hello and welcome to this special cube conversation i'm dave nicholson and this is part of our continuing coverage of google cloud next 2021 i have two very special guests with me and we are going to talk about the topic of security uh i have sunil potti who is vice president and general manager of google cloud security uh who in a previous life had senior leadership roles at nutanix and citrix along with lior div who is the ceo and co-founder of cyber reason lior was formerly a commander in the much famed unit 8200 uh part of the israeli defense forces uh where he was actually a medal of honor recipient uh very uh honored to have him here this morning sunil and lior welcome to the cube sunil welcome back to the cube yeah great to be here david and and to be in the presence of a medal of honor recipient by the way a good friend of mine leor so be here well good to have both of you here so uh i'm the kind of person who likes my dessert before my uh before my entree so why don't we just get right to it you're the two of you are here to announce something very very significant uh in the field of security uh sunil do you want to start us out what are we here to talk about yeah i mean i think maybe uh you know just to set this context um as as many of you know about a decade ago a nation's sponsored attack you know actually got into google plus a whole bunch of tech companies you know the project aurora was quite uh you know infamous for a certain period of time and actually google realized almost a decade ago that look you know security can't just be a side thing it has to be the primary thing including one of the co-founders becoming for lack of a better word the chief security officer for a while but one of the key takeaways from that whole incident was that look you have to be able to detect everything and trust nothing and and the underpinning for at least one of them led to this whole zero trust architectures that everybody now knows about but the other part which is not as popular at least in industry vernacular but in many ways equally important and some ways more important is the fact that you need to be able to detect everything so that you can actually respond and that led to the formation of you know a project internal to google to actually say that look let's democratize uh storage and make sure that nobody has to pay for capturing security events and that led to the formation of this uh new industry concept called a security data lake in chronicle was born and then as we started evolving that over into the enterprise segment partnering with you know cyber reason on one hand created a one plus one equals three synergy between say the presence around what do you detect from the end point but also generally just so happens that as lior will tell you the cyber reason technology happens to start with endpoint but it's actually the core tech is around detecting events but doing it in a smart way to actually respond to them in much more of a contextual manner but beyond just that you know synergy between uh you know a world-class planet scale you know security data like forming the foundation and integrating you know in a much more cohesive way with uh cyber reasons detection response offering the spirit was actually that this is the first step of a long journey to really hit the reset button in terms of going from reactive mode of security to a proactive mode of security especially in a nation-state-sponsored attack vector so maybe leo you can speak a few minutes on that as well absolutely so um as you said i'm coming from a background of uh nation state hacking so for us at cyberism it's uh not is foreign uh what the chinese are doing uh on a daily basis and the growing uh ransomware cartel that's happening right now in russia um when we looked at it we said then uh cyberism is very famous by our endpoint detection and response capability but when we establish cyber reason we establish the cyberism on a core or almost fundamental idea of finding malicious operation we call it the male idea so basically instead of looking for alerts or instead of looking for just pieces of data we want to find the hackers we want to find the attack we want to be able to tell basically the full story of what's going on uh in order to do that we build the inside cyberism basically from day one the ability to analyze any data in real time in order to stitch it into the story of the male the malicious operation but what we realize very quickly that while our solution can process more than 27 trillion events a week we cannot feed it fast enough just from end point and we are kind of blind when it comes to the rest of the attack surface so we were looking uh to be honest quite a while for the best technology that can feed this engine and to as sunil said the one plus one equal three or four or five to be able to fight against those hackers so in this journey uh we we found basically chronicle and the combination of the scale that chronicle bringing the ability to feed the engine and together basically to be able to find those hackers in real time and real time is very very important and then to response to those type of attack so basically what is uh exciting here we created a solution that is five times faster than any solution that exists right now in the market and most importantly it enables us to reverse the atmospheric advantage and basically to find them and to push them out so we're moving from hey just to tell you a story to actually prevent hackers to being in your environment so leor can you i want to double click on that just just a little bit um can you give give us a kind of a concrete example of this difference between simply receiving alerts and uh and actually um you know taking taking uh uh correlating creating correlations and uh and actually creating actionable proactive intelligence can you give us an example of that working in in the real world yeah absolutely we can start from a simple example of ransomware by the time that i will tell you that there is a ransomware your environment and i will send an alert uh it will be five computers that are encrypted and by the time that you gonna look at the alert it's gonna be five thousand uh basically machines that are encrypted and by the time that you will do something it's going to be already too little too late and this is just a simple example so preventing that thing from happening this is critical and very timely manner in order to prevent the damage of ransomware but if you go aside from ransomware and you look for example of the attack like solarwind basically the purpose of this attack was not to create damage it was espionage the russian wanted to collect data on our government and this is kind of uh the main purpose that they did this attack so the ability to be able to say hey right now there is a penetration this is the step that they are doing and there is five ways to push them out of the environment and actually doing it this is something that today it's done manually and with the power of chronicle and cyberism we can do it automatically and that's the massive difference sunil are there specific industries that should be really interested in this or is this a is this a broad set of folks that should be impacted no you know in some ways uh you know the the the saying these days to learn's point on ransomware is that you know if if a customer or an enterprise has a reasonable top-line revenue you're a target you know you're a target to some extent so in that sense especially given that this has moved from pure espionage or you know whether it be you know government oriented or industrial espionage to a financial fraud then at that point in time it applies to pretty much a wide gamut of industries not just financial services or you know critical infrastructure companies like oil and gas pipeline or whatever it could be like any company that has any sort of ip that they feel drives their top line business is now a target for such attacks so when you talk about the idea of partnership and creating something out of a collaboration what's the meat behind this what what what do you what are you guys doing beyond saying you know hey sunil lior these guys really like each other and they respect what the other is doing what's going on behind the scenes what are you actually implementing here moving forward so every partnership is starting with love so it's good [Laughter] but then it need to translate to to really kind of pure value to our customers and pure value coming from a deep integration when it's come to the product so basically uh what will happen is every piece of data that we can collect at cyber is in uh from endpoint any piece of data that the chronicle can collect from any log that exists in the world so basically this is kind of covering the whole attack surface so first we have access to every piece of information across the full attack surface then the main question is okay once you collect all this data what you're gonna do with it and most of companies or all the companies today they don't have an answer they're saying oh we're gonna issue an alert and we hope that there is a smart person behind the keyboard that can understand what just happened and make a decision and with this partnership and with this integration basically we're not asking and outsourcing the question what to do to the user we're giving them the answer we're telling them hey this is the story of the attack this is all the pieces that's going on right now and in most cases we're gonna say hey and by the way we just stopped it so you can prevent it from the future when will people be able to leverage this capability in an integrated way and and and by the way restate how this is going to market as an integrated solution what is what is the what is what are we going to call this moving forward so basically this is the cyber reason xdr uh powered by chronicle and we are very very um uh happy about it yeah and i think just to add to that i would say look the the meta strategy here and the way it'll manifest is in this offering that comes out in early 2022 um is that if you think about it today you know a classical quote-unquote security pipeline is to detect you know analyze and then respond obviously you know just just doing those three in a good way is hard doing it in real time at scale is even harder so just that itself was where cyber reason and chronicle would add real value where we are able to collect a lot of events react in real time but a couple of things that i think that you know to your original point of why this is probably going to be a little for game changer in the years to come is we're trying to change that from detect analyze respond to detect understand and anticipate so because ultimately that's really how we can change you know the profile from being reactive in a world of ransomware or anything else to being proactive against a nation sponsored or nation's influenced attacks because they're not going to stop right so the only way to do this is to rather than just go back up the hatches is just really you know change change the profile of how you'll actually anticipate what they were probably going to do in 6 months or 12 months and so the the graph technology that powers the heart of you know cyber reason is going to be intricately woven in with the contextual information that chronicle can get so that the intermediate step is not just about analysis but it's about truly understanding the overall strategy that has been employed in the past to predict what could happen in the future so therefore then actions could be taken downstream that you can now say hey most likely this these five buckets have this kind of personal information data there's a reasonable chance that you know if they're exposed to the internet then as you create more such buckets in that project you're going to be susceptible to more ransomware attacks or some other attacks right and that's the the the kind of thinking or the transformation that we're trying to bring out with this joint office so lior uh this this concept of uh of mallops and uh cyber reason itself you weren't just born yesterday you've been you've been uh you have thousands of customers around the globe he does look like he was born i i know i know i know well you you know it used to be that the ideal candidate for ceo of a startup company was someone who dropped out of stanford i think it's getting to the point where it's people who refused admission to stanford so uh the the dawn of the 14 year old ceo it's just it's just around the corner but uh but lior do you get frustrated when you see um you know when you become aware of circumstances that would not have happened had they implemented your technology as it exists today yeah we have a for this year it was a really frustrating year that starting with solarwind if you analyze the code of solarwind and we did it but other did it as well basically the russians were checking if cyberism is installed on the machine and if we were installed on the machine they decided to stop the attack this is something that first it was a great compliment for us from you know our not friend from the other side that decided to stop the attack but on a serious note it's like we were pissed because if people were using this technology we know that they are not going to be attacked when we analyze it we realize that we have three different ways to find the solar wind hackers in a three different way so this is just one example and then the next example in the colonial pipeline hack we were the one that found darkseid as a group that we were hacking we were the first one that released a research on them and we showed how we can prevent the basically what they are doing with our technology so when you see kind of those type of just two examples and we have many of them on a daily basis we just know that we have the technology in order to do that now when we're combining uh the chronicle technology into the the technology that we already have we basically can reverse the adversary advantage this is something that you're not doing in a single day but this is something that really give power to the defenders to the communities of siso that exist kind of across the us um and i believe that if we're going to join forces and lean into this community and and basically push the solution out the ability for us to fight against those cartels specifically the ransomware cartels is going to be massive sunil this time next year when we are in uh google cloud next 2022 um are you guys going to come back on and offer up the we told you so awards because once this is actually out there and readily available the combination of chronicle and cyber reasons technology um it's going to be hard for some csos to have an excuse uh it may be it may be a uncomfortable to know that uh they could have kept the door secure uh but didn't yeah where's that bad business is that bad business to uh hand out awards for doing dumb things i don't know about uh you know a version of darwin awards probably don't make sense but but but generally speaking so i do think uh you know we're all like as citizens in this right because you know we talk about customers i mean you know alphabet and google is a customer in some ways cyber reason is a customer the cube is a customer right so i think i think the robot hitting the road a year from now will be we should we should do this where i don't know if the cube does more than two folks at the same time david but we should i mean i'm sure we'll have enough to have at least a half a dozen in in the room to kind of talk about the solution because i think the the you know as you can imagine this thing didn't materialize i mean it's been being cooked for a while between your team and our team and in fact it was inspired by feedback from some joint customers out in the market and all that good stuff so so a year from now i think the best thing would be not just having customers to talk about the solution but to really talk about that transformation from respond to anticipate and do they feel better on their security posture in a world that they know like and leo should probably spend a few minutes on this is i think we're on the tip of the sphere of this nation-state era and what we've just seen in the last few years is what maybe the nation-states have seen over two decades ago and they're going to run those playbooks on the enterprise for the next decade or so yeah leor talk about that for a minute yeah it's it's really you know just to continue the sunil thought it's it's really about finding the unknown because what's happening on the other side it's like specifically china and russia and lately we saw iran starting to gain uh power um basically their job is to become better and better and to basically innovate and create a new type of attack on a daily basis as technology has evolved so basically there is a very simple equation as we're using more technology and relying more on technology the other side is going to exploit it in order to gain more power espionage and create financial damage but it's important to say that this evolution it's not going to stop this is just the beginning and a lot of the data that was belong just to government against government fight basically linked in the past few years now criminals starting to use it as well so in a sense if you think about it what's happening right now there is basically a cold war that nobody is talking about it between kind of the giant that everybody is hacking everybody and in the crossfire we see all of those enterprises across the world it was not a surprise that um you know after the biden and putin uh meeting suddenly it was a quiet it was no ransomware for six weeks and after something changing the politics suddenly we can see a a groin kind of attack when it's come to ransomware that we know that was directed from russia in order to create pressure on the u.s economy sunil wrap us up what are your f what are what are your final thoughts and uh what's what's the what's the big takeaway here no i think you know i i think the key thing for everyone to know is look i think we are going into an era of state-sponsored uh not espionage as much as threat vectors that affect every business and so in many ways the chiefs the chief information security officer the chief risk officer in many ways the ceo and the board now have to pay attention to this topic much like they paid attention to mobile 15 years ago as a transformation thing or maybe cloud 10 years ago i think cyber has been one of those it's sort of like the wireless error david like it existed in the 90s but didn't really break around until iphone hit or the world of consumerization really took off right and i think we're at the tip of the spear of that cyber really becoming like the era of mobile for 15 years ago and so i think that's the if there's like a big takeaway i think yes there's lots of solutions the good news is great innovations are coming through companies like cyber reason working with you know proven providers like google and so forth and so there's a lot of like support in the ecosystem but i think if there was one takeaway that was that everybody should just be ready internalized we don't have to be paranoid about it but we anticipate that this is going to be a long game that we'll have to play together well with that uh taking off my journalist hat for a moment and putting on my citizen hat uh it's reassuring to know that we have really smart people working on this uh because when we talk about critical infrastructure control systems and things like that being under threat um that's more significant than simply having your social security number stolen in a in a data breach so um with that uh i'd like to thank you sunil leor thank you so much for joining us on this special cube conversation this is dave nicholson signing off from our continuing coverage of google cloud next 2021 [Music] you