ransomware because that's what it seems like it really has become. >> Absolutely, it is massively sad. If you look at the cybercrime ecosystem like the way that they're actually pulling this off it's not just one individual or one cyber crime ring that, let's say five to 10 people that are trying to orchestrate this. These are big rings, we actually work closely as an example to, we're doing everything from the FortiGuard Labs with following the latest ransomware trends doing the protection and mitigation but also working to find out who these people are, what are their tactics and really attribute it and paint a picture of these organizations. And they're big, we worked on some cases where there's over 50 people just in one ransomware gang. One of the cases we worked on, they were making over $60 million US in three months, as an example. And in some cases, keep in mind one of these targeted attacks like in terms of ransom demands and the targeted cases they can be an excess of $10 million just for one ransom attack. And like I said, we're seeing a seven times increase in the amount of attack activity. And what they're doing in terms of the business is they've set up affiliate marketing. Essentially, they have affiliates in the middle that will actually distribute the ransomware. So they're basically outsourcing this to other individuals. If they hit people with their ransomware and the people pay then the affiliate in the middle will actually get a commission cut of that, very high, typically 40 to 50%. And that's really what's making this lucrative business model too. >> Wow, My jaw is dropping just the sophistication but also the different levels to which they've put a business together. And unfortunately, for every industry it sounds very lucrative, so how then Derek do organizations protect themselves against this, especially knowing that a lot of this work from home stuff is going to persist. Some people want to stay home, what not. The proliferation of devices is only going to continue. So what are organizations start and how can you guys help? >> Start with the people, so we'll talk about three things, people, technology and processes. The people, unfortunately, this is not just about ransomware but definitely applies to ransomware but any attack, humans are still often the weakest link in terms of education, right? A lot of these ransomware campaigns will be going after people using nowadays seems like tax themes purporting to be from the IRS as an example or human resources departments or governments and health authorities, vaccination scams all these things, right? But what they're trying to do is to get people to click on that link, still to open up a malicious attachment that will then infect them with the ransomware. This of course, if an employee is up to date and hones their skills so that they know basically a zero trust mentality is what I like to talk about. You wouldn't just invite a stranger into your house to open a package that you didn't order but people are doing this a lot of the times with email. So really starting with the people first is important. There's a lot of free training information and security. There is awareness training, we offer that at Fortinet. There's even advanced training we do through our NSC program as an example. But then on top of that there's things like phishing tests that you can do regularly, penetration testing as well, exercises like that are very important because that is really the first line of defense. Moving past that you want to get into the technology piece. And of course, there's a whole, this is a security fabric. There's a whole array of solutions. Like I said, everything needs to be integrated. So we have an EDR and XDR as an example sitting on the end point, cause oftentimes they still need to get that ransomware payload to run on the end point. So having a technology like EDR goes a long way to be able to detect the threat, quarantine and block it. There's also of course a multi-factor authentication when it comes to identifying who's connecting to these environments. Patch management, we talk about all the time. That's part of the technology piece. The reality is that we highlight in the threat landscape report the software vulnerabilities that these rats more gangs are going after are two to three years old. They're not breaking within the last month they're two to three years old. So it's still about the patch management cycle, having that holistic integrated security architecture and the fabric is really important. NAC network access control is zero trust, network access is really important as well. One of the biggest culprits we're seeing with these ransom attacks is using IOT devices as launchpads as an example into networks 'cause they're in these work from home environments and there's a lot of unsecured or uninspected devices sitting on those networks. Finally process, right? So it's always good to have it all in your defense plan training and education, technology for mitigation but then also thinking about the what if scenario, right? So incident response planning, what do we do if we get hit? Of course we never recommend to pay the ransom. So it's good to have a plan in place. It's good to identify what your corporate assets are and the likely targets that cyber-criminals are going to go after and make sure that you have rigid security controls and threat intelligence like FortiGuard Labs applied to that. >> Yeah, you talk about the weakest link they are people I know you and I talked about that on numerous segments. It's one of the biggest challenges but I've seen some people that are really experts in security read a phishing email and almost fall for it. Like it looked so legitimately from like their bank for example. So in that case, what are some of the things that businesses can do when it looks so legitimate that it probably is going to have a unfortunately a good conversion rate? >> Yeah, so this is what I was talking about earlier that these targeted attacks especially when it comes to spear, when it comes to the reconnaissance they got so clever, it can be can so realistic. That's the, it becomes a very effective weapon. That's why the sophistication and the risk is rising like I said but that's why you want to have this multilayered approach, right? So if that first line of defense does yield, if they do click on the link, if they do try to open the malicious attachment, first of all again through the next generation firewall Sandboxing solutions like that, this technology is capable of inspecting that, acting like is this, we even have a FortiAI as an example, artificial intelligence, machine learning that can actually scan this events and know is this actually an attack? So that element goes a long way to actually scrub it like content CDR as well, content disarm as an example this is a way to actually scrub that content. So it doesn't actually run it in the first place but if it does run again, this is where EDR comes in like I said, at the end of the day they're also trying to get information out of the network. So having things like a Platinum Protection through the next generation firewall like with FortiGuard security subscription services is really important too. So it's all about that layered approach. You don't want just one single point of failure. You really want it, this is what we call the attack chain and the kill chain. There's no magic bullet when it comes to attackers moving, they have to go through a lot of phases to reach their end game. So having that layer of defense approach and blocking it at any one of those phases. So even if that human does click on it you're still mitigating the attack and protecting the damage. Keep in mind a lot of damages in some cases kind of a million dollars plus. >> Right, is that the average ransom, 10 million US dollars. >> So the average cost of data breaches that we're seeing which are often related to ransom attacks is close to that in the US, I believe it's around just under $9 million about 8.7 million, just for one data breach. And often those data breaches now, again what's happening is that the data it's not just about encrypting the data, getting access because a lot of organizations part of the technology piece and the process that we recommend is backups as well of data. I would say, organizations are getting better at that now but it's one thing to back up your data. But if that data is breached again, cybercriminals are now moving to this model of extorting that saying, unless you pay us this money we're going to go out and make this public. We're going to put it on paste and we're going to sell it to nefarious people on the dark web as well. >> One more thing I want to ask you in terms of proliferation we talked about the distributed workforce but one of the things, and here we are using Zoom to talk to each other, instead of getting to sit together in person we saw this massive proliferation in collaboration tools to keep people connected, families businesses. I talked a bit a lot of businesses who initially will say, oh we're using Microsoft 365 and they're protecting the data while they're not or Salesforce or Slack. And that shared responsibility model is something that I've been hearing a lot more about lately that businesses needing to recognize for those cloud applications that we're using and in which there's a lot of data traversing it could include PII or IP. We're responsible for that as the customer to protect our data, the vendor's responsible for protecting the integrity of the infrastructure. Share it with us a little bit about that in terms of your thoughts on like data protection and backup for those SaaS applications. >> Yeah, great question, great question tough one. It is so, I mean ultimately everybody has to have, I believe it has to have their position in this. It's not, it is a collaborative environment. Everyone has to be a stakeholder in this even down to the end users, the employees being educated and up-to-date as an example, the IT departments and security operation centers of vendors being able to do all the threat intelligence and scrubbing. But then when you extend that to the public cloud what is the cloud security stack look at, right? How integrated is that? Are there scrubbing and protection controls sitting on the cloud environments? What data is being sent to that, should it be cited center as an example? what's the retention period? How long does the data live on there? It's the same thing as when you go out and you buy one of these IOT devices as an example from say, a big box store and you go and just plug it into your network. It's the same questions we should be asking, right? What's the security like on this device model? Who's making it, what data is it going to ask for me? The same thing when you're installing an application on your mobile phone, this is what I mean about that zero trust environment. It should be earned trust. So it's a big thing, right? To be able to ask those questions and then only do it on a sort of need to know and medium basis. The good news is that a lot of CloudStack now and environments are integrating security controls. We integrated quite well with Fortinet as an example but this is an issue of supply chain. It's really important to know what lives upstream and how they're handling the data and how they're protecting it absolutely. >> Such interesting information and it's a topic ransomware that we could continue talking about, Derek, thank you for joining me on the program today updating us on what's going on, how it's evolving and ultimately what organizations in any industry need to do with protecting people and technology and processes to really start reducing their risks. I thank you so much for joining me today. >> All right it's a pleasure, thank you. >> Likewise Derek Manky I'm Lisa Martin. You're watching this CUBE conversation. (upbeat music)

>>As we've been reporting, the pandemic has called CSOs to really shift their spending priorities towards securing remote workers. Almost overnight. Zero trust has gone from buzzword to mandate. What's more as we wrote in our recent cybersecurity breaking analysis, not only Maseca pro secured increasingly distributed workforce, but now they have to be wary of software updates in the digital supply chain, including the very patches designed to protect them against cyber attacks. Hello everyone. And welcome to this Q conversation. My name is Dave Vellante and I'm pleased to welcome Derek manky. Who's chief security insights, and global threat alliances for four guard labs with fresh data from its global threat landscape report. Derek. Welcome. Great to see you. >>Thanks so much for, for the invitation to speak. It's always a pleasure. Multicover yeah, >>You're welcome. So first I wonder if you could explain for the audience, what is for guard labs and what's its relationship to fortunate? >>Right. So 40 grand labs is, is our global sockets, our global threat intelligence operation center. It never sleeps, and this is the beat. Um, you know, it's, it's been here since inception at port in it. So it's it's 20, 21 years in the making, since Fortinet was founded, uh, we have built this in-house, uh, so we don't go yum technology. We built everything from the ground up, including creating our own training programs for our, our analysts. We're following malware, following exploits. We even have a unique program that I created back in 2006 to ethical hacking program. And it's a zero-day research. So we try to meet the hackers, the bad guys to their game. And we of course do that responsibly to work with vendors, to close schools and create virtual patches. Um, and, but, you know, so it's, it's everything from, uh, customer protection first and foremost, to following, uh, the threat landscape and cyber. It's very important to understand who they are, what they're doing, who they're, uh, what they're targeting, what tools are they using? >>Yeah, that's great. Some serious DNA and skills in that group. And it's, it's critical because like you said, you can, you can minimize the spread of those malware very, very quickly. So what, what now you have, uh, the global threat landscape report. We're going to talk about that, but what exactly is that? >>Right? So this a global threat landscape report, it's a summary of, uh, all, all the data that we collect over a period of time. So we released this, that biannually two times a year. Um, cyber crime is changing very fast, as you can imagine. So, uh, while we do release security blogs, and, uh, what we call threat signals for breaking security events, we have a lot of other vehicles to release threat intelligence, but this threat landscape report is truly global. It looks at all of our global data. So we have over 5 million censorship worldwide in 40 guard labs, we're processing. I know it seems like a very large amount, but North of a hundred billion, uh, threat events in just one day. And we have to take the task of taking all of that data and put that onto scale for half a year and compile that into something, um, that is, uh, the, you know, that that's digestible. That's a, a very tough task, as you can imagine, so that, you know, we have to work with a huge technologies back to machine learning and artificial intelligence automation. And of course our analyst view to do that. >>Yeah. So this year, of course, there's like the every year is a battle, but this year was an extra battle. Can you explain what you saw in terms of the hacker dynamics over the past? Let's say 12 months. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the way that attackers have exploited this expanded attack surface outside of corporate network? >>Yeah, it was quite interesting last year. It certainly was not normal. Like we all say, um, and that was no exception for cybersecurity. You know, if we look at cyber criminals and how they pivoted and adapted to the scrap threat landscape, cyber cyber criminals are always trying to take advantage of the weakest link of the chain. They're trying to always prey off here and ride waves of global trends and themes. We've seen this before in, uh, natural disasters as an example, you know, um, trying to do charity kind of scams and campaigns. And they're usually limited to a region where that incident happened and they usually live about two to three weeks, maybe a month at the most. And then they'll move on to the next to the next trip. That's braking, of course, because COVID is so global and dominant. Um, we saw attacks coming in from, uh, well over 40 different languages as an example, um, in regions all across the world that wasn't lasting two to three weeks and it lasted for the better part of a year. >>And of course, what they're, they're using this as a vehicle, right? Not preying on the fear. They're doing everything from initial lockdown, uh, fishing. We were as COVID-19 movers to, um, uh, lay off notices then to phase one, reopenings all the way up to fast forward to where we are today with vaccine rollover development. So there's always that new flavor and theme that they were rolling out, but because it was so successful for them, they were able to, they didn't have to innovate too much, right. They didn't have to expand and shifted to new to new trends. And themes are really developed on new rats families as an example, or a new sophisticated malware. That was the first half of the year and the second half of the year. Um, of course people started to experience COVID fatigue, right? Um, people started to become, we did a lot of education around this. >>People started to become more aware of this threat. And so, um, cyber criminals have started to, um, as we expected, started to become more sophisticated with their attacks. We saw an expansion in different ransomware families. We saw more of a shift of focus on, on, um, uh, you know, targeting the digital supply chain as an example. And so that, that was, that was really towards Q4. Uh, so it, it was a long lived lead year with success on the Google themes, um, targeting healthcare as an example, a lot of, um, a lot of the organizations that were, you know, really in a vulnerable position, I would say >>So, okay. I want to clarify something because my assumption was that they actually did really increase the sophistication, but it sounds like that was kind of a first half trends. Not only did they have to adapt and not have to, but they adapt it to these new vulnerabilities. Uh, my sense was that when you talk about the digital supply chain, that that was a fairly sophisticated attack. Am I, am I getting that right? That they did their sort of their, their, their increased sophistication in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from your data? >>Well, if we look at, so generally there's two types of attacks that we look at, we look at the, uh, the premeditated sophisticated attacks that can have, um, you know, a lot of ramp up work on their end, a lot of time developing the, the, the, the weaponization phase. So developing, uh, the exploits of the sophisticated malware that they're gonna use for the campaign reconnaissance, understanding the targets, where platforms are developed, um, the blueprinting that DNA of, of, of the supply chain, those take time. Um, in fact years, even if we look back to, um, uh, 10 plus years ago with the Stuxnet attacks, as an example that was on, uh, nuclear centrifuges, um, and that, that had four different zero-day weapons at the time. That was very sophisticated, that took over two years to develop as an example. So some of these can take years of time to develop, but they're, they're, uh, very specific in terms of the targets are going to go after obviously the ROI from their end. >>Uh, the other type of attack that we see is as ongoing, um, these broad, wide sweeping attacks, and the reality for those ones is they don't unfortunately need to be too sophisticated. And those ones were the ones I was talking about that were really just playing on the cool, the deem, and they still do today with the vaccine road and development. Uh, but, but it's really because they're just playing on, on, um, you know, social engineering, um, using, uh, topical themes. And in fact, the weapons they're using these vulnerabilities are from our research data. And this was highlighted actually the first pop landscape before last year, uh, on average were two to three years old. So we're not talking about fresh vulnerabilities. You've got to patch right away. I mean, these are things that should have been patched two years ago, but they're still unfortunately having success with that. >>So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks that you see. And I always felt like that was a watershed moment. One of the most sophisticated, if not the most sophisticated attack that we'd ever seen. When I talk to CSOs about the recent government hack, they, they, they suggest I infer maybe they don't suggest it. I infer that it was of similar sophistication. It was maybe thousands of people working on this for years and years and years. Is that, is that accurate or not necessarily? >>Yeah, there's definitely a, there's definitely some comparisons there. Uh, you know, one of the largest things is, uh, both attacks used digital circuits certificate personation, so they're digitally signed. So, you know, of course that whole technology using cryptography is designed by design, uh, to say that, you know, this piece of software installed in your system, hassles certificate is coming from the source. It's legitimate. Of course, if that's compromised, that's all out of the window. And, um, yeah, this is what we saw in both attacks. In fact, you know, stocks in that they also had digitally designed, uh, certificates that were compromised. So when it gets to that level of students or, uh, sophistication, that means definitely that there's a target that there has been usually months of, of, uh, homework done by cyber criminals, for reconnaissance to be able to weaponize that. >>W w what did you see with respect to ransomware? What were the trends there over the past 12 months? I've heard some data and it's pretty scary, but what did you see? >>Yeah, so we're actually, ransomware is always the thorn in our side, and it's going to continue to be so, um, you know, in fact, uh, ransomware is not a new itself. It was actually first created in 1989, and they demanded ransom payments through snail mail. This was to appeal a box, obviously that, that, that didn't take off. Wasn't a successful on the internet was porn at the time. But if you look at it now, of course, over the last 10 years, really, that's where it ran. The ransomware model has been, uh, you know, lucrative, right? I mean, it's been, um, using, uh, by force encrypting data on systems, so that users had to, if they were forced to pay the ransom because they wanted access to their data back data was the target currency for ransomware. That's shifted now. And that's actually been a big pivotal over the last year or so, because again, before it was this let's cast a wide net, in fact, as many people as we can random, um, and try to see if we can hold some of their data for ransom. >>Some people that data may be valuable, it may not be valuable. Um, and that model still exists. Uh, and we see that, but really the big shift that we saw last year and the threat landscape before it was a shift to targeted rats. So again, the sophistication is starting to rise because they're not just going out to random data. They're going out to data that they know is valuable to large organizations, and they're taking that a step further now. So there's various ransomware families. We saw that have now reverted to extortion and blackmail, right? So they're taking that data, encrypting it and saying, unless you pay us as large sum of money, we're going to release this to the public or sell it to a buyer on the dark web. And of course you can imagine the amount of, um, you know, damages that can happen from that. The other thing we're seeing is, is a target of going to revenue services, right? So if they can cripple networks, it's essentially a denial of service. They know that the company is going to be bleeding, you know, X, millions of dollars a day, so they can demand Y million dollars of ransom payments, and that's effectively what's happening. So it's, again, becoming more targeted, uh, and more sophisticated. And unfortunately the ransom is going up. >>So they go to where the money is. And of course your job is to, it's a lower the ROI for them, a constant challenge. Um, we talked about some of the attack vectors, uh, that you saw this year that, that cyber criminals are targeting. I wonder if, if, you know, given the work from home, if things like IOT devices and cameras and, you know, thermostats, uh, with 75% of the work force at home, is this infrastructure more vulnerable? I guess, of course it is. But what did you see there in terms of attacks on those devices? >>Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, so the amount of target points is expanding. It's not shifting, it's expanding. We still see, um, I saw, I mentioned earlier vulnerabilities from two years ago that are being used in some cases, you know, over the holidays where e-commerce means we saw e-commerce heavily under attack in e-commerce has spikes since last summer, right. It's been a huge amount of traffic increase everybody's shopping from home. And, uh, those vulnerabilities going after a shopping cart, plugins, as an example, are five to six years old. So we still have this theme of old vulnerabilities are still new in a sense being attacked, but we're also now seeing this complication of, yeah, as you said, IOT, uh, B roll out everywhere, the really quick shift to work from home. Uh, we really have to treat this as if you guys, as the, uh, distributed branch model for enterprise, right. >>And it's really now the secure branch. How do we take, um, um, you know, any of these devices on, on those networks and secure them, uh, because yeah, if you look at the, what we highlighted in our landscape report and the top 10 attacks that we're seeing, so hacking attacks hacking in tabs, this is who our IPS triggers. You know, we're seeing attempts to go after IOT devices. Uh, right now they're mostly, uh, favoring, uh, well in terms of targets, um, consumer grade routers. Uh, but they're also looking at, um, uh, DVR devices as an example for, uh, you know, home entertainment systems, uh, network attached storage as well, and IP security cameras, um, some of the newer devices, uh, what, the quote unquote smart devices that are now on, you know, virtual assistance and home networks. Uh, we actually released a predictions piece at the end of last year as well. So this is what we call the new intelligent edge. And that's what I think is we're really going to see this year in terms of what's ahead. Um, cause we always have to look ahead and prepare for that. But yeah, right now, unfortunately, the story is, all of this is still happening. IOT is being targeted. Of course they're being targeted because they're easy targets. Um, it's like for cybercriminals, it's like shooting fish in a barrel. There's not just one, but there's multiple vulnerabilities, security holes associated with these devices, easy entry points into networks. >>I mean, it's, um, I mean, attackers they're, they're highly capable. They're organized, they're well-funded they move fast, they're they're agile, uh, and they follow the money. As we were saying, uh, you, you mentioned, you know, co vaccines and, you know, big pharma healthcare, uh, where >>Did you see advanced, persistent >>Threat groups really targeting? Were there any patterns that emerged in terms of other industry types or organizations being targeted? >>Yeah. So just to be clear again, when we talk about AP teams, um, uh, advanced, specific correct group, the groups themselves they're targeting, these are usually the more sophisticated groups, of course. So going back to that theme, these are usually the target, the, um, the premeditated targeted attacks usually points to nation state. Um, sometimes of course there's overlap. They can be affiliated with cyber crime, cyber crime, uh, uh, groups are typically, um, looking at some other targets for ROI, uh, bio there's there's a blend, right? So as an example, if we're looking at the, uh, apt groups I had last year, absolutely. Number one I would say would be healthcare. Healthcare was one of those, and it's, it's, it's, uh, you know, very unfortunate, but obviously with the shift that was happening at a pop up medical facilities, there's a big, a rush to change networks, uh, for a good cause of course, but with that game, um, you know, uh, security holes and concerns the targets and, and that's what we saw IPT groups targeting was going after those and, and ransomware and the cyber crime shrine followed as well. Right? Because if you can follow, uh, those critical networks and crippled them on from cybercriminals point of view, you can, you can expect them to pay the ransom because they think that they need to buy in order to, um, get those systems back online. Uh, in fact, last year or two, unfortunately we saw the first, um, uh, death that was caused because of a denial of service attack in healthcare, right. Facilities were weren't available because of the cyber attack. Patients had to be diverted and didn't make it on the way. >>All right. Jericho, sufficiently bummed out. So maybe in the time remaining, we can talk about remediation strategies. You know, we know there's no silver bullet in security. Uh, but what approaches are you recommending for organizations? How are you consulting with folks? >>Sure. Yeah. So a couple of things, um, good news is there's a lot that we can do about this, right? And, um, and, and basic measures go a long way. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, but it's always worth reminding. So when we talk about keeping security patches up to date, we always have to talk about that because that is reality as et cetera, these, these vulnerabilities that are still being successful are five to six years old in some cases, the majority two years old. Um, so being able to do that, manage that from an organization's point of view, really treat the new work from home. I don't like to call it a work from home. So the reality is it's work from anywhere a lot of the times for some people. So really treat that as, as the, um, as a secure branch, uh, methodology, doing things like segmentations on network, secure wifi access, multi-factor authentication is a huge muscle, right? >>So using multi-factor authentication because passwords are dead, um, using things like, uh, XDR. So Xers is a combination of detection and response for end points. This is a mass centralized management thing, right? So, uh, endpoint detection and response, as an example, those are all, uh, you know, good security things. So of course having security inspection, that that's what we do. So good threat intelligence baked into your security solution. That's supported by labs angles. So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, sandbox, and so forth, but then it gets that that's the security stack beyond that it gets into the end user, right? Everybody has a responsibility. This is that supply chain. We talked about. The supply chain is, is, is a target for attackers attackers have their own supply chain as well. And we're also part of that supply chain, right? The end users where we're constantly fished for social engineering. So using phishing campaigns against employees to better do training and awareness is always recommended to, um, so that's what we can do, obviously that's, what's recommended to secure, uh, via the endpoints in the secure branch there's things we're also doing in the industry, um, to fight back against that with prime as well. >>Well, I, I want to actually talk about that and talk about ecosystems and collaboration, because while you have competitors, you all want the same thing. You, SecOps teams are like superheroes in my book. I mean, they're trying to save the world from the bad guys. And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. And I said, yeah, but don't, we have like the best security people and can't we go on the offensive and weaponize that ourselves. Of course, there's examples of that. Us. Government's pretty good at it, even though they won't admit it. But his answer to me was, yeah, we gotta be careful because we have a lot more to lose than many countries. So I thought that was pretty interesting, but how do you collaborate with whether it's the U S government or other governments or other other competitors even, or your ecosystem? Maybe you could talk about that a little bit. >>Yeah. Th th this is what, this is what makes me tick. I love working with industry. I've actually built programs for 15 years of collaboration in the industry. Um, so, you know, we, we need, I always say we can't win this war alone. You actually hit on this point earlier, you talked about following and trying to disrupt the ROI of cybercriminals. Absolutely. That is our target, right. We're always looking at how we can disrupt their business model. Uh, and, and in order, there's obviously a lot of different ways to do that, right? So a couple of things we do is resiliency. That's what we just talked about increasing the security stack so that they go knocking on someone else's door. But beyond that, uh, it comes down to private, private sector collaborations. So, uh, we, we, uh, co-founder of the cyber threat Alliance in 2014 as an example, this was our fierce competitors coming in to work with us to share intelligence, because like you said, um, competitors in the space, but we need to work together to do the better fight. >>And so this is a Venn diagram. What's compared notes, let's team up, uh, when there's a breaking attack and make sure that we have the intelligence so that we can still remain competitive on the technology stack to gradation the solutions themselves. Uh, but let's, let's level the playing field here because cybercriminals moved out, uh, you know, um, uh, that, that there's no borders and they move with great agility. So, uh, that's one thing we do in the private private sector. Uh, there's also, uh, public private sector relationships, right? So we're working with Interpol as an example, Interfor project gateway, and that's when we find attribution. So it's not just the, what are these people doing like infrastructure, but who, who are they, where are they operating? What, what events tools are they creating? We've actually worked on cases that are led down to, um, uh, warrants and arrests, you know, and in some cases, one case with a $60 million business email compromise fraud scam, the great news is if you look at the industry as a whole, uh, over the last three to four months has been for take downs, a motet net Walker, uh, um, there's also IE Gregor, uh, recently as well too. >>And, and Ian Gregor they're actually going in and arresting the affiliates. So not just the CEO or the King, kind of these organizations, but the people who are distributing the ransomware themselves. And that was a unprecedented step, really important. So you really start to paint a picture of this, again, supply chain, this ecosystem of cyber criminals and how we can hit them, where it hurts on all angles. I've most recently, um, I've been heavily involved with the world economic forum. Uh, so I'm, co-author of a report from last year of the partnership on cyber crime. And, uh, this is really not just the pro uh, private, private sector, but the private and public sector working together. We know a lot about cybercriminals. We can't arrest them. Uh, we can't take servers offline from the data centers, but working together, we can have that whole, you know, that holistic effect. >>Great. Thank you for that, Derek. What if people want, want to go deeper? Uh, I know you guys mentioned that you do blogs, but are there other resources that, that they can tap? Yeah, absolutely. So, >>Uh, everything you can see is on our threat research blog on, uh, so 40 net blog, it's under expired research. We also put out, uh, playbooks, w we're doing blah, this is more for the, um, the heroes as he called them the security operation centers. Uh, we're doing playbooks on the aggressors. And so this is a playbook on the offense, on the offense. What are they up to? How are they doing that? That's on 40 guard.com. Uh, we also release, uh, threat signals there. So, um, we typically release, uh, about 50 of those a year, and those are all, um, our, our insights and views into specific attacks that are now >>Well, Derek Mackie, thanks so much for joining us today. And thanks for the work that you and your teams do. Very important. >>Thanks. It's yeah, it's a pleasure. And, uh, rest assured we will still be there 24 seven, three 65. >>Good to know. Good to know. And thank you for watching everybody. This is Dave Volante for the cube. We'll see you next time.

>>As we've been reporting, the pandemic has called CSOs to really shift their spending priorities towards securing remote workers. Almost overnight. Zero trust has gone from buzzword to mandate. What's more as we wrote in our recent cybersecurity breaking analysis, not only Maseca pro secured increasingly distributed workforce, but now they have to be wary of software updates in the digital supply chain, including the very patches designed to protect them against cyber attacks. Hello everyone. And welcome to this Q conversation. My name is Dave Vellante and I'm pleased to welcome Derek manky. Who's chief security insights, and global threat alliances for four guard labs with fresh data from its global threat landscape report. Derek. Welcome. Great to see you. >>Thanks so much for, for the invitation to speak. It's always a pleasure. Multicover yeah, >>You're welcome. So first I wonder if you could explain for the audience, what is for guard labs and what's its relationship to fortunate? >>Right. So 40 grand labs is, is our global sockets, our global threat intelligence operation center. It never sleeps, and this is the beat. Um, you know, it's, it's been here since inception at port in it. So it's it's 20, 21 years in the making, since Fortinet was founded, uh, we have built this in-house, uh, so we don't go yum technology. We built everything from the ground up, including creating our own training programs for our, our analysts. We're following malware, following exploits. We even have a unique program that I created back in 2006 to ethical hacking program. And it's a zero-day research. So we try to meet the hackers, the bad guys to their game. And we of course do that responsibly to work with vendors, to close schools and create virtual patches. Um, and, but, you know, so it's, it's everything from, uh, customer protection first and foremost, to following, uh, the threat landscape and cyber. It's very important to understand who they are, what they're doing, who they're, uh, what they're targeting, what tools are they using? >>Yeah, that's great. Some serious DNA and skills in that group. And it's, it's critical because like you said, you can, you can minimize the spread of those malware very, very quickly. So what, what now you have, uh, the global threat landscape report. We're going to talk about that, but what exactly is that? >>Right? So this a global threat landscape report, it's a summary of, uh, all, all the data that we collect over a period of time. So we released this, that biannually two times a year. Um, cyber crime is changing very fast, as you can imagine. So, uh, while we do release security blogs, and, uh, what we call threat signals for breaking security events, we have a lot of other vehicles to release threat intelligence, but this threat landscape report is truly global. It looks at all of our global data. So we have over 5 million censorship worldwide in 40 guard labs, we're processing. I know it seems like a very large amount, but North of a hundred billion, uh, threat events in just one day. And we have to take the task of taking all of that data and put that onto scale for half a year and compile that into something, um, that is, uh, the, you know, that that's digestible. That's a, a very tough task, as you can imagine, so that, you know, we have to work with a huge technologies back to machine learning and artificial intelligence automation. And of course our analyst view to do that. >>Yeah. So this year, of course, there's like the every year is a battle, but this year was an extra battle. Can you explain what you saw in terms of the hacker dynamics over the past? Let's say 12 months. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the way that attackers have exploited this expanded attack surface outside of corporate network? >>Yeah, it was quite interesting last year. It certainly was not normal. Like we all say, um, and that was no exception for cybersecurity. You know, if we look at cyber criminals and how they pivoted and adapted to the scrap threat landscape, cyber cyber criminals are always trying to take advantage of the weakest link of the chain. They're trying to always prey off here and ride waves of global trends and themes. We've seen this before in, uh, natural disasters as an example, you know, um, trying to do charity kind of scams and campaigns. And they're usually limited to a region where that incident happened and they usually live about two to three weeks, maybe a month at the most. And then they'll move on to the next to the next trip. That's braking, of course, because COVID is so global and dominant. Um, we saw attacks coming in from, uh, well over 40 different languages as an example, um, in regions all across the world that wasn't lasting two to three weeks and it lasted for the better part of a year. >>And of course, what they're, they're using this as a vehicle, right? Not preying on the fear. They're doing everything from initial lockdown, uh, fishing. We were as COVID-19 movers to, um, uh, lay off notices then to phase one, reopenings all the way up to fast forward to where we are today with vaccine rollover development. So there's always that new flavor and theme that they were rolling out, but because it was so successful for them, they were able to, they didn't have to innovate too much, right. They didn't have to expand and shifted to new to new trends. And themes are really developed on new rats families as an example, or a new sophisticated malware. That was the first half of the year and the second half of the year. Um, of course people started to experience COVID fatigue, right? Um, people started to become, we did a lot of education around this. >>People started to become more aware of this threat. And so, um, cyber criminals have started to, um, as we expected, started to become more sophisticated with their attacks. We saw an expansion in different ransomware families. We saw more of a shift of focus on, on, um, uh, you know, targeting the digital supply chain as an example. And so that, that was, that was really towards Q4. Uh, so it, it was a long lived lead year with success on the Google themes, um, targeting healthcare as an example, a lot of, um, a lot of the organizations that were, you know, really in a vulnerable position, I would say >>So, okay. I want to clarify something because my assumption was that they actually did really increase the sophistication, but it sounds like that was kind of a first half trends. Not only did they have to adapt and not have to, but they adapt it to these new vulnerabilities. Uh, my sense was that when you talk about the digital supply chain, that that was a fairly sophisticated attack. Am I, am I getting that right? That they did their sort of their, their, their increased sophistication in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from your data? >>Well, if we look at, so generally there's two types of attacks that we look at, we look at the, uh, the premeditated sophisticated attacks that can have, um, you know, a lot of ramp up work on their end, a lot of time developing the, the, the, the weaponization phase. So developing, uh, the exploits of the sophisticated malware that they're gonna use for the campaign reconnaissance, understanding the targets, where platforms are developed, um, the blueprinting that DNA of, of, of the supply chain, those take time. Um, in fact years, even if we look back to, um, uh, 10 plus years ago with the Stuxnet attacks, as an example that was on, uh, nuclear centrifuges, um, and that, that had four different zero-day weapons at the time. That was very sophisticated, that took over two years to develop as an example. So some of these can take years of time to develop, but they're, they're, uh, very specific in terms of the targets are going to go after obviously the ROI from their end. >>Uh, the other type of attack that we see is as ongoing, um, these broad, wide sweeping attacks, and the reality for those ones is they don't unfortunately need to be too sophisticated. And those ones were the ones I was talking about that were really just playing on the cool, the deem, and they still do today with the vaccine road and development. Uh, but, but it's really because they're just playing on, on, um, you know, social engineering, um, using, uh, topical themes. And in fact, the weapons they're using these vulnerabilities are from our research data. And this was highlighted actually the first pop landscape before last year, uh, on average were two to three years old. So we're not talking about fresh vulnerabilities. You've got to patch right away. I mean, these are things that should have been patched two years ago, but they're still unfortunately having success with that. >>So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks that you see. And I always felt like that was a watershed moment. One of the most sophisticated, if not the most sophisticated attack that we'd ever seen. When I talk to CSOs about the recent government hack, they, they, they suggest I infer maybe they don't suggest it. I infer that it was of similar sophistication. It was maybe thousands of people working on this for years and years and years. Is that, is that accurate or not necessarily? >>Yeah, there's definitely a, there's definitely some comparisons there. Uh, you know, one of the largest things is, uh, both attacks used digital circuits certificate personation, so they're digitally signed. So, you know, of course that whole technology using cryptography is designed by design, uh, to say that, you know, this piece of software installed in your system, hassles certificate is coming from the source. It's legitimate. Of course, if that's compromised, that's all out of the window. And, um, yeah, this is what we saw in both attacks. In fact, you know, stocks in that they also had digitally designed, uh, certificates that were compromised. So when it gets to that level of students or, uh, sophistication, that means definitely that there's a target that there has been usually months of, of, uh, homework done by cyber criminals, for reconnaissance to be able to weaponize that. >>W w what did you see with respect to ransomware? What were the trends there over the past 12 months? I've heard some data and it's pretty scary, but what did you see? >>Yeah, so we're actually, ransomware is always the thorn in our side, and it's going to continue to be so, um, you know, in fact, uh, ransomware is not a new itself. It was actually first created in 1989, and they demanded ransom payments through snail mail. This was to appeal a box, obviously that, that, that didn't take off. Wasn't a successful on the internet was porn at the time. But if you look at it now, of course, over the last 10 years, really, that's where it ran. The ransomware model has been, uh, you know, lucrative, right? I mean, it's been, um, using, uh, by force encrypting data on systems, so that users had to, if they were forced to pay the ransom because they wanted access to their data back data was the target currency for ransomware. That's shifted now. And that's actually been a big pivotal over the last year or so, because again, before it was this let's cast a wide net, in fact, as many people as we can random, um, and try to see if we can hold some of their data for ransom. >>Some people that data may be valuable, it may not be valuable. Um, and that model still exists. Uh, and we see that, but really the big shift that we saw last year and the threat landscape before it was a shift to targeted rats. So again, the sophistication is starting to rise because they're not just going out to random data. They're going out to data that they know is valuable to large organizations, and they're taking that a step further now. So there's various ransomware families. We saw that have now reverted to extortion and blackmail, right? So they're taking that data, encrypting it and saying, unless you pay us as large sum of money, we're going to release this to the public or sell it to a buyer on the dark web. And of course you can imagine the amount of, um, you know, damages that can happen from that. The other thing we're seeing is, is a target of going to revenue services, right? So if they can cripple networks, it's essentially a denial of service. They know that the company is going to be bleeding, you know, X, millions of dollars a day, so they can demand Y million dollars of ransom payments, and that's effectively what's happening. So it's, again, becoming more targeted, uh, and more sophisticated. And unfortunately the ransom is going up. >>So they go to where the money is. And of course your job is to, it's a lower the ROI for them, a constant challenge. Um, we talked about some of the attack vectors, uh, that you saw this year that, that cyber criminals are targeting. I wonder if, if, you know, given the work from home, if things like IOT devices and cameras and, you know, thermostats, uh, with 75% of the work force at home, is this infrastructure more vulnerable? I guess, of course it is. But what did you see there in terms of attacks on those devices? >>Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, so the amount of target points is expanding. It's not shifting, it's expanding. We still see, um, I saw, I mentioned earlier vulnerabilities from two years ago that are being used in some cases, you know, over the holidays where e-commerce means we saw e-commerce heavily under attack in e-commerce has spikes since last summer, right. It's been a huge amount of traffic increase everybody's shopping from home. And, uh, those vulnerabilities going after a shopping cart, plugins, as an example, are five to six years old. So we still have this theme of old vulnerabilities are still new in a sense being attacked, but we're also now seeing this complication of, yeah, as you said, IOT, uh, B roll out everywhere, the really quick shift to work from home. Uh, we really have to treat this as if you guys, as the, uh, distributed branch model for enterprise, right. >>And it's really now the secure branch. How do we take, um, um, you know, any of these devices on, on those networks and secure them, uh, because yeah, if you look at the, what we highlighted in our landscape report and the top 10 attacks that we're seeing, so hacking attacks hacking in tabs, this is who our IPS triggers. You know, we're seeing attempts to go after IOT devices. Uh, right now they're mostly, uh, favoring, uh, well in terms of targets, um, consumer grade routers. Uh, but they're also looking at, um, uh, DVR devices as an example for, uh, you know, home entertainment systems, uh, network attached storage as well, and IP security cameras, um, some of the newer devices, uh, what, the quote unquote smart devices that are now on, you know, virtual assistance and home networks. Uh, we actually released a predictions piece at the end of last year as well. So this is what we call the new intelligent edge. And that's what I think is we're really going to see this year in terms of what's ahead. Um, cause we always have to look ahead and prepare for that. But yeah, right now, unfortunately, the story is, all of this is still happening. IOT is being targeted. Of course they're being targeted because they're easy targets. Um, it's like for cybercriminals, it's like shooting fish in a barrel. There's not just one, but there's multiple vulnerabilities, security holes associated with these devices, easy entry points into networks. >>I mean, it's, um, I mean, attackers they're, they're highly capable. They're organized, they're well-funded they move fast, they're they're agile, uh, and they follow the money. As we were saying, uh, you, you mentioned, you know, co vaccines and, you know, big pharma healthcare, uh, where >>Did you see advanced, persistent >>Threat groups really targeting? Were there any patterns that emerged in terms of other industry types or organizations being targeted? >>Yeah. So just to be clear again, when we talk about AP teams, um, uh, advanced, specific correct group, the groups themselves they're targeting, these are usually the more sophisticated groups, of course. So going back to that theme, these are usually the target, the, um, the premeditated targeted attacks usually points to nation state. Um, sometimes of course there's overlap. They can be affiliated with cyber crime, cyber crime, uh, uh, groups are typically, um, looking at some other targets for ROI, uh, bio there's there's a blend, right? So as an example, if we're looking at the, uh, apt groups I had last year, absolutely. Number one I would say would be healthcare. Healthcare was one of those, and it's, it's, it's, uh, you know, very unfortunate, but obviously with the shift that was happening at a pop up medical facilities, there's a big, a rush to change networks, uh, for a good cause of course, but with that game, um, you know, uh, security holes and concerns the targets and, and that's what we saw IPT groups targeting was going after those and, and ransomware and the cyber crime shrine followed as well. Right? Because if you can follow, uh, those critical networks and crippled them on from cybercriminals point of view, you can, you can expect them to pay the ransom because they think that they need to buy in order to, um, get those systems back online. Uh, in fact, last year or two, unfortunately we saw the first, um, uh, death that was caused because of a denial of service attack in healthcare, right. Facilities were weren't available because of the cyber attack. Patients had to be diverted and didn't make it on the way. >>All right. Jericho, sufficiently bummed out. So maybe in the time remaining, we can talk about remediation strategies. You know, we know there's no silver bullet in security. Uh, but what approaches are you recommending for organizations? How are you consulting with folks? >>Sure. Yeah. So a couple of things, um, good news is there's a lot that we can do about this, right? And, um, and, and basic measures go a long way. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, but it's always worth reminding. So when we talk about keeping security patches up to date, we always have to talk about that because that is reality as et cetera, these, these vulnerabilities that are still being successful are five to six years old in some cases, the majority two years old. Um, so being able to do that, manage that from an organization's point of view, really treat the new work from home. I don't like to call it a work from home. So the reality is it's work from anywhere a lot of the times for some people. So really treat that as, as the, um, as a secure branch, uh, methodology, doing things like segmentations on network, secure wifi access, multi-factor authentication is a huge muscle, right? >>So using multi-factor authentication because passwords are dead, um, using things like, uh, XDR. So Xers is a combination of detection and response for end points. This is a mass centralized management thing, right? So, uh, endpoint detection and response, as an example, those are all, uh, you know, good security things. So of course having security inspection, that that's what we do. So good threat intelligence baked into your security solution. That's supported by labs angles. So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, sandbox, and so forth, but then it gets that that's the security stack beyond that it gets into the end user, right? Everybody has a responsibility. This is that supply chain. We talked about. The supply chain is, is, is a target for attackers attackers have their own supply chain as well. And we're also part of that supply chain, right? The end users where we're constantly fished for social engineering. So using phishing campaigns against employees to better do training and awareness is always recommended to, um, so that's what we can do, obviously that's, what's recommended to secure, uh, via the endpoints in the secure branch there's things we're also doing in the industry, um, to fight back against that with prime as well. >>Well, I, I want to actually talk about that and talk about ecosystems and collaboration, because while you have competitors, you all want the same thing. You, SecOps teams are like superheroes in my book. I mean, they're trying to save the world from the bad guys. And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. And I said, yeah, but don't, we have like the best security people and can't we go on the offensive and weaponize that ourselves. Of course, there's examples of that. Us. Government's pretty good at it, even though they won't admit it. But his answer to me was, yeah, we gotta be careful because we have a lot more to lose than many countries. So I thought that was pretty interesting, but how do you collaborate with whether it's the U S government or other governments or other other competitors even, or your ecosystem? Maybe you could talk about that a little bit. >>Yeah. Th th this is what, this is what makes me tick. I love working with industry. I've actually built programs for 15 years of collaboration in the industry. Um, so, you know, we, we need, I always say we can't win this war alone. You actually hit on this point earlier, you talked about following and trying to disrupt the ROI of cybercriminals. Absolutely. That is our target, right. We're always looking at how we can disrupt their business model. Uh, and, and in order, there's obviously a lot of different ways to do that, right? So a couple of things we do is resiliency. That's what we just talked about increasing the security stack so that they go knocking on someone else's door. But beyond that, uh, it comes down to private, private sector collaborations. So, uh, we, we, uh, co-founder of the cyber threat Alliance in 2014 as an example, this was our fierce competitors coming in to work with us to share intelligence, because like you said, um, competitors in the space, but we need to work together to do the better fight. >>And so this is a Venn diagram. What's compared notes, let's team up, uh, when there's a breaking attack and make sure that we have the intelligence so that we can still remain competitive on the technology stack to gradation the solutions themselves. Uh, but let's, let's level the playing field here because cybercriminals moved out, uh, you know, um, uh, that, that there's no borders and they move with great agility. So, uh, that's one thing we do in the private private sector. Uh, there's also, uh, public private sector relationships, right? So we're working with Interpol as an example, Interfor project gateway, and that's when we find attribution. So it's not just the, what are these people doing like infrastructure, but who, who are they, where are they operating? What, what events tools are they creating? We've actually worked on cases that are led down to, um, uh, warrants and arrests, you know, and in some cases, one case with a $60 million business email compromise fraud scam, the great news is if you look at the industry as a whole, uh, over the last three to four months has been for take downs, a motet net Walker, uh, um, there's also IE Gregor, uh, recently as well too. >>And, and Ian Gregor they're actually going in and arresting the affiliates. So not just the CEO or the King, kind of these organizations, but the people who are distributing the ransomware themselves. And that was a unprecedented step, really important. So you really start to paint a picture of this, again, supply chain, this ecosystem of cyber criminals and how we can hit them, where it hurts on all angles. I've most recently, um, I've been heavily involved with the world economic forum. Uh, so I'm, co-author of a report from last year of the partnership on cyber crime. And, uh, this is really not just the pro uh, private, private sector, but the private and public sector working together. We know a lot about cybercriminals. We can't arrest them. Uh, we can't take servers offline from the data centers, but working together, we can have that whole, you know, that holistic effect. >>Great. Thank you for that, Derek. What if people want, want to go deeper? Uh, I know you guys mentioned that you do blogs, but are there other resources that, that they can tap? Yeah, absolutely. So, >>Uh, everything you can see is on our threat research blog on, uh, so 40 net blog, it's under expired research. We also put out, uh, playbooks, w we're doing blah, this is more for the, um, the heroes as he called them the security operation centers. Uh, we're doing playbooks on the aggressors. And so this is a playbook on the offense, on the offense. What are they up to? How are they doing that? That's on 40 guard.com. Uh, we also release, uh, threat signals there. So, um, we typically release, uh, about 50 of those a year, and those are all, um, our, our insights and views into specific attacks that are now >>Well, Derek Mackie, thanks so much for joining us today. And thanks for the work that you and your teams do. Very important. >>Thanks. It's yeah, it's a pleasure. And, uh, rest assured we will still be there 24 seven, three 65. >>Good to know. Good to know. And thank you for watching everybody. This is Dave Volante for the cube. We'll see you next time.

>>from around the globe. It's the Cube with digital coverage of AWS >>reinvent 2020 sponsored >>by Intel, AWS and our community partners. Welcome back to the cubes. Virtual coverage of AWS reinvent 2020. It's virtual this year. We're not in person, so we're doing remote interviews. Part of the three weeks we'll be covering wall to wall a lot of great conversations. News to cover and joining me today Off Fresh off the news off Andy Jackson's keynote, We have two great guests here. Jason Kapoor, senior product manager for Accelerated Computing at A. W S and eight time Medina Chief business officer, Havana Labs, which was recently acquired by Intel Folks. Thanks for coming on, gentlemen. Thank you for spending the time for coming on the key. Appreciate it. >>Thanks for having us. >>J Town. So talk about the news, actually. Uh, computers changing. It's being reinvented. That's the theme from Andy's keynote. What did Andy announced? Could you take a minute to explain the announcement? What services? What ap What's gonna be supported? What's this about? Take a minute to explain. >>Yeah, absolutely. Yeah. So today >>we >>announced our plans to launch and easy to instance based on hardware accelerators from Havana labs. We expect these businesses to be available in the first time from next year. And these air custom designed for accelerating training off deep learning models, a zoo we all know like training of deep learning models is a really competition. Aly extensive task. Oftentimes it takes too long and cost too much. And we're really excited about getting these instances out of the market as we expect for them to provide up to 40% better price performance. Thani on top of the line GPU instances, >>a lot of improvements. Why did anybody do this? Why heaven or what's the what the working backwards document tell you? What is it customers looking for here is or specific use case? >>Yeah, absolutely. So, you know, over the years, uh, the use of machine learning and deep learning has, like, really skyrocketed, right? So we're seeing companies from all the way like 14, 500 to like start ups just reinventing their business models and use using deep learning more pervasively. Right. So we have companies like Pinterest, you know, you'd use deep learning for content recommendations and object detection to Toyota Research Institute that are advancing the science behind autonomous vehicles. And there's a consistent cream from a lot of these customers that are, you know, innovating in the deep learning space that you know the cost it takes to experiment, train and optimize the deep learning models. It's too high. And, you know, they're looking at us as one of their partners to help them optimize their costs, you know, bring them as well as possible while giving them really performing products and enable them to actually bring their markets, their innovations to market as soon as possible. Right? S o. Do you answer your questions straight on your wants? The working backwards. It's a feedback from customers that they want choice on. They want our help Thio lower. Uh, the amount of compute resources and the cost it takes to train the new planning models. >>Hey, Tom, why don't you weigh in here on Havana and now part of intel? What trends are driving this? What's the motivation? Were you guys fit in? What's your view on this? >>Yeah, So Havana was founded in 2016 to deliver a I processors for the data center and cloud for training and inference deep learning models. So while building chips is hard, building, the software and ecosystem is even harder. So joining forces with intel simply helps us connect the dots. Ever since the acquisition last year, we were able to significantly boost our armed. The resource is, and now we're leveraging inter scale in number of customers and ecosystem and partner support. >>So what's the name of the product? Is there a chip name got? Was it Gowdy is the name? >>Yes, the product is man angle. >>Okay. And so it's gonna be hardware. So it's the hardware software. What's involved? Take us through the product. >>Yes. So Gandhi was designed from the ground up to do one task which is training deep learning models. To do that well, we focus the architectural to aspect efficiency and scalability. The computer architectures is a combination of fully programmable TPC tensile process, of course, and a central g M n G. These DPC course are programmable Villa W seen the machines that we designed with custom instruction, set architecture, er and special functions that will developed specifically for a I. The Gandhi cheap integrates also 32 gigabyte off H B M to memory which makes it easy to port to. For GPU developers, Gandhi is unique in integrating 10 parts of 100 gigabit Internet rocky on cheap. And this is opposed to other architectural, which use proprietary interfaces. So overall, improving the cost performance is achieved through efficiency, namely higher utilization off the computer and memory resource is on cheap and the native integration off the rocky interfaces >>J Town. This is actually interesting, as this is the theme for reinvent. We're seeing it right on stage today. Play out again another command performance by Andy Jassy. Slew of announcements. How does Gowdy fit into the AI portfolio or Amazon strategy? Because what a town saying is it sounds like he's doing the heavy lifting on all this training stuff when people want to just get to the outcome. I mean, the theme has been, just let the product do what they do kind of put stuff under the covers and just let it scale. Is that the theme here is this. >>What does this >>all fit in? Take us through how this fits into the A, I strategy for Amazon and also what what what is Havana Intel bring to the table? >>Absolutely. Yeah. So with respect to our overall strategy and portfolio units, it's relatively straightforward, right? So we're laser focused on making sure we have the broadest and deepest portfolio off services for machine learning, right? So these range from infrastructure services specifically compute networking and storage all the way up to, like, managed and all services, which come with pre trained models and customers can simply invoke them using an A P. I call right eso. So from a strategy perspective, you want to make sure that we provide a customer to a choice, uh, enable them to pick the right platform for the right use case, help them get to the Khan structure they actually want, right eso with Havana. And you know, their acquisition with Intel, we finally have access to hardware software and the ability to kind of build out a ecosystem beyond what you know judicially is being used. Which is was a GP used right eso. So the engagement with with Havana, you know, allows us to take their products and capabilities, wrap it around, and easy to instance, which is what customers will be able to launch right on doing so. We're enabling them to tap into the innovation that Teton the rest of the Havana team are working on while having a solution that is integrated with the full AWS stack. Right? So you don't you don't have to rack in stock hard. Bring your data center thes. They're gonna be available standard. Easy to instances. You can just click and launch them. Get access to software that's already pre integrated and big den and ready to go right. Eso so it actually comes down to taking their innovations, coupling it with an AWS solution and making it too easy for customers together. I've been running with the respective training the deepened models. >>Well, here is the question that I want to get to. I think everyone's on everyone's mind is how is it Gowdy different or similar than other GPU? Specifically, you mentioned the software stack on the AWS What you get the software stack inside the chip. How is this different or similar? Two other GP use. And what's the difference between the software stack versus a traditional libraries? >>So from day one, we were focused on the software experience and we were mindful in the need to make it easy for developers to use the innovations we have in the hardware. Most developers, if not all of them, are using deep learning frameworks such as tensile flowing pytorch for building their deep learning models. So God is synapse AI software suite comes integrated and optimized for tensorflow and pilotage, so we expect most developers to be able to take their existing models and with minor changes to the training strips to be able to run them on Gowdy based instances. In addition, expert developers that are familiar with writing their own kernels will be provided with food too sweet for writing their own TPC kernels that can augment the Havana provided library. >>So that's the user experience for the developers, right? That's what you're saying >>exactly, exactly, and we will provide detailed guides for developers. In doing that, Havana will provide open access to documentation library software models and left toe Havana's kita and bi directional communication with the Havana developer community. All these resources will be available concurrently with the AWS Instances launch. >>Okay, so I'm a developer. How did I get involved? It's software on git hub I use the hardware is on Amazon, obviously, in their instances. It's a new instance. Take me through the workflow develop. I'm into this. I wanna I wanna get involved. What I what am I doing? Take me >>through? Yes, I think it s so If the developer is accustomed to using GPS for training the deep learning models three experience is gonna be practically the same, right? So they'll have multiple options to get started. One of them would be, for example, to take our deep learning, Um, it's or Amazon machine images that will come integrated with software from Havana labs. Right. So customers will take the deep Learning Army and launch it on an easy to instance, featuring the gaudy accelerators. Right? So when with that, they'll have, you know, the baseline construct off software and hardware available to get up and running with right, we'll support, you know, all different types of work flows. So if customers want to use containerized solutions, thes instances will be supported R E C s and E s services. Eso using containerized kubernetes you know, thes the solution will just work on. Lastly, we also intend to support these instances through sage maker eso. Just a quick recap on stage maker. That's a manage service that does end to end that provides end to end capabilities for training, debugging, building and deploying machine learning applications. Eso these instances will also be supporting sage maker. So if you're fiddling with sage maker, you can get up and running with this. This is fairly quickly. >>It sounds like it's gonna enable a lot of action and sage maker level. Then can that layer on the use cases? I gotta ask you guys quickly, What's the low hanging fruit use case applications for this product thing? This partnership, Because you know that's gonna be the first Traction said, What are some of these applications gonna be used for? What can we expect to see? >>So typical applications would be image classifications, object detection, natural language processing, the recommendation systems. You'll find reference models in our get up for that and will be growing at least a Z you can imagine. >>Okay, where can people find more info? Give us the data. Take him in to explain. Put a plug in for how What's all the coordinates? U r l sites support how people create, Um, how people get involved. The community. >>Yeah, so customers will be able to access information on AWS websites and also on Havana Labs website. So you will be kicking off a preview early next year. Eso I would highly recommend for customers to find our product pages and signed up for already access and previous information. Utah. >>Yes, and you'll find more information on Havana. A swell a Savannah's get up over time. >>Great announcement. Congratulations. Thanks for sharing the news and some commentary on it. This is really the big theme. You know what Cove in 19 and this pandemic has shown is massive acceleration of digital transformation and having the software and hardware out there that accelerates the heavy lifting and creates value around the data. Super valuable. Thanks for for doing that. Appreciate taking the time. Thank >>you so much. >>Yeah. Thanks for having >>us. Okay, this is the cubes coverage at 80. Best reinvent next three weeks. We're here on the ground. Will remote. We're live inside the studio. We wish we could be there in person, but it's remote this year. But stay tuned. Check out silicon angle dot com. Exclusive interviews with Andy Jassy and Amazon executives and the big news covering. They're all there in one spot. Check it out. We'll be back with more coverage after this break. Thanks for watching. Yeah.

>> [Female VoiceOver] From the CUBE studios in Palo Alto in Boston, connecting with our leaders all around the world, this is a CUBE conversation. >> Hello and welcome to the CUBE conversation here in the Palo Alto studios, I'm John Furrier. Cloud Native News and industry coverage. There are two great guests here to break down what's going on in Cloud Native. we got Rancher Labs, Jim Sarale, Vice President of Global Channels and Alliances and Bryce Cracco Product Manager for NetApp HCI. Guys, thanks for coming on this breaking news around Cloud Native. I mean, this has been really all about Cloud Native for the past year and a half, but this year, certainly with the pandemic, the modern applications are being pushed out faster and faster. A lot of pressure. So congratulations on this announcement, Jim set us up. What is the News? I saw some articles, we've got a story get hit and SiliconANGLE. What's the news with NetApp with Rancher Labs? >> Yeah, thank you. And you're right, we are seeing a vast push with, with the crazy times that we're in right now, but the news really is, you know, Rancher formerly launching our OEM program and launching that with with our Marquee partner with NetApp, you know, when companies get to a certain juncture, you know, an OEM relationship and sometimes means just more of a marketing type relationship but as everybody knows, Rancher is, you know, one of the industry leading multicloud, multi Kubernetes cluster management solutions, open source. And you know, what that means is we're an agnostic play for, for those that are trying to leverage Kubernetes, we've talked with NetApp, we struck a deal with them for them to embed us on their HCI platform. And when you talk about our early in program and, and the things that it entails is really around, you know, how do you get contract vehicles to map go to market strategies? How do you get support, engineering, integration, development, all of those things align with partners. It's not an easy task. It's very important to the go to the kind of go to market strategy that we have. And I think, you know, not only with the market adoption around Kubernetes, Ranchers agnostic play in open source and then obviously, you know, Ranchers come a long way. Our products tried and true. We have nearly 500 customers. We're seeing those customers lean back into some of the OEMs and to the software vendors to have them do more and get them more, I guess, ready for the things that they're doing, an IT operations, how the have dev you know, the app DevOps folks are trying to do more and get applications to market faster. So we're really suited well for organizations like NetApp to take our technology bundle in it and really make it better for their customers experience. So the program allows for contract vehicles, direct integration, support, engineering, pricing, because not one size fits all. As you see the evolution from On-prem to cloud IoT Edge, a lot of different devices from 100s of dollars to 1000s. So Ranchers committed to making sure that we align our products and pricing to fit some of those low compute platforms and also be able to right size our business model to make them successful. >> Well, congratulations, I love the term OEM still kind of hangs around, I'm old enough to remember when it was actually equipment not software, original equipment manufacturer, which essentially, you're essentially letting NetApp embed your code into their equipment or their software. But this is the relationship of a channel and indirect channel for Rancher which you guys are launching, which is total validation. Appreciate that, I like to get into the NetApp side. Bryce, if you don't mind, because, you know, obviously cloud's not new to NetApp storage becoming more critical, hybrid clouds more important. Tell us about the transformation of HCI because I think this is where Kubernetes and it starts to fit in when you see the cloud native surge coming in. How are you guys looking at this opportunity? >> Yeah, you bet when you, when you look at it from a converged infrastructure or hyper-converged infrastructure or hybrid cloud infrastructure perspective. It's always been about simplicity, right. We're not doing anything in the HCI market in general that can't be otherwise done. It's just making it much simpler, reducing that that learning curve and reducing that time to value that our IT customers get. And so I think we saw it, you know, converged infrastructure and hyper-converged infrastructure, all start out with virtualization is kind of the top layer that's facilitated but now obviously Kubernetes is becoming table stakes in the enterprise. So I think we're seeing all the vendors in the space, put in some kind of automatic deployment of Kubernetes or some easier deployment of Kubernetes, making Kubernetes that top layer rather than just virtualization. And, you know, this is a really great opportunity for us at NetApp to be able to do that. Not only with just any Kubernetes package but one that's very well regarded and beloved in the DevOps communities and that's Rancher. So what we have here is kind of something that's great for IT, and really great for DevOps in terms of being able to centralize multi cluster management across a hybrid cloud ecosystem and really empower those DevOps teams, what they to do what they need to do but still keeping IT at the center of it. >> You know, it's interesting, you know, shift left for security DevOps here, DevSecOps, it's all kind of happening with software, software defined, software operated. This is what this is the new operating environment. What is the use cases that presents itself well for this is it from a customer standpoint? Is it they're looking for certain things when you look at the product definition, you say, okay we have NetApp, we have Rancher. Take me through that thinking, what's the customer use case? What are they getting out of this? >> Sure, I think there's a variety of use cases where you see Kubernetes coming into play. And one of the great things about NetApp HCI, is it's not just simple infrastructure but it's also very scalable infrastructure. So that's where a lot of these types of products fall down. As we get to such such a scale point they don't work because of our scalability and our ability to handle mixed workloads. We can really handle any number of use cases. So in a Kubernetes context, this could be anything from IT departments who are going to containerized applications for their own, you know, the applications that they themselves manage, like ERP systems and so forth that are starting to get containerized. It could also be for bespoke applications that the companies are writing themselves, the DevOps teams that actually write the code that makes the company work. And so there, there's kind of a wide variety of use cases in there that are starting to go to Kubernetes. If not there already, the DevOps teams largely are already using Kubernetes. And this is just a great way to centralize it on on one kind of easy button, but yet very scalable and highly performing infrastructure for that kind of consolidation. >> Jim, this is the holy grail we've you guys have been doing since the beginning of Rancher Labs, programmable infrastructure, infrastructure as code, you couldn't get any clear or here when you start to have mainstream, you know, programmable storage and still programmable networking. All of this is happening. This is what we had hoped for the world's now gone full containers. Now you've got Kubernetes and IDC still shows that the enterprises are only like 30 to 40%. Even deep in their toes in on containers. If that, so you see a coupe call and you see all that at VM world, you'll see that re-invent you're going to see mainstream IT, the classic IT with DevOps. What's your reaction to that? Because there this, you know, what's your, what's your what's your take on this? >> Yeah I think you're absolutely right, we are scratching the surface and I think that we will see IT really embrace, right. This, this becomes the opportunity for business enablement to take, to take shape across all different avenues, IT is building infrastructure and make it, you know, allowing compute to be available. And this is kind of, we'll see this surge, not just the IT operations but really having the different groups from app devs to the business line owners, to those pushing applications, understanding the entire ecosystem. You know, we're talking about NetApp and HCI today but you can think of cross the edge, data center edge cloud, retail point of sale systems, getting immediate updates, dealing with IT operations and the compute platforms. It's really just endless. And we're excited. I think the OEM program is going to allow companies like NetApp and in other verticals and industries to really take shape and take advantage of what Rancher's offering to help them be more efficient across what their critical business apps are trying to do. >> Well, congratulations on NetApp, they're very smart company. They've got savvy customers and they're very loyal. Bryce, with that in mind, what's been the reaction you laid out the use cases when you bring this to market with your customers and partners? What's the feedback thumbs up on this and what's the vibe? >> Yeah, we've had some really enthusiastic early reaction, a couple early customers looking at it. You know, it's been a lot of fun and people are really excited that one of the great things about doing this with Rancher is that it's, it's purely open source software. So, you know, our customers love that. It's, there's, it's kind of a low risk proposition for them. They're very well, well hedged they can push this button and get it started on their NetApp HCI with very little, very little lead up to that very little advanced knowledge and just kind of get started. It's actually there's no incremental costs to use it on NetApp HCI. It's just, if you want a joint support model that it, that that there's a fee. And so you can kind of think of it as an indefinite trial period in a way. And I think that's created a lot of early interest and I think yeah I think it's going to be a really great option for our customers. It's going to add a lot of value to the NetApp HCI product. And so far, everyone's been very excited about it. >> You know, I was talking with Dave Vellante, my co-host in the CUBE also does a lot of storage research, knows NetApp as well. We were also commenting about this dynamic and we kind of call this out in 2016 when VMware was having trouble with the cloud operations. And then they decided to get rid of everything and just partner with Amazon. Everyone's like, that's horrible. It's going to be terrible. They're going to lose all their customers but we pointed out and I think this is true here. And I want to get your reaction, both of you guys, if you don't mind commenting what turned out to be the case was is that there was a clear distinction and operator of infrastructure and software development environments with higher level cloud native services. And they're not necessarily competing directly. They're kind of coming together, this idea of operating infrastructure and IT concept when it goes software and goes cloud, it's not a win, lose dynamic. You have software and you get people often need to operate that either code it or run it. So at large scale, this is where HCI kind of fits in Bryce, right? I mean, because now you got the edge, it's more devices. I mean, this is more infrastructure to run. So more, more stuff you've got to operate all this stuff. It's not going to ever go away. You guys react to that. What do you think? >> Sure. Yeah, I think I mean, from a NetApp perspective our customers use all kinds of infrastructure. They use public cloud infrastructure and NetApp has a really great public cloud focused portfolio, around public cloud services. So that's certainly a market that would be playing in our customers use. And it's part of the landscape, as you say, edge, of course also, and you know, with this solution I think it fits right into that because Rancher becomes this kind of container orchestration control plane. That's hosted on an HCI but can span this hybrid multi-cloud and edge environment all from that kind of centralized location. >> I think the simplification of the workloads is a huge deal. Jim, your, your thoughts on this? I see you've got this great program. You have the OEM program and you got an indirect partner, rising tide floats all boats here with, with this market. What's your take? >> Absolutely. And what better way to launch this program with somebody like NetApp? So yeah, you know, Rancher from its inception has been an open source platform agnostic. I think that will help, you know, help us, not just us but NetApp and other OEM partners, depending on operating system, legacy systems, verticals, industries, we're all playing a part in it. On-prem cloud, hybrid cloud, you know, I think Ranchers really well suited, for this advancement strictly by the way that we've continued in our philosophy of building an open source agnostic platform to help organizations, OEMs, ISBs, cloud providers, you name it. I think that Rancher is really well suited for, you know, kind of taking this additional ride, if you will, right. We're seeing we're all seeing it. And as you pointed out, it's less than 30% adoption today. We're all hoping for that to increase exponentially. >> Yeah, when you go mainstream, you get a lot of issues. Bryce, final question on the news analysis here. Why Rancher Labs from a NetApp perspective, what was the what was the deciding factor for you guys? >> Well, they just made a lot of sense for us to partner with. Again, the open source nature of it and the free nature of it made it really low barrier to entry for our customers. We really liked that. We also like they're very open and agnostic approach. So, you know, nothing that we're doing here with Rancher has to be at the expense of any other relationships that we have. And that was really that was really an important consideration. You know, it's, it's a very low risk, low cost, easy to get going solution for our customers. And there's very, there's no fear of lock-in with it. And so it's basically just all potential upsides and no potential downsides. And I think it's a really great solution for both IT and for DevOps, which was really critical. >> Real quick question on the customer expectation. Are you guys going to support Rancher? How does a customer get impacted by this? Obviously NetApp has, has their own supporters or is there a joint support? Is you guys going to handle that? How does the customer deal with that touches? >> Yeah, that's, that's really the crux of the deal. There is NetApp is able to provide frontline support for our customers or NetApp HCI customers, if they've, if they've purchased the Rancher support package through NetApp, they can get support for it through NetApp. And we're able to pass tickets back and forth between the companies as needed. So you don't have to have any guesswork about where where the problem and the stack might lie. You just opened your support ticket with NetApp and we can make sure it gets resolved. So that's been a really great part of the deal. >> Well, gentlemen, thanks for coming on. Appreciate the news insight. I do want to ask one final question, while I got you both here. If you don't mind, as we come in to the end of the year 2020, what a crazy year it's been between the pandemic and just the just the shift and the massive sea change of how virtual virtualization, not, you know, server or storage virtualization, but you know, the virtual world we live in remote everything, pandemic, uncertainty the digital transformation is just full throttle just more and more pressure. As we come out of cloud native CUBE con and AWS reinvent, we had VM all this activity. What do you guys think of the most important stories that customers should pay attention to in cloud native? What's what's the high order bit? What's the one thing or two things that really are notable that people should pay attention to that's important? Bryce, we'll start with you. >> I think it's bringing Kubernetes into the mainstream, right? I mean, that's what we see happening. How do you do that in a way that continues to give DevOps the flexibility they need and empower them and the way that Kubernetes does, but but also brings it into the mainstream. That's what I think what everyone's trying to solve right now >> Jim, your take on the most important story people should pay attention to. >> I think the same, I think Kubernetes adoption and really getting that education and people up to speed to start making that transformation. You know, quicker and getting that adoption rate up. I think we'll see a lot of benefits. Like you said, remote virtual in Kubernetes is kind of that framework that needs to get out there, be prevalent and and all of us take advantage, and start working together. >> All right, we'll leave it there. Guys, congratulations on the deal. NetApp embedding Kubernetes and Rancher support inside their hyper-converged infrastructure HCI. Bryce, Jim, thanks for coming on the CUBE. >> Thank you. >> Okay, I'm John Furrier with CUBE conversation here in Palo Alto. Normally when we do these in person but it's remote with the pandemic, giving you the latest continuing the cube virtual coverage, here in Palo Alto. Thanks for watching. (gentle music)

>>from the Cube Studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is a cube conversation, >>Everyone. Welcome to this cube conversation. I'm John for host of the Cube here in the Cubes Palo Alto studios during the co vid crisis. Square Quarantine with our crew, but we got the remote interviews. Got great to get great guests here from 44 to guard Fortinet, 40 Guard Labs, Derek Manky chief Security Insights and Global Threat alliances. At 14 it's 40 guard labs and, um, are Lakhani. Who's the lead researcher for the Guard Labs. Guys, great to see you. Derek. Good to see you again. Um, are you meet you? >>Hey, it's it's it's been a while and that it happened so fast, >>it just seems, are say it was just the other day. Derek, we've done a couple interviews in between. A lot of flow coming out of Florida net for the guards. A lot of action, certainly with co vid everyone's pulled back home. The bad actors taking advantage of the situation. The surface areas increased really is the perfect storm for security. Uh, in terms of action, bad actors are at all time high new threats here is going on. Take us through what you guys were doing. What's your team makeup look like? What are some of the roles and you guys were seeing on your team? And how's that transcend to the market? >>Yeah, sure, Absolutely. So you're right. I mean, like, you know, like I was saying earlier this this is all this always happens fast and furious. We couldn't do this without, you know, a world class team at 40 guard labs eso we've grown our team now to over 235 globally. There's different rules within the team. You know, if we look 20 years ago, the rules used to be just very pigeonholed into, say, anti virus analysis. Right now we have Thio account for when we're looking at threats. We have to look at that growing attack surface. We have to look at where these threats coming from. How frequently are they hitting? What verticals are they hitting? You know what regions? What are the particular techniques? Tactics, procedures, You know, we have threat. This is the world of threat Intelligence, Of course. Contextualizing that information and it takes different skill sets on the back end, and a lot of people don't really realize the behind the scenes. You know what's happening on bears. A lot of magic happen not only from what we talked about before in our last conversation from artificial intelligence and machine learning, that we do a 40 yard labs and automation, but the people. And so today we want to focus on the people on and talk about you know how on the back ends, we approach a particular threat. We're going to talk to the world, a ransom and ransomware. Look at how we dissect threats. How correlate that how we use tools in terms of threat hunting as an example, And then how we actually take that to that last mile and and make it actionable so that, you know, customers are protected. How we share that information with Keith, right until sharing partners. But again it comes down to the people. We never have enough people in the industry. There's a big shortages, we know, but it it's a really key critical element, and we've been building these training programs for over a decade within 40 guard lab. So you know, you know, John, this this to me is why, exactly why, I always say, and I'm sure Americans share this to that. There's never a dull day in the office. I know we hear that all the time, but I think today you know, all the viewers really get a new idea of why that is, because this is very dynamic. And on the back end, there's a lot of things that doing together our hands dirty with this, >>you know, the old expression started playing Silicon Valley is if you're in the arena, that's where the action and it's different than sitting in the stands watching the game. You guys are certainly in that arena. And, you know, we've talked and we cover your your threat report that comes out, Um, frequently. But for the folks that aren't in the weeds on all the nuances of security, can you kind of give the 101 ransomware. What's going on? What's the state of the ransomware situation? Um, set the stage because that's still continues to be a threat. I don't go a week, but I don't read a story about another ransomware and then it leaks out. Yeah, they paid 10 million in Bitcoin or something like I mean, this Israel. That's a real ongoing threat. What is it, >>quite a bit? Yeah, eso I'll give sort of the one on one and then maybe capacity toe mark, who's on the front lines dealing with this every day. You know, if we look at the world of I mean, first of all, the concept to ransom, obviously you have people that that has gone extended way, way before, you know, cybersecurity. Right? Um, in the world of physical crime s Oh, of course. You know the world's first ransom, where viruses actually called PC cyborg. This is in 1989. The ransom payment was demanded to appeal box from leave. It was Panama City at the time not to effective on floppy disk. Very small audience. Not a big attack surface. I didn't hear much about it for years. Um, you know, in really it was around 2000 and 10. We started to see ransomware becoming prolific, and what they did was somewhat cybercriminals. Did was shift on success from ah, fake antivirus software model, which was, you know, popping up a whole bunch of, you know said your computer is infected with 50 or 60 viruses. Chaos will give you an anti virus solution, Which was, of course, fake. You know, people started catching on. You know, the giggles up people caught onto that. So they weren't making a lot of money selling this project software. Uh, enter Ransomware. And this is where ransomware really started to take hold because it wasn't optional to pay for the software. It was mandatory almost for a lot of people because they were losing their data. They couldn't reverse engineer the current. Uh, the encryption kind of decrypt it with any universal tool. Ransomware today is very rigid. We just released our threat report for the first half of 2020. And we saw we've seen things like master boot record nbr around somewhere. This is persistent. It sits before your operating system when you boot up your computer. So it's hard to get rid of, um, very strong. Um, you know, public by the key cryptography that's being so each victim is infected with the different key is an example. The list goes on, and you know I'll save that for for the demo today. But that's basically it's It's very it's prolific and we're seeing shit. Not only just ransomware attacks for data, we're now starting to see ransom for extortion, for targeted ransom cases that we're going after, you know, critical business. Essentially, it's like a D O s holding revenue streams around too. So the ransom demands were getting higher because of this is Well, it's complicated. >>Yeah, I was mentioning, Omar, I want you to weigh in. I mean, 10 million is a lot we reported earlier this month. Garment was the company that was act I t guy completely locked down. They pay 10 million. Um, garment makes all those devices and a Z. We know this is impacting That's real numbers. So I mean, it's another little ones, but for the most part, it's new. It's, you know, pain in the butt Thio full on business disruption and extortion. Can you explain how it all works before I got it? Before we go to the demo, >>you know, you're you're absolutely right. It is a big number, and a lot of organizations are willing to pay that number to get their data back. Essentially their organization and their business is at a complete standstill. When they don't pay, all their files are inaccessible to them. Ransomware in general, what does end up from a very basic or review is it basically makes your files not available to you. They're encrypted. They have a essentially a pass code on them that you have to have the correct pass code to decode them. Ah, lot of times that's in the form of a program or actually a physical password you have type in. But you don't get that access to get your files back unless you pay the ransom. Ah, lot of corporations these days, they are not only paying the ransom, they're actually negotiating with the criminals as well. They're trying to say, Oh, you want 10 million? How about four million? Sometimes that it goes on as well, but it's Ah, it's something that organizations know that if they don't have the proper backups and the Attackers are getting smart, they're trying to go after the backups as well. They're trying to go after your duplicate files, so sometimes you don't have a choice, and organizations will will pay the ransom >>and it's you know they're smart. There's a business they know the probability of buy versus build or pay versus rebuild, so they kind of know where to attack. They know the tactics. The name is vulnerable. It's not like just some kitty script thing going on. This is riel system fistic ated stuff. It's and it's and this highly targeted. Can you talk about some use cases there and what's goes on with that kind of attack? >>Absolutely. The cybercriminals are doing reconnaissance. They're trying to find out as much as they can about their victims. And what happens is they're trying to make sure that they can motivate their victims in the fastest way possible to pay the ransom as well. Eh? So there's a lot of attacks going on. We usually we're finding now is ransomware is sometimes the last stage of an attack, so an attacker may go into on organization. They may already be taking data out of that organization. They may be stealing customer data P I, which is personal, identifiable information such as Social Security numbers or or driver's licenses or credit card information. Once they've done their entire attack, once they've gone, everything they can Ah, lot of times their end stage. There last attack is ransomware, and they encrypt all the files on the system and try and try and motivate the victim to pay as fast as possible and as much as possible as well. >>You know, it's interesting. I thought of my buddy today. It's like casing the joint. They check it out. They do their re kon reconnaissance. They go in, identify what's the move that's move to make. How to extract the most out of the victim in this case, Target. Um, and it really I mean, it's just go on a tangent, you know? Why don't we have the right to bear our own arms? Why can't we fight back? I mean, the end of the day, Derek, this is like, Who's protecting me? I mean, >>e do >>what? To protect my own, build my own army, or does the government help us? I mean, that's at some point, I got a right to bear my own arms here, right? I mean, this is the whole security paradigm. >>Yeah, so I mean, there's a couple of things, right? So first of all, this is exactly why we do a lot of that. I was mentioning the skills shortage and cyber cyber security professionals. Example. This is why we do a lot of the heavy lifting on the back end. Obviously, from a defensive standpoint, you obviously have the red team blue team aspect. How do you first, Um, no. There is what is to fight back by being defensive as well, too, and also by, you know, in the world that threat intelligence. One of the ways that we're fighting back is not necessarily by going and hacking the bad guys, because that's illegal in jurisdictions, right? But how we can actually find out who these people are, hit them where it hurts. Freeze assets go after money laundering that works. You follow the cash transactions where it's happening. This is where we actually work with key law enforcement partners such as Inter Pool is an example. This is the world, the threat intelligence. That's why we're doing a lot of that intelligence work on the back end. So there's other ways toe actually go on the offense without necessarily weaponizing it per se right like he's using, you know, bearing your own arms, Aziz said. There's different forms that people may not be aware of with that and that actually gets into the world of, you know, if you see attacks happening on your system, how you how you can use security tools and collaborate with threat intelligence? >>Yeah, I think that I think that's the key. I think the key is these new sharing technologies around collective intelligence is gonna be, ah, great way to kind of have more of an offensive collective strike. But I think fortifying the defense is critical. I mean, that's there's no other way to do that. >>Absolutely. I mean the you know, we say that's almost every week, but it's in simplicity. Our goal is always to make it more expensive for the cyber criminal to operate. And there's many ways to do that right you could be could be a pain to them by by having a very rigid, hard and defense. That means that if if it's too much effort on their end, I mean, they have roos and their in their sense, right, too much effort on there, and they're gonna go knocking somewhere else. Um, there's also, you know, a zay said things like disruption, so ripping infrastructure offline that cripples them. Yeah, it's wack a mole they're going to set up somewhere else. But then also going after people themselves, Um, again, the cash networks, these sorts of things. So it's sort of a holistic approach between anything. >>Hey, it's an arms race. Better ai better cloud scale always helps. You know, it's a ratchet game. Okay, tomorrow I want to get into this video. It's of ransomware four minute video. I'd like you to take us through you to lead you to read. Researcher, >>take us >>through this video and, uh, explain what we're looking at. Let's roll the video. >>All right? Sure s. So what we have here is we have the victims. That's top over here. We have a couple of things on this. Victims that stop. We have ah, batch file, which is essentially going to run the ransom where we have the payload, which is the code behind the ransomware. And then we have files in this folder, and this is where you typically find user files and, ah, really world case. This would be like Microsoft Microsoft Word documents or your Power point presentations. Over here, we just have a couple of text files that we've set up we're going to go ahead and run the ransomware and sometimes Attackers. What they do is they disguise this like they make it look like a like, important word document. They make it look like something else. But once you run, the ransomware usually get a ransom message. And in this case, the ransom message says your files are encrypted. Uh, please pay this money to this Bitcoin address. That obviously is not a real Bitcoin address that usually they look a little more complicated. But this is our fake Bitcoin address, but you'll see that the files now are encrypted. You cannot access them. They've been changed. And unless you pay the ransom, you don't get the files. Now, as the researchers, we see files like this all the time. We see ransomware all the all the time. So we use a variety of tools, internal tools, custom tools as well as open source tools. And what you're seeing here is open source tool is called the cuckoo sandbox, and it shows us the behavior of the ransomware. What exactly is a ransom we're doing in this case? You can see just clicking on that file launched a couple of different things that launched basically a command execute herbal, a power shell. It launched our windows shell and then it did things on the file. It basically had registry keys. It had network connections. It changed the disk. So this kind of gives us behind the scenes. Look at all the processes that's happening on the ransomware and just that one file itself. Like I said, there's multiple different things now what we want to do As researchers, we want to categorize this ransomware into families. We wanna try and determine the actors behind that. So we dump everything we know in the ransomware in the central databases. And then we mind these databases. What we're doing here is we're actually using another tool called malt ego and, uh, use custom tools as well as commercial and open source tools. But but this is a open source and commercial tool. But what we're doing is we're basically taking the ransomware and we're asking malty, go to look through our database and say, like, do you see any like files? Or do you see any types of incidences that have similar characteristics? Because what we want to do is we want to see the relationship between this one ransomware and anything else we may have in our system because that helps us identify maybe where the ransom that's connecting to where it's going thio other processes that may be doing. In this case, we can see multiple I P addresses that are connected to it so we can possibly see multiple infections weaken block different external websites. If we can identify a command and control system, we can categorize this to a family. And sometimes we can even categorize this to a threat actor that has claimed responsibility for it. Eso It's essentially visualizing all the connections and the relationship between one file and everything else we have in our database in this example. Off course, we put this in multiple ways. We can save these as reports as pdf type reports or, you know, usually HTML or other searchable data that we have back in our systems. And then the cool thing about this is this is available to all our products, all our researchers, all our specialty teams. So when we're researching botnets when we're researching file based attacks when we're researching, um, you know, I P reputation We have a lot of different IOC's or indicators of compromise that we can correlate where attacks goes through and maybe even detective new types of attacks as well. >>So the bottom line is you got the tools using combination of open source and commercial products. Toe look at the patterns of all ransomware across your observation space. Is that right? >>Exactly. I should you like a very simple demo. It's not only open source and commercial, but a lot of it is our own custom developed products as well. And when we find something that works, that logic that that technique, we make sure it's built into our own products as well. So our own customers have the ability to detect the same type of threats that we're detecting as well. At four of our labs intelligence that we acquire that product, that product of intelligence, it's consumed directly by our projects. >>Also take me through what, what's actually going on? What it means for the customers. So border guard labs. You're looking at all the ransom where you see in the patterns Are you guys proactively looking? Is is that you guys were researching you Look at something pops on the radar. I mean, take us through What is what What goes on? And then how does that translate into a customer notification or impact? >>So So, yeah, if you look at a typical life cycle of these attacks, there's always proactive and reactive. That's just the way it is in the industry, right? So of course we try to be a wear Some of the solutions we talked about before. And if you look at an incoming threat, first of all, you need visibility. You can't protect or analyze anything that you can't see. So you got to get your hands on visibility. We call these I, O. C s indicators a compromise. So this is usually something like, um, actual execute herbal file, like the virus from the malware itself. It could be other things that are related to it, like websites that could be hosting the malware as an example. So once we have that seed, we call it a seed. We could do threat hunting from there, so we can analyze that right? If it's ah piece of malware or a botnet weaken do analysis on that and discover more malicious things that this is doing. Then we go investigate those malicious things and we really you know, it's similar to the world of C. S. I write have these different gods that they're connecting. We're doing that at hyper scale on DWI. Use that through these tools that Omar was talking. So it's really a life cycle of getting, you know, the malware incoming seeing it first, um, analyzing it on, then doing action on that. Right? So it's sort of a three step process, and the action comes down to what tomorrow is saying water following that to our customers so that they're protected. But then in tandem with that, we're also going further. And I'm sharing it, if if applicable to, say, law enforcement partners, other threat Intel sharing partners to And, um, there's not just humans doing that, right? So the proactive peace again, This is where it comes to artificial intelligence machine learning. Um, there's a lot of cases where we're automatically doing that analysis without humans. So we have a I systems that are analyzing and actually creating protection on its own. Two. So it Zack white interest technology. >>A decision. At the end of the day, you want to protect your customers. And so this renders out if I'm afford a net customer across the portfolio. The goal here is to protect them from ransomware. Right? That's the end of game. >>Yeah, And that's a very important thing when you start talking these big dollar amounts that were talking earlier comes Thio the damages that air down from estimates. >>E not only is a good insurance, it's just good to have that fortification. Alright, So dark. I gotta ask you about the term the last mile because, you know, we were before we came on camera. You know, I'm band with junkie, always want more bandwidth. So the last mile used to be a term for last mile to the home where there was telephone lines. Now it's fiber and by five. But what does that mean to you guys and security is that Does that mean something specific? >>Yeah, Yeah, absolutely. The easiest way to describe that is actionable, right? So one of the challenges in the industry is we live in a very noisy industry when it comes thio cybersecurity. What I mean by that is because of that growing attacks for fists on do you know, you have these different attack vectors. You have attacks not only coming in from email, but websites from, you know, DDOS attacks. There's there's a lot of volume that's just going to continue to grow is the world of I G N O T. S O. What ends up happening is when you look at a lot of security operation centers for customers as an example, um, there are it's very noisy. It's, um you can guarantee that every day you're going to see some sort of probe, some sort of attack activity that's happening. And so what that means is you get a lot of protection events, a lot of logs, and when you have this worldwide shortage of security professionals, you don't have enough people to process those logs and actually started to say, Hey, this looks like an attack. I'm gonna go investigate it and block it. So this is where the last mile comes in because ah, lot of the times that you know these logs, they light up like Christmas. And I mean, there's a lot of events that are happening. How do you prioritize that? How do you automatically add action? Because The reality is, if it's just humans, doing it on that last mile is often going back to your bandwidth terms. There's too much too much lately. See right, So how do you reduce that late and see? That's where the automation the AI machine learning comes in. Thio solve that last mile problem toe automatically either protection. Especially important because you have to be quicker than the attacker. It's an arms race like E. >>I think what you guys do with four to Guard Labs is super important. Not like the industry, but for society at large, as you have kind of all this, you know, shadow, cloak and dagger kind of attacks systems, whether it's National Security international or just for, you know, mafias and racketeering and the bad guys. Can you guys take a minute and explain the role of 40 guards specifically and and why you guys exist? I mean, obviously there's a commercial reason you both on the four net that you know trickles down into the products. That's all good for the customers. I get that, but there's more to the fore to guard than just that. You guys talk about this trend and security business because it is very clear that there's a you know, uh, collective sharing culture developing rapidly for societal benefit. Can you take them into something that, >>Yeah, sure, I'll get my thoughts. Are you gonna that? So I'm going to that Teoh from my point of view, I mean, there's various functions, So we've just talked about that last mile problem. That's the commercial aspect we create through 40 yard labs, 40 yards, services that are dynamic and updated to security products because you need intelligence products to be ableto protect against intelligence attacks. That's just the defense again, going back to How can we take that further? I mean, we're not law enforcement ourselves. We know a lot about the bad guys and the actors because of the intelligence work that you do. But we can't go in and prosecute. We can share knowledge and we can train prosecutors, right? This is a big challenge in the industry. A lot of prosecutors don't know how to take cybersecurity courses to court, and because of that, a lot of these cybercriminals rain free. That's been a big challenge in the industry. So, you know, this has been close to my heart over 10 years, I've been building a lot of these key relationships between private public sector as an example, but also private sector things like Cyber Threat Alliance, where a founding member of the Cyber Threat Alliance, if over 28 members and that alliance. And it's about sharing intelligence to level that playing field because Attackers room freely. What I mean by that is there's no jurisdictions for them. Cybercrime has no borders. Um, they could do a million things, uh, wrong and they don't care. We do a million things right. One thing wrong, and it's a challenge. So there's this big collaboration that's a big part of 40 guard. Why exists to is to make the industry better. Thio, you know, work on protocols and automation and and really fight fight this together. Well, remaining competitors. I mean, we have competitors out there, of course, on DSO it comes down to that last mile problem. John is like we can share intelligence within the industry, but it's on Lee. Intelligence is just intelligence. How do you make it useful and actionable? That's where it comes down to technology integration. And, >>um, are what's your take on this, uh, societal benefit because, you know, I've been saying since the Sony hack years ago that, you know, when you have nation states that if they put troops on our soil, the government would respond. Um, but yet virtually they're here, and the private sector's defend for themselves. No support. So I think this private public partnership thing is very relevant. I think is ground zero of the future build out of policy because, you know, we pay for freedom. Why don't we have cyber freedom is if we're gonna run a business. Where's our help from the government? Pay taxes. So again, if a military showed up, you're not gonna see, you know, cos fighting the foreign enemy, right? So, again, this is a whole new change over it >>really is. You have to remember that cyberattacks puts everyone on even playing field, right? I mean, you know, now don't have to have a country that has invested a lot in weapons development or nuclear weapons or anything like that, right? Anyone can basically come up to speed on cyber weapons as long as they have an Internet connection. So it evens the playing field, which makes it dangerous, I guess, for our enemies, you know, But absolutely that I think a lot of us, You know, from a personal standpoint, a lot of us have seen researchers have seen organizations fail through cyber attacks. We've seen the frustration we've seen. Like, you know, besides organization, we've seen people like, just like grandma's loser pictures of their, you know, other loved ones because they can being attacked by ransom, where I think we take it very personally when people like innocent people get attacked and we make it our mission to make sure we can do everything we can to protect them. But But I will add that the least here in the U. S. The federal government actually has a lot of partnerships and ah, lot of programs to help organizations with cyber attacks. Three us cert is always continuously updating, you know, organizations about the latest attacks. Infra Guard is another organization run by the FBI, and a lot of companies like Fortinet and even a lot of other security companies participate in these organizations so everyone can come up to speed and everyone share information. So we all have a fighting chance. >>It's a whole new wave paradigm. You guys on the cutting edge, Derek? Always great to see a mark. Great to meet you remotely looking forward to meeting in person when the world comes back to normal as usual. Thanks for the great insights. Appreciate it. >>All right. Thank God. Pleasure is always >>okay. Q conversation here. I'm John for a host of the Cube. Great insightful conversation around security Ransomware with a great demo. Check it out from Derek and, um, are from 14 guard labs. I'm John Ferrier. Thanks for watching.

>>from around the globe. It's the Cube with coverage of Coop con and cloud, native con Europe 2020 Virtual brought to you by Red Hat, The Cloud Native Computing Foundation and its ecosystem partners >>Welcome back. This is the Cube coverage of Cube Con Cloud, native con, the European show for 2020. I'm your host to Minuteman. And when we talk about the container world, we talk about what's happening in cloud. Native storage has been one of those sticking points. One of those things that you know has been challenging, that we've been looking to mature and really happy to welcome back to the program two of our cube alumni to give us the update on the state of storage for the container world. Both of them are oh, founders and CEOs. First of all, we have Xiang Yang from Rancher Labs, of course, was recently acquired by Sue Save it and the intention to acquire on and also joining us from early the relay. Who is with port works? Shang Amerli. Thanks so much for joining us. Thank you. Thank you. Alright. So early. I actually I'm going to start with you just cause you know we've seen, you know, a couple of waves of companies working on storage. In this environment, we know storage is difficult. Um, And when we change how we're building things, there's architectural things that can happen. Eso maybe if you could just give us a snapshot, you know, Port works, you know, was created to help unpack this. You know, straight on here in 2020 you know, where you see things in the overall kind of computer storage landscape? >>Absolutely. Still, before I kind of jump into port works. I just want to take a minute to publicly congratulate the the whole rancher team, and and Shang and Shannon And will China have known those folks for a while there? They're kind of true entrepreneurs. They represent the serial entrepreneur spirit that that so many folks know in the valley, and so, you know, great outcome for them. We're very happy for them and ah, big congrats and shout out to the whole team. What works is is a little over five years old, and we've been kind of right from the inception of the company recognized that to put containers in production, you're gonna have to solve, not just the orchestration problem. But the issue of storage and data orchestration and so in a natural kubernetes orchestrates containers and what works orchestrates storage and data. And more specifically, by doing that, what we enable is enterprises to be able to take APS that are containerized into production at scale and and have high availability. Disaster recovery, backup all of the things that for decades I t has had to do and has done to support application, reliability and availability. But essentially we're doing it for purpose with the purpose build solution for containerized workloads. >>Alright, shaming. Of course, storage is a piece of the overall puzzle that that ranchers trying to help with. Maybe if you could just refresh our audience on Longhorn, which your organization has its open source. It's now being managed by the CN. CF is my understanding. So help us bring Longhorn into the discussion >>thanks to. So I'm really glad to be here. We've I think rancher and port work started about the same time, and we started with a slightly different focus. More is exactly right to get containers going, you really need both so that the computer angle orchestrating containers as well as orchestrating the storage and the data. So rancher started with, ah, it's slightly stronger focus on orchestrating containers themselves, but pretty quickly, we realized, as adoption of containers grow, we really need it to be able to handle ah, storage feather. And like any new technology, you know, uh, Kubernetes and containers created some interesting new requirements and opportunities, and at the time, really, they weren't. Ah, a lot of good technologies available, you know, technologies like rook and SEF at the time was very, very premature, I think, Ah, the You know, we actually early on try to incorporate ah, the cluster technology. And it was just it was just not easy. And And at the time I think port Works was, ah, very busy developing. Ah, what turned out to be there flagship product, which we end up, end up, uh, partnering very, very closely. But but early on, we really had no choice but to start developing our own storage technology. So Long horn. As a piece of container storage technology, it's actually almost as oh, there's rancher itself. When about funding engineers, we hired he he ended up, you know, working on it and Then over the years, you know the focus shift that I think the original version was written in C plus plus, and over the years it's now being completely re written in Golan. It was originally written more for Docker workload. Now, of course, everything is kubernetes centric. And last year we you know, we we decided to donate the Longhorn Open Source project to CN CF. And now it's a CN CF sandbox project, and the adoption is just growing really quickly. And just earlier this year, we we finally ah decided to we're ready to offer a commercial support for it. So So that's that's where rancher is. And with longhorn and container storage technology. >>Yeah, it has been really interesting to watch in this ecosystem. A couple of years ago, one of the Q con shows I was talking to people coming out of the Believe It was the Sigs, the special interest group for storage, and it was just like, Wow, it was heated. Words were, you know, back and forth. There's not a lot of agreement there. Anybody that knows the storage industry knows that you know standards in various ways of doing things often are contentious and there's there's differences of opinion. Look at the storage industry. You know, there's a reason why there's so many different solutions out there. So maybe it love to hear from early. From your standpoint, things are coming to get a little bit more. There are still a number of options out there. So you know, why is this kind of coop petition? I actually good for the industry? >>Yeah, I think this is a classic example of Coop petition. Right? Let's let's start with the cooperation part right? The first part of time the you know, the early days of CN, CF, and even sort of the Google Communities team, I think, was really very focused on compute and and subsequent years. In the last 34 years, there's been a greater attention to making the whole stack works, because that's what it's going to take to take a the enterprise class production and put it in, you know, enterprise class application and put it in production. So extensions like C and I for networking and CS I container storage interface. We're kind of put together by a working group and and ah ah you know both both in the CN CF, but also within the kubernetes Google community. That's you talked about six storage as an example. And, you know, as always happens, right? Like it It looks a little bit in the early days. Like like a polo game, right where folks are really? Ah, you know, seemingly, uh, you know, working with each other on on top of the pool. But underneath they're kicking each other furiously. But that was a long time back, and we've graduated from then into really cooperating. And I think it's something we should all be proud of. Where now the CS I interface is really a A really very, very strong and complete solution tow, allowing communities to orchestrate storage and data. So it's really strengthened both communities and the kubernetes ecosystem. Now the competition part. Let's kind of spend. I want to spend a couple of minutes on that too, right? Um, you know, one of the classic things that people sometimes confuse is the difference between an overlay and an interface. CSC is wonderful because it defines how the two layers off essentially kind of old style storage. You know, whether it's a san or ah cloud, elastic storage bucket or all of those interact with community. So the the definition of that interface kind of lay down some rules and parameters for how that interaction should happen. However, you still always need an overlay like Port Works that that actually drives that interface and enables Kubernetes to actually manage that storage. And that's where the competition is. And, you know, she mentioned stuff and bluster and rook and kind of derivatives of those. And I think those have been around really venerable and and really excellent products for born in a different era for a different time open stack, object storage and all of that not really meant for kind of primary workloads. And they've been they've been trying to be adapted for, for for us, for this kind of workload. Port Works is really a built from right from the inception to be designed for communities and for kubernetes workloads at enterprise scale. And so I think, you know, as I as I look at the landscape, we welcome the fact that there are so many more people acknowledging that there is a vital need for data orchestration on kubernetes right, that that's why everybody and their brother now has a CS I interface. However, I think there's a big difference between having an interface. This is actually having the software that provides the functionality for H. A, D R. And and for backup, as as the kind of life cycle matures and doing it not just at scale, but in a way that allows kind of really significant removal or reduction off the storage admin role and replaces it with self service that is fully automated within communities. Yeah, if I >>can, you know, add something that that I completely agree. I mean, over the Longhorns been around for a long time. Like I said, I'm really happy that over the years it hasn't really impacted our wonderful collaborative partnership with what works. I mean, Poll works has always been one of our premier partners. We have a lot of, ah, common customers in this fight. I know these guys rave about what works. I don't think they'll ever get out for works. Ah, home or not? Uh huh. Exactly. Like Morissette, you know, in the in the storage space, there's interface, which a lot of different implementations can plugging, and that's kind of how rancher works. So we always tell people Rancher works with three types of storage implementations. One is let we call legacy storage. You know, your netapp, your DMC, your pure storage and those are really solid. But they were not suddenly not designed to work with containers to start with, but it doesn't matter. They've all written CS I interfaces that would enable containers to take advantage of. The second type is some of the cloud a block storage or file storage services like EBS, GFS, Google Cloud storage and support for these storage back and the CS I drivers practically come with kubernetes itself, so those are very well supported. But there's still a huge amount of opportunities for the third type of you know, we call container Native Storage. So that is where Port Works and the Longhorn and other solutions like open EBS storage OS. All these guys fitting is a very vibrant ecosystem of innovation going on there. So those solutions are able to create basically reliable storage from scratch. You know, when you from from just local disks and they're actually also able to add a lot of value on top of whatever traditional or cloud based, persistent storage you already have. So so the whole system, the whole ecosystem, is developing very quickly. A lot of these solutions work with each other, and I think to me it's really less of a competition or even Coop petition. It's really more off raising the bar for for the capabilities so that we can accelerate the amount of workload that's been moved onto this wonderful kubernetes platform in the end of the benefit. Everyone, >>Well, I appreciate you both laying out some of the options, you know, showing just a quick follow up on that. I think back if you want. 15 years ago was often okay. I'm using my GMC for my block. I'm using my netapp for the file. I'm wondering in the cloud native space, if we expect that you might have multiple different data engine types in there you mentioned you know, I might want port works for my high performance. You said open EBS, very popular in the last CN CF survey might be another one there. So is do we think some of it is just kind of repeating itself that storage is not monolithic and in a micro service architecture. You know, different environments need different storage requirements. >>Yeah, I mean quick. I love to hear more is view as well, especially about you know, about how the ecosystem is developing. But from my perspective, just just the range of capabilities that's now we expect out of storage vendors or data management vendors is just increased tremendously. You know, in the old days, if you can store blocks to object store file, that's it. Right. So now it's this is just table stakes. Then then what comes after that? There will be 345 additional layers of requirements come all the way from backup, restore the our search indexing analytics. So I really think all of this potentially off or in the in the bucket of the storage ecosystem, and I just can't wait to see how this stuff will play out. I think we're still very, very early stages, and and there, you know what? What, what what containers did is they made fundamentally the workload portable, but the data itself still holds a lot of gravity. And then just so much work to do to leverage the fundamental work load portability. Marry that with some form of universal data management or data portability. I think that would really, uh, at least the industry to the next level. Marie? >>Yeah. Shanghai Bean couldn't. Couldn't have said it better. Right? Let me let me let me kind of give you Ah, sample. Right. We're at about 160 plus customers now, you know, adding several by the month. Um, just with just with rancher alone, right, we are. We have common customers in all common video expedient Roche March X, Western Asset Management. You know, charter communications. So we're in production with a number off rancher customers. What are these customers want? And why are they kind of looking at a a a Port works class of solution to use, You know, Xiang's example of the multiple types, right? Many times, people can get started with something in the early days, which has a CS I interface with maybe say, $10 or 8 to 10 nodes with a solution that allows them to at least kind of verify that they can run the stack up and down with, say, you know, a a rancher type orchestrator, workloads that are containerized on and a network plug in and a storage plugging. But really, once they start to get beyond 20 notes or so, then there are problems that are very, very unique to containers and kubernetes that pop up that you don't see in a in a non containerized environment, right? Some. What are some of these things, right? Simple examples are how can you actually run 10 to hundreds of containers on a server, with each one of those containers belonging to a different application and having different requirements? How do you actually scale? Not to 16 nodes, which is sort of make typically, maybe Max of what a San might go to. But hundreds and thousands of notes, like many of our customers, are doing like T Mobile Comcast. They're running this thing at 600 thousands of notes or scale is one issue. Here is a critical critical difference that that something that's designed for Kubernetes does right. We are providing all off the storage functions that Shang just described at container granted, granularity versus machine granularity. One way to think about this is the old Data center was in machine based construct. Construct everything you know. VM Ware is the leader, sort of in that all of the way. You think of storage as villains. You think of compute and CPUs, everything. Sub sub nets, right? All off. Traditional infrastructure is very, very machine centric. What kubernetes and containers do is move it into becoming an app defined control plane, right? One of the things were super excited about is the fact that Kubernetes is really not just a container orchestrator, but actually a orchestrator for infrastructure in an app defined way. And by doing that, they have turned, uh, you know, control off the infrastructure via communities over to a kubernetes segment. The same person who uses rancher uses port works at NVIDIA, for example to manage storage as they use it, to manage the compute and to manage containers. And and that's marvellous, because now what has happened is this thing is now fully automated at scale and and actually can run without the intervention off a storage admin. No more trouble tickets, right? No more requests to say, Hey, give me another 20 terabytes. All of that happens automatically with the solution like port works. And in fact, if you think about it in the world of real time services that we're all headed towards right Services like uber now are expected in enterprises machine learning. Ai all of these things analytics that that change talk about are things that you expect to run in a fully automated way across vast amounts of data that are distributed sometimes in the edge. And you can't do that unless you're fully automated and and not really the storage admin intervention. And that's kind of the solution that we provide. >>Alright, well, we're just about out of time. If I could just last piece is, you know, early and saying to talk about where we are with long for and what we should expect to see through the rest of this year and get some early for you to you know, what differentiates port works from Just, you know, the open source version. So And maybe if we start with just kind of long or in general and then really from from your standpoint, >>yeah, so it's so so the go along one is really to lower the bar for folks to run state for workloads on on kubernetes we want you know, the the Longhorn is 100% open source and it's owned by CN cf now. So we in terms of features and functionalities is obviously a small subset of what a true enterprise grade solution like Port Works or, um, CEO on that that could provide. So there's just, you know, the storage role. Ah, future settle. The roadmap is very rich. I don't think it's not really Ranchers go Oh, our Longhorns goal to, you know, to try to turn itself into a into a plug in replacement for these enterprise, great storage or data management solutions. But But they're you know, there's some critical critical feature gaps that we need address. And that's what the team is gonna be focusing on, perhaps for the rest of the year. >>Yeah, uh, still, I would I would kind of, you know, echo what Chang said, right? I think folks make it started with solutions, like longer or even a plug in connector plug in with one of their existing storage vendors, whether it's pure netapp or or EMC from our viewpoint, that's wonderful, because that allows them to kind of graduate to where they're considering storage and data as part of the stack. They really should that's the way they're going to succeed by by looking at it as a whole and really with, You know, it's a great way to get started on a proof of concept architecture where your focus initially is very much on the orchestration and the container ization part. But But, as Xiang pointed out, you know what what rancher did, what I entered it for Kubernetes was build a simple, elegant, robust solution that kind of democratized communities. We're doing the same thing for communities storage right? What Port works does is have a solution that is simple, elegant, fully automated, scalable and robust. But more importantly, it's a complete data platform, right? We we go where all these solutions start, but don't kind of venture forward. We are a full, complete lifecycle management for data across that whole life cycle. So there's many many customers now are buying port works and then adding deal right up front, and then a few months later they might come back and I'd backup from ports. So two shanks point right because of the uniqueness of the kubernetes workload, because it is an app defined control plane, not machine to find what is happening is it's disrupting, Just like just like virtualization day. VM exist today because because they focused on a VM version off. You know, the their backup solution. So the same thing is happening. Kubernetes workloads are district causing disruption of the D r and backup and storage market with solutions like sports. >>Wonderful. Merlin Chang. Thank you so much for the updates. Absolutely. The promise of containers A Z you were saying? Really, is that that Atomic unit getting closer to the application really requires storage to be a full and useful solution. So great to see the progress that's being made. Thank you so much for joining us. >>Welcome, Shannon. We look forward to ah, working with you as you reach for the stars. Congratulations again. We look >>forward to the containing partnership morally and thank you. Still for the opportunity here. >>Absolutely great talking to both of you And stay tuned. Lots more coverage of the Cube Cube Con cloud, native con 2020 Europe. I'm stew minimum. And thank you for watching the Cube. Yeah, yeah, yeah, yeah, yeah, yeah