(gentle music) >> Hi everybody, this is Dave Vellante of TheCUBE. This is day two of Fal.Con 2022, CrowdStrike's big customer event. Over 2000 people here, a hundred sessions, a lot of deep security talk. Amol Kulkarni is here. He's the chief product and engineering officer at CrowdStrike, and we're going to get into it. Amol, thanks for coming to theCUBE. >> Great to be here. >> I enjoyed your keynote today. It was very informative. First of all, how's the show going for you? >> It's going fantastic. I mean, first and foremost, like to be having everyone here in person, after three years, that's just out the world, right? So great to meet and a lot of great conversations across the board with customers, partners. It's been fantastic. >> Yeah, so I want to start with Cloud Native, it's kind of your dogma. This whole, the new acronym is CNAP Cloud Native Application Protection Platform. >> Amol: That's right. >> There's a mouthful. What is that? How does it relate to what you guys are doing? >> Yeah, so CNAP is what Gartner has coined as the term for covering entire cloud security. And they have identified various components in it. The first and foremost is the runtime protection, cloud workload protection, as we call it. Second is posture management. That's CSBM cloud security posture management. Third is CIEM, which we announced today. And then the fourth is shift left, kind of Dev SecOps part of cloud security. And all together Gartner coins that as a solution or a suite, if you will, to cover various aspects of cloud security. >> Okay, so shift left and then shield right. You still got to shield right. Is that where network security comes in? Which is not your main focus, but okay. So now it explains... Gartner is an acronym. Now I get it. But the CIEM announcement cloud infrastructure entitlement management. So you're managing identities. Is that right? Explain that in more detail. >> So, yeah, so I mean, as in the on-premise world, but even more exacerbated in the crowd world you have lots and lots of identities, both human identities and service accounts that are accessing cloud services. And lot of the time the rigor is not there in terms of what permissions those identities are provisioned with. So are they over provisioned? Do they have lots of rights that they should not have? Are they able... Are services able to connect to resources that they should not be able to connect to all of that falls under the entitlement management, the identity entitlement management part. And that's where CIEM comes in. So what we said is, we have a great identity security story for on-premise, right? And now we are applying that to understand identities, the entitlements they have, secrets that are lying around, maybe leaked, or just, available for adversaries to exploit in the cloud security world. So taking all of that into account and giving you... Giving customers a snapshot view of one single view to say; these are the identities, these are their permissions, this is where you can trim them down because these are the dependencies that are present across services. And you see something that's not right from a dependency perspective, you can say, okay, this connection doesn't make sense. There's something malicious going on here. So there's a lot that you can do by having that scope of identities. Be very narrowed down. It's a first step in the zero trust journey for the cloud infrastructure. >> So I have to ask you when you now extend this conversation to the edge, and operations technology. Traditionally the infrastructure has been air gapped by, you know, brute force air gap. Don't worry about it. And maybe hasn't had to worry so much about the hygiene. So now as you... as the business drives and forces essentially digital connect... Digital transformation and connectivity >> Connectivity. Yeah. >> I mean, wow, that's a playground for the hackers. >> You absolutely nailed it. So most of these infrastructure was not designed with security in mind, unfortunately, right? As you said, most of it was air-gapped, disconnected. And now everything is getting to be connected because the updates are being pushed rapidly changes are happening. So, and that really, in some sense has changed the environment in which these devices are operating. The operational technology, industrial control. We had the colonial pipeline breach last year. And, that really opened people's eyes like, Hey, nation state adversaries are going to come after critical infrastructure. And that can... That is going to cause impact directly to the end end users, to the citizens. So we have to protect this infrastructure. And that's why we announced discover for IOT as a new module that looks at and understands all the IOT and industrial control systems assets. >> So that didn't require an architectural change though. Right? That was a capability that you introduced with partners. Right? Am I right about that? You don't have to re-architect anything. It's just... Your architecture fits perfectly into those scenarios. >> Absolutely, absolutely. Yeah, yeah, yeah. You actually... While the pace of change is there, architectural change is almost very difficult, because these are very large systems. They are built up over time. It take an industrial control system. The tracing speed is very different from a laptop. So yeah, you can't impose any architectural change. It has to be seamless from what the customers have. >> You were talking, I want to go back to CNAP. You were talking about the protecting the run time. You can do that with an agent. You had said agent... In your keynote. Agentless solutions don't give you runtime security protection. Can you double click on that and just elaborate? >> Yeah, absolutely. So what agentless solutions today are doing they're essentially tapping into APIs from AWS or Azure CloudTrail, for example and looking at misconfigurations. So that is indeed a challenge. So that is one part of the story, but that only gives you a partial view. Let's say that an attacker attacks and uses a existing credential. A legitimate credential to access one of the cloud services. And from there they escalate the privileges and then now start branching off the, the CSP, and the agentless-only solutions will not catch that. Right? So what you need is you, you need this agentless part but you have to couple that with; seeing the activity that's actually happening the living of the land attacks that cannot be caught by the CSP end-piece. So you need a combination of agentless and agent runtime to give that overall protection. >> What's the indicator of attack for a hacker that's living off the land, meaning using your own tools against you. >> That's right. So the indicators of attack are saying accessing services, for example, that are not normally accessed or escalating privileges. So you come in as a normal user, but then suddenly you have admin privileges because you have escalated those privileges, or you are moving laterally very rapidly from one place to another, or spraying across a lot of services in order to do reconnaissance and understand what is out there. So it's almost like looking for what is an abnormal attack path, abnormal behavior compared to what is normal and the good part is cloud. There's a lot that is normal, right? It's fairly constrained. It's not like a end user who is downloading stuff from the internet. And like doing all sorts of things. Cloud services are fairly constrained, so you can profile and you can figure out where there is a drift from the normal. And that's really the indicator of attack. In some sense, from cloud services >> In a previous life I want to change subjects. In a previous life. I spent a lot of time with CIOs. Helping them look at their application portfolio, understanding what to rationalize, what to get rid of, what to invest in, you know, bringing in new projects, cause you know, it's just you never throw a stuff away in IT. >> There is no obsolescence >> Right. So, but they wanted to... Anytime you go through these rationalization exercises change management is everything. And one of the hardest things to do was to map and understand the business impact of all the dependencies across the portfolio. Cause when application A needs this dataset. If you retire it, you're going to... It has ripple effects. And you talked about that in a security context today when you were talking about the asset graph and the threat graphs giving you the ability to understand those dependencies. Can you add some color to that? >> Absolutely. Absolutely. So what we've done with the asset graph; It's a fundamental piece of technology that we've been building now for some time that complements the thread graph. And the asset graph looks at: Assets, identities, applications, and configuration. All of those aspects. And the interconnections between them. So if a user is accessing an application on a server, all those, and in what role, all of that relationship is tied together in the asset graph. So what that does now is, it gives you an ability to say this application connects to this application. And that's the dependency on that port, for example. So you can now build up a dependency map and then the thread graph, what it does, it looks at the continuous activity that's happening. So if you now take the events that are coming into the thread graph and the graphical representation of those, combine it with the asset graph, you get that full dependency map. And now you can start doing that impact analysis that you talked about. Which is... It's an unsolved problem, right? And that's why security as I said in my keynote is most people do not have their security tools enabled to the highest level or they don't have full coverage just because the pace of change is so rapid. They cannot keep up with it. So we want to enable change management, at a rapid pace where businesses and customers can say; we are confident about the change management, about the change we are going to implement. Because we know what the potential impact would be. We can validate, test it in a smaller subset and then roll it out quickly. And that's the journey we are on. Sort of the theme of my talk was to make IT and security friends again. >> Right, you talked about that gap and bringing those two together. You also had a great quote in there; 'The pace of change and securities is insane.' And so this assets graph capability, dependencies and the threat graph, help you manage that accelerating pace of change. Before I forget, I want to ask you about your interview with Girls Who Code. What was that like? Who'd you interview? I unfortunately couldn't see it. I apologize. >> Yeah, fantastic. So, Reshma Saujani she heads Girls Who Code and she first off had a very very powerful talk just from her own own experiences. And essentially, like, what do we need to do to get more women into computer science first, but then within that, into cybersecurity. and what all have they done with Girls Who Code. So very, I mean, we were very touched at the audience was like super into her talk. And then I had a chance to chat with her for a few minutes, ask her a few questions. Just my view was more like, okay. What can we do together? What can CrowdStrike do in our position, in to attract more women? We've done a lot in terms of tailoring our job descriptions to make sure it's more... Remove the biases. Tuning the interview processes to be more welcoming and Reshma gave an example saying; 'Hey, many of these interviews, they start with a baseball discussion.' And I mean, some women may maybe interested in it but may not all maybe. And so is that the right? Is it a gender kind-of affirming or gender neutral kind-of discussion or do you want to have other topics? So a lot of that is about training the interviewers because most of the interviewers are men, unfortunately. That's the mix we have. And it was a great discussion. I mean, just like very practical. She's very much focused on increasing the number of people and increasing the pipeline which is honestly the biggest problem. Because if we have a lot of candidates we would definitely hire them and essentially improve the diversity. And we've done a great job with our intern program, for example, which has helped significantly improve the diversity on our workforce. >> And, but the gap keeps getting bigger in terms of unfulfilled jobs. That leads me to developers as a constituency. Because you guys are building the security cloud. You're on a mission to do that. And to me, if you have a security cloud, it's got to be programmable. You're going to have developers there. You don't... From what I can tell you have a specific developer platform, but it's organic. It's sort of happening out there. What's the strategy around, I mean, the developer today is so critical in terms of implementing a lot of security strategy and putting it into action. They've got to secure the run time. They got to worry about the APIs. They got to secure the PaaS. They got to secure the containers. Right, and so what's your developer strategy. >> Yeah, so within cloud security, enabling developers to implement DevSecOps as a as a philosophy, as a strategy, is critical. And so we, we have a lot of offerings there on the shift-left side, for example, you talked about securing containers. So we have container image assessment where we plug in into the container repositories to check for vulnerabilities and bad configuration in the container images. We then complement that with the runtime side where our agent can protect the container from runtime violations, from breakouts, for example. So it's a combination. It's a full spectrum, right? From the developer building an application, all the way to the end. Second I'd say is, we are a very much an API first company. So all of the things that you can do from a user interface perspective, you can do from APIs what is enable that is a bunch of partners a rich partner ecosystem that is building using those APIs. So the developers within our partners are leveraging those APIs to build very cool applications. And the manifestation of that is CrowdStrike store where essentially we have as Josh mentioned, in his ski-notes, we have a agent cloud architecture that is very rich. And we said, okay, why can't we open that up for partners to enable them to leverage that architecture for their scenarios? So we have a lot of applications that are built on the CrowdStrike store, leveraging our platform, right. Areas that we are not in, for example. >> And here, describe it. Is there a PaaS layer that's purpose-built for CrowdStrike so that developers can build applications? >> That's a great question. So I'll say that we have a beginnings of a PaaS layer. We definitely talked about CrowdStrike store as being passed for cybersecurity but there's a lot more to do. And we are in the process of building up an application platform so that customers can build the applications for their SOC workflow or IT workflow and and Falcon Fusion is a key part of that. So Falcon Fusion is our automation platform built right into the security cloud. And what that enables customers to do is to define... Encode their business process the way they want and leverage the platform the way they want. >> It seems like a logical next step. Because you're going to enable a consistent experience across the board. And fulfill your promise, your brand promise, and the capabilities that you bring. And this ecosystem will explode once you announce that. >> And that's the notion we talk about of being the sales force of security. >> Right, right. Yeah. That's the next step. Amol, thank you so much. I got to run and wrap. We really appreciate you coming on theCUBE. >> Thank you very much. >> Congratulations on your keynote and all the success and great event. >> Appreciate it. Thank you very much for the time and great chatting with you. >> You're very welcome. All right, keep it right there. We'll be back very shortly to wrap up from Fal.Con 2022. This is Dave Vellante for theCUBE. (soft electronic music)

(bright music) >> Welcome back everyone to the live Cube coverage here in Boston, Massachusetts for AWS re:Inforce 22, with a great guest here, Denise Hayman, CRO, Chief Revenue of Sonrai Security. Sonrai's a featured partner of Season Two, Episode Four of the upcoming AWS Startup Showcase, coming in late August, early September. Security themed startup focused event, check it out. awsstartups.com is the site. We're on Season Two. A lot of great startups, go check them out. Sonrai's in there, now for the second time. Denise, it's great to see you. Thanks for coming on. >> Ah, thanks for having me. >> So you've been around the industry for a while. You've seen the waves of innovation. We heard encrypt everything today on the keynote. We heard a lot of cloud native. They didn't say shift left but they said don't bolt on security after the fact, be in the CI/CD pipeline or the DevStream. All that's kind of top of line, Amazon's talking cloud native all the time. This is kind of what you guys are in the middle of. I've covered your company, you've been on theCUBE before. Your, not you, but your teammates have. You guys have a unique value proposition. Take a minute to explain for the folks that don't know, we'll dig into it, but what you guys are doing. Why you're winning. What's the value proposition. >> Yeah, absolutely. So, Sonrai is, I mean what we do is it's, we're a total cloud solution, right. Obviously, right, this is what everybody says. But what we're dealing with is really, our superpower has to do with the data and identity pieces within that framework. And we're tying together all the relationships across the cloud, right. And this is a unique thing because customers are really talking to us about being able to protect their sensitive data, protect their identities. And not just people identities but the non-people identity piece is the hardest thing for them to reign in. >> Yeah. >> So, that's really what we specialize in. >> And you guys doing good, and some good reports on good sales, and good meetings happening here. Here at the show, the big theme to me, and again, listening to the keynotes, you hear, you can see what's, wasn't talk about. >> Mm-hmm. >> Ransomware wasn't talked about much. They didn't talk about air-gapped. They mentioned ransomware I think once. You know normal stuff, teamwork, encryption everywhere. But identity was sprinkled in everywhere. >> Mm-hmm. >> And I think one of the, my favorite quotes was, I wrote it down, We've security in the development cycle CSD, they didn't say shift left. Don't bolt on any of that. Now, that's not new information. We know that don't bolt, >> Right. >> has been around for a while. He said, lessons learned, this is Stephen Schmidt, who's the CSO, top dog on security, who has access to what and why over permissive environments creates chaos. >> Absolutely. >> This is what you guys reign in. >> It is. >> Explain, explain that. >> Yeah, I mean, we just did a survey actually with AWS and Forrester around what are all the issues in this area that, that customers are concerned about and, and clouds in particular. One of the things that came out of it is like 95% of clouds are, what's called over privileged. Which means that there's access running amok, right. I mean, it, it is, is a crazy thing. And if you think about the, the whole value proposition of security it's to protect sensitive data, right. So if, if it's permissive out there and then sensitive data isn't being protected, I mean that, that's where we really reign it in. >> You know, it's interesting. I zoom out, I just put my historian hat on going back to the early days of my career in late eighties, early nineties. There's always, when you have these inflection points, there's always these problems that are actually opportunities. And DevOps, infrastructure as code was all about APS, all about the developer. And now open source is booming, open source is the software industry. Open source is it in the world. >> Right. >> That's now the software industry. Cloud scale has hit and now you have the Devs completely in charge. Now, what suffers now is the Ops and the Sec, Second Ops. Now Ops, DevOps. Now, DevSecOps is where all the action is. >> Yep. >> So the, the, the next thing to do is build an abstraction layer. That's what everyone's trying to do, build tools and platforms. And so that's where the action is here. This is kind of where the innovation's happening because the networks aren't the, aren't in charge anymore either. So, you now have this new migration up to higher level services and opportunities to take the complexity away. >> Mm-hmm. >> Because what's happened is customers are getting complexity. >> That's right. >> They're getting it shoved in their face, 'cause they want to do good with DevOps, scale up. But by default their success is also their challenge. >> Right. >> 'Cause of complexity. >> That's exactly right. >> This is, you agree with that. >> I do totally agree with that. >> If you, you believe that, then what's next. What happens next? >> You know, what I hear from customers has to do with two specific areas is they're really trying to understand control frameworks, right. And be able to take these scenarios and build them into something that they, where they can understand where the gaps are, right. And then on top of that building in automation. So, the automation is a, is a theme that we're hearing from everybody. Like how, how do they take and do things like, you know it's what we've been hearing for years, right. How do we automatically remediate? How do we automatically prioritize? How do we, how do we build that in so that they're not having to hire people alongside that, but can use software for that. >> The automation has become key. You got to find it first. >> Yes. >> You guys are also part of the DevCycle too. >> Yep. >> Explain that piece. So, I'm a developer, I'm an organization. You guys are on the front end. You're not bolt-on, right? >> We can do either. We prefer it when customers are willing to use us, right. At the very front end, right. Because anything that's built in the beginning doesn't have the extra cycles that you have to go through after the fact, right. So, if you can build security right in from the beginning and have the ownership where it needs to be, then you're not having to, to deal with it afterwards. >> Okay, so how do you guys, I'm putting my customer hat on for a second. A little hard, hard question, hard problem. I got active directory on Azure. I got, IM over here with AWS. I wanted them to look the same. Now, my on-premises, >> Ah. >> Is been booming, now I got cloud operations, >> Right. >> So, DevOps has moved to my premise and edge. So, what do I do? Do I throw everything out, do a redo. How do you, how do you guys talk about, talk to customers that have that chance, 'cause a lot of them are old school. >> Right. >> ID. >> And, and I think there's a, I mean there's an important distinction here which is there's the active directory identities right, that customers are used to. But then there's this whole other area of non-people identities, which is compute power and privileges and everything that gets going when you get you know, machines working together. And we're finding that it's about five-to-one in terms of how many identities are non-human identities versus human identity. >> Wow. >> So, so you actually have to look at, >> So, programmable access, basically. >> Yeah. Yes, absolutely. Right. >> Wow. >> And privileges and roles that are, you know accessed via different ways, right. Because that's how it's assigned, right. And people aren't really paying that close attention to it. So, from that scenario, like the AD thing of, of course that's important, right. To be able to, to take that and lift it into your cloud but it's actually even bigger to look at the bigger picture with the non-human identities, right. >> What about the CISOs out there that you talk to. You're in the front lines, >> Yep. >> talking to customers and you see what's coming on the roadmap. >> Yep. >> So, you kind of get the best of both worlds. See what they, what's coming out of engineering. What's the biggest problem CISOs are facing now? Is it the sprawl of the problems, the hacker space? Is it not enough talent? What, I mean, I see the fear, what are, what are they facing? How do you, how do you see that, and then what's your conversations like? >> Yeah. I mean the, the answer to that is unfortunately yes, right. They're dealing with all of those things. And, and here we are at the intersection of, you know, this huge complex thing around cloud that's happening. There's already a gap in terms of resources nevermind skills that are different skills than they used to have. So, I hear that a lot. The, the bigger thing I think I hear is they're trying to take the most advantage out of their current team. So, they're again, worried about how to operationalize things. So, if we bring this on, is it going to mean more headcount. Is it going to be, you know things that we have to invest in differently. And I was actually just with a CISO this morning, and the whole team was, was talking about the fact that bringing us on means they have, they can do it with less resource. >> Mm-hmm. >> Like this is a a resource help for them in this particular area. So, that that was their value proposition for us, which I loved. >> Let's talk about Adrian Cockcroft who retired from AWS. He was at Netflix before. He was a big DevOps guy. He talks about how agility's been great because from a sales perspective the old model was, he called it the, the big Indian wedding. You had to get everyone together, do a POC, you know, long sales cycles for big tech investments, proprietary. Now, open sources like speed dating. You can know what's good quickly and and try things quicker. How is that, how is that impacting your sales motions. Your customer engagements. Are they fast? Are they, are they test-tried before they buy? What's the engagement model that you, you see happening that the customers like the best. >> Yeah, hey, you know, because of the fact that we're kind of dealing with this serious part of the problem, right. With the identities and, and dealing with data aspects of it it's not as fast as I would like it to be, right. >> Yeah, it's pretty important, actually. >> They still need to get in and understand it. And then it's different if you're AWS environment versus other environments, right. We have to normalize all of that and bring it together. And it's such a new space, >> Yeah. >> that they all want to see it first. >> Yeah. >> Right, so. >> And, and the consequences are pretty big. >> They're huge. >> Yeah. >> Right, so the, I mean, the scenario here is we're still doing, in some cases we'll do workshops instead of a POV or a POC. 90% of the time though we're still doing a POV. >> Yeah, you got to. >> Right. So, they can see what it is. >> They got to get their hands on it. >> Yep. >> This is one of those things they got to see in action. What is the best-of-breed? If you had to say best-of-breed in identity looks like blank. How would you describe that from a customer's perspective? What do they need the most? Is it robustness? What's some of the things that you guys see as differentiators for having a best-of-breed solution like you guys have. >> A best-of-breed solution. I mean, for, for us, >> Or a relevant solution for that matter, for the solution. >> Yeah. I mean, for us, this, again, this identity issue it, for us, it's depth and it's continuous monitoring, right. Because the issue in the cloud is that there are new privileges that come out every single day, like to the tune of like 35,000 a year. So, even if at this exact moment, it's fine. It's not going to be in another moment, right. So, having that continuous monitoring in there, and, and it solves this issue that we hear from a lot of customers also around lateral movement, right. Because like a piece of compute can be on and off, >> Yeah, yeah, yeah. >> within a few seconds, right. So, you can't use any of the old traditional things anymore. So to me, it's the continuous monitoring I think that's important. >> I think that, and the lateral movement piece, >> Yep. >> that you guys have is what I hear the most of the biggest fears. >> Mm-hmm. >> Someone gets in here and can move around, >> That's right. >> and that's dangerous. >> Mm-hmm. And, and no traditional tools will see it. >> Yeah. Yeah. >> Right. There's nothing in there unless you're instrumented down to that level, >> Yeah. >> which is what we do. You're not going to see it. >> I mean, when someone has a firewall, a perimeter based system, yeah, I'm in the castle, I'm moving around, but that's not the case here. This is built for full observability, >> That's right. >> Yet there's so many vulnerabilities. >> It's all open. Mm-hmm, yeah. And, and our view too, is, I mean you bring up vulnerabilities, right. It, it is, you know, a little bit of the darling, right. People start there. >> Yep. >> And, and our belief in our view is that, okay, that's nice. But, and you do have to do that. You have to be able to see everything right, >> Yep. >> to be able to operationalize it. But if you're not dealing with the sensitive data pieces right, and the identities and stuff that's at the core of what you're trying to do >> Yeah. >> then you're not going to solve the problem. >> Yeah. Denise, I want to ask you. Because you make what was it, five-to-one was the machine to humans. I think that's actually might be low, on the low end. If you could imagine. If you believe that's true. >> Yep. >> I believe that's true by the way If microservices continues to be the, be the wave. >> Oh, it'll just get bigger. >> Which it will. It's going to much bigger. >> Yeah. >> Turning on and off, so, the lateral movement opportunities are going to be greater. >> Yep. >> That's going to be a bigger factor. Okay, so how do I protect myself. Now, 'cause developer productivity is also important. >> Mm-hmm. >> 'Cause, I've heard horror stories like, >> Yep. >> Yeah, my Devs are cranking away. Uh-oh, something's out there. We don't know about it. Everyone has to stop, have a meeting. They get pulled off their task. It's kind of not agile. >> Right. Right. >> I mean, >> Yeah. And, and, in that vein, right. We have built the product around what we call swim lanes. So, the whole idea is we're prioritizing based on actual impact and context. So, if it's a sandbox, it probably doesn't matter as much as if it's like operational code that's out there where customers are accessing it, right. Or it's accessing sensitive data. So, we look at it from a swim lane perspective. When we try to get whoever needs to solve it back to the person that is responsible for it. So we can, we can set it up that way. >> Yeah. I think that, that's key insight into operationalizing this. >> Yep. >> And remediation is key. >> Yes. >> How, how much, how important is the timing of that. When you talk to your customer, I mean, timing is obviously going to be longer, but like seeing it's one thing, knowing what to do is another. >> Yep. >> Do you guys provide that? Is that some of the insights you guys provide? >> We do, it's almost like, you know, us. The, and again, there's context that's involved there, right? >> Yeah. >> So, some remediation from a priority perspective doesn't have to be immediate. And some of it is hair on fire, right. So, we provide actually, >> Yeah. >> a recommendation per each of those situations. And, and in some cases we can auto remediate, right. >> Yeah. >> If, it depends on what the customer's comfortable with, right. But, when I talk to customers about what is their favorite part of what we do it is the auto remediation. >> You know, one of the things on the keynotes, not to, not to go off tangent, one second here but, Kurt who runs platforms at AWS, >> Mm-hmm. >> went on his little baby project that he loves was this automated, automatic reasoning feature. >> Mm-hmm. >> Which essentially is advanced machine learning. >> Right. >> That can connect the dots. >> Yep. >> Not just predict stuff but like actually say this doesn't belong here. >> Right. >> That's advanced computer science. That's heavy duty coolness. >> Mm-hmm. >> So, operationalizing that way, the way you're saying it I'm imagining there's some future stuff coming around the corner. Can you share how you guys are working with AWS specifically? Is it with Amazon? You guys have your own secret sauce for the folks watching. 'Cause this remediation should, it only gets harder. You got to, you have to be smarter on your end, >> Yep. >> with your engineers. What's coming next. >> Oh gosh, I don't know how much of what's coming next I can share with you, except for tighter and tighter integrations with AWS, right. I've been at three meetings already today where we're talking about different AWS services and how we can be more tightly integrated and what's things we want out of their APIs to be able to further enhance what we can offer to our customers. So, there's a lot of those discussions happening right now. >> What, what are some of those conversations like? Without revealing. >> I mean, they have to do with, >> Maybe confidential privilege. >> privileged information. I don't mean like privileged information. >> Yep. I mean like privileges, right, >> Right. >> that are out there. >> Like what you can access, and what you can't. >> What you can, yes. And who and what can access it and what can't. And passing that information on to us, right. To be able to further remediate it for an AWS customer. That's, that's one. You know, things like other AWS services like CloudTrail and you know some of the other scenarios that they're talking about. Like we're, you know, we're getting deeper and deeper and deeper with the AWS services. >> Yeah, it's almost as if Amazon over the past two years in particular has been really tightly integrating as a strategy to enable their partners like you guys >> Mm-hmm. >> to be successful. Not trying to land grab. Is that true? Do you get that vibe? >> I definitely get that vibe, right. Yesterday, we spent all day in a partnership meeting where they were, you know talking about rolling out new services. I mean, they, they are in it to win it with their ecosystem. Not on, not just themselves. >> All right, Denise it's great to have you on theCUBE here as part of re:Inforce. I'll give you the last minute or so to give a plug for the company. You guys hiring? What are you guys looking for? Potential customers that are watching? Why should they buy you? Why are you winning? Give a, give the pitch. >> Yeah, absolutely. So, so yes we are hiring. We're always hiring. I think, right, in this startup world. We're growing and we're looking for talent, probably in every area right now. I know I'm looking for talent on the sales side. And, and again, the, I think the important thing about us is the, the fullness of our solution but the superpower that we have, like I said before around the identity and the data pieces and this is becoming more and more the reality for customers that they're understanding that that is the most important thing to do. And I mean, if they're that, Gartner says it, Forrester says it, like we are one of the, one of the best choices for that. >> Yeah. And you guys have been doing good. We've been following you. Thanks for coming on. >> Thank you. >> And congratulations on your success. And we'll see you at the AWS Startup Showcase in late August. Check out Sonrai Systems at AWS Startup Showcase late August. Here at theCUBE live in Boston getting all the coverage. From the keynotes, to the experts, to the ecosystem, here on theCUBE, I'm John Furrier your host. Thanks for watching. (bright music)

>>Welcoming into the cubes presentation of AWS startup showcase open cloud innovations. This is season two episode one of the ongoing series covering exciting hot startups from the AWS ecosystem. Today's episode. One of season two theme is open source community and the open cloud innovations. I'm your host, John farrier of the cube. And today we're excited to be joined by Loris Dajani who is the C T O chief technology officer and founder of cystic found that in his backyard with some wine and beer. Great to see you. We're here to talk about Falco finding cloud threats in real time. Thank you for joining us, Laura. Thanks. Good to see you >>Love that your company was founded in your backyard. Classic startup story. You have been growing very, very fast. And the key point of the showcase is to talk about the startups that are making a difference and, and that are winning and doing well. You guys have done extremely well with your business. Congratulations, but thank you. The big theme is security and as organizations have moved their business critical applications to the cloud, the attackers have followed. This is Billy important in the industry. You guys are in the middle of this. What's your view on this? What's your take? What's your reaction? >>Yeah. As we, as a end ecosystem are moving to the cloud as more and more, we are developing cloud native applications. We relying on CACD. We are relying on orchestrations in containers. Security is becoming more and more important. And I would say more and more complex. I mean, we're reading every day in the news about attacks about data leaks and so on. There's rarely a day when there's nothing major happening and that we can see the press from this point of view. And definitely things are evolving. Things are changing in the cloud. In for example, Cisco just released a cloud native security and usage report a few days ago. And the mundane things that we found among our user base, for example, 60, 66% of containers are running as rude. So still many organizations adopting a relatively relaxed way to deploy their applications. Not because they like doing it, but because it tends to be, you know, easier and a little bit with a little bit less ration. >>We also found that that 27% of users unnecessary route access in the 73% of the cloud accounts, public has three buckets. This is all stuff that is all good, but can generate consequences when you make a mistake, like typically, you know, your data leaks, no, because of super sophisticated attacks, but because somebody in your organization forgets maybe some data on it on a public history bucket, or because some credentials that are not restrictive enough, maybe are leaked to another team member or, or, or a Gita, you know, repository or something like that. So is infrastructures and the software becomes a let's a more sophisticated and more automated. There's also at the same time, more risks and opportunities for misconfigurations that then tend to be, you know, very often the sewers of, of issues in the cloud. >>Yeah, those self-inflicted wounds definitely come up. We've seen people leaving S3 buckets open, you know, it's user error, but, you know, w w those are small little things that get taken care of pretty quickly. That's just hygiene. It's just discipline. You know, most of the sophisticated enterprises are moving way past that, but now they're adopting more cloud native, right. And as they get into the critical apps, securing them has been challenging. We've talked to many CEOs and CSOs, and they say that to us. Yeah. It's very challenging, but we're on it. I have to ask you, what should people worry about when secure in the cloud, because they know is challenging, then they'll have the opportunity on the other side, what are they worried about? What do you see people scared of or addressing, or what should I be worried about when securing the cloud? >>Yeah, definitely. Sometimes when I'm talking about the security, I like to compare, you know, the old data center in that the old monolithic applications to a castle, you know, in middle aged castle. So what, what did you do to protect your castle? You used to build very thick walls around it, and then a small entrance and be very careful about the entrance, you know, protect the entrance very well. So what we used to doing that, that data center was protect everything, you know, the, the whole perimeter in a very aggressive way with firewalls and making sure that there was only a very narrow entrance to our data center. And, you know, as much as possible, like active security there, like firewalls or this kind of stuff. Now we're in the cloud. Now, it's everything. Everything is much more diffused, right? Our users, our customers are coming from all over the planet, every country, every geography, every time, but also our internal team is coming from everywhere because they're all accessing a cloud environment. >>You know, they often from home for different offices, again, from every different geography, every different country. So in this configuration, the metaphor data that they like to use is an amusement park, right? You have a big area with many important things inside in the users and operators that are coming from different dangerous is that you cannot really block, you know, you need to let everything come in and in operate together in these kinds of environment, the traditional protection is not really effective. It's overwhelming. And it doesn't really serve the purpose that we need. We cannot build a giant water under our amusement park. We need people to come in. So what we're finding is that understanding, getting visibility and doing, if you Rheodyne is much more important. So it's more like we need to replace the big walls with a granular network of security cameras that allow us to see what's happening in the, in the different areas of our amusement park. And we need to be able to do that in a way that is real time and allows us to react in a smart way as things happen because in the modern world of cloud five minutes of delay in understanding that something is wrong, mean that you're ready being, you know, attacked and your data's already being >>Well. I also love the analogy of the amusement park. And of course, certain rides, you need to be a certain height to ride the rollercoaster that I guess, that's it credentials or security credentials, as we say, but in all seriousness, the perimeter is dead. We all know that also moats were relied upon as well in the old days, you know, you secure the firewall, nothing comes in, goes out, and then once you're in, you don't know what's going on. Now that's flipped. There's no walls, there's no moats everyone's in. And so you're saying this kind of security camera kind of model is key. So again, this topic here is securing real time. Yeah. How do you do that? Because it's happening so fast. It's moving. There's a lot of movement. It's not at rest there's data moving around fast. What's the secret sauce to making real identifying real-time threats in an enterprise. >>Yeah. And in, in our opinion, there are some key ingredients. One is a granularity, right? You cannot really understand the threats in your amusement park. If you're just watching these from, from a satellite picture. So you need to be there. You need to be granular. You need to be located in the, in the areas where stuff happens. This means, for example, in, in security for the clowning in runtime, security is important to whoever your sensors that are distributed, that are able to observe every single end point. Not only that, but you also need to look at the infrastructure, right? From this point of view, cloud providers like Amazon, for example, offer nice facilities. Like for example, there's CloudTrail in AWS that collects in a nice opinionated consistent way, the data that is coming from multiple cloud services. So it's important from one point of view, to go deep into, into the endpoint, into the processes, into what's executing, but also collect his information like the cultural information and being able to correlate it to there's no full security without covering all of the basics. >>So a security is a matter of both granularity and being able to go deep and understanding what every single item does, but also being able to go abroad and collect the right data, the right data sources and correlated. And then the real time is really critical. So decisions need to be taken as the data comes in. So the streaming nature of security engines is becoming more and more important. So the step one of course, security, especially cost security, posture management was very much let's ball. Once in a while, let's, let's involve the API and see what's happening. This is still important. Of course, you know, you need to have the basics covered, but more and more, the paradigm needs to change to, okay, the data is coming in second by second, instead of asking for the data manually, once in a while, second by second, there's the moment it arrives. You need to be able to detect, correlate, take decisions. And so, you know, machine learning is very important. Automation is very important. The rules that are coming from the community on a daily basis are, are very important. >>Let me ask you a question, cause I love this topic because it's a data problem at the same time. There's some network action going on. I love this idea of no perimeter. You're going to be monitoring anything, but there's been trade offs in the past, overhead involved, whether you're monitoring or putting probes in the network or the different, there's all kinds of different approaches. How does the new technology with cloud and machine learning change the dynamics of the kinds of approaches? Because it's kind of not old tech, but you the same similar concepts to network management, other things, what what's going on now that's different and what makes this possible today? >>Yeah, I think from the friction point of view, which is one very important topic here. So this needs to be deployed efficiently and easily in this transparency, transparent as possible, everywhere, everywhere to avoid blind spots and making sure that everything is scheduled in front. His point of view, it's very important to integrate with the orchestration is very important to make use of all of the facilities that Amazon provides in the it's very important to have a system that is deployed automatically and not manually. That is in particular, the only to avoid blind spots because it's manual deployment is employed. Somebody would forget, you know, to deploy where somewhere where it's important. And then from the performance point of view, very much, for example, with Falco, you know, our open source front-end security engine, we really took key design decisions at the beginning to make sure that the engine would be able to support in Paris, millions of events per second, with minimal overhead. >>You know, they're barely measure measurable overhead. When you want to design something like that, you know, that you need to accept some kind of trade-offs. You need to know that you need to maybe limit a little bit this expressiveness, you know, or what can be done, but ease of deployment and performance were more important goals here. And you know, it's not uncommon for us is Dave to have users of Farco or commercial customers that they have tens of thousands, hundreds of thousands of machines. You know, I said two machines and sometimes millions of containers. And in these environments, lightweight is key. You want death, but you want overhead to be really meaningful and >>Okay, so a amusement park, a lot of diverse applications. So integration, I get that orchestration brings back the Kubernetes angle a little bit and Falco and per overhead and performance cloud scale. So all these things are working in favor. If I get that right, is that, am I getting that right? You get the cloud scale, you get the integration and open. >>Yeah, exactly. Any like ingredients over SEP, you know, and that, and with these ingredients, it's possible to bake a, a recipe to, to have a plate better, can be more usable, more effective and more efficient. That may be the place that we're doing in the previous direction. >>Oh, so I've got to ask you about Falco because it's come up a lot. We talked about it on our cube conversations already on the internet. Check that out. And a great conversation there. You guys have close to 40 million plus million downloads of, of this. You have also 80 was far gate integration, so six, some significant traction. What does this mean? I mean, what is it telling us? Why is this successful? What are people doing with Falco? I see this as a leading indicator, and I know you guys were sponsoring the project, so congratulations and propelled your business, but there's something going on here. What does this as a leading indicator of? >>Yeah. And for, for the audience, Falco is the runtime security tool of the cloud native generation such. And so when we, the Falco, we were inspired by previous generation, for example, network intrusion detection, system tools, and a post protection tools and so on. But we created essentially a unique tool that would really be designed for the modern paradigm of containers, cloud CIC, and salt and Falco essentially is able to collect a bunch of brainer information from your applications that are running in the cloud and is a religion that is based on policies that are driven by the community, essentially that allow you to detect misconfigurations attacks and normals conditions in your cloud, in your cloud applications. Recently, we announced that the extension of Falco to support a cloud infrastructure and time security by parsing cloud logs, like cloud trail and so on. So now Falba can be used at the same time to protect the workloads that are running in virtual machines or containers. >>And also the cloud infrastructure to give the audience a couple of examples, focused, able to detect if somebody is running a shelf in a radius container, or if somebody is downloading a sensitive by, from an S3 bucket, all of these in real time with Falco, we decided to go really with CR study. This is Degas was one of the team members that started it, but we decided to go to the community right away, because this is one other ingredient. We are talking about the ingredients before, and there's not a successful modern security tool without being able to leverage the community and empower the community to contribute to it, to use it, to validate and so on. And that's also why we contributed Falco to the cloud native computing foundation. So that Falco is a CNCF tool and is blessed by many organizations. We are also partnering with many companies, including Amazon. Last year, we released that far gate support for Falco. And that was done is a project that was done in cooperation with Amazon, so that we could have strong runtime security for the containers that are running in. >>Well, I've got to say, first of all, congratulations. And I think that's a bold move to donate or not donate contribute to the open source community because you're enabling a lot of people to do great things. And some people might be scared. They think they might be foreclosing and beneficial in the future, but in the reality, that is the new business model open source. So I think that's worth calling out and congratulations. This is the new commercial open source paradigm. And it kind of leads into my last question, which is why is security well-positioned to benefit from open source besides the fact that the new model of getting people enabled and getting scale and getting standards like you're doing, makes everybody win. And again, that's a community model. That's not a proprietary approach. So again, source again, big part of this. Why was security benefit from opensource? >>I am a strong believer. I mean, we are in a better, we could say we are in a war, right? The good guys versus the bad guys. The internet is full of bad guys. And these bad guys are coordinated, are motivated, are sometimes we'll find it. And we'll equip. We win only if we fight this war as a community. So the old paradigm of vendors building their own Eva towers, you know, their own self-contained ecosystems and that the us as users as, as, as customers, every many different, you know, environments that don't communicate with each other, just doesn't take advantage of our capabilities. Our strength is as a community. So we are much stronger against the big guys and we have a much better chance doing when this war, if we adopt a paradigm that allows us to work together. Think only about for example, I don't know, companies any to train, you know, the workforce on the security best practices on the security tools. >>It's much better to standardize on something, build the stack that is accepted by everybody and tell it can focus on learning the stack and becoming a master of the steak rounded rather than every single organization naming the different tool. And, and then B it's very hard to attract talent and to have the right, you know, people that can help you with, with your issues in, in, in, in, in, with your goals. So the future of security is going to be open source. I'm a strong believer in that, and we'll see more and more examples like Falco of initiatives that really start with, with the community and for the community. >>Like we always say an open, open winds, always turn the lights on, put the code out there. And I think, I think the community model is winning. Congratulations, Loris Dajani CTO and founder of SIS dig congratulatory success. And thank you for coming on the cube for the ADB startup showcase open cloud innovations. Thanks for coming on. Okay. Is the cube stay with us all day long every day with the cube, check us out the cube.net. I'm John furrier. Thanks for watching.

>>Okay, welcome back everyone to the cubes coverage here at AWS reinvent 2021, our annual conference here with the cube goes out the ground. We're in person live in person, also a hybrid event online as well. A lot of great content flowing day one in the books keynotes out there, big news wall-to-wall coverage I'm shot for a year. Hosts got a great segment here with AWS marketplace and revolution, how customers are buying and deploying their technologies, DB orbit, and GM radio's marketplace and control services. And Chris Casey, worldwide ed, a business development of data exchange for AWS gentlemen, welcome to the cube, John, >>Thanks for having us >>Pleasure to be here. So I'm a huge fan of the marketplace. People know that I believe that ultimately it's going to be automated at anyway, and that procurement and enterprises as they buy and as people work together and the big theme this year is kind of this whole purpose built stack, where SAS is going to be a lot of integrations where people are working together. You see multiple partners plugging in and snapping into AWS. That was a big part of Adam's keynote today. So this really kind of lays a perfect foundation for the path that you guys have been on, which is partnering, go to market buying and consuming technology. So what's the update. Give us a, uh, an overview high level, Steven of marketplace. >>Yeah, John. And again, thanks for having us. It's awesome to be here, meeting with customers and partners again for the first time in a couple of years, great to be meeting in person and interacting. So we're super excited about where we're going with the marketplace, as you all probably know, customers in every industry are really thinking about how they transform their business using modern technology. And it's not just about the technology that they're building themselves. It's also the tools that they want to get from their partners, which we're super excited to be able to offer them on marketplace. We're about to have our ten-year anniversary. We launched the first version of marketplace in April of 2012. And back then, you know, it was a very simple e-commerce website that builders could come and buy Amazon machine instances and pay by the hour running popular, open source package or operating system software, but we've come an awful long way since then and changed the surface area of the business quite a bit, um, from a product type perspective, we now offer, uh, our partners the opportunity to list and meter their SAS solutions. >>Um, adding to the army base, we allow partners to vend their container images, and we have some new updates I'll share with you in just a second on that this year in 2019 customers asked us for the same experience that they have buying software to apply to the way they licensed data. So we launched AWS data exchange in 2019, and then in 2020 last year, we, we, we recognize that customers wanted to be able to bundle professional services offerings and with the software that they buy. So we launched a professional services offering type two. And then when you start to combine that with all of the different procurement motions that we now support, it's no longer just the self-service e-commerce capabilities, but when customers want to privately negotiate deals with their vendors, they can do so with our private offer capability, which we were the first to launch in 2000, which we then complemented in 2018 with the ability for customers to negotiate with the channel partner, reseller a managed service provider of their choice. So when you start to combine all of these different product type offerings and ways, our partners can go to market through marketplace in an automated way with all of these procurement options. We now have 2000 sellers listing more than 12,000 offerings on the marketplace, which more than 325,000 customers around the world buy either directly from the seller or from the channel partner of their choice. And when you add all that up, we've seen this year alone, billions of products and services sold through the market. >>Wow. What a rocket ship from a catalog to a full-blown comprehensive consumption environment, which by the way, the market wants that fast speed, speed, time to market. Okay. So give me the update a year at reinvent. What announcement did you guys just announced that the partner summit this week? What's the, what's the news. Yeah. So there's a couple of, >>Um, we'll talk about one and then I'll hand it over to Chris to talk about the data exchange announcements. But the first announcement we made at the partner keynote yesterday was around our container offering. So in 2018, we launched the ability for partners to list container based offerings. So their software and containers, whether it be net app Druva, um, Palo Alto or others who are having their security or other software and containers that could then be deployed by customers into the AWS managed container environments. So that could be deployed into Amazon EKS, ECS, or AWS far gate, which is great for customers who run their container workloads and our managed services. But we have a lot of customers who run their own Kubernetes environments either on, um, on AWS, on premises or using another one of the, um, Kubernetes platforms that are out there like red hat open shift. >>So we're a lot of customers just said, I also want that third-party software to be easily deployable into my own Kubernetes environment. So we were super happy to announce on Monday what we call now, the AWS marketplace for containers anywhere, which allows our partners like Apollo Alto or a CrowdStrike or a Cisco to list containers on the marketplace that can be deployed into any Kubernetes environment that the customer is running, whether that be on, on AWS, on premises, into VM-ware Tansu red hat, OpenShift, rancher, um, or wherever they, wherever they're running their Kubernetes workloads. So that's super exciting. And then we have a couple of announcements on data exchange, ed that Chris talk about also >>The dictionary. I'm going to come back to the containers with some really important things I want to drill into. Go ahead. >>There's two pretty significant, which we believe at game-changing capabilities that we've recently announced with data exchange. The first one is AWS data exchange for API APIs, and really why this is quite significant is customers had told us that not a lot, not all of their data use cases were really geared towards them consuming full flat files, which is what we launched data exchange with in terms of a delivery capability two years ago. And so with AWS data exchange for APIs, customers can come and procure an API from a third party data provider and only procure the data that they need via an API request response. Um, what, why this is so significant is for data providers, they can bring their API APIs to AWS data exchange, make them really easily available for data subscribers to find and subscribe to. And then for data subscriber, they're interacting with that API in the same way that they're interacting with other AWS APIs and they can enjoy the same governance and control characteristics using services like I am in CloudTrail. >>Um, so that flexibility in a new delivery type is, is, is really meaningful for data subscribers. The second, uh, announcement that we we really went into yesterday was the preview of Amazon data exchange for Amazon Redshift. And this capability gives customers, um, data subscribers, the ability to access data in the data warehouse supported by Amazon Redshift. And the unique aspect about this is the data subscriber. Doesn't actually have to copy the data out of Amazon Redshift if they don't want to, they can query the data directly. And what's really meaningful for them. There is they know that they're actually querying the latest data that the data provider has because they're actually querying the same data warehouse table that the data provider is publishing into data. Providers really love this, especially those ones, those data providers that were already using Amazon Redshift to store their data, because now they don't have to manage the entitlements and subscription aspects of really making their data available to as many of their data consumers as possible. >>So basically what you're saying is it makes it easier for them to keep an update. They don't have to worry about merchandising that service. They just have API APIs rolled in and the other one is for developers to actually integrate new API APIs into their role and whatever services they're building. Is that right? >>Yeah. And it's, it's really the ultimate flexibility for a developer coming to AWS data exchange. If their use case warrants, them consuming a full dataset, you know, maybe they want to look at 10 years of stock history, you know, using file-based data delivery and immutable copies of those files through our S3 object, data sharing capabilities is fit for their use case. Um, but if they want to dynamically interact with data, AWS data exchange for API APIs is a brand new delivery capability that is really unlocking. And we hope we're really excited to see the innovation >>It's like you're bringing the API economy even further to the customer base on the third party. The question I have for both of you guys on the containers and the API is security because, you know, we've seen with containers, approved containers, being vetted, making sure that they're not going to have any malware in there or API is making sure everything's clean and tight. What's the, what are they? What's the security concerns. Can you share how you guys are talking about that? For sure. >>So it's probably comes as no surprise to you or folks who might be listening or tuning in that security has always been AWS is number one priority. We build it into everything we do. This offering is no different. We scan all of the container images that are published to our catalog before they're exposed to customers for any kind of known vulnerabilities. We're monitoring our catalog every single day now against new ones that might come out and customers actually tell us, it's one of the things that they like about buying software on marketplace, better than let's say other third party repositories that don't have the same level of vetting because they can kind of build that constant trust, um, into, >>And trust is a key cause you can get containers anywhere. You don't know where it's from. So you guys are actually vetting the containers, making sure they're certified. So to speak with Amazon's security check. >>We, we, we are indeed. And, uh, we have a number of security ISV who are participating in both our containers in our containers anywhere. It's one of the most high-performing categories for us. As I said before, we have vendors like CrowdStrike and Cisco and Palo Alto who are, you know, um, um, vending, various different endpoint and network security, um, uh, offerings >>It's my catalogs are for, I mean, this is what trust is all about. Making sure that you guys can put your name behind it in the marketplace. Okay. Let's take it through the consumption. What's the current state of the art with the marketplace with enterprises, you guys have a lot of programs. We're constantly hearing great things about the go to market with joint selling on the top tier. Uh, I think there's like the top tier category. And then you've got all kinds of other incentives for companies to deploy the marketplace and sell their stuff, >>Right? So we're, we're really starting to hit our stride with, uh, co-selling with our partners and some of our, um, you know, our top, most performing partners, they into every feature and capability and incentive program that we develop. Um, give us a lot of feedback on it. Just like we work backwards from customer needs to help them transform their procurement. We work backwards from our partner needs to help them optimize their go to market channel. And, uh, you know, we take feedback from our partners, uh, very seriously. And then we build things like private offers when they want to custom negotiate deals with their customers or channel partner, private offers when they want to do that with the channel partner of their choice. And we're just continuing to listen to that feedback and, and helping them grow their business. And, and, and frankly, you know, while a lot of partners love that we're able to help get them new customers. One of their favorite things about co-selling with us is that they're able to close larger contracts faster because they're doing that in concert with the AWS field teams and taking advantage of the fact that the customer's already building on AWS. >>So I know we've got a couple minutes left. I want to get this out there because I heard it I'd have to add him prior to re-invent. And he said, quote, we don't want, cus customers don't want to reinvent the wheel. And they see, that's why this whole purpose built kind of thing is getting traction. What do you guys got in the marketplace? That's what you'd call leveraging stuff has been built. So customers don't have to rebuild things. >>Yeah. I mean, if you just look back to the very beginning of marketplace, when we launched the marketplace of Amazon machine instances, it was basically pre-built armies that customers could deploy into their own accounts already running the third-party software that they wanted. And when I think about where we're going with things like procurement governance, uh, we developed a thing called a private marketplace where customers could curate the various different solutions from our catalog that they want, because they want to be able to control who in their enterprise can buy what, and that's just a whole bunch of manual work that they would have had to do and reinvent the wheel from every customer to every customer. And instead we just delivered them the capability to do that same with our managed entitlements capability, where they can share entitlements across AWS accounts, within their own organizational, without having to manually track who's used how much of what, and report that back to the seller to make sure that they're compliant with the terms and conditions. We handle all that. So our customers don't have to continue to reinvent that. >>Why? Well, because it's like open source concept. It's like you're building on things that are already built. You can build on top of it. As you guys see these recipes get, or workflows get rolled out, you put them back in the microwave. >>That's right. Always learning from customers and partners. And while we've grown quite a bit, 2000 sellers, 325,000 customers and billions of dollars of products and services sold, we still have so much more to go >>Between data exchange and what you guys got going on. It's not, it's not, it's complex as it gets more and more complex. I know you guys are abstracting away the complexity and the heavy lifting for customers. What's on the horizon for you guys. What are you tackling next? What's the next mountain you're going to climb on. >>There's still more automation we can drive into the co-selling motion. And, uh, um, uh, so that's one, there's more procurement and governance, uh, capabilities that we think we're going to be able to add to customers. Basically what they're telling us is are the chief procurement officers that we face off with. They want to be able to get the best deal at the lowest price, uh, with the best and most favorable terms and conditions. So we're trying to work backwards from that need to make sure we have the right category selection, wherever they might want it, whether it be an infrastructure provider or a line of business, um, uh, a line of business solution and make sure they're able to get exactly that >>Chris, back to you for your vision. I honestly, analytics is a big part of SAS and platform billing and metering and where the data is. Data exchange. Almost imagine that's going to have a nice headroom to it in terms of what you can do with data exchange. Yeah. >>If you look at the announcements we've recently made and sort of our vision for data exchanges to help any AWS customer find subscribe to and use third party data in the cloud. And these two recent announcements really help on that use portion where someone can actually create, you know, shorten the time to value for them using some of our analytics services like Amazon Redshift. So we'll continue to innovate there and listen to customers in terms of their feedback and how we can help them really integrate their data pipelines with the rest of the AWS ecosystem. But we're also continuing to invest in the find and subscribe to portion. Steven talked about some of the automation and we've built data exchange on top of the lot of the plumbing and building blocks that AWS marketplace already had, which was a pretty significant leg up for us, but certainly the way in which people discover and find new datasets that might help them in an analytics problem is certainly an area that, you know, we're going to continue to lean into. >>And exchange has been around for a long, long time. Now it's in the cloud generation and I think you guys have such a great job in the marketplace and this next gen has more and more platform. Specific products are coming out. Partners are snapping together, a lot more integration. So a lot more action coming on integration I can imagine. Right. That's right. Definitely. Right. Thanks for coming on the cube. Really appreciate it, Steve. A great to see you. >>Appreciate it. Thanks for having us always a pleasure. >>Great to have all the action from Amazon here, marketplace continuing to be the preferred way to consume and deploy technology, and soon to be an integration hub for this next generation cloud. I'm Jeff, where to keep your watching the queue of the leader in worldwide tech coverage. Be right back.

[Thomas Hazel] - Hello, this is Thomas Hazel, founder CTO here at ChaosSearch. And tonight I'm going to demonstrate a new feature we are offering this quarter called JSON Flex. If you're familiar with JSON datasets, they're wonderful ways to represent information. You know, they're multidimensional, they have ability to set up arrays as attributes but those arrays are really problematic when you need to expand them or flatten them to do any type of elastic search or relational access, particularly when you're trying to do aggregations. And so the common process is to exclude those arrays or pick and choose that information. But with this new Chaos Flex capability, our system uniquely can index that data horizontally in a very small and efficient representation. And then with our Chaos Refinery, expand each attribute as you wish vertically, so you can do all the basic and natural constructs you would have done if you had, you know, a more straightforward, two dimensional, three dimensional type representation. So without further ado, I'mma get into this presentation of JSON Flex. Now, in this case, I've already set up the service to point to a particular S3 account that has CloudTrail data, one that is pretty problematic when it comes down to flattening data. And again, if you know CloudTrail, one row can become 10,000 as data gets flattened. So without further ado, let me jump right in. When you first log into the ChaosSearch service, you'll see a tab called 'Storage'. This is the S3 account, and I have variety of buckets. I have the refinery, it's a data refinery. This is where we create views or lenses into these index streams that you can do analysis that publishes it in elastic API as an index pattern or relational table in SQL Now a particular bucket I have here is a whole bunch of demonstration datasets that we have to show off our capabilities and our offering. In this bucket, I have CloudTrail data and I'm going to create what we call a 'object group'. An object group is a entry point, a filter of which files I want to index that data. Now, it can be statically there or a live streaming. These object groups had the ability to say, what type of data do you want to index on? Now through our wizard, you can type in, you know, prefix in this case, I want to type in CloudTrail, and you see here, I have a whole bunch of CloudTrail. I'mma choose one file to make it quick and easy. But this particular CloudTrail data will expand and we can show the capability of this horizontal to vertical expansion. So I walked through the wizard, as you can see here, we discovered JSON, it's a gzip file. Leave flattening unlimited 'cause we want to be able to expand infinitely. But this case, instead of doing default virtual, I'm going to horizontally represent this information. And this uniquely compresses the data in a way that can be stored efficiently on disc but then expanded in our data refinery on Pond Query or search requests. So I'mma create this object group. Now I'm going to call this, you know, 'JSON Flex test' and I could set up live indexing, SQS pops up but I'mma skip that and skip Retention and just create it. Once this object group is created, you kind of think of it as a virtual bucket, 'cause it does filter the data as you can see here. When I look at the view, I just see CloudTrail, but within the console, I can say start indexing. Now this is static data there could be a live stream and we set up workers to index this data. Whether it's one file, a million files or one terabyte, or one petabyte, we index the data. We discover all the schema, and as you see here, we discovered 104 columns. Now what's interesting is that we represent this expansion in a horizontal way. You know, if you know CloudTrail records zero, record one, record two. This can expand pretty dramatically if you fully flatten it but this case we horizontally representing it as the index. So when I go into the data refinery, I can create a view. Now, if you know the data refinery of ChaosSearch, you can bring multiple data streams together. You can do transformations virtually, you can do correlations, but in this case, I'm just going to take this one particular index stream, we call 'JSON Flex' and walk through a wizard, we try to simplify everything and select a particular attribute to expand. Now, again, we represent this in one row but if you had arrays and do all the permutations, it could go one to 100 to 10,000. We had one JSON audit that went from one row to 1 million rows. Now, clearly you don't want to create all those permutations, when you're tryna put into a database. With our unique index technology, you can do it virtually and sort horizontally. So let me just select 'Virtual' and walk through the wizard. Now, as I mentioned, we do all these different transformations changed schema, we're going to skip all that and select the order time, records event and say, 'create this'. I'm going to say, you know, 'JSON Flex View', I can set up caching, do a variety of things, I'm going to skip that. And once I create this, it's now available in the elastic API as an index pattern, as well as SQL via our Presto API dialect. And you can use Looker, Tableau, et cetera. But in this case, we go to this 'Analytics tab' and we built in the Kibana, open search tooling that is Apache Tonetto. And I click on discovery here and I'm going to select that particular view. Again, it looks like, oops, it looks like an index pattern, and I'mma choose, let's see here, let's choose 15 years from past and present and make sure I find where actually was timed. And what you'll see here is, you know, sure. It's just one particular data set has a variety of columns, but you see here is unlike that record zero, records one, now it's expanded. And so it has been expanded like a vertical flattening that you would traditionally do if you wanted to do anything that was an elastic or a relational construct, you know, that fit into a table format. Now the 'vantage of JSON Flex, you don't have that stored as a blob and use these proprietary JSON API's. You can use your native elastic API or your native SQL tooling to get access to it naturally without that expense of that explosion or without the complexity of ETLing it, and picking and choosing before you actually put into the database. That completes the demonstration of ChaosSearch new JSON Flex capability. If you're interested, come to ChaosSearch.io and set up a free trial. Thank you.

>> Narrator: From around the globe, it's theCUBE with digital coverage of AWS re:Invent 2020 sponsored by Intel, AWS and our community partners. >> Hello, welcome back to theCUBE's Virtual Coverage of AWS re:Invent 2020 virtual. Normally we're in person. This year because of the pandemic, we're doing it remote. We're Cube Virtual covering AWS re:Invent Virtual. I'm John for your host. We are theCUBE Virtual, two great guests here Linda Tong a general manager, AppDynamics and Dave McCann vice-president of AWS migration, marketplace and control services. Welcome to theCUBE. >> Thanks so much for having us. >> Good to see you again John. >> Linda we were talking to some AppDynamics folks and some of your customers, obviously we've been following the growth of the marketplace for many years. The confluence of the tailwinds of the innovation going on with COVID and post COVID strategies is about helping customers where they are and they're not in the office anymore. They got to get the job done. This is really important on this cloud migration of getting software in the hands of people to write these modern apps. It's a big theme. What's your perspective on this right now, because you guys are partnered with Amazon, share your vision. >> Yeah, absolutely. And you nailed it. It's with COVID-19 our customers like IT organizations are finding this need to accelerate their migration to the cloud. And what's more important is they're finding that more and more of their customers are engaging through digital experiences and with the influx of people leaning on those digital experiences during COVID, performance issues are becoming more and more apparent. And so we're helping our customers as they migrate to the cloud. And specifically to AWS, it's a big partnership for us because we need to understand how our customers and how they manage performance through these transitions can stay flawless so that they can manage those experiences for their end users. >> Yeah, Dave, I've been watching this discovery observation space, observability, service meshes, Kubernetes, cloud native higher level services have really gotten popularity have gone mainstream. So there's more and more demand for I won't call it point products. That's an old term, but in the cloud, these are just higher level services that people are adopting more of. You're seeing huge pickup in the marketplace of companies who are selling through there and engaging but it's not just selling, you're integrating. What's your vision for all of this? >> So, John, you're absolutely right. Our customers as they migrate more and more applications to the cloud and in some regulated industries they still have applications running on premise. They're really actually standing up a new operating model where they not only want observability of what's going on but I feel what we would call service management framework or a set of tools to manage the application portfolio. And companies around the world are putting together new common instance of AWS native services, such as CloudWatch CloudTrail, Service Catalog, AWS Config, Control Tower with best in class vendors like Cisco AppDynamics. And each company is building their own collection of tools into management framework that allows them to optimally modernize and manage their application portfolio. And it's a rising topic around the world. >> Linda, I want to get back to you on AppDynamics you're the leader of the team as general manager, congratulations. You know a little bit about software in the cloud and CloudScale and your career going back to Google now at AppDynamics you've seen a lot of the changes. What specifically value do you see AppDynamics and Amazon bringing to the market today? Because the world's changed. It's still large scale, there's faster speed but you can't just buy things like anymore, I've got to go in send a ticket request, go to procurement, developers want to integrate immediately. They need to integrate when they see a problem they got to integrate technology. This seems to be a trend. What's your, where is AppDynamics bringing the value of AWS to the market? >> Absolutely I think it's threefold. One it's for a lot of these developers, as they start to migrate their applications and modernize them with AWS and all the great services that are available we can partner to help them with that modernization effort while giving them visibility into the performance of those applications to make sure that they don't miss a beat as they deploy those on these new sets of services over AWS. The second thing is, for those customers that are leveraging AWS for that migration, we have a seamless integration between AppDynamics and AWS. So you can buy our service directly through AWS marketplace. So that becomes a really easy procurement. And then on top of that, as, a lot of developers have to manage hybrid employments, so new modern applications has done AWS as well as some of their traditional applications that are talking to each other. They can get that full end to end visibility leveraging AppDynamics so that they can understand what's going on across the entirety of their business as they start to lead these transformations across our organization. >> Dave, just comment on if you can, 'cause I know a little bit about some of the things you put in place, the enterprise I forget development or sales program where at the prices can be more friendly. I think this is kind of a use case where this is proving enterprises can get what they need in the marketplace that not only is it successful but you have traction with this. What's you take on... >> There's a number of motions that we're doing there John, to help large companies around the world who may have, dozens, hundreds and in comes cases with fortune 100 they're thousands of applications. And so you actually have to solve multiple challenges that the company has. On the procurement side, we're obviously working with AppDynamics to publish as a service right in AWS marketplace. And we have over 300,000 customers worldwide only AWS marketplace who are subscribing to software and provisioning out to hundreds and thousands of developers, all of whom are using their own AWS accounts. So on that provisioning and subscription experience we work deeply with the AppDynamics team to meet that a really seamless experience from discovery to provision to meter and billing. On the interoperability front, as Linda mentioned, our customers want these best in class tools like AppDynamics to work well with the other AWS services so that they can really have a very modern DevOps pipeline for those applications that are moving to more of a CICD model. And for people who are still running in a bit more of an Intel, ITSM model, they've still got to manage and monitor applications that haven't quite got there in the full modernization stack. So this is actually happening not just with the customer, the enterprise or with the ISV AppDynamics, this transitions' also working with all the consulting firms. And a lot of the large software resellers around the world, the computer centers of Europe the right spaces, the presidios of North America. The DXEs of Asia Pacific. These consulting partners are also using tools such as AppDynamics so to become a managed service provider. And in some cases on that journey to the cloud no join the customer saying I'm really busy I'm modernizing applications. Hey consulting partner, can you manage some part of my infrastructure, some part of my stack? And tools like AppDynamics and Kubernetes and AWS become really central tool kits to the new emerging managed service providers that are all around the world. >> Yeah, and I talked about this years ago with Andy Jassy and I think we were riffing on this run this new set of category creations of services and companies. Linda this appears to be one of those cases where, there's a category with existing spend and existing customers. So what he just said is interesting. And I want to get your thoughts because these are these points of these new areas where AppDynamics can potentially help enterprises. What are some of the areas that you see AppDynamics helping enterprises in their cloud adoption journey 'cause they want some cloud native we see Hybrid and all the announcements, Outpost, now Edge it's a distributed computer. You need to have software at every piece of the puzzle. So what's your, what areas can you share specifically? >> Absolutely and so, like Dave was just saying it's, as these organizations start to make these major cloud migrations, one, their applications are getting actually significantly more complex than they've ever been. And they're now spanning a much broader ecosystem than they've ever spanned before. So that the kind of coverage that IT organizations and DevOps needs to cover not only is seeing this explosion of data but it's also now spanning areas of control that some of these folks have never had to think about before. And so the value of AppDynamics is our ability to be able to ingest data from your cloud native applications your traditional applications, all different sources of domain data that you want to get including things like security data. So we can start to correlate that in a meaningful way and then tie that back to business insights. And so the way that AppDynamics is actually bringing value to the table is not only helping our customers get visibility across the entire stack, but actually only surfacing the most meaningful insights to help them act on that those performance issues that they might see and more meaningfully manage their businesses. >> Linda I think you guys are onto something really big not just on the wave and just the positioning but one of the trends that we're reporting and we're going to be teasing out all week three weeks here is automation is great but that's just baseline. Everything is a service really speaks to some of the things that you guys have to put in place 'cause the mandate is everything should be a service. Now, I mean, I'm overgeneralizing but that's generally the ivory tower C suite message. Make it as a service cloud scale is beautiful, but then you when you pass it down to the teams, that's like that's not easy boss. It's not easy to do. That's really kind of what you're getting at here. It's not just automation and DevOps. It's the business model. >> Absolutely it's the intelligence it's once you create thousands and thousands of services, how do you manage them effectively and know what matters and what doesn't? >> Dave your final word here on on this point is when you think about that if you believe that to be true, then I'm just going to be downloading services whenever I need them. So it's almost like quasi self service managed services kind of coming together in real time or with my off base there. What's your take on that? >> No, we're actually working together with that dynamic and so all these kinds of things. So as we proliferate services, John and, AWS has got over 175 services and application is made up of many components. So how do you actually correlate an associate all the resources that make up that application? And if you think about dynamics name is the application and dynamics what's going on with the application. So we actually just launched today service catalog application registry, which is a new API surface for the AWS service catalog that allows you to define NGS on all the AWS resources from a cloud formation stack set all the way down into an easy to instance and associate that's an application known. And so the higher level of abstraction is what we talked about is management of the application. And what customers want to do, CIO's want to manage the application all the resources associated through the application whether the application is running well, is it secure? Is it on budget? Whether it's actually running? So application management is kind of where people are going even though their application is made up of dozens of associated services. So this is the next frontier. >> Well you guys are just great to have on world-class partnership two leaders, AppDynamics, story history they continue to do well. And even now with the world going on, Dave congratulations on your success. Final question for both of you is, where's the partnership go from here? I think it's a great success story. What's in the store for the future? >> Linda. >> Yeah to the moon. It's look AWS is an amazing partner. And Dave is a great guy to work with and where we are going is to help our customers build world-class applications and be able to manage them and modernize those effectively. And there's no way we could do that without partners at AWS. So it's a, there's a long-term relationship here. >> Well, congratulations, Linda Tong general manager AppDynamics. Thanks for coming on, and virtually at least we'll see you on the Interwebs during the next couple of weeks here, Virtual re:Invent Dave McCann. Of course, we'll see you again and great to watch you continue to grow. Is there any new title is going to add to your thing marketplace now it's migration, control services come on. >> With innovation culture we keep innovating. >> Great to have you guys on. Thanks for, thanks for sharing, appreciate it. >> John, Linda thank you very much. >> Thanks. >> Thanks for that great insight. Really appreciate it. I'm John from theCUBE you're watching coverage of re:Invent 2020. This is theCUBE virtual. (upbeat music)

>> (upbeat music) >> Announcer: From around the globe, it's theCUBE with digital coverage of AWS Public Sector Partner Awards Brought to you by Amazon Web Services. >> Hi, and welcome back. I'm Stu Miniman and this is theCUBE's coverage of Amazon Web Services, Public Sector Awards for their partners. Really interesting, we get to talk to people around the globe, we talked to the vendors, the award winners as well as their customers who have some interesting projects. So happy to welcome to the program coming to us from Argentina. I have Leo Bracco. He is the Latin American Executive Director for CloudHesive and joining him, his customer Carolina Tchintian. She is the Director of the Political Institution Program at CIPPEC. Thank you so much for joining us. >> Thank you. >> Thank you for having us. >> All right, so Leo, first of all, let's start with you if we could. So CloudHesive first of all, congratulations, you were the Nonprofit Sector award winner for cybersecurity solutions. Of course, anybody that knows public sector, there's the government agencies, there's nonprofits there's education. The cybersecurity of course, went from the top priority to the top, top priority here in 2020. So if you could just give us a snapshot of CloudHesive for our customer. >> Well, CloudHesive is a US based company, started six years ago in 2014. And we decide a couple of years ago to move to Latin America and to start working with Latin America customers. Our offices are in Argentina right now. And one of the focus that we have in the solutions that we give to our customers is security. We work on services to help companies to reduce the cost, increase productivity, and what should the security posture? So we've been working a long time ago to many NPOs, and seeing how they can leverage the solutions and how they can give secure, how to be secure in the world. In the internet. >> All right, Carolina, if you could tell us a little bit about the CIPPEC and maybe then key us up as the project that you're working on. >> Okay, thank you. So CIPPEC is a nonprofit think tank, nonprofit organization, independent organization that aims to deliver better public policies in different areas. In economic development, in social protection and state and government. My particular program, the political institutions program goal is, or the mission is basically to promote evidence based decisions to improve democratic processes and to guarantee civil and political rights across all the countries. So we on issues such as improving election administrations, legislative work, representation, and that's our area of work. >> Wonderful. Sounds like a phenomenal project. Leo, if you could help us understand where did CloudHesive get involved in this project? Was there an existing relationship already, or was it for a specific rollout? that tell us about, obviously the security angles are a big piece? >> No, we didn't have a previous engagement with them. They come to us with a very short time to elections and they need a secure solution. So we first have to analyze the actual solution, how it works, acknowledging well the current infra that they have. Then we have to understand the challenge that they're facing. They have a very public site, they need to go public and they need to be very secure. And the last, we have to develop a fast migration strategy. We knew that AWS was the perfect fit for the need. So we just had to align a good strategy with the customer need. And all these it has been done in less than 72 hours. That was our deadline to elections. >> Wow, talk about fast. Okay, Carolina, help us understand a little bit. Had your organization, had you been using a Cloud before? Seventy-two hours is definitely an aggressive timeline. So help us understand a little bit as to what went into making your decision and obviously, 72 hours super short timeframe. >> Super, super short. Yeah, that was a big challenge. So let me tell you more about what we do and the context. So Argentina holds elections, national elections every two years. In each election year CIPPEC tries to generate and systematize analysis of provincial and national elections with the goal of informing key actors in the electoral processes. This is and decision makers, political parties, media, and general population. So as our first experience in 2017, with informed voter project, we had this collaboration with the National Electoral Authorities in which we created a landing page in our website where you could find as the voter, all of the information you need to go and cast your vote throughout the entire election process. Meaning from the campaign stage, election administration details, polling places, electoral offer, participation et cetera. So that was a landing page hosted in our website. And in 2017, we managed to have a button in every eligible voter in Argentina Facebook feed. So you could go click there and go to our website, right. And have all of the information summarize in a very simple way, straightforward way. So what happened in the 2017 election day is that the button was so successful that the landing page made our server to collapse in the first hours of the election day. So we learned a huge lesson there, which was that we had to be prepared in 2019, if we wanted to repeat this experience. And that is how we get to CloudHesive. >> Wonderful, Leo, if you could, help us understand a little bit architecturally what's going on there, what was CoHesive doing, what AWS services were leveraged? >> Perfect. Well we need great reliability, performance, scalability of course and the main thing security. We have no doubt about the Cloud and all the differentials of AWS. Our main question was about how do we align the right services to give the best solution to the customer? So we did kind of strategy with S3, CloudFront, and we, at the same time being monitorizing everything with CloudTrail and securing the public's access to all of these information. That give us a perfect fit for the solution, a very easy solution and very of course scalable, but more than anything, we could improve the customer experience in very small amount of time. So this is a very simple solution, that fits perfect for the customer. >> Wonderful. Carolina, if you could, tell us how did things go? What lessons have you learned? Anything along the way that you would give feedback to your peers or other organizations that were looking to do something similar? >> Yeah, well, the 2017 experience was a very tough experience for us because we've been preparing for election day during the 2016 and 2017. And the infrastructure was the limit we had in that point. So we couldn't afford ... We have a commitment with informing voters and informing key actors on election process. And these key actors are expecting that information on election day, before, and after. The lesson there is, we cannot be limited by the infrastructure. Assuming that in 2019, that the landing page would receive a similar amount or a huge amount of traffic volume visits on the election day, basically, we knew that traditional hosting service couldn't fulfill those needs so we had to go beyond traditional and the partner was critical to help us to the migration, to the Cloud. >> Yeah, Leo, maybe you could speak a little bit to that, the scalability, and of course, nonprofit's very sensitive to costs involved in these solutions. Help us understand that those underpinnings of leveraging, AWS specifically in CloudHesive. How this meets their needs and still is financially, makes sense. >> Perfect. When you have this kind of solutions, of course, your first concern is, okay, how do I make a scalable solution that fits on the, just on this moment that they need the behavior for so many infrastructure involved. And then at the other day, they need no infra at all, but you have another two big things that you have to focus on. One, is the security, you need to monitor all the behaviors of the content and pay attention to any external menace. You have one 24-hour day, so you need to be very responsibility and high sensitive information that the customer has on the set of data there. It's good to say that we have no security incidents, and no security breach during the most public stage of the operation, so that there was very good for us. The next thing is from the delivery perspective. You have a potential pick of people over the side to usually manage the content delivery network to answer all the requirements. You must be able to share the content in CloudFront, and so you have, and you can achieve your goals, right? And what I can say, it's about numbers, we achieve more than 99.5 efficiency hit rate you over the CDN, that's over CloudFront. And we kept server CPU such below 10% all the time. So this was a major success for us. Like we have no trouble, we use things at the most. And most of anything, the customer has the security, everything look from our perspective. (mumbles) >> Leo, what follow up if I could, if you look at 2020 being able to scale and respond to the changes in workload and be able to stay secure when bad actors, many people are working at home, but doesn't mean the bad actors aren't out there. We've actually seen an increase in security attacks. So just, do you have any commentary overall about what's happening more recently in what you see in your space? >> Yeah, well, we're very focused right now and while security is being each time bigger, right? One of the biggest menace in security is our own team, because we have to keep our teams auto align to the process and understanding the security as a first step doing things from the network perspective. Then we have a very good experience over this last two years, with all the security tools that AWS is seeking to the market. So we now have CloudTrail. We can do many things with WAF we're working towers of new good security solutions. And so I think this will be the future. We have to focus ourself in these two pillars. The first pillar is, okay, what we can do on our own network and the other pillar's, all the tools that AWS is giving us so we can manage security from a new perspective. >> Carolina, last question that I have for you is, look forward a little bit, if you will, are there things that you'll be looking to do in future election cycles or anything else from this project that you could expect going forward? >> Yeah, definitely. We're going to repeat this experience in 2021. Trying to think of the success was the 2019 election cycle. And in this particular informed voter project, we might want to keep doing this for the next election cycles, not only 2023 now, but for the future. >> All right then, Leo, last piece for you, first of all, congratulations, again, winning Best Cyber Security Solution for Nonprofit. Just talk a little bit if you would, about your partnership with AWS and specifically, the requirements and what you see in the nonprofit segment. >> Well, we see that the nonprofit are growing large too, they will need very good scalable solutions. We see that all the focus that we have in on security is the next need because we have been working on these towers to the future. The solutions kept growing each time. The networks are growing each time. And the traffic is growing. The focus on the security will be one of the appendix of our work in the future. And I think that's the biggest issue that we are going to have. Having good engineers, good hard work and manage the challenge and consolidate all the solution as a need. Right now, we're working on many projects with different NGO's and we're working towers that they have the solution that fits them. And of course, we try to keep, in all the public sector, we try to keep the cost at a range level that we can afford that our customers can afford. That's I think, a big problem that we're having. >> Well, Carolina, congratulations on the progress with your project. Thank you so much for joining us. And Leo, thank you again for joining us and congratulations to you and the CloudHesive team for winning the award. >> Thanks. >> Thank you very much. >> All right, stay tuned for more coverage, theCUBE, at the AWS Public Sector Partner Awards. I'm Stu Miniman. Thanks for watching. (upbeat music)

(upbeat music) >> Announcer: From theCUBE studios in Palo Alto, in Boston, connecting with thought leaders all around the world. This is a CUBE conversation. >> Hi, and welcome back. I'm Stu Miniman and this is theCUBE's coverage of Amazon Web Services, Public Sector Awards for their partners. Really interesting, we get to talk to people around the globe, we talked to the vendors, the award winners as well as their customers who have some interesting projects. So happy to welcome to the program coming to us from Argentina. I have Leo Bracco. He is the Latin American Executive Director for CloudHesive and joining him, his customer Carolina Tchintian. She is the Director of the Political Institution Program at CIPPEC. Thank you so much for joining us. >> Thank you. >> Thank you for having us. >> All right, so Leo, first of all, let's start with you if we could. So CloudHesive first of all, congratulations, you were the Nonprofit Sector award winner for cybersecurity solutions. Of course, anybody that knows public sector, there's the government agencies, there's nonprofits there's education. The cybersecurity of course, went from the top priority to the top, top priority here in 2020. So if you could just give us a snapshot of CloudHesive for our customer. >> Well, CloudHesive is a US based company, started six years ago in 2014. And we decide a couple of years ago to move to Latin America and to start working with Latin America customers. Our offices are in Argentina right now. And one of the focus that we have in the solutions that we give to our customers is security. We work on services to help companies to reduce the cost, increase productivity, and what should the security posture? So we've been working a long time ago to many NPOs, and seeing how they can leverage the solutions and how they can give secure, how to be secure in the world. In the internet. >> All right, Carolina, if you could tell us a little bit about the CIPPEC and maybe then key us up as the project that you're working on. >> Okay, thank you. So CIPPEC is a nonprofit think tank, nonprofit organization, independent organization that aims to deliver better public policies in different areas. In economic development, in social protection and state and government. My particular program, the political institutions program goal is, or the mission is basically to promote evidence based decisions to improve democratic processes and to guarantee civil and political rights across all the countries. So we on issues such as improving election administrations, legislative work, representation, and that's our area of work. >> Wonderful. Sounds like a phenomenal project. Leo, if you could help us understand where did CloudHesive get involved in this project? Was there an existing relationship already, or was it for a specific rollout? that tell us about, obviously the security angles are a big piece? >> No, we didn't have a previous engagement with them. They come to us with a very short time to elections and they need a secure solution. So we first have to analyze the actual solution, how it works, acknowledging well the current infra that they have. Then we have to understand the challenge that they're facing. They have a very public site, they need to go public and they need to be very secure. And the last, we have to develop a fast migration strategy. We knew that AWS was the perfect fit for the need. So we just had to align a good strategy with the customer need. And all these it has been done in less than 72 hours. That was our deadline to elections. >> Wow, talk about fast. Okay, Carolina, help us understand a little bit. Had your organization, had you been using a Cloud before? Seventy-two hours is definitely an aggressive timeline. So help us understand a little bit as to what went into making your decision and obviously, 72 hours super short timeframe. >> Super, super short. Yeah, that was a big challenge. So let me tell you more about what we do and the context. So Argentina holds elections, national elections every two years. In each election year CIPPEC tries to generate and systematize analysis of provincial and national elections with the goal of informing key actors in the electoral processes. This is and decision makers, political parties, media, and general population. So as our first experience in 2017, with informed voter project, we had this collaboration with the National Electoral Authorities in which we created a landing page in our website where you could find as the voter, all of the information you need to go and cast your vote throughout the entire election process. Meaning from the campaign stage, election administration details, polling places, electoral offer, participation et cetera. So that was a landing page hosted in our website. And in 2017, we managed to have a button in every eligible voter in Argentina Facebook feed. So you could go click there and go to our website, right. And have all of the information summarize in a very simple way, straightforward way. So what happened in the 2017 election day is that the button was so successful that the landing page made our server to collapse in the first hours of the election day. So we learned a huge lesson there, which was that we had to be prepared in 2019, if we wanted to repeat this experience. And that is how we get to CloudHesive. >> Wonderful, Leo, if you could, help us understand a little bit architecturally what's going on there, what was CoHesive doing, what AWS services were leveraged? >> Perfect. Well we need great reliability, performance, scalability of course and the main thing security. We have no doubt about the Cloud and all the differentials of AWS. Our main question was about how do we align the right services to give the best solution to the customer? So we did kind of strategy with S3, CloudFront, and we, at the same time being monitorizing everything with CloudTrail and securing the public's access to all of these information. That give us a perfect fit for the solution, a very easy solution and very of course scalable, but more than anything, we could improve the customer experience in very small amount of time. So this is a very simple solution, that fits perfect for the customer. >> Wonderful. Carolina, if you could, tell us how did things go? What lessons have you learned? Anything along the way that you would give feedback to your peers or other organizations that were looking to do something similar? >> Yeah, well, the 2017 experience was a very tough experience for us because we've been preparing for election day during the 2016 and 2017. And the infrastructure was the limit we had in that point. So we couldn't afford ... We have a commitment with informing voters and informing key actors on election process. And these key actors are expecting that information on election day, before, and after. The lesson there is, we cannot be limited by the infrastructure. Assuming that in 2019, that the landing page would receive a similar amount or a huge amount of traffic volume visits on the election day, basically, we knew that traditional hosting service couldn't fulfill those needs so we had to go beyond traditional and the partner was critical to help us to the migration, to the Cloud. >> Yeah, Leo, maybe you could speak a little bit to that, the scalability, and of course, nonprofit's very sensitive to costs involved in these solutions. Help us understand that those underpinnings of leveraging, AWS specifically in CloudHesive. How this meets their needs and still is financially, makes sense. >> Perfect. When you have this kind of solutions, of course, your first concern is, okay, how do I make a scalable solution that fits on the, just on this moment that they need the behavior for so many infrastructure involved. And then at the other day, they need no infra at all, but you have another two big things that you have to focus on. One, is the security, you need to monitor all the behaviors of the content and pay attention to any external menace. You have one 24-hour day, so you need to be very responsibility and high sensitive information that the customer has on the set of data there. It's good to say that we have no security incidents, and no security breach during the most public stage of the operation, so that there was very good for us. The next thing is from the delivery perspective. You have a potential pick of people over the side to usually manage the content delivery network to answer all the requirements. You must be able to share the content in CloudFront, and so you have, and you can achieve your goals, right? And what I can say, it's about numbers, we achieve more than 99.5 efficiency hit rate you over the CDN, that's over CloudFront. And we kept server CPU such below 10% all the time. So this was a major success for us. Like we have no trouble, we use things at the most. And most of anything, the customer has the security, everything look from our perspective. (mumbles) >> Leo, what follow up if I could, if you look at 2020 being able to scale and respond to the changes in workload and be able to stay secure when bad actors, many people are working at home, but doesn't mean the bad actors aren't out there. We've actually seen an increase in security attacks. So just, do you have any commentary overall about what's happening more recently in what you see in your space? >> Yeah, well, we're very focused right now and while security is being each time bigger, right? One of the biggest menace in security is our own team, because we have to keep our teams auto align to the process and understanding the security as a first step doing things from the network perspective. Then we have a very good experience over this last two years, with all the security tools that AWS is seeking to the market. So we now have CloudTrail. We can do many things with WAF we're working towers of new good security solutions. And so I think this will be the future. We have to focus ourself in these two pillars. The first pillar is, okay, what we can do on our own network and the other pillar's, all the tools that AWS is giving us so we can manage security from a new perspective. >> Carolina, last question that I have for you is, look forward a little bit, if you will, are there things that you'll be looking to do in future election cycles or anything else from this project that you could expect going forward? >> Yeah, definitely. We're going to repeat this experience in 2021. Trying to think of the success was the 2019 election cycle. And in this particular informed voter project, we might want to keep doing this for the next election cycles, not only 2023 now, but for the future. >> All right then, Leo, last piece for you, first of all, congratulations, again, winning Best Cyber Security Solution for Nonprofit. Just talk a little bit if you would, about your partnership with AWS and specifically, the requirements and what you see in the nonprofit segment. >> Well, we see that the nonprofit are growing large too, they will need very good scalable solutions. We see that all the focus that we have in on security is the next need because we have been working on these towers to the future. The solutions kept growing each time. The networks are growing each time. And the traffic is growing. The focus on the security will be one of the appendix of our work in the future. And I think that's the biggest issue that we are going to have. Having good engineers, good hard work and manage the challenge and consolidate all the solution as a need. Right now, we're working on many projects with different NGO's and we're working towers that they have the solution that fits them. And of course, we try to keep, in all the public sector, we try to keep the cost at a range level that we can afford that our customers can afford. That's I think, a big problem that we're having. >> Well, Carolina, congratulations on the progress with your project. Thank you so much for joining us. And Leo, thank you again for joining us and congratulations to you and the CloudHesive team for winning the award. >> Thanks. >> Thank you very much. >> All right, stay tuned for more coverage, theCUBE, at the AWS Public Sector Partner Awards. I'm Stu Miniman. Thanks for watching. (upbeat music)

>> Announcer: Live from Las Vegas, it's theCUBE, covering AWS re:Invent 2019. Brought to you by Amazon Web Services and Intel along with its ecosystem partners. >> Welcome back to the eighth year of AWS re:Invent. It's 2019. There's over 60,000 in attendance. Seventh year of theCUBE. Wall-to-wall coverage, covering all the angles of this broad and massively-growing ecosystem. I am Stu Miniman. My co-host is Justin Warren, and one of our Cube alumni are back on the program. Ramin Sayar, who is the president and CEO of Sumo Logic. >> Stu: Booth always at the front of the expo hall. I think anybody that's come to this show has one of the Sumo-- >> Squishies. >> Stu: Squish dolls there. I remember a number of years you actually had live sumos-- >> Again this year. >> At the event, so you know, bring us, the sixth year you've been at the show, give us a little bit of the vibe and your experience so far. >> Yeah, I mean, naturally when you've been here so many times, it's interesting to be back, not only as a practitioner who's attended this many years ago, but now as a partner of AWS, and seeing not only our own community growth in terms of Sumo Logic, but also the community in general that we're here to see. You know, it's a good mix of practitioners and business folks from DevOps to security and much, much more, and as we were talking right before the show, the vendors here are so different now then it was three years go, let alone six years ago. So, it's nice to see. >> All right, a lot of news from Amazon. Anything specific jump out from you from their side, or I know Sumo Logic has had some announcements this week. >> Yeah, I mean, like, true to Amazon, there's always a lot of announcements, and, you know, what we see is customers need time to understand and digest that. There's a lot of confusion, but, you know, selfishly speaking from the Sumo side, you know, we continue to be a strong AWS partner. We announced another set of services along with AWS at this event. We've got some new competencies for container, because that's a big aspect of what customers are doing today with microservices, and obviously we announced some new capabilities around our security intelligence capabilities, specifically for CloudTrail, because that's becoming a really important aspect of a lot of customers maturation of cloud and also operating in the cloud in this new world. >> Justin: So walk us through what customers are using CloudTrail to do, and how the Sumo Logic connection to CloudTrail actually helps them with what they're trying to do. >> Well, first and foremost, it's important to understand what Sumo does and then the context of CloudTrail and other services. You know, we started roughly a decade ago with AWS, and we built and intelligence platform on top of AWS that allows us to deal with the vast amount of unstructured data in specific use cases. So one very common use case, very applicable to the users here, is around the DevOps teams. And so, the DevOps teams are having a much more complicated and difficult time today understanding, ascertaining, where trouble, where problems reside, and how to go troubleshoot those. It's not just about a siloed monitoring tool. That's just not enough. It doesn't the analytics or intelligence. It's about understanding all the data, from CloudTrail, from EC2, and non-AWS services, so you can appropriately understand these new modern apps that are dependent on these microservices and architectures, and what's really causing the performance issue, the availability issue, and, God forbid, a security or breach issue, and that's a unique thing that Sumo provides unlike others here. >> Justin: Yeah, now I believe you've actually extended the Sumo support beyond CloudTrail and into some of the Kubernetes services that Amazon offers like AKS, and you also, I believe it's ESC FireLens support? >> Ramin: Yeah, so, and that's just a continuation of a lot of stuff we've done with respect to our analytics platform, and, you know, we introduced some things earlier this year at re:Inforce with AWS as well so, around VPC Flow Logs and the like, and this is a continuation now for CloudTrail. And really what it helps our customers and end users do is better better and more proactively be able to detect potential issues, respond to those security issues, and more importantly, automate the resolution process, and that's what's really key for our users, because they're inundated with false positives all the time whether it's on the ops side let alone the security side. So Sumo Logic is very unique back to our value prop, but providing a horizontal platform across all these different use cases. One being ops, two being cybersecurity and threat, and three being line-of-business users who are trying to understand what their own users on their digital apps are doing with their services and how to better deliver value. >> Justin: Now, automation is so important when you've got this scope and scale of cloud and the pace of innovation that's happening with all the technology that's around us here at the show, so the automation side of things I think is a little bit underappreciated this year. We're talking about transformation and we're talking about AI and ML. I think, with the automation piece, is one thing that's a little bit underestimated from this year's show. What do you think about that? >> Yeah, I mean, our philosophy all along has been, you can't automate without AI and ML, and it's proven fact that, you know, by next year the machine data growth is going to be 16 zettabytes. By 2025, it's going to be 75 zettabytes of data. Okay, while that's really impressive in terms of volume of data, the challenge is, the tsunami of data that's being generated, how to go decipher what's an important aspect and what's not an important aspect, so you first have to understand from the streaming data services, how to be able to dynamically and schema on read, be able to analyze that data, and then be able to put in context to those use cases I talked about, and then to drive automation remediation, so it's a multifaceted problem that we've been solving for nearly a decade. In a given day, we're analyzing several hundred petabytes of data, right? And we're trying to distill it down to the most important aspects for you, for your particular role and your responsibility. >> Stu: Yeah, um, we've talked a lot about transformation at this show, and one of the big challenges for customers is, they're going through that application modernization journey. I wonder if you could bring us inside some of your customers, you know, where are they having success, where are some of the bottlenecks slowing them down from moving along on this transformation journey? >> Yeah, so, it's interesting because, whether you're a cloud-native company like Sumo Logic or you're aspiring to be a cloud-native company or a cloud-first project going through migration, you have similar problems. It's now become a machine-scale problem, not a human-scale problem, back to the data growth, right? And so, some of our customers, regardless of their maturation, are really trying to understand, you know, as they embark on these digital transformations, how do they solve, what we call, the intelligence gap? And that is, because there's so much silos across the enterprise organizations today, across development, operations, IT, security, lines of business, in its context, in its completeness, it's creating more complexity for our customers. So, what Sumo tries to help solve, do, is, solve that intelligence gap in this new intelligence economy by providing an intelligence platform we call "continuous intelligence". So what do customers do? So, some of our customers use Sumo to monitor and troubleshoot their cloud workloads. So whether it's, you know, the Netflix team themselves, right, because they're born and bred in the cloud or it's Hudl, who's trying to provide, you know, analytics and intelligence for players and coaches, right, to insurance companies that are going through the migration journey to the cloud, Hartford Insurance, New York Life, to sports and media companies, Major League Baseball, with the whole cyber SOC, and what they're trying to do there on the backs of Sumo, to even trucking companies like Packard, who's trying to do driverless, autonomous cars. It doesn't matter what industry you're in, everyone is trying to do through the digital transformation or be disrupted. Everyone's trying to gain that intelligence or not just be left behind but be lapped, and so what Sumo really helps them do is provide one single intelligence platform across dev, sec, and ops, bringing these teams together to be able to collaborate much more efficiently and effectively through the true multi-tenant SaaS platform that we've optimized for 10 years on AWS. >> Justin: So we heard from Andy yesterday that one of the important ways to drive that transformational change is to actually have the top-down support for that. So you mentioned that you're able to provide that one layer across multiple different teams who traditionally haven't worked that well together, so what are you seeing with customers around, when they put in Sumo Logic, where does that transformational change come from? Are we seeing the top-down driven change? Is that were customers come from, or is it a little bit more bottom-up, were you have developers and operations and security all trying to work together, and then that bubbles up to the rest of the organization? >> Ramin: Well, it's interesting, it's both for us because a lot of times, it depends on the size of the organization, where the responsibilities reside, so naturally, in a larger enterprise where there's a lot of forces of mass because of the different siloed organizations, you have to, often times, start with the CISO, and we make sure the CISO is a transformation agent, and if they are the transformation agent, then we partner with them to really help get a handle and control on their cybersecurity and threat, and then he or she typically sponsors us into other parts of the line of business, the DevOps teams, like, for example, we've seen with Hartford Insurance, right, or that we saw with F5 Networks and many more. But then, there's a flip side of that where we actually start in, let's use another example, uh, you know, with, for example, Hearst Media, right. They actually started because they were doing a lift-and-shift to the cloud and their DevOps team, in one line of business, started with Sumo, and expanded the usage and growth. They migrated 32 applications over to AWS, and then suddenly the security teams got wind of it and then we went top-down. Great example of starting, you know, bottom-up in the case of Hearst or top-down in the case of other examples. So, the trick here is, as we look at embarking upon these journeys with our customers, we try to figure out which technology partners are they using. It's not only in the cloud provider, but it's also which traditional on-premise tools versus potentially cloud-native services and SaaS applications they're adopting. Second is, which sort of organizational models are they adopting? So, a lot of people talk about DevOps. They don't practice DevOps, and then you can understand that very quickly by asking them, "What tools are you using?" "Are you using GitHub, Jenkins, Artifactory?" "Are you using all these other tools, "and how are you actually getting visibility "into your pipeline, and is that actually speeding "the delivery of services and digital applications, "yes or no?" It's a very binary answer, and if they can't answer that, you know they're aspiring to be. So therefore, it's a consultative sale for us in that mode. If they're already embarking upon that, however, then we use a different approach, where we're trying to understand how they're challenged, what they're challenged with, and show other customers, and then it's really more of a partnership. Does that makes sense? >> Justin: Yeah, makes perfect sense to me. >> So, one of the debates we had coming into this show is, a lot of discussion at multicloud around the industry. Of course, Amazon doesn't talk specifically about multicloud all that well. If you look historically, attempts to manage lots of different environments under a single pane of glass, we always say, "pane is spelled P-I-A-N", when you try to do that. There's been great success. If you look at VMware in the data center, VMware didn't cover the entire environment, but vCenter was the center of your, you know, admin's world, and you would edge cases to manage some of the other environments here. Feels that AWS is extending their footprint with thing like Outposts and the environments, but there are lots of things that won't be on Amazon, whether it be a second cloud provider, my legacy data center pieces, or anything else there. Sounds like you touch many of the pieces, so I'm curious if you, just, weigh in on what you hear from customers, how they get their arms around the heterogeneous mess that IT traditionally is, and what we need to do as an industry to make things better. >> You know, for a long time, many companies have been bi-modal, and now they're tri-modal, right, meaning that, you know, they have their traditional and their new aspects of IT. Now they're tri-modal in the sense of, now they have a third leg of that complexity in stool, which is public cloud, and so, it's a reality regardless of Amazon or GCP or Azure, that customers want flexibility and choice, and if fact, we see that with our own data. Every year, as you guys well know, we put out an intelligence report that actually shows year-over-year, the adoption of not only various technologies, but adoption of technologies used across one cloud provider versus multicloud providers, and earlier this year in September when we put the new release of the report out, we saw that year-over-year, there was more than 2x growth in the user of Kubernetes in production, and it was almost three times growth year-over-year in use of Kubernetes across multiple cloud providers. That tells you something. That tells you that they don't want lock-in. That tells you that they also want choice. That tells you that they're trying to abstract away from the IaaS layer, infrastructure-as-a-service layer, so they have portability, so to speak, across different types of providers for the different types of workload needs as well as the data sovereignty needs they have to constantly manage because of regulatory requirements, compliance requirements and the like. And so, this is actually it benefits someone like Sumo to provide that agnostic platform to customers so they can have the choice, but also most importantly, the value, and this is something that we announced also at this event where we introduced editions to our Cloud Flex licensing model that allows you to not only address multi-tiers of data, but also allows you to have choice of where you run those workloads and have choice for different types of data for different types of use cases at different cost models. So again, delivering on that need for customers to have flexibility and choice, as well as, you know, the promise of options to move workloads from provider to provider without having to worry about the headache of compliance and audit and security requirements, 'cause that's what Sumo uniquely does versus point tools. >> Well, Ramin, I think that's a perfect point to end on. Thank you so much for joining us again. >> Thanks for having me. >> Stu: And looking forward to catching up with Sumo in the future. >> Great to be here. >> All right, we're at the midway point of three days, wall-to-wall coverage here in Las Vegas. AWS re:Invent 2019. He's Justin Warren, I'm Stu Miniman, and you're watching theCUBE. (upbeat music)

>> from Burlingame, California It's the Cube covering Suma logic Illuminate 2019. Brought to You by Sumer Logic >> Hey, welcome back, everybody. Jefe Rick here with the cue, We're at the higher Regency San Francisco airport. Here. It's Suma logic. Illuminate 2019. It's our second year here, the third year of the show. I think it's about 1000 people that Kino was packed. A lot of great energy, a lot of good community as we see a lot of these smaller show, especially when they're getting started. It's all about community is a lot of sharing of information. It's a really cool time in the life of these companies. Worksite have our next guest slightly irreverent cool culture will dig into it a little bit with Justin bike. Oh, he is the co founder of Expelled Justin Creek to see >> likewise. Thanks for Thanks for having me. >> Absolutely. So give us the give us a rundown expel what you guys all about. >> So in a nutshell, were a 24 73 65 transparent, manage security provider. What that really means is on a 24 hours a day, seven days a week basis. We're looking for you know, signs. They're bad guys inside your environment. If they're there, we're gonna tell you they're they're gonna tell you what they're up to and help you get >> rid of them. Now, the transparent word comes up time and time again, Looking at some of your guys materials that transparent in terms of we can see inside the black box and how you're operating is that transparent. Like we're just going to tell you and show you what transparency is Obviously a really important piece of your messaging. >> Yeah, kind of all of the above. We try to take it to heart and try to really mean it. I think the easiest way to think about it is we want our customers to feel like we're just another part of their team. Right. And the easiest way for us to do that is to let them be a part of what we do on a day in and day out basis. That means if they want a ride shotgun with us when we're working an incident, they can They can watch everything that we do. Watch the investigation unfold in real time if they want to get in there and work with us. They certainly have the ability to do that. And then, you know, we take transparency pretty far. We put our real actual prices on our website, which is not something you see a lot of security companies do. So we just try to be as up front as we can be in the way that we approach dealing with our customers and working with him over time. >> Right? So we we cover our say, we've been covering our safe forever. It's it's 40,000 people at Mosconi. Few is more vendors than you can count, all talking about security. So, you know, you're in the year in the business and then remain in his keynote, put up a security section, had a whole bunch of companies. How did people sort this? I always think of the poor CEO on the other side is being told, you know, you got a big security in every place. You've gotta have a B A B Y o d was using their own iPhones and now we got I t With all these connected devices, the threat surfaces expanding geometrically. How should people think about security? How do you guys play in this kind of morass of complexity. >> You know, it's an interesting question how people deal with it. I think that's why you're starting to see a lot of these really strong in a lot of cases, sort of regional and local see. So groups start to form right because they want to get together and actually talk about a. I'm dealing with this challenge. What do you do and how are you handling this problem? And the only way to do that is to learn from appears, right. Everybody's in this fight together. As for how we fit in, one of the things that we try to do is help customers who have made a lot of investments in a lot of different security technology make sense of it. All right, so you've got 56789 10 20 pieces of security technology. They're deployed there, all blinking red lights of like, Hey, this might be a threat. This might be an intruder inside your infrastructure, and you've got a handful of people that work Monday through Friday, 8 to 5 ish. Somebody's gotta look at that all day long, and that's what we're there for. So our job is to make space for our customers, to do the things they actually love about security instead of just sitting there trying to keep up with a constant, you know, basically overflow of alert. >> Right? And you guys are socking the service. Is that Is that a hard sell? Is that easy sell to people? Understand? They need kind of the augmentation. How does that how does that go over with the customer? It has >> been, I think it's over the years it's become, I think, an easier thing for people to wrap their head around. Because at the end of the day, everybody is infrastructure to grow and write. Their footprint of what they need to protect is growing. They can't. Still, nobody can hire enough people that they need. That's a pervasive problem. It's a top five c. So problem has been for you will never go for a long time. So you've got all this security technology. You get the whole network instrument and then suddenly the business moves to the cloud. You have two instrument that too, and you have to do it using the team that you've gotten. That's not enough people And so what choice do you really have? You need somebody to come in and help provide that 24 7 coverage. There's certain things that your security at the institute, that on Lee be done from inside the business. Right things. They remove your program forward, let your team focus on that and all the stuff around monitoring technology to look for signs. They're bad guys in the environment. Let a provider like expel, help you out, >> right? So let me get your take on kind of the explosion of data. But both the quantity of the date as well as the sources of the data, as well as the structure of the date or the lack of structure in a lot of this data, it's growing exponentially right in people. And we all have our time kind of wrapping our heads around exponential growth, one of the kind of the fundamental problems that we have from your point of view, as you see this and you see your customer struggling with it and interests. Other kind of dichotomy is, Is it? Is it is it Is it asset? Of course, there's a lot of good stuff in there hopefully, But it's also liability because it's expensive. It's expensive. The hold. It's expensive to move. It's expensive to store. How do you help people deal with Keep it secure in this explosion of data environment that we are. >> You know, if there were a silver bullet, answer that question, we'd probably be the only security company in existence. >> They would be on a boat >> in >> the Caribbean or >> something like that, you know, being able to apply the technology that we're, you know, that we can bring to bear, which helps our analysts take all of these different disparate data sources. So we can take your I d. S. We can take your e t r. We can take your cloud control platform, your cloud control plane like an aws cloudwatch cloudtrail all that sort of stuff, bring it in one place, makes sense of it, put it together in a way that contextualized is it against what we know about your business. That's ah, whole lot of the battle right there is just being able to help somebody sort of understand what's going on. What does it mean to my business? What do I do about it? What do I do next on? If you can free up that chunk of time, you let the customer focus on those sort of more tactful things that they need to do inside their business, which is, you know, what's the next big evolution of security inside? You know our company, >> right? The word assume a logic fit in for you guys were here, obviously at the sumo logic event. And you know, the scale of the complexity of this stuff is getting beyond the ability of a human keep track of quite frankly. So there's got to be some automation. There's got to be tools. Even though you guys were transparent, there's just there's just some things I can't look into. How are using similar logic? How's it helping you do your business? You >> know, our partnership with Suma Logic came about actually from our 1st 2 customers who are actually symbolize your customers. And so they're sending all of their infrastructure data. They're sending all their security data and assume a logic, and they came to us and they said all that it is there. If you want to monitor our infrastructure, start there right on our ability because it lives in the cloud. There's no sort of management for the customer to do our villages plug right into that and immediately, like within an hour, to start getting security value out of what the customer has inside Suma Logic is, it's pretty substantial to be able to just start immediately telling him, giving him visibility into what's going on. So that's kind of how the relationship came about and how we worked with him today is we find that again. A lot of our customers have just a ton of data, security or otherwise that they need to store. They need to do it in a place that's going to scale with, um, so your traditional on Crim. You know, it's like a more old school Sim. We just gotta keep buying drives and buying drives and buying more and more places to store things. It's a tough life, right? So Cloud hosted platform, like Suma Logic lets you continue to scale, lets you quickly and easily search that they didn't do it in a reasonably cost effective way. It's a great way for us to work with customers. You don't have any visibility today. We know the folks over assume a logic really well, it's super easy to get up and running and get it up really quickly. It's easy for us to plug into. We can get you visibility in your environment really, really fast. If you don't have any today, >> so is that enabled you to bring a different scale of data to bear on your analytics is too. We know there's bad guys in there. You know how fast you can find him and shut him down to take action? >> I think so. Because of the way the technology with Suma logic scales that lets customers send more data, then they may have otherwise ordinarily sent toe like a more traditional Sam or something like that on what that does is that gives us more data to look at when we have more today to look at. We have more visibility and what's going on the customer environment. We can start delivering more value to them. Tell you hey, did you know this is going on over here something you weren't previously looking at because it scales reasonably well. That's something that we can start doing for >> her just because you have a good kind of macro point of view on multiple customers and the market. I just love to get your take on now. We used to hear all the time that, you know, the time between the breach and the knowledge of a breach was like 260 days. Whatever. And we keep hearing whatever show you out. It's coming down. It's coming down, coming down, but at the same time, pretty much every day. You know, you hear about a new breech and it's it's it's, I think everybody is going to be breached, it seems like, and it's really more of a function of How fast can you find out? You know, how quickly can you can you cut down on the damage and take the action? And I wonder if you could share your thoughts of kind of, You know, I still think some people think there's a moat strategy that you can just keep people out, and it's just it's just not, >> you know, somebody who is an attacker that's determined enough there. Well, fuck. You know, they've got enough funding. We're gonna get in and think about it like your house, right? Like, but all the doors. Put all the locks on his many doors. You want as many bars on as many windows as you want. If somebody wants it badly enough and they have enough time, they have enough planning. They have enough money, they're getting in your house, right? And so what you want to do? You want to know when they get in there so that you can react pretty quickly and so sure that like you dwell time of how long before, you know, from the time the intruder got in the environment till the time they were actually discovered. You obviously don't want that to be hundreds and hundreds of days, So it is important to figure out when they're they're what have they accessed when they're in there? So you understand what risk your date is that? Where are they In your environment? And that's the kind of thing you want to make sure that you have instrumentation to be able to see quick, because you can't. There is no silver bullet. You can't just keep the attackers out. You can't say I've prevent all these prevention mechanisms in. Nobody's gonna get in, so I don't need to worry about trying to find them once they're inside. It's just not the case. It's not really. >> And have you guys built a technological answer to social manipulation for penetration? I mean, my favorite examples are the, you know, somebody calling. You know I can't get into the company softball game. Can you please click on this or another one? I heard a Vegas. A Vegas casino was breached via that. The bomb it, er in the fish tank in the lobby. That was that was a connected thermometer so the fish wouldn't die. I mean, are we are you thinking about, you know, kind of social engineering is still a really effective way to get into these places and tools to break those kind of that access. >> Yes. Oh, social engineering. Absolutely. If you look across our customer base, the incidents and our customers deal with the number one by a long shot vector for how these companies are actually getting compromised in the first place. It's fishing, right? It's ominous. Intuit e mail. And I'm gonna convince you to click on this link, or I'm gonna convince you to open this file or I'm gonna convince you to give me a password or something like that, because at the end of the day, some of these things are pretty good and it's hard to spot a fake. It's just really difficult spot a fake if it's well tailored. A lot of the security companies and I'll give credit to a lot of the infrastructure. Providers like Google have done a really good job at trying to flash warning signs. You've never received an E mail like this from this person before. You've never received an e mail from this person with an attachment. You've never received an e mail from this person with, you know, from this domain or anything like that. They're starting to get more and more sophisticated around some of those mechanisms. But at the end of the day, social engineering fishing, that is the number one vector. It's a really hard problems. All then the security industry hasn't solved yet. >> Yeah, All right, well, let's get his job security for you. Well, Justin, thanks for taking a few minutes and really enjoyed the conversation. Thanks for having me. Alright. He's Justin. I'm Jeff. You're watching the Cube. Were Touma logic illuminate in San Francisco Hyatt Regency? Thanks for watching

>> Live from Las Vegas, it's theCUBE. Covering AWS re:Invent 2018 Brought to you by Amazon Web Services, Intel, and their ecosystem partners. >> Hey, welcome back. And we're live here at Las Vegas AWS re:Invent 2018 live coverage from theCUBE. I'm John Furrier. Dave Vellante, my co-host, wall to wall coverage. Dave, six years covering Amazon, watching it grow. Watching it just an unstoppable force of new services. Web services being realized from the original vision years and many, many years ago, over a decade. Jesse Rothstein, CTO and co-founder of ExtraHops our next guest, welcome back to theCUBE, good to see you. >> Thanks for having me. >> So first of all before we get into the conversation, what's your take on this madness, here? It's pretty crazy. >> You know this is, I think this is my sixth year, as well, and this show must double in size every year. It's enormous, spread across so many venues, so much going on, it's almost overwhelming. >> I remember six years ago, we used to be on theCUBE, and I think we just kept the stream open, "Hey, come on up! We have an opening!" Now it's like two cubes, people tryin' to get on, no more room, we're dyin', we go as hard as we can, 16 interviews, hundreds of interviews, lots of change. So I got to ask you, what is your view of the ecosystem? Because back then, handful of players in there. You guys were one of 'em. Lot of opportunities around the rising tide here. What's your thought on the ecosystem evolution? >> Well, of course the ecosystem has grown, this show has really become recognized as the pre-eminent Cloud show, but I see some themes that I think have certainly solidified, for example I spent a bunch of time on the security track. That's the largest track by far, I'm told. They're actually breaking it out into a separate add-on conference coming up in the summer. So clearly there's a great deal of interest around Cloud security as organizations follow their... >> Did they actually announce for that security conference? >> They did, they did. >> Okay, so Boston in June, I think right? >> June, that's correct. They announced, I think, I don't want to mess up the dates, June, late June. >> I think June 26. Breaking News here, that's new information. That's a really good signal for Amazon. They're taking security serious. When I interviewed Andy Jassy last week, he said to me, "Security used to be a blocker. Oh the Cloud's not secure!" Couple short years ago, now it's actually competitive advantage, but still a lot more work to get done. Network layer all the way up, what's your take? Never done. >> Well, so that's what Andy says, and I think that I would rephrase that slightly differently. Security used to be a blocker and it used to be an area of anxiety and organizations would have huge debates around, you know, whether the Cloud is less secure, or not, inherently. I think, today, there's a lot more acceptance that the Cloud can be just as secure as on-prem or just as insecure. You know, for my view, it relies on the same people, processes, and technologies, that are inherently insecure as we have on-prem, and therefore it's just as insecure. There are some advantages, the Cloud has great API logging, building blocks like CloudTrail. New services like GuardDuty, but at the same time it's hard to hire Cloud security expertise, and there is an inherent opacity in public Cloud that I think is a real challenge for security. >> Well, and bad human behavior always trumps good security. >> Well, of course. >> Talk about ExtraHop, how you guys are navigating, you guys have been in the ecosystem for a while. Always an opportunity to grow, I love this TAM's expanding, huge expansion in the adjustable market, new use cases. What's up with you guys? Give us an update. Where's the value proposition resonating? What's the focus? >> Well you can probably tell from my interests that we see a lot of market pull and opportunity around Cloud security. ExtraHop is an analytics product for IT ops and security, so there's a certain segment of what we do for IT operations use cases. Delivering essentially a better level of service, we attach to use cases like Cloud migrations, and new application roll-outs. But we also have a cyber security offering, that's a very advanced offering, around network behavioral analytics, where we actually can detect suspicious behaviors and potential threats, bring them to your attention. And then since we leverage our broader analytics platform, you're a click away from being able to investigate or disposition these detections and see, hey is this something I really need to be concerned about. >> Give an example of some of the network behavior, because I think this is a real critical one, because with no perimeter, you got no surface area, you got API's, this is the preferred architecture but, you got to watch the traffic. How will you guys be specific and give an example. >> So, some of my favorite examples have to do with detecting when you've already been breached. Organizations have been investing in defense and depth for decades, you know, keep the attackers out at the perimeter, keep the attackers away from the endpoint, but how would you know if you've already been breached. And it turns out, your Verizon does a great data breach investigation report annually. And they determine that they're only nine or so behaviors that count for 90% of what all breaches do, what they look like. So, you look for things like, parts of the cyber security attaching. You look for reconnaissance, you look for lateral movement, you look for some form of ex-filtration. Where ExtraHop is taking this further, is that we've built sophisticated behavioral models. We're able to understand privilege. We're able to understand what are the most important systems in your environment, the most important instances. Who has administrative control over them, and then when that changes, you want to know about it, because maybe this thing, this instance, in an on-prem environment, could be like a contractor laptop, or an HVAC system. It now exercises some administrative control over a critical system, and it's never done that before. We bring that to your attention, maybe you want to take some automated action, and quarantine it right away, maybe you want to go through some sort of approval process and bring it to someone's attention. But either way, you want to know about it. >> I'm going to get your reaction to a comment I saw yesterday morning at a keynote on Teresa Carlson's breakfast, her public sector breakfast, Christine Halvorsen, FBI. Said, we're in a data crisis. And she talked about that they can't react to some of these bad events, and a lot of it's post event, That's the basic stuff they need now, and she said, I can't put the puzzle pieces together fast enough. So you're actually taking that from a network Ops standpoint, IT Ops. How do you get the puzzle pieces together fast? What's the secret? >> Well so, the first secret is that we're very focused on real time network data, and network telemetry. I often describe ExtraHop as like Splunk for the network. The idea requires completely different technology, but the idea's the same. Extract value and insight out of data you already have, but the advantage of the network for security, and what I love about it, is that, it's extremely real-time, it's as close to ground truth as you can get, It's very hard to hide from, and you can never turn it off. >> Yeah. >> So with all of those properties, network analytics, makes for, has just tremendous implications for cyber security. >> I mean honestly, you're visibly excited, I'm a data geek myself, but you made a good point, I want to double down on, is that, moving packets from A to B is movement. And movement is part of how you detect it right, so? >> It is, so packets itself, that's data in motion, but if you're only looking at the packets you're barely scratching the surface. Companies have tried to build security analytics based on flow data for a long time. And flow data, flow records, it's like a phone bill. It tells you who's talking to whom and how long they spoke, but there's no notion of what was said in the conversation. In order to do really high quality security analytics, you need to go much deeper. So we understand resources, we understand users, we understand what's normal, and we're not using statistical baselines, we're actually building predictive models around how we expect end points and instances to behave. And then when they deviate from their model, that's when we say, "Hey, there's something strange going on. >> That's the key point for you guys. >> And that means you can help me prioritize... >> Absolutely. >> Because that's the biggest challenge these guys have. They oftentimes don't know where to go, they don't know how to weight the different... >> So that's one challenge and I think another really big challenge, and we see this even with offerings that have been publicized recently, is that detection itself isn't good enough, that's just an alert cannon, and there was a session that actually talked about alarm deafness that occurs, it occurs in hospitals, and other environments, were all you get is these common alarms, and people stopped paying attention to them. So, in addition to the ability to perform high quality detections, you need a very streamline investigative work flow. You know, one click away so you can say, "Okay, what's going on here?" Is this something that requires additional investigation. >> Well, I think you guys are on the right track, and I think what's different about the Cloud is that, you know, they call the show re:invent, but rethinking, existing stuff for Cloud scale, is a different mindset, it's a holistic. Like, you're taking more of a holistic view saying, "I'm not going to focus on a quote packet path, or silo that I'm comfortable with, you kind of got to look at the bigger picture, and then have a data strategy, or a some competitive unique IP." >> I think that's an excellent summary. What I would add is that organizations, as they kind of follow their Cloud journey, we're seeing a lot of interest from security teams in particular, that don't want to do swivel chair integration. Where I have something on-prem and I have something in the Cloud. They want something much more holistic, much more unified. >> Seamless, automated. >> Much more seamless, much more automated. (laughing) You know, I sat in about five different securities track sections, and every single one of them kind of ended with the, "So we automated it with a Lambda Function." (laughing) Clearly a lot of capability for automation, in public Cloud. >> Jesse great to have you on theCube, CTO, Co-founder of ExtraHop. What's next for you? What's goin' on? What's next? >> Well, we continue to make really big investments on security, I wish I could say that cyber security would be done at some point, but it will never be done. It's an arms race. Right now I think we're seeing some really great advancements on the defense side, that will translate into big success. Always focusing on the data problem, as data goes from 10 gigabits to 100 gigabits. You know Amazon just announced their seat five accelerated 100 gigabit network adapter. Always looking at how can we extract more value from that data at scale. >> Leverage to power, leverage to power. Well, we got to get you back on the program. We're going to increase our cyber security coverage, we certainly will be at the security event, I didn't know it was announced publicly, June 26th and 27th, in Boston. Give or take a day on either side, could be 27th, 28th, 26th, 27th. This is a big move for Amazon, we'll be there. >> I think it is. >> Great job, live coverage here, from the floor, on the Expo floor at Amazon re:Invent in 2018, will be right back more Cube coverage, after this short break, two sets. We'll be right back. (soft electronic music)

>> Live, from Washington, D.C., it's theCUBE! Covering Inforum DC 2018. Brought to you by Infor. >> Well, welcome back. We are here on theCUBE. Thanks for joining us here as we continue our coverage here at Inforum 18. We're in Washington D.C., at the Walter Washington Convention Center. I'm John Walls, with Dave Vellante and we're joined now by Rahul Pathak, who is the G.M. at Amazon Athena and Amazon EMR. >> Hey there. Rahul, nice to see you, sir. >> Nice to see you as well. Thanks for having me. >> Thank you for being with us, um, now you spoke earlier, at the executive forum, and, um, wanted to talk to you about the title of the presentation. It was Datalinks and Analytics: the Coming Wave of Brilliance. Alright, so tell me about the title, but more about the talk, too. >> Sure. Uh, so the talk was really about a set of components and a set of transdriving data lake adoption and then how we partner with Infor to allow Infor to provide a data lake that's customized for their vertical lines of business to their customers. And I think part of the notion is that we're coming from a world where customers had to decide what data they could keep, because their systems were expensive. Now, moving to a world of data lakes where storage and analytics is a much lower cost and so customers don't have to make decisions about what data to throw away. They can keep it all and then decide what's valuable later. So we believe we're in this transition, an inflection point where you'll see a lot more insights possible, with a lot of novel types of analytics, much more so than we could do, uh, to this point. >> That's the brilliance. That's the brilliance of it. >> Right. >> Right? Opportunity to leverage... >> To do more. >> Like, that you never could before. >> Exactly. >> I'm sorry, Dave. >> No, no. That's okay. So, if you think about the phases of so called 'big data,' you know, the.... We went from, sort of, EDW to cheaper... >> (laughs) Sure. >> Data warehouses that were distributed, right? And this guy always joked that the ROI of a dupe was reduction of investment, and that's what it became. And as a result, a lot of the so-called data lakes just became stagnant, and so then you had a whole slew of companies that emerged trying to get, sort of, clean up the swamp, so to speak. Um, you guys provide services and tools, so you're like "Okay guys, here it is. We're going to make it easier for you." One of the challenges that Hadoop and big data generally had was the complexity, and so, what we noticed was the cloud guys--not just AWS, but in particular AWS really started to bring in tooling that simplified the effort around big data. >> Right. >> So fast-forward to today, and now we're at the point of trying to get insights-- data's plentiful,insights aren't. Um, bring us up to speed on Amazon's big data strategy, the status, what customers are doing. Where are we at in those waves? >> Uh, it's a big question, but yeah, absolutely. So... >> It's a John Furrier question. (laughter) So what we're seeing is this transition from sort of classic EDW to S3 based data lakes. S3's our Amazon storage service, and it's really been foundational for customers. And what customers are doing is they're bringing their data to S3 and open data formats. EDWs still have a role to play. And then we offer services that make it easy to catalog and transform the data in S3, as well as the data in customer databases and data warehouses, and then make that available for systems to drive insight. And, when I talk about that, what I mean is, we have the classic reporting and visualization use cases, but increasingly we're seeing a lot more real time event processing, and so we have services like Kinesis Analytics that makes it easy to run real time queries on data as it's moving. And then we're seeing the integration of machine learning into the stacks. Once you've got data in S3, it's available to all of these different analytic services simultaneously, and so now you're able to run your reporting, your real time processing, but also now use machine learning to make predictive analytics and decisions. And then I would say a fourth piece of this is there's really been, with machine learning and deep learning and embedding them in developer services, there's now been a way to get at data that was historically opaque. So, if you had an audio recording of a social support call, you can now put it through a service that will actually transcribe it, tell you the sentiment in the call and that becomes data that you can then track and measure and report against. So, there's been this real explosion in capability and flexibility. And what we've tried to do at AWS is provide managed services to customers, so that they can assemble sophisticated applications out of building blocks that make each of these components easier, and, that focus on being best of breed in their particular use case. >> And you're responsible for EMR, correct? >> Uh, so I own a few of these, EMR, Athena and Glue. And, uh, really these are... EMR's Open Source, Spark and Hadoop, um, with customized clusters that upbraid directly against S3 data lakes, so no need to load in HDFS, so you avoid that staleness point that you mentioned. And then, Athena is a serverless sequel NS3, so you can let any analyst log in, just get a sequel prompt and run a query. And then Glue is for cataloging the data in your data lake and databases, and for running transformations to get data from raw form into an efficient form for querying, typically. >> So, EMR is really the first service, if I recall, right? The sort of first big data service-- >> That's right. >> -that you offered, right? And, as you say, you really begin to simplify for customers, because the dupe complexity was just unwieldy, and the momentum is still there with EMR? Are people looking for alternatives? Sounds like it's still a linchpin of the strategy? >> No, absolutely. I mean, I think what we've seen is, um, customers bring data to S3, they will then use a service, like Redshift, for petabyte scale data warehousing, they'll use EMR for really arbitrary analytics, using opensource technologies, and then they'll use Athena for broad data lake query and access. So these things are all very much complimentary, uh, to each other. >> How do you define, just the concept of data lakes, uh, versus other approaches to clients? And trying to explain to them, you know, the value and the use for them, uh, I guess ultimately how they can best leverage it for their purposes? How do you walk them through that? >> Yeah, absolutely. So, there's, um. You know, that starts from the principles around how data is changing. So before we used to have, typically, tabular data coming out of ERP systems, or CRM systems, going into data warehouses. Now we're seeing a lot more variety of data. So, you might have tweets, you might have JSON events, you might have log events, real time data. And these don't fit traditional... well into the traditional relational tabular model, ah, so what data lakes allow you to do is, you can actually keep both types of the data. You can keep your tabular data indirectly in your data lake and you can bring in these new types of data, the semi-structured or the unstructured data sets. And they can all live in the data lake. And the key is to catalog that all so you know what you have and then figure out how to get that catalog visible to the analytic layer. And so the value becomes you can actually now keep all your data. You don't have to make decisions about it a priori about what's going to be valuable or what format it's going to be useful in. And you don't have to throw away data, because it's expensive to store it in traditional systems. And this gives you the ability then to replay the past when you develop better ideas in the future about how to leverage that data. Ah, so there's a benefit to being able to store everything. And then I would say the third big benefit is around um, by placing data and data lakes in open data formats, whether that's CSV or JSON or a more efficient formats, that allows customers to take advantage of best of breed analytics technology at any point in time without having to replatform their data. So you get this technical agility that's really powerful for customers, because capabilities evolve over time, constantly, and so, being in a position to take advantage of them easily is a real competitive advantage for customers. >> I want to get to Infor, but this is so much fun, I have some other questions, because Amazon's such a force in this space. Um, when you think about things like Redshift, S3, Pedisys, DynamoDB...we're a customer, these are all tools we're using. Aurora. Um, the data pipeline starts to get very complex, and the great thing about AWS is I get, you know, API access to each of those and Primitive access. The drawback is, it starts to get complicated, my data pipeline gets elongated and I'm not sure whether I should run it on this service or that service until I get my bill at the end of the month. So, are there things you're doing to help... First of all, is that a valid concern of customers and what are you doing to help customers in that regard? >> Yeah, so, we do provide a lot of capability and I think our core idea is to provide the best tool for the job, with APIs to access them and combine them and compose them. So, what we're trying to do to help simplify this is A) build in more proscriptive guidance into our services about look, if you're trying to do x, here's the right way to do x, at least the right way to start with x and then we can evolve and adapt. Uh, we're also working hard with things like blogs and solution templates and cloud formation templates to automatically stand up environments, and then, the third piece is we're trying to bring in automation and machine learning to simplify the creation of these data pipelines. So, Glue for example. When you put data in S3, it will actually crawl it on your behalf and infer its structure and store that structure in a catalog and then once you've got a source table, and a destination table, you can point those out and Glue will then automatically generate a pipeline for you to go from A to B, that you can then edit or store in version control. So we're trying to make these capabilities easier to access and provide more guidance, so that you can actually get up and running more quickly, without giving up the power that comes from having the granular access. >> That's a great answer. Because the granularity's critical, because it allows you, as the market changes, it allows you... >> To adapt. To move fast, right? And so you don't want to give that up, but at the same time, you're bringing in complexity and you just, I think, answered it well, in terms of how you're trying to simplify that. The strategy's obviously worked very well. Okay, let's talk about Infor now. Here's a big ISP partner. They've got the engineering resources to deal with all this stuff, and they really seem to have taken advantage of it. We were talking earlier, that, I don't know if you heard Charles's keynote this morning, but he said, when we were an on prem software company, we didn't manage customer servers for them. Back then, the server was the server, uh software companies didn't care about the server infrastructure. Today it's different. It's like the cloud is giving Infor strategic advantage. The flywheel effect that you guys talk about spins off innovation that they can exploit in new ways. So talk about your relationship with Infor, and kind of the history of where it's come and where it's going. >> Sure. So, Infor's a great partner. We've been a partner for over four years, they're one of our first all-in partners, and we have a great working relationship with them. They're sophisticated. They understand our services well. And we collaborate on identifying ways that we can make our services better for their use cases. And what they've been able to do is take all of the years of industry and domain expertise that they've gained over time in their vertical segments, and with their customers, and bring that to bear by using the components that we provide in the cloud. So all these services that I mentioned, the global footprint, the security capabilities, the, um, all of the various compliance certifications that we offer act as accelerators for what Infor's trying to do, and then they're able to leverage their intellectual property and their relationships and experience they've built up over time to get this global footprint that they can deploy for their customers, that gets better over time as we add new capabilities, they can build that into the Infor platform, and then that rolls out to all of their customers much more quickly than it could before. >> And they seem to be really driving hard, I have not heard an enterprise software company talk so much about data, and how they're exploiting data, the way that I've heard Infor talk about it. So, data's obviously key, it's the lifeblood-- people say it's the new oil--I'm not sure that's the best analogy. I can only put oil in my house or my car, I can't put it in both. Data--I can do so many things with it, so, um... >> I suspect that analogy will evolve. >> I think it should. >> I'm already thinking about it now. >> You heard it here first in the Cube. >> You keep going, I'll come up with something >> Don't use that anymore. >> Scratch the oil. >> Okay, so, your perspectives on Infor, it's sort of use of data and what Amazon's role is in terms of facilitating that. >> So what we're providing is a platform, a set of services with powerful building blocks, that Infor can then combine into their applications that match the needs of their customers. And so what we're looking to do is give them a broad set of capabilities, that they can build into their offerings. So, CloudSuite is built entirely on us, and then Infor OS is a shared set of services and part of that is their data lake, which uses a number of our analytic services underneath. And so, what Infor's able to do for their customers is break down data silos within their customer organizations and provide a common way to think about data and machine learning and IoT applications across data in the data lake. And we view our role as really a supporting partner for them in providing a set of capabilities that they can then use to scale and grow and deploy their applications. >> I want to ask you about--I mean, security-- I've always been comfortable with cloud security, maybe I'm naive--but compliance is something that's interesting and something you said before... I think you said cataloging Glue allows you to essentially keep all the data, right? And my concern about that is, from a governance perspective, the legal counsel might say, "Well, I don't "want to keep all my data, if it's work in process, "I want to get rid of it "or if there's a smoking gun in there, "I want to get rid of it as soon as I can." Keep data as long as possible but no longer, to sort of paraphrase Einstein. So, what do you say to that? Do you have customers in the legal office that say, "Hey, we don't want to keep data forever, "and how can you help?" >> Yeah, so, just to refine the point on Glue. What Glue does is it gives you essentially a catalog, which is a map of all your data. Whether you choose to keep that data or not keep that data, that's a function of the application. So, absolutely >> Sure. Right. We have customers that say, "Look, here are my data sets for "whether it's new regulations, or I just don't want this "set of data to exist anymore, or this customer's no longer with us and we need to delete that," we provide all of those capabilities. So, our goal is to really give customers the set of features, functionality, and compliance certifications they need to express the enterprise security policies that they have, and ensure that they're complying with them. And, so, then if you have data sets that need to be deleted, we provide capabilities to do that. And then the other side of that is you want the audit capabilities, so we actually log every API access in the environment in a service called CloudTrail and then you can actually verify by going back and looking at CloudTrail that only the things that you wanted to have happen, actually did happen. >> So, you seem very relaxed. I have to ask you what life is like at Amazon, because when I was down at AWS's D.C. offices, and you walk in there, and there's this huge-- I don't know if you've seen it-- there's this giant graph of the services launched and announced, from 2006, when EC2 first came out, til today. And it's just this ridiculous set of services. I mean the line, the graph is amazing. So you're moving at this super, hyper pace. What's life like at AWS? >> You know, I've been there almost seven years. I love it. It's been fantastic. I was an entrepreneur and came out of startups before AWS, and when I joined, I found an environment where you can continue to be entrepreneurial and active on behalf of you customers, but you have the ability to have impact at a global scale. So it's been super fun. The pace is fast, but exhilarating. We're working on things we're excited about, and we're working on things that we believe matter, and make a difference to our customers. So, it's been really fun. >> Well, so you got--I mean, you're right at the heart of what I like to call the innovation sandwich. You've got data, tons of data, obviously, in the cloud. You're a leader and increasingly becoming sophisticated in machine intelligence. So you've got data, machine intelligence, or AI, applied to that data, and you've got cloud for scale, cloud for economics, cloud for innovation, you're able to attract startups--that's probably how you found AWS to begin with, right? >> That's right. >> All the startups, including ours, we want to be on AWS. That's where the developers want to be. And so, again, it's an overused word, but that flywheel of innovation occurs. And that to us is the innovation sandwich, it's not Moore's Law anymore, right? For decades this industry marched to the cadence of Moore's Law. Now it's a much more multi-dimensional matrix and it's exciting and sometimes scary. >> Yeah. No, I think you touched on a lot of great points. It's really fun. I mean, I think, for us, the core is, we want to put things together the customers want. We want to make them broadly available. We want to partner with our customers to understand what's working and what's not. We want to pass on efficiencies when we can and then that helps us speed up the cycle of learning. >> Well, Rahul, I actually was going to say, I think he's so relaxed because he's on theCUBE. >> Ah, could be. >> Right, that's it. We just like to do that with people. >> No, you're fantastic. >> Thanks for being with us. >> It's a pleasure. >> We appreciate the insights, and we certainly wish you well with the rest of the show here. >> Excellent. Thank you very much, it was great to be here. >> Thank you, sir. >> You're welcome. >> You're watching theCUBE. We are live here in Washington, D.C. at Inforum 18. (techno music)

>> Narrator: Live from Las Vegas. It's The Cube, covering AWS re:Invent 2017, presented by AWS, Intel, and our ecosystem of partners. >> Hey, welcome back to The Cube, our continuous coverage of AWS 2017. AWS re:Invent, I should say. 42,000 people, a lot of them here in the room here. I'm Lisa Martin with my co-host Keith Townsend. We're excited to be joined by a Cube alumni extraordinaire, Ramin Sayar, CEO and president of Sumo Logic. Welcome back to The Cube. >> Great. Thanks for having me. It's good to be back. >> You guys have had a big announcement today with AWS. What does that mean? What's in there for your customers? >> Sure. Well, it's good to know that for over seven and a half years we've been close partners with AWS. So we've designed and co-designed over 100 services together with AWS. And today's announcements around GuardDuty in particular is taking all the basic compute, network, storage, persistent type of stuff and toolkits and paths to the next level because, as you've seen, security has always been an afterthought when it comes to workloads and data in the cloud. So we've been pushing Amazon in particular to really up their game on security and so we designed the GuardDuty service to really start to provide a lens into threat intelligence with respect to cloud data. >> Why do you think security still continues to be not as big of a focus? We hear different things, it's not as big of a concern for customers anymore, but that's not actually true. Why do you think that trend is out there? >> Well, I don't think it's about focus, it's about uncertainty, and I say that because a lot of the CISOs that we engage with consistently, who use our platform to get not only visibility to user behavior, or infrastructure, or the workloads, when they move from the traditional world to this new world of cloud, there's uncertainty about what to do. There's uncertainty about what services to use because a lot of the cloud providers until recently haven't had a lot of these capabilities provided. So, in our case, as an example, seven and a half years ago when we started, born and bred in the cloud, we built our whole PKI infrastructure. We built encryption in transit and at rest. So we had to build all that stuff ahead of what the platform like Amazon had provided. So we've been able to leverage all those experiences and extend the platform for not only cloud data, but on-prem data to provide that unified view. So the vantage point we have as a result is really be that trusted advisor for CISOs and to guide them toward things like CloudTrail, that's part of their announcement. Things like VPC flow logs, and what they should and should not do there. And so the announcement today is really more of a guidance for CISOs as well as developers and operations folks, to better understand what they need to do differently in the cloud, not just from the technology point of view, but also from a threat intelligence point of view. >> So let's talk a little bit about education, because this is I think an opportunity to educate a lot of the market. Amazon has always preached share responsibility. They take care of the locks, the guards, the physical data center, all the way up to the hypervisor. And the hypervisor is ironically becoming less important with today's announcements, however there seems to be some uncertainty still with clients as to where their responsibility starts. How do you guys help with that conversation of shared responsibility? >> Well it actually starts back to the point I just made. In a lot of cases, we've become the trusted advisor because we've had such a long history of building a mission-critical platform that's analyzing 100 plus petabytes of data every single day. And so we know what the struggles are to understand new services as they come out, whether it's Amazon or another cloud provider, and what the implications of those services are. So now back to the root of the question here, what we really try to do is assess the maturity of a lot of our customers. So we really understand, well what are you using today with respect to SaaS applications? How much of your data is inside your data centers versus potentially in a cloud platform like AWS? What types of cloud services are you using? That allows to kind of categorize the maturity, but also start to lay out prescriptive roadmap as to what new application data, new infrastructure data, as well as the potential vulnerabilities and risks associated with users or infrastructure that they need to be concerned with when they make that transition to the cloud, or migration, or build natively in the cloud. >> So how much concern is it out there over these new services like Lambda that are no longer associated with, we can't just put an IP address or a firewall and say okay, this host can't talk to this host. It's service and data-based. Services like AWS that we really can't control from an OS-perspective, how's that impacting the conversation? >> So that's actually an interesting aspect of what the ecosystem provides, right. We analyze a lot of those connectivity and transport aspects because we look at the pattern of those datas. And it's not just about what's running in AWS, what's important here is you have your CDN providers, you have your on-premise data centers, you have your Kolos, and from a security posture perspective, you need a holistic view. More and more customers are moving away from packaged, on-prem apps to SaaS, and so understanding what the implications are from a 360-degree view is what Sumo helps provide them to do. And more specifically, back to the announcement here, the role that we play is not only to be that advocate, but also the champion to AWS because we're bringing a lot of these customers through in this migration. So a good example, they mentioned a customer called Samsung and SmartThings. They're one of our large customers of an IoT use case. And they're pushing the boundaries on understanding how to start to compress and encrypt this data, but start to analyze it real-time across millions and millions of devices that need to come in to look at the fingerprints and patterns. Those are services not yet available in Amazon or GCP or at Azure yet. So we're helping with SmartThings for example go to these platform providers and start to design new services or design new capabilities of existing services. >> One of the things I wanted to ask is a lot of companies talk about CICD. Sumo Logic is talking about continuous intelligence and you said the world holistic a minute ago, what is continuous intelligence? What does it mean? How does it differentiate Sumo Logic? >> Yeah so our view of this is that unfortunately in the fragmented world we live in, and the complexity of all these point tools that address small aspects of different parts of your stack, your application stack, as well as the lifecycle, to your point around CICD. There's never been a comprehensive platform like Sumo that not only addresses the lifecycle, everything from your source code control system, to your continuous release and deployment, to your downstream monitoring, let alone everything from bare metal, on-prem, to containerized, to logic. So Sumo actually created this strategy about seven and a half years ago when we founded the company that we wanna be the full-stack vendor, we wanna be the full-stack data analytics for structured data as well as unstructured data. And so the relevance of continuous intelligence in that notion is we're not only providing full-stack or 360, but we're also providing mechanisms to look at fingerprints and patterns in that data to take a lot of the guesswork out that typically a CISO's team or developer needs to do during the deployment of an application, during the release of infrastructure, or God forbid, in the case that there's been a breach. So we help proactively address these issues because we use a lot of machine learning algorithms, we use a lot of pattern recognition to understand what's normal and abnormal and we surface that up into a very salient view in terms of dashboards and alerts. >> So what does this solution look and feel like? I think on the SaaS part of it, that's pretty straightforward, but in the hybrid cloud environment in which I have on-premises information data that I'm trying to protect, that's talking to these SaaS cloud components, whether it's Amazon services or anyone else, what does the on-prem part of that look like? >> So interesting enough, it doesn't look like anything different than what the off-prem would look like, or in the cloud, because for us it's just where the data resides that we're collecting from. So whether it's top-of-rack switch, to discreet hardware, to converged hardware, to your CDNs, to your SaaS apps, to your cloud infrastructure services, we collect, ingest, analyze all that data and start to separate the signal-to-noise and provide meaningful, digestible insights, and that's what we refer to as continuous intelligence. >> What are your thoughts about security being an enabler of digital transformation? >> What's interesting is we predicted this probably about almost two years ago now, where we said it's no longer about this DevOps, it's about the DevSecOps model, right. And it's not about the security team being in the back room, but in the front room, meaning that the security operations, the CISO, the security analysts needs to have a role in how these new architectures, new infrastructures are built and managed. And so what we see in a lot of organizations is whether those teams are merged or whether they're starting to work together, they need one single platform and that's why they choose Sumo. So you're seeing the formation informally of DevSecOps as well as formally of DevSecOps. And that's really providing the agility to be able to release applications faster, while also providing the security and credibility for making sure there's not a breach, a data breach or a user issue. >> So from a regulatory perspective, GDPR coming up quick, 2018 in May. A lot of customers are looking towards their security partners to help understand the data that they have on-premises, the data they have in the cloud, and get controls around that so they can avoid massive, 4% of their revenue fines, how does Sumo help with those accounts? >> Well back to your question just from right now, I think what's happening there is whether they're regulatory or industry-related standards, or security teams wanting to be more proactive, they're actually starting to be enablers for the business, surprisingly. And so what we're seeing in the case of GDPR is that's an accelerant to adopt cloud, because we actually isolate the data down into regions, and the way we've architected our platform from day one has always been a true, multi-tenant SaaS technology platform. And so there's not that worry about data resiliency and where it resides and how you get access to it because we've built all that out. And so when we go through all of our own attestations, whether it's SOC Type 1, Type 2, GDPR as an initiative, what we're doing for HIPAA, what we're doing for a plethora of other things, usually the CISO says "Ah, I get it, you're way more secure, now help me." "Because I don't want the folks in development or operations "to go amok, so to speak, I wanna be an enabler, "not Doctor No." >> So that relationship with the developer, how seamless is that? Are they changing their workflows from a development process? >> Absolutely, I think what's happening now is not only the formation of this DevSecOps model, you're starting to see the rationalization of tools to be able to support that. And so in a lot of cases, the CISOs are being pulled in because the business made the decision to move to the cloud. Now the CISO needs a new posture because of data access, data privacy, things like we just talked about, GDPR, and once they realize that Sumo can provide that lens and provide the analytics, but enable the developers to have the agility, they become our biggest advocate in a lot of these accounts. So they're the ones often times with initial budget, because there's a lot more budget typically for security, they'll bring Sumo Logic in, they deploy it, and then they extend it to other groups. I'll give you an example, we started with Pinterest. Pinterest had a PCI audit issue. They had a short window where they had to pass their auditor's requirements. They brought us in and in a span of a few weeks, we helped them get through that audit. They had the Sumo console and all the alerts, notifications up on the dashboard. The DevOps team got wind of it, six weeks later we did a multimillion-dollar, multi-year deal with them for their entire elastic displacement and their monitoring stack. That's all about the land and expand model that Sumo's been doing now for seven and a half years. And it's predicated on security being the champion, not always DevOps being the champion. >> Fantastic, so you guys have a booth here, we can see it right this direction. What are some of the cool things, last question, that people can see and learn coming to the Sumo booth here at AWS? >> So I think it's probably a bigger point that we're trying to illustrate here at the conference and just our point of view in general, I think the announcements that we all saw today with respect to what Jassy talked about, the ML toolkits, the things around Kubernetes, it's really about flexibility around choice. So what we're actually demoing here is our support for Kubernetes, and Docker containers, but it's all wrapped up into something even more intriguing here, and it's something that we look at as, something we refer to as, the analytics economy. All this technology, all this power that's being delivered and announced today, is empowering a slew of new use cases that have not been yet addressed. And so we feel like we're the forerunner in that in helping design things with GuardDuty for example, but it's not just about things that are running in AWS. I know we're at this event, but customers want choice. That's why Docker, that's why Kubernetes, that's why multi-cloud is important. So what they'll find in our booth is not only the best platform for building, running, and securing modern apps on AWS, but also the ability to have that portability and flexibility to pulling in GCP, to Azure, to their own data centers, because that's the world we live in, the complex world. >> Wow, exciting, your passion and excitement for what you guys do and how you're really have successfully become a trusted advisor is very palpable. So we'll have to have you back on the show, 'cause there's clearly a lot more to talk about. Unfortunately we're out of time. I'm Lisa Martin, for Keith Townsend and Ramin Sayar, thank you so much for watching The Cube. Stick around, we're live on day two of AWS re:Invent 2017. We'll be right back. (electronic music)

>> Announcer: Live from Manhattan It's theCUBE! Covering AWS Summit New York City 2017. Brought to you by Amazon Web Services. >> And welcome back here to New York. We're at the Javits Center here in midtown Manhattan for AWS Summit 2017. Along with Stu Miniman, I'm John Walls. Glad to have you here on theCUBE we continue our coverage here from New York City. Well, if you're making that move to the cloud these days, you're thinking about privacy, you're thinking about security, you're thinking about compliance. Big questions, and maybe some big problems that Bill Shin can answer for you. He is the Principal Security Architect at AWS, and Bill, thanks for being with us. >> Thanks for giving me the time. >> Hey CUBE rookie, right? This is- >> This is my first time. >> Your maiden voyage. >> First time for everything. >> Glad to have you, yeah. So I just hit on some of the high points, these are big, big questions for a lot of folks I would say. Just in general, before we jump in, how do you go about walking people into the water a little bit, and getting them thinking, get their arms around these topics? >> Absolutely. It's still among the first conversations we have with customers, it's our top priority at AWS, the security, and customers are concerned about their data security, regardless of where that data is. Once they move it into the cloud it's a real opportunity to be more secure, it's an opportunity to think about how they're doing security, and adapt and be a little faster. So we have a really prescriptive methodology for helping customers understand how to do a clouded option, and improve their security at the same time. We have a framework called the Well-Architected Framework, and there's a security pillar in that framework, it's built around five key areas. Identity access management, which is really what you should be thinking about first, because authorization is everything. Everything is code, everything is in API, so it all has to be authorized properly. Then we move into detective controls and talk about visibility and control, turning on CloudTrail, getting logging set up. All the detective controls so that before you even move a workload into the cloud, you know exactly what's happening, right? And then we move into infrastructure security, which includes your network trust boundaries, zone definition, things like firewall rules, load balancers, segmentation, as well as system security. Hardening and configuration state of all the resources in their account. Then we move on to data protection as we walk customers through this adoption journey. Things like encryption, backup, recovery, access control on data. And then finally incident response. We want to make sure that they have a really good, solid plan for incident response as they begin to move more and more of their business into the cloud. So to help them wade through the waters we bring it up. The CSO is a key partner in a clouded option, organizations need to make sure security is in lockstep with engineering as they move to the cloud. So we want to help with that. We also have the Cloud Adoption Framework, and there's a security perspective in that framework. Methodology for really treating security more like engineering these days. So you have Dev Ops and you have Dev Sec Ops. Security needs to have a backlog, they need to have sprints, they need to have user stories. It's very similar to how engineering would do it. In that way their partnering together as they move workloads into the cloud. >> Amazon's releasing so many new features, it's tough for a lot of us to keep up. Andy Jassey last year said, "Every day when you wake up, there's at least three new announcements coming out." So it's a new day, there are a number of announcements in your space, maybe bring us up to speed as to what we missed if you just woke up on the West Coast. >> Sure, sure. Customers love the pace of innovation, especially security organizations, they really like the fact that when we innovate on something, it means they might not have to put as much resources on that particular security opportunity or security concern. They can focus more on their code quality, more on engineering principles, things like that. So today, we happily announced Amazon Macie, love it, it performs data classification on your S3 objects. It provides user activity monitoring for who's accessing that data. It uses a lot of our machine learning algorithms under the hood to determine what is normal access behavior for that data. It has a very differentiated classification engine. So it does things like topic modeling, regular expressions, and a variety of other things to really identify that data. People were storing trillions of objects in S3, and they really want to know what their data is, whether it's important to them. Certainly customer's data is the most important thing, so being able to classify that data, perform user analytics on it, and then be able to alert and alarm on inappropriate activities. So take a look at Macie, it's really going make a big difference for customers who want to know that their data is secure in S3. >> Actually I got a question from the community looking at Macie came out, we've got a lot of questions about JDPR coming out. >> Bill: Okay sure, yeah. >> So Macie, or the underlying tech, can that be- >> Bill: Absolutely a great tool. We think the US is the greatest place to be to perform JDPR compliance. You really got to know your data, you have to know if you're moving data by European citizens around, you really have to understand that data. I think Macie will be a big part of a lot of customer strategy on JDPR compliance. To finish your question, we've announced quite a few things today, so Macie's one of them. We announced the next iteration of Cloud HSM, so it's cheaper, more automated, deals more with the clustering that you don't have to do. Deeper integration with things like CloudTrail. Customers really wanted a bit more control and integration with the services that what the previous iteration was, so we've offered that. We announced EFS volume encryption too, so EFS, or Elastic File System encryption at rest. It natively integrates with the key management system the same way that the many of our services do when you're storing data. We announced some config rules today to help customers better understand the access policies on their S3 buckets. So yeah, good stuff. >> John: Busy day, >> Busy day. >> I mean just from a security standpoint, when you are working with a new client, do you ever uncover, or do they discover things about themselves that need to be addressed? >> Bill: Yeah. I think the number one thing, and it's true for many organizations when they move to the cloud, is they want that agility, right? And when we talk to security organizations, one of the top things we advise them on is how to move faster. As much as we're having great conversations about WAF and Shield, the Web Application Firewall, and Shield, our D-DOS solution, Inspector, which performs configuration assessments, all the security services that we've launched, we're also having pretty deep conversations with security organizations these days about CodeStar, CodePipeline, CodeDeploy, and then DevOps tool chains, because security can get that fast engineering principles down, and their just as responsive. It also puts security in the hands of engineers and developers, you know that's the kind of conversations we're having. They discover that they kind of need to get a little closer to how development does their business. You know, talking in the same vocabulary as engineering and development. That's one of the things I think customers discover. Also it's a real opportunity, right? So if you don't have to look after a data center footprints and all the patch panels and switches and routers and firewalls and load balancers and things you have on premises, it really does allow a shift in focus for security organizations to focus on code quality, focus on user behavior, focus on a lot of things that every CSO would like to spend more time on. >> Bill, one of the things a lot of companies struggle with is how they keep up with everything that's happening, all the change there, when I talk to my friends in the security industry it's one of the things that they're most excited about. Is we need to be up on the latest fixes and the patches, and when I go to public cloud you don't ask somebody "Hey what version of AWS or Azure are you running on?" You're going to take care of that behind the scenes. How do you manage the application portfolio for customers, and get them into that framework so that they can, you know we were talking about, Cameron, Jean Kim just buy into that as security just becomes part of the process, as I get more out of agile. >> Yeah, so the question is really about helping customers understand all the services, and really get them integrated deeply. A couple of things, certainly the well architected framework, like I mentioned, is helpful for that. We have solution architects, professional services consultants, a very, very rich partner ecosystem that helps customers. A lot of training for security, there's some free training online, there's classroom, instructor-led training as well, so that training piece is important. I think the solutions are better together. We have a lot of great building blocks, but when you look at something like CloudTrail Cloud Watch Events, and Lambda together, we try and talk about the solutions, not just the individual building blocks. I think that's one key component too, to help them understand how to solve a security problem. Take, for example, monitoring the provisioning of identities and roles and permissions. We really want customers to know that that CloudTrail log, when someone attaches a role to a policy, that can go all the way to a slack channel, that can go all the way to a ticket system. You really want to talk about the end-to-end integration with our customers. Really to help them keep pace with our pace of innovation. We really try and get the blog in front of them, the security blog is a great source of information for all the security announcements we make. Follow Jeff Bar's Twitter, a bunch of things to help keep pace with all of our launches and things, yeah. >> You brought up server lists, if I look at the container space, which is related of course, security has been one of those questions. Bring us up to speed as to where you are with security containers, Lambda- >> Sure, I think Lambda's isolation is very strong, in Lambda we have a really confidence in the tenant isolation model for those functions. The nice thing about server lists is, when there's no code running, you really don't have a surface area to defend. I think from a security perspective, if you were building an application today, and you go to your security team and say "I'd really like to build this little piece of code, and tie these pieces of code together, and when they're not running there's nothing there that you need to defend." Or, would I like to build this big set of operating systems and fleet management and all the things I have to do. It's kind of a, it's a pretty easy conversation right? All the primitives are there in server-less. You have strong cryptography TLSM endpoints, you've got the IM policy framework so that identity access management has really consistent language across all the services, so principles, actions, resources, and conditions is the same across every service. It's not any different for server-less, so they can leverage the knowledge they have of how to manage identities and authorization in the same way. You've got integration of CloudTrail. So all the primitives are there, so customers can focus on their code and being builders. >> Stu: So it sounds like that's part of the way to attach security for IOT then if we're using those. >> I think for IOT it's a very similar architecture too, so you have similar policies that you can apply to what a device you can write to in the cloud. We have a really strong set of authorization and authentication features within the IOT platform so that it makes it easy for developers to build things, deploy them, and maintain them in a secure state. But you can go back to the Well-Architected Framework and the CAF, the Cloud Adoption Framework, you take those five key areas, you know identity, detective controls, infrastructure security, data protection, and IR incident response. It's pretty similar across all the different services. >> It just comes back to the fundamentals. >> It does, absolutely. And for customers, you know those control objectives haven't changed right? They have those control objectives today, they'll have them in the cloud, and we just want to make it easier and faster. >> Well Bill, thanks for being with us. >> You bet, thank you very much. >> Good to have you on theCUBE, look forward to seeing you again for the second time around. >> See you then hopefully >> Bill Shin, from AWS joining us here on theCUBE. Continuing our coverage from the AWS Summit here in New York in just a bit. (techno music)

>> Narrator: Live from Las Vegas, Nevada, it's theCUBE covering AWS re:Invent 2016. Brought to you by AWS and its ecosystem partners. Now here is your host, John Furrier. >> Hey, welcome back everyone. We are here live in Las Vegas for AWS Amazon Web Services re:Invent 2016, their annual industry conference. The center of the universe in the tech world, 32,000 attendees, broke all records. It grew from 16,000 last year, almost double. I'm John Furrier with theCUBE. We are here getting all of the signal from the noise. Three days of wall-to-wall coverage. Our next guest Ramin Sayar, who's the President and CEO of Sumo Logic. Welcome to theCube, welcome back. >> Very well, thank you much. Nice to be here. >> So, when did you move over to Sumo Logic? >> So interestingly enough, it's two years this Friday. >> Okay so give us a quick update and then I want to dive into the relationship with Amazon. You guys clearly doing big data early. In the wave of the Hadoop is big data, but those other methodologies. Quick history of what you guys are doing now and status of the company. >> Sure. So the company is about seven years old. We were founded, born, actually bred on AWS. We don't have a single server in our place and interesting enough, the premise of founding Sumo, seven and a half years ago, actually was to build a multi-tenant SAAS-based machine data analytics platform to start to address a lot of the security, but also the operational issues that customers were facing. Our founders actually came from a security background and realized that rear-view mirror technologies and looking at historical aspects wasn't good enough. So low and behold, they made a big bet at that time, six years, almost seven years ago, to build exclusively on AWS and today, on an average day, we're ingesting about 70 terabytes of data, we're analyzing over 100 petabytes of data on AWS. >> So talk about the specific implementations. Obviously using all of the services, is there any particular ones, obviously storage, Glacier, you must be using some Glacier, but is it mostly S3, is it ElasticBox Storage? >> S3, C2, we use, obviously, some of the other services, but more importantly, we enable all of the services that AWS provides for their customers to be seamlessly supported by Sumo. So when you log into Sumo or you create a brand new account you give us your credentials, everything from Kinesis to Lambda, to EC2, to ElasticBox Storage, all of those are out-of-the-box that are supported. >> And you guys had a great booth last year. This huge booth, right in the front, with sumo wrestlers. I mean that stole the show in the age of Twitter and Instagram. The share of voice on that was pretty significant. >> Yeah I think there's an underpinning tone there, which is we want to wrangle your data, right. And no one knows big data more than a sumo. And we have earned the right now, after seven years in with 100 petabytes of data that we're analyzing every single day, to be a lot more prescriptive for customers in terms of how to approach the way they build, run, and secure these modern apps. >> We've been following you guys in context of the big data space. I don't think we've had a lot of briefings on the analysis side. I think we should get you guys certainly plugged-in with George Gilbert, our analyst, but what's interesting is the predictive marketing and then a lot of certain verticals were really in early on big data and you guys were there. What's evolved since then? Because now you're seeing, with AWS certainly, you've got streaming, you got redshift doing very well, the services that they've added on over the past few years has been pretty significantly and kind of right in your wheelhouse. >> Yeah. >> John: So what new use-cases are popping up now? What are you guys doing for business? What's some of the profile customers? How are they using Sumo and what's the value for them? >> Great question. So a few things we're seeing. One is with the availability of all these services that Amazon is providing, the cycle time for releasing new code and overall applications is becoming much less. And as a result there's not just a need to move to continuous integration or continuous deployment, it's about continuous updates. So the challenge that brings for a lot of our customers they need real-time visibility. We refer to that as continuous intelligence. So our platform is predicated on the fact that we have near real-time analytics streaming engine that as data is coming in, you can get visibility for your developers, you can get visibility for your operations teams, and you can get visibility for your security compliance teams. So let me give you a couple of examples. You asked for customers, Huddle is one of the customers they spoke about today. >> John: Jeff Frick and I love Huddle. >> Football videos, but you know they support Premier League, they support Aussie rule football, I mean there's a lot of sports right? And so they're uploading video and there's a great service not for just college or high school athletes, but professional athletes to understand their game and analyze their games. So underpinning that, actually Huddle's using Sumo to run their service, to manage their service. Not too distinct from Domo or Qualtrics or other customers like SalesForce, Adobe. We have customers like Land-O-Lakes. We do a lot in media and entertainment, gaming, online retailers. So what do they all have in common? They're either migrating to the cloud, one. Two, they're doing digital transformation or some sort of digital application initiative. Three, they need some way to get visibility real-time into their applications and services from a security perspective, but also an operational perspective. >> What's the driver for customers right now? Because one of the things we hear all the time is people are trying to account for their data. So analytics is kind of like this, well data warehouse was this old mentality, but now smart people started putting into mainstream, but now there's more of a data accountability aspect. The metadata, really valuable. How are customers doing that with you guys? 'Cause I can see them getting their toes wet with Sumo and then getting up and saying "Wow I can use some prescriptive analytics, predictive marketing", whatever the use-case could be, but now you gotta start thinking where's the data coming from and where's it accounted for. Is there a data economy? >> So what's interesting about that, you mentioned metadata, and that's what it's about. Our system, we ingest any type of structured or unstructured data. And we actually analyze a lot of the metadata. In fact, like I mentioned earlier, we're analyzing over 100 petabytes every single day on AWS. And so what we're able to actually help our customers do now is be much more prescriptive and provide insights as to the 1300 customers that are on Sumo, the 74% of them that run on AWS, about a quarter of them are using things like Lambda. Another two-thirds are using EC2, but how? And what types of queries are they doing? And what types of services are they building with Docker containers, or Mesosphere, or others of that type of services? So now we've actually entered a position where we're actually the trusted advisor for a lot of these companies in moving to the cloud, building new, modern apps because we've been doing it for seven and a half years. >> Yeah. >> Ramin: And so the metadata starts to become important because we actually put out a recent survey we called "The state of the modern app". And that whole report was premised on the 100 plus petabytes every single day over a six month period, how are customers using AWS, what services are they using and not using, and what should you consider? The number one thing we found in that report was only half of the customers, of which 74% of the 1300 run on AWS, were actually doing anything with CloudTrail with respect to security. That means the other half are potentially vulnerable to breach. >> John: Yeah. >> John: What percentage? >> 50%. >> So half were exposed. >> Half are exposed >> John: No audit at all. >> Ramin: No audit at all. So now we're actually proactively notifying them saying, "Hey listen for your type of deployment you're using these types of common services. Others similar to you should use the following." >> That brings up a good point. So let's unpack that because what that brings up is a lot of people get into data and they hear all this stuff in the news. Oh big data driven and you know they can drink the Kool-Aid and go "Okay I buy that vision." But there's some pretty urgent issues on the table that people got to deal with in the enterprise and or if they're cloud native and that is security. You mentioned it. I mean that has become such the low-hanging fruit for data analytics. So Splunk being very successful with that. Cyber, we talked to Teresa Carlson earlier. Their public-sector business is exploding, certainly with the CIA and others. I'm sure you guys got some of those clients. But that highlights that yeah that's all fine and dandy to do some nice stuff over here to figure out recommendation engine for this or that, when you got security holes out there. Are you seeing that on your end too? >> Well interestingly enough, that's how we started. We started with the goal of providing analytics and more importantly we wanted to democratize analytics initially for security in the cloud. And so, we actually before Amazon Web Services really built things like PKI or public key encryption or things around encrypting data transfer, we had built that into our system and service. So what we actually are able to do now is not only show how we can encrypt the data and do all this services, but show them how they should actually start to use CloudTrail and how they should architect these modern apps, and what things they should be concerned about from a vulnerability and risk point of view. One of the newest products that we just announced is in early-access around threat vulnerability and threat intelligence because now we're getting a 360 degree view for a lot of our customers because you saw today the hybrid announcement right? That's going to be there for a while. What Sumo allows a lot of our customers to do is from their on-premise data center to their CDNs to all their SAAS applications like SalesForce, or WorkDay, or DropBox, or Box to all those things running on ASH or Amazon and the like, we provide a whole 360 view. And we can actually now >> John: So you get real-time >> John: as well on that? >> Real-time. >> Ramin: So our system and service is predicated on a real-time data streaming engine. >> Yeah so you guys can coexist in multi-cloud world. >> Absolutely. >> John: That's your premise. >> Ramin: No pun intended right? (laughing) >> All right, let's talk about contextual data and what companies should do and why they should get you guys involved in the use-cases of going forward, planning. A lot of conversation here at re:Invent is AWS 2.0. They go on to the next level, Enterprise, a little bit more complicated than say Cloud Native greefield apps. How should they be thinking about their data? You've been doing this for seven years in AWS and you probably have clients that aren't on AWS some are, some aren't, that's the makeup. But generally what's the architecture? What should be holistic concept for CIO, CXO, or down to the practitioner level, what's the guiding principles? >> It starts with a fundamental principle of form follows function. And you know this is a sports analogy, but if you're not formed right, you're not going to function right. So a lot has to do with a conscious decision customers need to make in terms of how they're going to structure their teams and whether they're going to move to a true dev-ops model where they're pushing hourly, daily, weekly, and whether they need to or not for certain applications versus others. And then it goes into function in terms of how they start to architect their applications. What services they need to use. And we've actually learned that over seven and a half, eight years ourselves, seven which years were running on AWS. And so the advice often times we give to a lot of our customers is understand where the mission critical workloads that you need to migrate, categorize those. Second is, which of the greenfield apps you're building and why. And what type of retention and security policies do you need and these are the common services you should probably consider with AWS. And then third is, the other set of applications you don't really care about, leave them for now. Focus on your expertise here. >> It's really triaging the sequence or order of app rollout, basically. Well thanks for coming on theCube. Really appreciate Ramin. I want you to take a minute to close us out and talk about for the folks watching, what's new with Sumo Logic? Why should they be working with you? What's the pitch? What's new? What's relevant for you guys? >> Great, so obviously we're a big data company, but more specifically our service and our strategy was predicated on democratizing analytics. And so we refer to that as continuous intelligence. And so as this digital transformation is taking place, and we're seeing it here, we're seeing it across every part of the businesses, we are well suited for every company that's got either a migration effort or an active, new project going on AWS. And so we can provide a simple, secure, highly scalable machine data analytics platform as a service and that's what Sumo is all about. >> And your business plan for the next year is what? Knock down more customers? Do more product development? All of the above? Channel? What's the strategy? >> So good question. So on one hand we're introducing a new product. We've kind of hinted to some of that today with some threat intelligence. Second is, we just introduced a new product about a month ago that we're starting to monetize. It's about semi-structured data. And third is, we're gonna start to really expand our routes to market and channels. One of the things that we participated in recently with Amazon is the new Amazon SAAS marketplace program. We're in with a handful of companies that participate in design and development there. And so that allows very seamlessly for customers to come try, buy, and decide whether they go month-to-month, semi-annually, or year. >> Well that will accelerate the operational nature of your product. >> Absolutely, but that's the way we sell today. In fact, our whole business model is predicated on land and expand. You're probably familiar with this whole notion of cohorts. >> Yup. >> And that dollar retention. Well the median, if you look at PACCrest and Morgan Stanely and the other firms, tend to be 103 to 105. Best in class tends to be 110 to 115. We've been well north of 160 for 19 straight quarters. >> Well Jassie said that on his keynote today. The bombastic days of handwaving are over. If you don't see it right there, the value, in front of you, don't buy it. >> Don't buy it. >> It's really the marketplace's vision. >> That's marketplace vision and that's what we're all about at Sumo Logic. >> Ramir Sayar, President and CEO of Sumo Logic. Congratulations on your success. Continued success. This is theCube bringing you all the action live in Las Vegas for re:Invent 2016, I'm John Furrier. Be right back with more after this short break. You're watching theCube.