>> Now we're recording. >> All right. >> Appreciate that, Hannah. >> Yeah, so I mean, I think in general we continue to do very, very well as a company. I think like everybody, there's economic headwinds today that are unavoidable, but I think we have a couple things going for us. One, we're in the cyberspace, which I think is, for the most part, recession proof as an industry. I think the impact of a recession will impact some vendors and some categories, but in general, I think the industry is pretty resilient. It's like the power industry, no? Recession or not, you still need electricity to your house. Cybersecurity is almost becoming a utility like that as far as the needs of companies go. I think for us, we also have the ability to do the security, the security operations, for a lot of companies, and if you look at the value proposition, the ROI for the cost of less than one to maybe two or three, depending on how big you are as a customer, what you'd have to pay for half to three security operations people, we can give you a full security operations. And so the ROI is is almost kind of brain dead simple, and so that keeps us going pretty well. And I think the other areas, we remove all that complexity for people. So in a world where you got other problems to worry about, handling all the security complexity is something that adds to that ROI. So for us, I think what we're seeing is mostly is some of the larger deals are taking a little bit longer than they have, some of the large enterprise deals, 'cause I think they are being a little more cautious about how they spend it, but in general, business is still kind of cranking along. >> Anything you can share with me that you guys have talked about publicly in terms of any metrics, or what can you tell me other than cranking? >> Yeah, I mean, I would just say we're still very, very high growth, so I think our financial profile would kind of still put us clearly in the cyber unicorn position, but I think other than that, we don't really share business metrics as a private- >> Okay, so how about headcount? >> Still growing. So we're not growing as fast as we've been growing, but I don't think we were anyway. I think we kind of, we're getting to the point of critical mass. We'll start to grow in a more kind of normal course and speed. I don't think we overhired like a lot of companies did in the past, even though we added, almost doubled the size of the company in the last 18 months. So we're still hiring, but very kind of targeted to certain roles going forward 'cause I do think we're kind of at critical mass in some of the other functions. >> You disclose headcount or no? >> We do not. >> You don't, okay. And never have? >> Not that I'm aware of, no. >> Okay, on the macro, I don't know if security's recession proof, but it's less susceptible, let's say. I've had Nikesh Arora on recently, we're at Palo Alto's Ignite, and he was saying, "Look," it's just like you were saying, "Larger deal's a little harder." A lot of times customers, he was saying customers are breaking larger deals into smaller deals, more POCs, more approvals, more people to get through the approval, not whole, blah, blah, blah. Now they're a different animal, I understand, but are you seeing similar trends, and how are you dealing with that? >> Yeah, I think the exact same trends, and I think it's just in a world where spending a dollar matters, I think a lot more oversight comes into play, a lot more reviewers, and can you shave it down here? Can you reduce the scope of the project to save money there? And I think it just caused a lot of those things. I think, in the large enterprise, I think most of those deals for companies like us and Palo and CrowdStrike and kind of the upper tier companies, they'll still go through. I think they'll just going to take a lot longer, and, yeah, maybe they're 80% of what they would've been otherwise, but there's still a lot of business to be had out there. >> So how are you dealing with that? I mean, you're talking about you double the size of the company. Is it kind of more focused on go-to-market, more sort of, maybe not overlay, but sort of SE types that are going to be doing more handholding. How have you dealt with that? Or have you just sort of said, "Hey, it is what it is, and we're not going to, we're not going to tactically respond to. We got long-term direction"? >> Yeah, I think it's more the latter. I think for us, it's we've gone through all these things before. It just takes longer now. So a lot of the steps we're taking are the same steps. We're still involved in a lot of POCs, we're involved in a lot of demos, and I don't think that changed. It's just the time between your POC and when someone sends you the PO, there's five more people now got to review things and go through a budget committee and all sorts of stuff like that. I think where we're probably focused more now is adding more and more capabilities just so we continue to be on the front foot of innovation and being relevant to the market, and trying to create more differentiators for us and the competitors. That's something that's just built into our culture, and we don't want to slow that down. And so even though the business is still doing extremely, extremely well, we want to keep investing in kind of technology. >> So the deal size, is it fair to say the initial deal size for new accounts, while it may be smaller, you're adding more capabilities, and so over time, your average contract values will go up? Are you seeing that trend? Or am I- >> Well, I would say I don't even necessarily see our average deal size has gotten smaller. I think in total, it's probably gotten a little bigger. I think what happens is when something like this happens, the old cream rises to the top thing, I think, comes into play, and you'll see some organizations instead of doing a deal with three or four vendors, they may want to pick one or two and really kind of put a lot of energy behind that. For them, they're maybe spending a little less money, but for those vendors who are amongst those getting chosen, I think they're doing pretty good. So our average deal size is pretty stable. For us, it's just a temporal thing. It's just the larger deals take a little bit longer. I don't think we're seeing much of a deal velocity difference in our mid-market commercial spaces, but in the large enterprise it's a little bit slower. But for us, we have ambitious plans in our strategy or on how we want to execute and what we want to build, and so I think we want to just continue to make sure we go down that path technically. >> So I have some questions on sort of the target markets and the cohorts you're going after, and I have some product questions. I know we're somewhat limited on time, but the historical focus has been on SMB, and I know you guys have gone in into enterprise. I'm curious as to how that's going. Any guidance you can give me on mix? Or when I talk to the big guys, right, you know who they are, the big managed service providers, MSSPs, and they're like, "Poo poo on Arctic Wolf," like, "Oh, they're (groans)." I said, "Yeah, that's what they used to say about the PC. It's just a toy. Or Microsoft SQL Server." But so I kind of love that narrative for you guys, but I'm curious from your words as to, what is that enterprise? How's the historical business doing, and how's the entrance into the enterprise going? What kind of hurdles are you having, blockers are you having to remove? Any color you can give me there would be super helpful. >> Yeah, so I think our commercial S&B business continues to do really good. Our mid-market is a very strong market for us. And I think while a lot of companies like to focus purely on large enterprise, there's a lot more mid-market companies, and a much larger piece of the IT puzzle collectively is in mid-market than it is large enterprise. That being said, we started to get pulled into the large enterprise not because we're a toy but because we're quite a comprehensive service. And so I think what we're trying to do from a roadmap perspective is catch up with some of the kind of capabilities that a large enterprise would want from us that a potential mid-market customer wouldn't. In some case, it's not doing more. It's just doing it different. Like, so we have a very kind of hands-on engagement with some of our smaller customers, something we call our concierge. Some of the large enterprises want more of a hybrid where they do some stuff and you do some stuff. And so kind of building that capability into the platform is something that's really important for us. Just how we engage with them as far as giving 'em access to their data, the certain APIs they want, things of that nature, what we're building out for large enterprise, but the demand by large enterprise on our business is enormous. And so it's really just us kind of catching up with some of the kind of the features that they want that we lack today, but many of 'em are still signing up with us, obviously, and in lieu of that, knowing that it's coming soon. And so I think if you look at the growth of our large enterprise, it's one of our fastest growing segments, and I think it shows anything but we're a toy. I would be shocked, frankly, if there's an MSSP, and, of course, we don't see ourself as an MSSP, but I'd be shocked if any of them operate a platform at the scale that ours operates. >> Okay, so wow. A lot I want to unpack there. So just to follow up on that last question, you don't see yourself as an MSSP because why, you see yourselves as a technology platform? >> Yes, I mean, the vast, vast, vast majority of what we deliver is our own technology. So we integrate with third-party solutions mostly to bring in that telemetry. So we've built our own platform from the ground up. We have our own threat intelligence, our own detection logic. We do have our own agents and network sensors. MSSP is typically cobbling together other tools, third party off-the-shelf tools to run their SOC. Ours is all homegrown technology. So I have a whole group called Arctic Wolf Labs, is building, just cranking out ML-based detections, building out infrastructure to take feeds in from a variety of different sources. We have a full integration kind of effort where we integrate into other third parties. So when we go into a customer, we can leverage whatever they have, but at the same time, we produce some tech that if they're lacking in a certain area, we can provide that tech, particularly around things like endpoint agents and network sensors and the like. >> What about like identity, doing your own identity? >> So we don't do our own identity, but we take feeds in from things like Okta and Active Directory and the like, and we have detection logic built on top of that. So part of our value add is we were XDR before XDR was the cool thing to talk about, meaning we can look across multiple attack surfaces and come to a security conclusion where most EDR vendors started with looking just at the endpoint, right? And then they called themselves XDR because now they took in a network feed, but they still looked at it as a separate network detection. We actually look at the things across multiple attack surfaces and stitch 'em together to look at that from a security perspective. In some cases we have automatic detections that will fire. In other cases, we can surface some to a security professional who can go start pulling on that thread. >> So you don't need to purchase CrowdStrike software and integrate it. You have your own equivalent essentially. >> Well, we'll take a feed from the CrowdStrike endpoint into our platform. We don't have to rely on their detections and their alerts, and things of that nature. Now obviously anything they discover we pull in as well, it's just additional context, but we have all our own tech behind it. So we operate kind of at an MSSP scale. We have a similar value proposition in the sense that we'll use whatever the customer has, but once that data kind of comes into our pipeline, it's all our own homegrown tech from there. >> But I mean, what I like about the MSSP piece of your business is it's very high touch. It's very intimate. What I like about what you're saying is that it's software-like economics, so software, software-like part of it. >> That's what makes us the unicorn, right? Is we do have, our concierges is very hands-on. We continue to drive automation that makes our concierge security professionals more efficient, but we always want that customer to have that concierge person as, is almost an extension to their security team, or in some cases, for companies that don't even have a security team, as their security team. As we go down the path, as I mentioned, one of the things we want to be able to do is start to have a more flexible model where we can have that high touch if you want it. We can have the high touch on certain occasions, and you can do stuff. We can have low touch, like we can span the spectrum, but we never want to lose our kind of unique value proposition around the concierge, but we also want to make sure that we're providing an interface that any customer would want to use. >> So given that sort of software-like economics, I mean, services companies need this too, but especially in software, things like net revenue retention and churn are super important. How are those metrics looking? What can you share with me there? >> Yeah, I mean, again, we don't share those metrics publicly, but all's I can continue to repeat is, if you looked at all of our financial metrics, I think you would clearly put us in the unicorn category. I think very few companies are going to have the level of growth that we have on the amount of ARR that we have with the net revenue retention and the churn and upsell. All those aspects continue to be very, very strong for us. >> I want to go back to the sort of enterprise conversation. So large enterprises would engage with you as a complement to their existing SOC, correct? Is that a fair statement or not necessarily? >> It's in some cases. In some cases, they're looking to not have a SOC. So we run into a lot of cases where they want to replace their SIEM, and they want a solution like Arctic Wolf to do that. And so there's a poll, I can't remember, I think it was Forrester, IDC, one of them did it a couple years ago, and they found out that 70% of large enterprises do not want to build the SOC, and it's not 'cause they don't need one, it's 'cause they can't afford it, they can't staff it, they don't have the expertise. And you think about if you're a tech company or a bank, or something like that, of course you can do it, but if you're an international plumbing distributor, you're not going to (chuckles), someone's not going to graduate from Stanford with a cybersecurity degree and go, "Cool, I want to go work for a plumbing distributor in their SOC," right? So they're going to have trouble kind of bringing in the right talent, and as a result, it's difficult to go make a multimillion-dollar investment into a SOC if you're not going to get the quality people to operate it, so they turn to companies like us. >> Got it, so, okay, so you're talking earlier about capabilities that large enterprises require that there might be some gaps, you might lack some features. A couple questions there. One is, when you do some of those, I inferred some of that is integrations. Are those integrations sort of one-off snowflakes or are you finding that you're able to scale those across the large enterprises? That's my first question. >> Yeah, so most of the integrations are pretty straightforward. I think where we run into things that are kind of enterprise-centric, they definitely want open APIs, they want access to our platform, which we don't do today, which we are going to be doing, but we don't do that yet today. They want to do more of a SIEM replacement. So we're really kind of what we call an open XDR platform, so there's things that we would need to build to kind of do raw log ingestion. I mean, we do this today. We have raw log ingestion, we have log storage, we have log searching, but there's like some of the compliance scenarios that they need out of their SIEM. We don't do those today. And so that's kind of holding them back from getting off their SIEM and going fully onto a solution like ours. Then the other one is kind of the level of customization, so the ability to create a whole bunch of custom rules, and that ties back to, "I want to get off my SIEM. I've built all these custom rules in my SIEM, and it's great that you guys do all this automatic AI stuff in the background, but I need these very specific things to be executed on." And so trying to build an interface for them to be able to do that and then also simulate it, again, because, no matter how big they are running their SIEM and their SOC... Like, we talked to one of the largest financial institutions in the world. As far as we were told, they have the largest individual company SOC in the world, and we operate almost 15 times their size. So we always have to be careful because this is a cloud-based native platform, but someone creates some rule that then just craters the performance of the whole platform, so we have to build kind of those guardrails around it. So those are the things primarily that the large enterprises are asking for. Most of those issues are not holding them back from coming. They want to know they're coming, and we're working on all of those. >> Cool, and see, just aside, I was talking to CISO the other day, said, "If it weren't for my compliance and audit group, I would chuck my SIEM." I mean, everybody wants to get rid of their SIEM. >> I've never met anyone who likes their SIEM. >> Do you feel like you've achieved product market fit in the larger enterprise or is that still something that you're sorting out? >> So I think we know, like, we're on a path to do that. We're on a provable path to do that, so I don't think there's any surprises left. I think everything that we know we need to do for that is someone's writing code for it today. It's just a matter of getting it through the system and getting into production. So I feel pretty good about it. I think that's why we are seeing such a high growth rate in our large enterprise business, 'cause we share that feedback with some of those key customers. We have a Customer Advisory Board that we share a lot of this information with. So yeah, I mean, I feel pretty good about what we need to do. We're certainly operate at large enterprise scales, so taking in the amount of the volume of data they're going to have and the types of integrations they need. We're comfortable with that. It's just more or less the interfaces that a large enterprise would want that some of the smaller companies don't ask for. >> Do you have enough tenure in the market to get a sense as to stickiness or even indicators that will lead toward retention? Have you been at it long enough in the enterprise or you still, again, figuring that out? >> Yeah, no, I think we've been at it long enough, and our retention rates are extremely high. If anything, kind of our net retention rates, well over 100% 'cause we have opportunities to upsell into new modules and expanding the coverage of what they have today. I think the areas that if you cornered enterprise that use us and things they would complain about are things I just told you about, right? There's still some things I want to do in my Splunk, and I need an API to pull my data out and put it in my Splunk and stuff like that, and those are the things we want to enable. >> Yeah, so I can't wait till you guys go public because you got Snowflake up here, and you got Veritas down here, and I'm very curious as to where you guys go. When's the IPO? You want to tell me that? (chuckling) >> Unfortunately, it's not up to us right now. You got to get the markets- >> Yeah, I hear you. Right, if the market were better. Well, if the market were better, you think you'd be out? >> Yeah, I mean, we'd certainly be a viable candidate to go. >> Yeah, there you go. I have a question for you because I don't have a SOC. I run a small business with my co-CEO. We're like 30, 40 people W-2s, we got another 50 or so contractors, and I'm always like have one eye, sleep with one eye open 'cause of security. What is your ideal SMB customer? Think S. >> Yeah. >> Would I fit? >> Yeah, I mean you're you're right in the sweet spot. I think where the company started and where we still have a lot of value proposition, which is companies like, like you said it, you sleep with one eye open, but you don't have necessarily the technical acumen to be able to do that security for yourself, and that's where we fit in. We bring kind of this whole security, we call it Security Operations Cloud, to bear, and we have some of the best professionals in the world who can basically be your SOC for less than it would cost you to hire somebody right out of college to do IT stuff. And so the value proposition's there. You're going to get the best of the best, providing you a kind of a security service that you couldn't possibly build on your own, and that way you can go to bed at night and close both eyes. >> So (chuckling) I'm sure something else would keep me up. But so in thinking about that, our Amazon bill keeps growing and growing and growing. What would it, and I presume I can engage with you on a monthly basis, right? As a consumption model, or how's the pricing work? >> Yeah, so there's two models that we have. So typically the kind of the monthly billing type of models would be through one of our MSP partners, where they have monthly billing capabilities. Usually direct with us is more of a longer term deal, could be one, two, or three, or it's up to the customer. And so we have both of those engagement models. Were doing more and more and more through MSPs today because of that model you just described, and they do kind of target the very S in the SMB as well. >> I mean, rough numbers, even ranges. If I wanted to go with the MSP monthly, I mean, what would a small company like mine be looking at a month? >> Honestly, I do not even know the answer to that. >> We're not talking hundreds of thousands of dollars a month? >> No. God, no. God, no. No, no, no. >> I mean, order of magnitude, we're talking thousands, tens of thousands? >> Thousands, on a monthly basis. Yeah. >> Yeah, yeah. Thousands per month. So if I were to budget between 20 and $50,000 a year, I'm definitely within the envelope. Is that fair? I mean, I'm giving a wide range >> That's fair. just to try to make- >> No, that's fair. >> And if I wanted to go direct with you, I would be signing up for a longer term agreement, correct, like I do with Salesforce? >> Yeah, yeah, a year. A year would, I think, be the minimum for that, and, yeah, I think the budget you set aside is kind of right in the sweet spot there. >> Yeah, I'm interested, I'm going to... Have a sales guy call me (chuckles) somehow. >> All right, will do. >> No, I'm serious. I want to start >> I will. >> investigating these things because we sell to very large organizations. I mean, name a tech company. That's our client base, except for Arctic Wolf. We should talk about that. And increasingly they're paranoid about data protection agreements, how you're protecting your data, our data. We write a lot of software and deliver it as part of our services, so it's something that's increasingly important. It's certainly a board level discussion and beyond, and most large organizations and small companies oftentimes don't think about it or try not to. They just put their head in the sand and, "We don't want to be doing that," so. >> Yeah, I will definitely have someone get in touch with you. >> Cool. Let's see. Anything else you can tell me on the product side? Are there things that you're doing that we talked about, the gaps at the high end that you're, some of the features that you're building in, which was super helpful. Anything in the SMB space that you want to share? >> Yeah, I think the biggest thing that we're doing technically now is really trying to drive more and more automation and efficiency through our operations, and that comes through really kind of a generous use of AI. So building models around more efficient detections based upon signal, but also automating the actions of our operators so we can start to learn through the interface. When they do A and B, they always do C. Well, let's just do C for them, stuff like that. Then also building more automation as far as the response back to third-party solutions as well so we can remediate more directly on third-party products without having to get into the consoles or having our customers do it. So that's really just trying to drive efficiency in the system, and that helps provide better security outcomes but also has a big impact on our margins as well. >> I know you got to go, but I want to show you something real quick. I have data. I do a weekly program called "Breaking Analysis," and I have a partner called ETR, Enterprise Technology Research, and they have a platform. I don't know if you can see this. They have a survey platform, and each quarter, they do a survey of about 1,500 IT decision makers. They also have a survey on, they call ETS, Emerging Technology Survey. So it's private companies. And I don't want to go into it too much, but this is a sentiment graph. This is net sentiment. >> Just so you know, all I see is a white- >> Yeah, just a white bar. >> Oh, that's weird. Oh, whiteboard. Oh, here we go. How about that? >> There you go. >> Yeah, so this is a sentiment graph. So this is net sentiment and this is mindshare. And if I go to Arctic Wolf... So it's typical security, right? The 8,000 companies. And when I go here, what impresses me about this is you got a decent mindshare, that's this axis, but you've also got an N in the survey. It's about 1,500 in the survey, It's 479 Arctic Wolf customers responded to this. 57% don't know you. Oh, sorry, they're aware of you, but no plan to evaluate; 19% plan to evaluate, 7% are evaluating; 11%, no plan to utilize even though they've evaluated you; and 1% say they've evaluated you and plan to utilize. It's a small percentage, but actually it's not bad in the random sample of the world about that. And so obviously you want to get that number up, but this is a really impressive position right here that I wanted to just share with you. I do a lot of analysis weekly, and this is a really, it's completely independent survey, and you're sort of separating from the pack, as you can see. So kind of- >> Well, it's good to see that. And I think that just is a further indicator of what I was telling you. We continue to have a strong financial performance. >> Yeah, in a good market. Okay, well, thanks you guys. And hey, if I can get this recording, Hannah, I may even figure out how to write it up. (chuckles) That would be super helpful. >> Yes. We'll get that up. >> And David or Hannah, if you can send me David's contact info so I can get a salesperson in touch with him. (Hannah chuckling) >> Yeah, great. >> Yeah, we'll work on that as well. Thanks so much for both your time. >> Thanks a lot. It was great talking with you. >> Thanks, you guys. Great to meet you. >> Thank you. >> Bye. >> Bye.

>> Hey everyone. Welcome back to theCUBE's coverage day two of CloudNative Security CON 23. Lisa Martin here in studio in Palo Alto with John Furrier. John, we've had some great conversations. I've had a global event. This was a global event. We had Germany on yesterday. We had the Boston Studio. We had folks on the ground in Seattle. Lot of great conversations, a lot of great momentum at this event. What is your number one takeaway with this inaugural event? >> Well, first of all, our coverage with our CUBE alumni experts coming in remotely this remote event for us, I think this event as an inaugural event stood out because one, it was done very carefully and methodically from the CNCF. I think they didn't want to overplay their hand relative to breaking out from CUBE CON So Kubernetes success and CloudNative development has been such a success and that event and ecosystem is booming, right? So that's the big story is they have the breakout event and the question was, was it a good call? Was it successful? Was it going to, would the dog hunt as they say, in this case, I think the big takeaway is that it was successful by all measures. One, people enthusiastic and confident that this has the ability to stand on its own and still contribute without taking away from the benefits and growth of Kubernetes CUBE CON and CloudNative console. So that was the key. Hallway conversations, the sessions all curated and developed properly to be different and focused for that reason. So I think the big takeaway is that the CNCF did a good job on how they rolled this out. Again, it was very intimate event small reminds me of first CUBE CON in Seattle, kind of let's test it out. Let's see how it goes. Again, clearly it was people successful and they understood why they're doing it. And as we commented out in our earlier segments this is not something new. Amazon Web Services has re:Invent and re:Inforce So a lot of parallels there. I see there. So I think good call. CNCF did the right thing. I think this has legs. And then as Dave pointed out, Dave Vellante, on our last keynote analysis was the business model of the hackers is better than the business model of the industry. They're making more money, it costs less so, you know, they're playing offense and the industry playing defense. That has to change. And as Dave pointed out we have to make the cost of hacking and breaches and cybersecurity higher so that the business model crashes. And I think that's the strategic imperative. So I think the combination of the realities of the market globally and open source has to go faster. It's good to kind of decouple and be highly cohesive in the focus. So to me that's the big takeaway. And then the other one is, is that there's a lot more security problems still unresolved. The emphasis on developers productivity is at risk here, if not solved. You saw supply chain software, again, front and center and then down in the weeds outside of Kubernetes, things like BIND and DNS were brought up. You're seeing the Linux kernel. Really important things got to be paid attention to. So I think very good call, very good focus. >> I would love if for us to be able to, as the months go on talk to some of the practitioners that actually got to attend. There were 72 sessions, that's a lot of content for a small event. Obviously to your point, very well curated. We did hear from some folks yesterday who were just excited to get the community back together in person. To your point, having this dedicated focus on CloudNativesecurity is incredibly important. You talked about, you know, the offense defense, the fact that right now the industry needs to be able to pivot from being on defense to being on offense. This is a challenging thing because it is so lucrative for hackers. But this seems to be from what we've heard in the last couple days, the right community with the right focus to be able to make that pivot. >> Yeah, and I think if you look at the success of Kubernetes, 'cause again we were there at theCUBE first one CUBE CON, the end user stories really drove end user participation. Drove the birth of Kubernetes. Left some of these CloudNative early adopters early pioneers that were using cloud hyperscale really set the table for CloudNative CON. I think you're seeing that here with this CloudNative SecurityCON where I think we're see a lot more end user stories because of the security, the hairs on fire as we heard from Madrona Ventures, you know, as they as an investor you have a lot of use cases out there where customers are leaning in with getting the rolling up their sleeves, working with open source. This has to be the driver. So I'm expecting to see the next level of SecurityCON to be end user focused. Much more than vendor focused. Where CUBECON was very end user focused and then attracted all the vendors in that grew the industry. I expect the similar pattern here where end user action will be very high at the beginning and that will essentially be the rising tide for the vendors to be then participating. So I expect almost a similar trajectory to CUBECON. >> That's a good path that it needs to all be about all the end users. One of the things I'm curious if what you heard was what are some of the key factors that are going to move CloudNative Security forward? What did you hear the last two days? >> I heard that there's a lot of security problems and no one wants to kind of brag about this but there's a lot of under the hood stuff that needs to get taken care of. So if automation scales, and we heard that from one of the startups we've just interviewed. If automation and scale continues to happen and with the business model of the hackers still booming, security has to be refactored quickly and there's going to be an opportunity structurally to use the cloud for that. So I think it's a good opportunity now to get dedicated focus on fixing things like the DNS stuff old school under the hood, plumbing, networking protocols. You're going to start to see this super cloud-like environment emerge where data's involved, everything's happening and so security has to be re imagined. And I think there's a do over opportunity for the security industry with CloudNative driving that. And I think this is the big thing that I see as an opportunity to, from a story standpoint from a coverage standpoint is that it's a do-over for security. >> One of the things that we heard yesterday is that there's a lot of it, it's a pretty high percentage of organizations that either don't have a SOCK or have a very primitive SOCK. Which kind of surprised me that at this day and age the risks are there. We talked about that today's focus and the keynote was a lot about the software supply chain and what's going on there. What did you hear in terms of the appetite for organizations through the voice of the practitioner to say, you know what guys, we got to get going because there's going to be the hackers are they're here. >> I didn't hear much about that in the coverage 'cause we weren't in the hallways. But from reading the tea leaves and talking to the folks on the ground, I think there's an implied like there's an unlimited money from customers. So it's a very robust from the data infrastructure stack building we cover with the angel investor Kane you're seeing data infrastructure's going to be part of the solution here 'cause data and security go hand in hand. So everyone's got basically checkbook wide open everyone wants to have the answer. And we commented that the co-founder of Palo Alto you had on our coverage yesterday was saying that you know, there's no real platform, there's a lot of tools out there. People will buy anything. So there's still a huge appetite and spend in security but the answer's not going to more tool sprawling. It's going to more platform auto, something that enables automation, fix some of the underlying mechanisms involved and fix it fast. So to me I think it's going to be a robust monetary opportunity because of the demand on the business side. So I don't see that changing at all and I think it's going to accelerate. >> It's a great point in terms of the demand for the business side because as we know as we said yesterday, the next Log4j is out there. It's not a matter of if this happens again it's when, it's the extent, it's how frequent we know that. So organizations all the way up to the board have to be concerned about brand reputation. Nobody wants to be the next big headline in terms of breaches and customer data being given to hackers and hackers making all this money on that. That has to go all the way up to the board and there needs to be alignment between the board and the executives at the organization in terms of how they're going to deal with security, and now. This is not a conversation that can wait. Yeah, I mean I think the five C's we talked about yesterday the culture of companies, the cloud is an enabler, you've got clusters of servers and capabilities, Kubernetes clusters, you've got code and you've got all kinds of, you know, things going on there. Each one has elements that are at risk for hacking, right? So that to me is something that's super important. I think that's why the focus on security's different and important, but it's not going to fork the main event. So that's why I think the spin out was, spinout, or the new event is a good call by the CNCF. >> One of the things today that struck me they're talking a lot about software supply chain and that's been in the headlines for quite a while now. And a stat that was shared this morning during the keynote just blew my brains that there was a 742% increase in the software supply chain attacks occurring over the last three years. It's during Covid times, that is a massive increase. The threat landscape is just growing so amorphously but organizations need to help dial that down because their success and the health of the individuals and the end users is at risk. Well, Covid is an environment where everyone's kind of working at home. So there was some disruption to infrastructure. Also, when you have change like that, there's opportunities for hackers, they'll arbitrage that big time. But I think general the landscape is changing. There's no perimeter anymore. It's CloudNative, this is where it is and people who are moving from old IT to CloudNative, they're at risk. That's why there's tons of ransomware. That's why there's tons of risk. There's just hygiene, from hygiene to architecture and like Nick said from Palo Alto, the co-founder, there's not a lot of architecture in security. So yeah, people have bulked up their security teams but you're going to start to see much more holistic thinking around redoing security. I think that's the opportunity to propel CloudNative, and I think you'll see a lot more coming out of this. >> Did you hear any specific information on some of the CloudNative projects going on that really excite you in terms of these are the right people going after the right challenges to solve in the right direction? >> Well I saw the sessions and what jumped out to me at the sessions was it's a lot of extensions of what we heard at CUBECON and I think what they want to do is take out the big items and break 'em out in security. Kubescape was one we just covered. They want to get more sandbox type stuff into the security side that's very security focused but also plays well with CUBECON. So we'll hear more about how this plays out when we're in Amsterdam coming up in April for CUBECON to hear how that ecosystem, because I think it'll be kind of a relief to kind of decouple security 'cause that gives more focus to the stakeholders in CUBECON. There's a lot of issues going on there and you know service meshes and whatnot. So it's a lot of good stuff happening. >> A lot of good stuff happening. One of the things that'll be great about CUBECON is that we always get the voice of the customer. We get vendors coming on with the voice of the customer talking about and you know in that case how they're using Kubernetes to drive the business forward. But it'll be great to be able to pull in some of the security conversations that spin out of CloudNative Security CON to understand how those end users are embracing the technology. You brought up I think Nir Zuk from Palo Alto Networks, one of the themes there when Dave and I did their Ignite event in December was, of 22, was really consolidation. There are so many tools out there that organizations have to wrap their heads around and they need to be able to have the right enablement content which this event probably delivered to figure out how do we consolidate security tools effectively, efficiently in a way that helps dial down our risk profile because the risks just seem to keep growing. >> Yeah, and I love the technical nature of all that and I think this is going to be the continued focus. Chris Aniszczyk who's the CTO listed like E and BPF we covered with Liz Rice is one of the most three important points of the conference and it's just, it's very nerdy and that's what's needed. I mean it's technical. And again, there's no real standards bodies anymore. The old days developers I think are super important to be the arbiters here. And again, what I love about the CNCF is that they're developer focused and we heard developer first even in security. So you know, this is a sea change and I think, you know, developers' choice will be the standards bodies. >> Lisa: Yeah, yeah. >> They decide the future. >> Yeah. >> And I think having the sandboxing and bringing this out will hopefully accelerate more developer choice and self-service. >> You've been talking about kind of putting the developers in the driver's seat as really being the key decision makers for a while. Did you hear information over the last couple of days that validates that? >> Yeah, absolutely. It's clearly the fact that they did this was one. The other one is, is that engineering teams and dev teams and script teams, they're blending together. It's not just separate silos and the ones that are changing their team dynamics, again, back to the culture are winning. And I think this has to happen. Security has to be embedded everywhere in making it frictionless and to provide kind of the guardrail so developers don't slow down. And I think where security has become a drag or an anchor or a blocker has been just configuration of how the organization's handling it. So I think when people recognize that the developers are in charge and they're should be driving the application development you got to make sure that's secure. And so that's always going to be friction and I think whoever does it, whoever unlocks that for the developer to go faster will win. >> Right. Oh, that's what I'm sure magic to a developer's ear is the ability to go faster and be able to focus on co-development in a secure fashion. What are some of the things that you're excited about for CUBECON. Here we are in February, 2023 and CUBECON is just around the corner in April. What are some of the things that you're excited about based on the groundswell momentum that this first inaugural CloudNative Security CON is generating from a community, a culture perspective? >> I think this year's going to be very interesting 'cause we have an economic challenge globally. There's all kinds of geopolitical things happening. I think there's going to be very entrepreneurial activity this year more than ever. I think you're going to see a lot more innovative projects ideas hitting the table. I think it's going to be a lot more entrepreneurial just because the cycle we're in. And also I think the acceleration of mainstream deployments of out of the CNCF's main event CUBECON will happen. You'll see a lot more successes, scale, more clarity on where the security holes are or aren't. Where the benefits are. I think containers and microservices are continuing to surge. I think the Cloud scale hyperscale as Amazon, Azure, Google will be more aggressive. I think AI will be a big theme this year. I think you can see how data is going to infect some of the innovation thinking. I'm really excited about the data infrastructure because it powers a lot of things in the Cloud. So I think the Amazon Web Services, Azure next level gen clouds will impact what happens in the CloudNative foundation. >> Did you have any conversations yesterday or today with respect to AI and security? Was that a focus of anybody's? Talk to me about that. >> Well, I didn't hear any sessions on AI but we saw some demos on stage. But they're teasing out that this is an augmentation to their mission, right? So I think a lot of people are looking at AI as, again, like I always said there's the naysayers who think it's kind of a gimmick or nothing to see here, and then some are just going to blown away. I think the people who are alpha geeks and the industry connect the dots and understand that AI is going to be an accelerant to a lot of heavy lifting that was either manual, you know, hard to do things that was boring or muck as they say. I think that's going to be where you'll see the AI stories where it's going to accelerate either ways to make security better or make developers more confident and productive. >> Or both. >> Yeah. So definitely AI will be part of it. Yeah, definitely. One of the things too that I'm wondering if, you know, we talk about CloudNative and the goal of it, the importance of it. Do you think that this event, in terms of what we were able to see, obviously being remote the event going on in Seattle, us being here in Palo Alto and Boston and guests on from Seattle and Germany and all over, did you hear the really the validation for why CloudNative Security why CloudNative is important for organizations whether it's a bank or a hospital or a retailer? Is that validation clear and present? >> Yeah, absolutely. I think it was implied. I don't think there was like anyone's trying to debate that. I think this conference was more of it's assumed and they were really trying to push the ability to make security less defensive, more offensive and more accelerated into the solving the problems with the businesses that are out there. So clearly the CloudNative community understands where the security challenges are and where they're emerging. So having a dedicated event will help address that. And they've got great co-chairs too that put it together. So I think that's very positive. >> Yeah. Do you think, is it possible, I mean, like you said several times today so eloquently the industry's on the defense when it comes to security and the hackers are on the offense. Is it really possible to make that switch or obviously get some balances. As technology advances and industry gets to take advantage of that, so do the hackers, is that balance achievable? >> Absolutely. I mean, I think totally achievable. The question's going to be what's the environment going to be like? And I remember as context to understanding whether it's viable or not, is to look at, just go back 13 years ago, I remember in 2010 Amazon was viewed as an unsecure environment. Everyone's saying, "Oh, the cloud is not secure." And I remember interviewing Steve Schmidt at AWS and we discussed specifically how Amazon Cloud was being leveraged by hackers. They made it more complex for the hackers. And he said, "This is just the beginning." It's kind of like barbed wire on a fence. It's yeah, you're not going to climb it so people can get over it. And so since then what's happened is the Cloud has become more secure than on premises for a lot of either you know, personnel reasons, culture reasons, not updating, you know, from patches to just being insecure to be more insecure. So that to me means that the flip the script can be flipped. >> Yeah. And I think with CloudNative they can build in automation and code to solve some of these problems and make it more complex for the hacker. >> Lisa: Yes. >> And increase the cost. >> Yeah, exactly. Make it more complex. Increase the cost. That'll be in interesting journey to follow. So John, here we are early February, 2023 theCUBE starting out strong as always. What year are we in, 12? Year 12? >> 13th year >> 13! What's next for theCUBE? What's coming up that excites you? >> Well, we're going to do a lot more events. We got the theCUBE in studio that I call theCUBE Center as kind of internal code word, but like, this is more about getting the word out that we can cover events remotely as events are starting to change with hybrid, digital is going to be a big part of that. So I think you're going to see a lot more CUBE on location. We're going to do, still do theCUBE and have theCUBE cover events from the studio to get deeper perspective because we can then bring people in remote through our our studio team. We can bring our CUBE alumni in. We have a corpus of content and experts to bring to table. So I think the coverage will be increased. The expertise and data will be flowing through theCUBE and so Cube Center, CUBE CUBE Studio. >> Lisa: Love it. >> Will be a integral part of our coverage. >> I love that. And we have such great conversations with guests in person, but also virtually, digitally as well. We still get the voices of the practitioners and the customers and the vendors and the partner ecosystem really kind of lauded loud and clear through theCUBE megaphone as I would say. >> And of course getting the clips out there, getting the highlights. >> Yeah. >> Getting more stories. No stories too small for theCUBE. We can make it easy to get the best content. >> The best content. John, it's been fun covering CloudNative security CON with you with you. And Dave and our guests, thank you so much for the opportunity and looking forward to the next event. >> John: All right. We'll see you at Amsterdam. >> Yeah, I'll be there. We want to thank you so much for watching TheCUBES's two day coverage of CloudNative Security CON 23. We're live in Palo Alto. You are live wherever you are and we appreciate your time and your view of this event. For John Furrier, Dave Vellante, I'm Lisa Martin. Thanks for watching guys. We'll see you at the next show.

(rousing music) >> Hello everyone. Welcome back to "theCUBE's" day one coverage of Cloud Native Security Con 23. This is going to be an exciting panel. I've got three great guests. I'm Lisa Martin, you know our esteemed analysts, John Furrier, and Dave Vellante well. And we're excited to welcome to "theCUBE" for the first time, Yves Sandfort, the CEO of Comdivision Group, who's coming to us from Germany. As you know, Cloud Native Security Con is a global event. Everyone welcome Yves, great to have you in particular. Welcome to "theCUBE." >> Great to be here. >> Thank you for inviting me. >> Yves, tell us a little bit, before we dig into really wanting to understand your perspectives on the event and get Dave and John's feedback as well, tell us a little bit about you. >> So yeah, talking about me, or talking about Comdivision real quick. We are in the business for over 27 years already. We started as a SaaS company, then became more like an architecture and, and Cloud Native company over the last few years. But what's interesting is, and I think that's, that's, that's really interesting when we look at our industry. It hasn't really, the requirements haven't really changed over the years. It's still security. We still have to figure out how we deal with security. We still have to figure out how we deal with compliance and everything else. And I think therefore, it's more and more important that we take these items more seriously. Also, based on the fact that when we look at it, how development and other things happen nowadays, it's, it's, everybody says it's like open source. It's great because everybody can look into the code. We, I think the last few years have shown us enough example that that's not necessarily solving all the issues, but it's also code and development has changed rapidly when we look at the Cloud Native approach, where it's far more about gluing the pieces together, versus the development pieces. When I was actually doing software development 25 years ago, and had to basically build my code because I didn't have that much internet access for it. So it has evolved, but even back then we had to deal with security and everything. >> Right. The focus on security is, is incredibly important, and the focus keeps growing as you mentioned. This is, guys, and I want to get your perspectives on this. We're going to start with John. This is the first time Cloud Native Security Con is its own event being extracted from, and amplified from KubeCon. John, I want to understand from your perspective, break down the event, what you see, what you've heard, and Cloud Native Security in general. What does this mean to companies? What does it mean to customers? Is this a reality? >> Well, I think that's the topic we want to discuss, and I think Yves background, you see the VMware certification, I love that. Because what VMware did with virtualization, was abstract that from server virtualization, kind of really changed the game on things, and you start to see Cloud Native kind of go that next level of how companies will be operating their business, not just digital transformation, as digital transformation goes to completion, it's total business transformation where IT is everywhere. And so you're starting to see the trends where, "Okay, that's happening." Now you're starting to see, that's Cloud Native Con, or KubeCon, AWS re:Invent, or whatever show, or whatever way you want to look at it. But in, in the past decade, past five years, security has always been front and center as almost a separate thing, and, in and of itself, but the same thing. So you're starting to see the breakout of security conversations around how to make things work. So a lot of operational conversations around what used to be DevOps makes infrastructure as code, and that was great, that fueled that. Then DevSecOps came. So the Cloud Native next level, is more application development at scale, developers driving the standards with developer first thinking, shifting left, I get all that. But down in the lower ends of the stack, you got real operational issues. DNS we've heard in the keynote, we heard about the Colonel, the Lennox Colonel. Things that need to be managed and taken care of at a security level. These are like, seem like in the weeds, but you're starting to see that happen. And the other thing that I think's real about Cloud Native Security Con that's going to be interesting to watch, is Amazon has pretty much canceled all their re:Invent like shows except for two; Re:Invent, which is their annual conference, and Re:Inforce, which is dedicated to securities. So Cloud Native, Linux, the Linux Foundation has now breaking out Cloud Native Con and KubeCon, and now Cloud Native Security Con. They can't call it KubeCon because it's not Kubernetes, but it's like security focus. I think this is the beginning of starting to see this new developer driving, developers driving the standards, and it has it implications, what used to be called IT ops, and that's like the VMwares of the world. You saw all the stuff that was not at developer focus, but more ops, becoming much more in the application. So I think, I think it's real. The question is where does it go? How fast does it develop? So to me, I think it's a real trend, and it's worthy of a breakout, but it's not yet clear of where the landing zone is for people to start doing it, how they get started, what are the best practices. Machine learning's going to be a big part of this. So to me it's totally cool, but I'm not yet seeing the beachhead. So that's kind of my take. >> Dave, our inventor and host of breaking analysis, what's your take? >> So when you, I think when you zoom out, there's some, there's a big macro change that's been going on. I think when you look back, let's say 10, 12 years ago, the, the need for speed far trumped the, the, the security aspect, the governance, the data privacy. It was like, "Yeah, the risks, they're not that great compared to our opportunity." That has completely changed because the risks are now so much higher. And so what's happening, I think there's a, there's a major effort amongst CIOs and CISOs to try to make security not a blocker because it use to be, it still is. "Okay, I got this great initiative." Eh, give it to the SecOps pros, and let them take it for a while before we can go to market. And so a huge challenge now is to simplify, automate, AI comes in, the whole supply chain security, so the, so the companies can not be facing so much friction. And that is non-trivial. I don't think we're anywhere close there, but I think the goal is by, within the next several years, we're going to be in a position, that security, we heard today, is, wasn't designed in to the initial internet protocols. It was bolted on. And so increasingly, the fundamental architecture of the internet, the Cloud, et cetera, is, is seeing designed in security, and, and that is an imperative, or else business is going to come to a grinding halt. >> Right. It's no longer, the bolt no longer works. Yves, what's your perspective on Cloud Native Security, where it stands today? What's in it for customers, whether we're talking about banks, or hospitals, or retailers, what do you think? >> I think when we, when we look at security in the, in the modern world, is we need to as, as Dave mentioned, we need to rethink how we apply it. Very often, security in the past has been always bolted on in the end. If we continue to do that, it'll become more and more difficult, because as companies evolve, and as companies want to bring products and software to market in a much faster and faster way, it's getting more and more difficult if we bolt on the security process at the end. It's like, developers build something and then someone checks security. That's not going to work any longer. Especially if we also consider now the changes in the industry. We had Stack Overflow over the last 10 years. If I would've had Stack Overflow 15, 20, what, 25 years ago when I was a developer, it would've changed a hell lot. Looking at it now, and looking at it what we had in the last few weeks, it's like where nearly all of my team members say is like finally I don't need any script kiddies anymore because I can't go to (indistinct) who writes the code for me. Which is on one end great, because it enables us to solve certain problems in a much higher pace. But the challenge with that is, if the people who just copy and past that code, don't understand the implications of that code, we have a much higher risk continuously. And what people thought was, is challenging with Stack Overflow. Imagine that something in one of these AI engines, is actually going ballistic, and it creates holes in nearly every one of these applications. And trust me, there will be enough developers who are going to use these tools to develop codes, the same as students in university are going to take this to write their essays and everything else. And so it's really important that every developer team basically has a security person within their team, and not a security at the end. So we build something, we check it, go through QA, and then it goes to security. Security needs to be at the forefront. And I think that's where we see Cloud Native Security Con, where we see AWS. I saw it during re:Invent already where they said is like, we have reinforced next year. I think this becomes more and more of a topic, and I think companies, as much as it is become a norm that you have a firewall and everything else, it needs to become a norm that when you are doing software development, and every development team needs to have a security person on that needs to be trained. >> I love that chat comment Dave, 'cause you and I were talking about this. And I think that is going to be the issue. Do we need security chat for the chat bot? And there's like a, like a recursive model there. The biases are built in. I think, and I think our interview with the Palo Alto Network's co-founder, Dave, when he talked about zero trust as a structured way to start things, but he was referencing that with Cloud, there's a chance to rethink or do a do-over in security. So, I think this is kind of to me, where this is all going. And I think you asked Pat Gelsinger what, year 2013, 2014, can, is security a do over? I think we're in that do over time. >> He said yes. >> He said yes. (laughing) He was right. But yeah, eight years later... But this is, how do you, zero trust gives you some structure, but how do you organize and redo security? Because to me, I think that's what's happening here. >> And John you heard, Zuk at Palo Alto Network said, "Yeah, the, the words security and architecture, they don't go together historically." And so it is a total, total retake. >> Well is that because there's too many tools out there and- >> Yeah. For sure. >> Yeah, well, first of all, a lot of hardware. And then yeah, a lot of tools. You even see IIOT and industry 40, you see IOT security coming up as another stove pipe, and that's not the right approach. And, and so- >> Well let me, let me ask you a question Dave, and Yves, if you don't mind. 'Cause I was just riffing on this yesterday about this. In the ML space, you're seeing the ML models, you're seeing proprietary models versus open source. Is security going to go down this proprietary security methods and open source? Because that's interesting, because the CNCF is run by the the Linux Foundation. So you can almost maybe see a model where there's more proprietary security methods than open source. Or is it, is that a non-issue? >> I would, I would, let me, if I, if I jump in here first, I think the last, especially last five or 10 years have clearly shown the, the whole and, and I invested early on in the, in the end 90s in several open source startups in the Bay area. So, I'm well behind the whole open source idea and, and mid (indistinct) and others back then several times. But the point is, I think what we have seen is open source is not in general, more secure or less secure, because code is too complex nowadays. You have millions of lines of code, and it's not that either one way or the other is going to solve it. The ways I think we are going to look at it is more is what's the role to market, because only because something is open source doesn't necessarily mean it's going to be available for everyone. And the same for proprietary source from that perspective, even though everybody mixes licensing and payments and all that all the time, but it doesn't necessarily have anything to do with it. But I think as we are going through it, and when we also look at the industry, security industry over the last 10 plus years has been primarily hardware focused. And a lot of these vendors have done a good business out of selling hardware boxes, putting software on top of it. Whereas in reality, those were still X86 standard boxes in the end. So it was not that we had specific security ethics or anything like that in there anymore. And so overall, the question of the market is going to change. And as we are looking into Cloud Native, think about someone like an AWS, do you really envision them to have a hardware box of every supplier in their data center, and that in every availability zone in every region? Same for Microsoft, same for Google, etc? So we need to have new ways on how we can apply security. And that applies both on the backend services, but also on the front end side. >> And if I, and if I could chime in, I think the, the good, I think the answer is, is, is no and yes. And what I mean by that is if you take, antivirus and known malware, I mean pretty much anybody today can, can solve that problem, it's the unknown malware. So I think the yes part of the answer is yes, it's, it's going to be proprietary, but in the sense we're going to use open source tooling, and then apply that in a proprietary way with, with specific algorithms and unique architectures that are going to solve problems. For example, XDR with, with unknown malware. So, and that's the, that's the hard part. As somebody said, I think this morning at the keynote, it's, it's all the stuff that, that the SecOps team couldn't find. That's the really hard part. >> (laughs) Well the question will be will, is the new IP, the ability to feed ChatGPT some magical spelled insertion query string that does the job, that's unique, that might be the new IP, the the question to ask. >> Well, that's what the hackers are going to do. And I, they're on offense. (John laughs) And the offense knows what play is coming. So, they're going to start. >> So guys, let's take this conversation up a level. I want to get your perspectives on what's in this for me as a customer? We know security is a board level conversation. We talk about this all the time. We also know that they're based on, I think David, was the conversations that you and I had, with Palo Alto Networks at Ignite in December. There's a, there's a lack of alignment between the executives and the board from a security perspective. When we talk about Cloud Native Security, we all talked about the value in that, what's in it for customers? I want to get your perspectives on should this be a board level conversation, and if so, how do you advise organizations, whether it is a hospital, or a bank, or an organization that is really affected by things like ransomware? How should they be thinking about this from an organizational perspective? >> Well, I'll start first, because we had this conversation during our Super Cloud event last month, and this comes up a lot. And this is, the CEO board level. Yes it is a board level conversation for security, as is application development as in terms of transforming their business to be competitive, not to be on the wrong side of history with this wave coming. So I think that's more of a management. But the issue is, they tell their people, "Go do it." And they're like, 'cause they get sold on the idea of, "Hey, won't you transform your business, and everything's going to be data driven, and machine learning's going to power your apps, get new customers, be profitable." "Oh, sign me up for that." When you have to implement this, it's really hard. And I think the core issue is, where are companies in their life cycle of the ability to execute and architect this thing properly as Dave said, Nick Zuk said, "You can't have architecture and security, you need platforms." So, I think the re-platforming, and the re-factoring of business is a big factor, and that's got to get down into the, the organizational shifts and the people to do it. So are there skills? Do I do a managed service? How do I architect it? Are there more services? Are there developers doing applications that are going to be more agile? So, this is not an easy thing. And to move a business from IT operations that is proven, to be positioned for this enablement, is just really difficult. And it's expensive. And if you screw it up, you could be, could be on the wrong side of things. So, to me, that's the big issue is, you sell the dream and then you got to implement it. And that's really difficult. >> Yves, give us your perspective on, based on John's comments, how do organizations shift so dramatically? There's a cultural element there as well, but there's also organizations that are, have competitive competitors in the rear view mirror, and there's time to waste. What are your thoughts on that? >> I think that's exactly the point. It's like, as an organization, you need to take the decision between the time, the risk, and all the other elements we have into this game. Because you can try to achieve 100% security, but that's exactly the same as trying to, to protect gold or anything else 100%. It's most likely not going to be from a risk perspective anyway sensible. And that's the same from a corporational perspective. When you look at building new internet services, or IOT services, or any kind of new shopping experience or whatever else, you need to balance out between the risks and the advantages out of it. And you also need to be accepting that you potentially on the way make mistakes, but then it's more important than ever that you are able to quickly fix any mistakes, and to adjust to anything what's happening in the market. Because as we are building all these new Cloud Native applications, and build up all these skill sets, one of the big scenarios is we are far more depending on individual building blocks. These building blocks come out of open source communities, which have a much different way. When we look back in software development, back then we had application servers from Oracle, Web Logic, whatsoever, they had a release cycles of every three to six months. As now we have to deal with open source, where sometimes release cycles are on a four week schedule, in between security patches. So you need to be much faster in adopting that, checking that, implementing that, getting things to work. So there is a security stretch from that perspective. There is a speech stretch on the other thing companies have to deal with, and on the other side it's always a measurement between the risk, and the security you can afford. Because reality is, you will not be 100% protected no matter what you do. So, you need to balance out what you as an organization can actually build on. But I think, coming back also to the point, it's on the bot level nowadays. It's like nearly every discussion we have with companies nowadays as they move into the Cloud, especially also here in Europe where for the last five years, it was always, it's like "It's data privacy." Data privacy is no longer, I mean, yes, for certain people, it's still the point, but for many more people it's like, "How protected is my data?" "What do we do in case of ransomware attack?" "What do we do in case of a denial of service?" All of these things become more vulnerable, where in the past you were discussing these things with a becking page, or, or like a stock exchange. They were, it's like, "What the hell is going to happen if we have a denial of service?" Now all of the sudden, this now affects nearly everyone in their storefronts and everything else, because everything is depending on it. >> Yeah, I think you're right on. You think about how cultural change occurs, it's bottom ups or, bottom up, top down or middle out. And what, what's happened with security is the people in the security team cared about it, they were the, everybody said, "Oh, it's their problem." And then it just did an end run to the board, kind of mid, early last decade. And then the board sort of pushed that down. And the line of business is realizing, "Holy cow. My business, my EBIT can be dramatically affected by this, so I care." Now it's this whole house, cultural team sport. I know it's sort of a, a cliche, but it, it's true. Everybody actually is beginning to care about security because the risks are now so high, and it's going to affect not only the bottom line of the company, the bottom line of the business, their job, it's, it's, it's virtually everywhere. It's a huge cultural shift that we're seeing. >> And that's a big challenge for organizations in any industry. And Yves, you talked about ransomware service. Every industry across the globe is vulnerable to this. But how can, maybe John, we'll start with you. How can Cloud Native Security help organizations if they're able to embrace it, operationally, culturally, dial down some of the vulnerabilities that just seem to keep growing? >> Well, I mean that's the big question. The breaches are, are critical. The governances also could be a way that anchors down growth. So I think the balance between the governance compliance piece of it is key, but making the developers faster and more productive is the key to me. And I think having the security paradigm where they're not blockers, as Dave said, is critical. So I love the whole shift left, but now that we have more data focused initiatives around how that, you can use data to understand the security issues, I think data and security are together, and I think there's a going to be a data operating system model emerging, where data and security will be almost one thing. And that will be set up by the security teams, and the data teams together. And that will feed guardrails into the developer environment. So the developer should feel no pain at all in doing this. So I think the best practice will end up being what we're seeing with supply chain, security, with making sure code's verified. And you're going to see the container, security side completely address has been, and KubeCon, we just, I asked Scott Johnson, the CEO of Docker, and I asked him directly, "Are you guys all tight on container security?" He said, yes, but other people are suggesting that's not true. There's a lot of issues with the container security. So, there's all kinds of areas where there's holes. So Cloud Native is cool on one hand, and very relevant, but if it's not shored up, it's going to be a problem. But I, so I think that's where the action will be, at the developer pipeline, in the containers, and the data. So, that will be very relevant, and if companies nail that, they'll be faster, they'll have better apps, and that'll be the differentiator. And again, if they don't on this next wave, they're going to be driftwood. >> Dave, how do they prevent becoming driftwood? >> Well, I think Cloud has had a huge impact. And a Cloud's by no means a panacea, but let's face it, it's dramatically improved a lot of companies security posture. Now there's still that shared responsibility. Even though an S3 bucket is encrypted, it's still your responsibility to make sure that it doesn't get decrypted by somebody who has access to it. So there are things like that, but to Yve's earlier point, that can be, that's done through software now, it's done through best practices. Those best practices can be shared. So the way you, you don't become driftwood, is you start to, you step back, rethink that security architecture as we were talking about earlier, take advantage of the Cloud, take advantage of Cloud Native, and all the, the rapid pace of innovation that's occurring there, and you don't use, it's called before, The audit is the last line of defense. That's no longer a check box item. "Oh yeah, we're in compliance." It's, this is a business imperative, and because we're going to reduce our expected loss and reduce our business risk. That's part of the business case today. >> Yeah. >> It's a huge, critically important part of the business case. Yves, question for you. If you're in an elevator with a CEO, a CFO, and a CISO, and they're talking about security and Cloud Native Security, what's your value proposition to them on a, on a say a 32nd elevator ride? >> Difficult story. I think at the moment, the most important part is, we need to get people to work together, and we need to train people to work more much better together. I think that's the overall most important part for all of these solutions, because in the end, security is always a person issue. If, we can have the best tools in the industry, as long as we don't get all of these teams to work together, then we have a problem. If the security team is always seen as the end of the solution to fix everything, that's not going to work because they always are the bad guys in the game. And so we need to bring the teams together. And once we have the teams work together, I think we have a far better track on, on maintaining security. >> John and Dave, I want to get your perspectives on what Yves just said. In all the experience that the two of you have as industry analysts here on "theCUBE," Wikibon, Siliconangle Media. How do you advise organizations to get those teams together? As Eve said, that alignment is critical, but John, we'll start with you, then Dave go to you. What's your advice for organizations that need to align those teams and really don't have a lot of time to wait to do it? >> (chuckling) That's a great question. I think, I think that's everyone pays hundreds of thousands of millions of dollars to get that advice from these consultants, organizations out there doing the transformations. But I think it comes down to personnel and commitment. I think if there's a C-level commitment to the effort, you'll see the institutional structure change. So you can see really getting behind it with their, with their wallet and their, and their support of either getting more personnel to support and assist, or manage services, or giving the power to the teams to execute and doing it in a way that, that's, that's well known and best practices. Start small, build out the pilots, build the platform, and then start getting it right. And I think that's the key. Not the magic wand, the old model of rolling out stuff in, in six month cycles. It's really, get the proof points, double down and change the culture, but also execute and have real metrics. And changing the architecture, like having more penetration tests as a service. Doing pen tests is like a joke now. So that doesn't make any sense. You got to have that built in almost every day, and every minute. So, these kinds of new techniques have to be implemented and have to be tried. So that's why these communities are growing. That's why I like what open source has been doing, and I like the open source as the place to have these conversations, because that's where the action will be for new stuff. And I think people will implement open source like they did before, but with different ways, better testing, better supply chain on the software side, verifying code. So, I see open source actually getting a tailwind from this, not a headwind. So, I'm bullish on the open source piece here on, on all levels, machine learning- >> Lisa, my answer is intramural sports. And it's 'cause I think it's cultural. And what I mean by that, is you take your your best and brightest security, and this is what frankly, a lot of CISOs do, an examples is Lena Smart, MongoDB. Take your best and brightest security pros, make them captains of the intramural teams, and pair them up with pods of individuals across the organization, which is most people who don't know anything about security, and put them together, so that they can, they, so that the folks that understand security can, can realize how little people know, what, what, what, how, what the worst practices that are out there in the reverse, how they can cross pollinate. And they do that on a regular basis, I know at Mongo and other companies. And that kind of cultural assimilation is a starting point for how you get security awareness up to your question around making it a team sport. >> Absolutely critical. Yves, I want to kind of wrap things with you. We've got a couple of minutes left. When you're really looking at the Cloud Native community, the growth of it, we talked about earlier in the program, Cloud Native Security Con being now extracted and elevated out of KubeCon, what are your thoughts on the groundswell that this community is generating around Cloud Native Security, the benefits that organizations will achieve from it? >> I think overall, when we have these securities conferences, or these security arms a bit spread out and separated out of the main conference, it helps to a certain degree, because especially in the security space, when you look at at other like black hat or white hat conferences and things like that in the past, although they were not focused on Cloud Native, a lot of these security folks didn't feel well taken care of in any of the other conferences because they were always these, it's like they are always blocking us, they're always making us problems, and all these kinds of things. Now that we really take the Cloud Native piece and the security piece together, or like AWS does it with re:Inforce, I think we will see more and more that people understand is that security is a permanent topic we need to cover, but we need to bring different people together, because security also has compliance and a lot of other components in there. So we will see at these conferences moving forward, also a different audience. It's not going to be only the Cloud Native developers. And if I see some of these security audiences, I can't really imagine them to really be at KubeCon because there is too much other things going on. And you couldn't really see much of that at re:Invent because re:Invent by itself has become a complete monster of a conference. It covers too many topics. And so having this very, very important security piece separated, also gives the opportunity, I think, that we can bring in the security people, but also have the type of board level discussions potentially, between the leaders of the industry, to also discuss on how we can evolve, how we can make things better, and how, how we can actually, yeah, evolve our industry for it. Because let's face it, that threat is not going to go away. It's, it's a business. And one of the last security conferences I was on, on the ransomware part, it was one of the topics someone said is like, "Look, currently on average, it takes a hacker group roughly around they said 15 to 20 K to break into a company, and they on average make 100K. It's a business, let's face it. And it's a business we don't like. And ethically, it's no discussion that this is not good, but that's something which is happening. People are making money with it. And as long as that's going to go on, and we have enough countries where these people can hide, it's going to stay and survive. And so, with that being said, it's important for us to really build an industry around this. But I also think it's good that we have separate conferences. In the past we had more the RSA conference, which tried to cover all of these areas. But that is not really fitting Cloud Native and everything else. So I think it's good that we have these new opportunities, the Cloud Native one, but also what AWS brings up for someone. >> Yves, you just nailed it. It just comes down to simple math. It's a fraction. Revenue over cost. And if you could increase the hacker's cost, increase the denominator, their ROI will go down. And that is the game. >> Great point, Dave. What I'm hearing guys, and we can talk about technology for days and days. I know all of you. But there's, there's a big component that, that the elevation of Cloud Native Security, on its own as standalone is critical, as is the people component. You guys all talked about that. We talked about the cultural change necessary for that. Hopefully what we're seeing with Cloud Native Security Con 23, this first event is going to give us more insight over the next couple of days, and the next months or so, as to how this elevation, and how the people can come together to really help organizations from a math perspective as, as Dave talked about, really dial down the risks there, understand more of the vulnerabilities so that ransomware as a service is not as lucrative as it is today. Guys, so much appreciate your time, really breaking down Cloud Native Security, the value in it from different perspectives, and what your thoughts are on where it's going. Thanks so much for your time. >> All right. Thanks. >> Thanks, Lisa. >> Thank you. >> Thanks, Yves. >> All right. For my guests, I'm Lisa Martin. You're watching theCUBE's day one coverage of Cloud Native Security Con 23. Thanks for watching. (rousing music)

>> From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> OpenAI The company, and ChatGPT have taken the world by storm. Microsoft reportedly is investing an additional 10 billion dollars into the company. But in our view, while the hype around ChatGPT is justified, we don't believe OpenAI will lock up the market with its first mover advantage. Rather, we believe that success in this market will be directly proportional to the quality and quantity of data that a technology company has at its disposal, and the compute power that it could deploy to run its system. Hello and welcome to this week's Wikibon CUBE insights, powered by ETR. In this Breaking Analysis, we unpack the excitement around ChatGPT, and debate the premise that the company's early entry into the space may not confer winner take all advantage to OpenAI. And to do so, we welcome CUBE collaborator, alum, Sarbjeet Johal, (chuckles) and John Furrier, co-host of the Cube. Great to see you Sarbjeet, John. Really appreciate you guys coming to the program. >> Great to be on. >> Okay, so what is ChatGPT? Well, actually we asked ChatGPT, what is ChatGPT? So here's what it said. ChatGPT is a state-of-the-art language model developed by OpenAI that can generate human-like text. It could be fine tuned for a variety of language tasks, such as conversation, summarization, and language translation. So I asked it, give it to me in 50 words or less. How did it do? Anything to add? >> Yeah, think it did good. It's large language model, like previous models, but it started applying the transformers sort of mechanism to focus on what prompt you have given it to itself. And then also the what answer it gave you in the first, sort of, one sentence or two sentences, and then introspect on itself, like what I have already said to you. And so just work on that. So it it's self sort of focus if you will. It does, the transformers help the large language models to do that. >> So to your point, it's a large language model, and GPT stands for generative pre-trained transformer. >> And if you put the definition back up there again, if you put it back up on the screen, let's see it back up. Okay, it actually missed the large, word large. So one of the problems with ChatGPT, it's not always accurate. It's actually a large language model, and it says state of the art language model. And if you look at Google, Google has dominated AI for many times and they're well known as being the best at this. And apparently Google has their own large language model, LLM, in play and have been holding it back to release because of backlash on the accuracy. Like just in that example you showed is a great point. They got almost right, but they missed the key word. >> You know what's funny about that John, is I had previously asked it in my prompt to give me it in less than a hundred words, and it was too long, I said I was too long for Breaking Analysis, and there it went into the fact that it's a large language model. So it largely, it gave me a really different answer the, for both times. So, but it's still pretty amazing for those of you who haven't played with it yet. And one of the best examples that I saw was Ben Charrington from This Week In ML AI podcast. And I stumbled on this thanks to Brian Gracely, who was listening to one of his Cloudcasts. Basically what Ben did is he took, he prompted ChatGPT to interview ChatGPT, and he simply gave the system the prompts, and then he ran the questions and answers into this avatar builder and sped it up 2X so it didn't sound like a machine. And voila, it was amazing. So John is ChatGPT going to take over as a cube host? >> Well, I was thinking, we get the questions in advance sometimes from PR people. We should actually just plug it in ChatGPT, add it to our notes, and saying, "Is this good enough for you? Let's ask the real question." So I think, you know, I think there's a lot of heavy lifting that gets done. I think the ChatGPT is a phenomenal revolution. I think it highlights the use case. Like that example we showed earlier. It gets most of it right. So it's directionally correct and it feels like it's an answer, but it's not a hundred percent accurate. And I think that's where people are seeing value in it. Writing marketing, copy, brainstorming, guest list, gift list for somebody. Write me some lyrics to a song. Give me a thesis about healthcare policy in the United States. It'll do a bang up job, and then you got to go in and you can massage it. So we're going to do three quarters of the work. That's why plagiarism and schools are kind of freaking out. And that's why Microsoft put 10 billion in, because why wouldn't this be a feature of Word, or the OS to help it do stuff on behalf of the user. So linguistically it's a beautiful thing. You can input a string and get a good answer. It's not a search result. >> And we're going to get your take on on Microsoft and, but it kind of levels the playing- but ChatGPT writes better than I do, Sarbjeet, and I know you have some good examples too. You mentioned the Reed Hastings example. >> Yeah, I was listening to Reed Hastings fireside chat with ChatGPT, and the answers were coming as sort of voice, in the voice format. And it was amazing what, he was having very sort of philosophy kind of talk with the ChatGPT, the longer sentences, like he was going on, like, just like we are talking, he was talking for like almost two minutes and then ChatGPT was answering. It was not one sentence question, and then a lot of answers from ChatGPT and yeah, you're right. I, this is our ability. I've been thinking deep about this since yesterday, we talked about, like, we want to do this segment. The data is fed into the data model. It can be the current data as well, but I think that, like, models like ChatGPT, other companies will have those too. They can, they're democratizing the intelligence, but they're not creating intelligence yet, definitely yet I can say that. They will give you all the finite answers. Like, okay, how do you do this for loop in Java, versus, you know, C sharp, and as a programmer you can do that, in, but they can't tell you that, how to write a new algorithm or write a new search algorithm for you. They cannot create a secretive code for you to- >> Not yet. >> Have competitive advantage. >> Not yet, not yet. >> but you- >> Can Google do that today? >> No one really can. The reasoning side of the data is, we talked about at our Supercloud event, with Zhamak Dehghani who's was CEO of, now of Nextdata. This next wave of data intelligence is going to come from entrepreneurs that are probably cross discipline, computer science and some other discipline. But they're going to be new things, for example, data, metadata, and data. It's hard to do reasoning like a human being, so that needs more data to train itself. So I think the first gen of this training module for the large language model they have is a corpus of text. Lot of that's why blog posts are, but the facts are wrong and sometimes out of context, because that contextual reasoning takes time, it takes intelligence. So machines need to become intelligent, and so therefore they need to be trained. So you're going to start to see, I think, a lot of acceleration on training the data sets. And again, it's only as good as the data you can get. And again, proprietary data sets will be a huge winner. Anyone who's got a large corpus of content, proprietary content like theCUBE or SiliconANGLE as a publisher will benefit from this. Large FinTech companies, anyone with large proprietary data will probably be a big winner on this generative AI wave, because it just, it will eat that up, and turn that back into something better. So I think there's going to be a lot of interesting things to look at here. And certainly productivity's going to be off the charts for vanilla and the internet is going to get swarmed with vanilla content. So if you're in the content business, and you're an original content producer of any kind, you're going to be not vanilla, so you're going to be better. So I think there's so much at play Dave (indistinct). >> I think the playing field has been risen, so we- >> Risen and leveled? >> Yeah, and leveled to certain extent. So it's now like that few people as consumers, as consumers of AI, we will have a advantage and others cannot have that advantage. So it will be democratized. That's, I'm sure about that. But if you take the example of calculator, when the calculator came in, and a lot of people are, "Oh, people can't do math anymore because calculator is there." right? So it's a similar sort of moment, just like a calculator for the next level. But, again- >> I see it more like open source, Sarbjeet, because like if you think about what ChatGPT's doing, you do a query and it comes from somewhere the value of a post from ChatGPT is just a reuse of AI. The original content accent will be come from a human. So if I lay out a paragraph from ChatGPT, did some heavy lifting on some facts, I check the facts, save me about maybe- >> Yeah, it's productive. >> An hour writing, and then I write a killer two, three sentences of, like, sharp original thinking or critical analysis. I then took that body of work, open source content, and then laid something on top of it. >> And Sarbjeet's example is a good one, because like if the calculator kids don't do math as well anymore, the slide rule, remember we had slide rules as kids, remember we first started using Waze, you know, we were this minority and you had an advantage over other drivers. Now Waze is like, you know, social traffic, you know, navigation, everybody had, you know- >> All the back roads are crowded. >> They're car crowded. (group laughs) Exactly. All right, let's, let's move on. What about this notion that futurist Ray Amara put forth and really Amara's Law that we're showing here, it's, the law is we, you know, "We tend to overestimate the effect of technology in the short run and underestimate it in the long run." Is that the case, do you think, with ChatGPT? What do you think Sarbjeet? >> I think that's true actually. There's a lot of, >> We don't debate this. >> There's a lot of awe, like when people see the results from ChatGPT, they say what, what the heck? Like, it can do this? But then if you use it more and more and more, and I ask the set of similar question, not the same question, and it gives you like same answer. It's like reading from the same bucket of text in, the interior read (indistinct) where the ChatGPT, you will see that in some couple of segments. It's very, it sounds so boring that the ChatGPT is coming out the same two sentences every time. So it is kind of good, but it's not as good as people think it is right now. But we will have, go through this, you know, hype sort of cycle and get realistic with it. And then in the long term, I think it's a great thing in the short term, it's not something which will (indistinct) >> What's your counter point? You're saying it's not. >> I, no I think the question was, it's hyped up in the short term and not it's underestimated long term. That's what I think what he said, quote. >> Yes, yeah. That's what he said. >> Okay, I think that's wrong with this, because this is a unique, ChatGPT is a unique kind of impact and it's very generational. People have been comparing it, I have been comparing to the internet, like the web, web browser Mosaic and Netscape, right, Navigator. I mean, I clearly still remember the days seeing Navigator for the first time, wow. And there weren't not many sites you could go to, everyone typed in, you know, cars.com, you know. >> That (indistinct) wasn't that overestimated, the overhyped at the beginning and underestimated. >> No, it was, it was underestimated long run, people thought. >> But that Amara's law. >> That's what is. >> No, they said overestimated? >> Overestimated near term underestimated- overhyped near term, underestimated long term. I got, right I mean? >> Well, I, yeah okay, so I would then agree, okay then- >> We were off the charts about the internet in the early days, and it actually exceeded our expectations. >> Well there were people who were, like, poo-pooing it early on. So when the browser came out, people were like, "Oh, the web's a toy for kids." I mean, in 1995 the web was a joke, right? So '96, you had online populations growing, so you had structural changes going on around the browser, internet population. And then that replaced other things, direct mail, other business activities that were once analog then went to the web, kind of read only as you, as we always talk about. So I think that's a moment where the hype long term, the smart money, and the smart industry experts all get the long term. And in this case, there's more poo-pooing in the short term. "Ah, it's not a big deal, it's just AI." I've heard many people poo-pooing ChatGPT, and a lot of smart people saying, "No this is next gen, this is different and it's only going to get better." So I think people are estimating a big long game on this one. >> So you're saying it's bifurcated. There's those who say- >> Yes. >> Okay, all right, let's get to the heart of the premise, and possibly the debate for today's episode. Will OpenAI's early entry into the market confer sustainable competitive advantage for the company. And if you look at the history of tech, the technology industry, it's kind of littered with first mover failures. Altair, IBM, Tandy, Commodore, they and Apple even, they were really early in the PC game. They took a backseat to Dell who came in the scene years later with a better business model. Netscape, you were just talking about, was all the rage in Silicon Valley, with the first browser, drove up all the housing prices out here. AltaVista was the first search engine to really, you know, index full text. >> Owned by Dell, I mean DEC. >> Owned by Digital. >> Yeah, Digital Equipment >> Compaq bought it. And of course as an aside, Digital, they wanted to showcase their hardware, right? Their super computer stuff. And then so Friendster and MySpace, they came before Facebook. The iPhone certainly wasn't the first mobile device. So lots of failed examples, but there are some recent successes like AWS and cloud. >> You could say smartphone. So I mean. >> Well I know, and you can, we can parse this so we'll debate it. Now Twitter, you could argue, had first mover advantage. You kind of gave me that one John. Bitcoin and crypto clearly had first mover advantage, and sustaining that. Guys, will OpenAI make it to the list on the right with ChatGPT, what do you think? >> I think categorically as a company, it probably won't, but as a category, I think what they're doing will, so OpenAI as a company, they get funding, there's power dynamics involved. Microsoft put a billion dollars in early on, then they just pony it up. Now they're reporting 10 billion more. So, like, if the browsers, Microsoft had competitive advantage over Netscape, and used monopoly power, and convicted by the Department of Justice for killing Netscape with their monopoly, Netscape should have had won that battle, but Microsoft killed it. In this case, Microsoft's not killing it, they're buying into it. So I think the embrace extend Microsoft power here makes OpenAI vulnerable for that one vendor solution. So the AI as a company might not make the list, but the category of what this is, large language model AI, is probably will be on the right hand side. >> Okay, we're going to come back to the government intervention and maybe do some comparisons, but what are your thoughts on this premise here? That, it will basically set- put forth the premise that it, that ChatGPT, its early entry into the market will not confer competitive advantage to >> For OpenAI. >> To Open- Yeah, do you agree with that? >> I agree with that actually. It, because Google has been at it, and they have been holding back, as John said because of the scrutiny from the Fed, right, so- >> And privacy too. >> And the privacy and the accuracy as well. But I think Sam Altman and the company on those guys, right? They have put this in a hasty way out there, you know, because it makes mistakes, and there are a lot of questions around the, sort of, where the content is coming from. You saw that as your example, it just stole the content, and without your permission, you know? >> Yeah. So as quick this aside- >> And it codes on people's behalf and the, those codes are wrong. So there's a lot of, sort of, false information it's putting out there. So it's a very vulnerable thing to do what Sam Altman- >> So even though it'll get better, others will compete. >> So look, just side note, a term which Reid Hoffman used a little bit. Like he said, it's experimental launch, like, you know, it's- >> It's pretty damn good. >> It is clever because according to Sam- >> It's more than clever. It's good. >> It's awesome, if you haven't used it. I mean you write- you read what it writes and you go, "This thing writes so well, it writes so much better than you." >> The human emotion drives that too. I think that's a big thing. But- >> I Want to add one more- >> Make your last point. >> Last one. Okay. So, but he's still holding back. He's conducting quite a few interviews. If you want to get the gist of it, there's an interview with StrictlyVC interview from yesterday with Sam Altman. Listen to that one it's an eye opening what they want- where they want to take it. But my last one I want to make it on this point is that Satya Nadella yesterday did an interview with Wall Street Journal. I think he was doing- >> You were not impressed. >> I was not impressed because he was pushing it too much. So Sam Altman's holding back so there's less backlash. >> Got 10 billion reasons to push. >> I think he's almost- >> Microsoft just laid off 10000 people. Hey ChatGPT, find me a job. You know like. (group laughs) >> He's overselling it to an extent that I think it will backfire on Microsoft. And he's over promising a lot of stuff right now, I think. I don't know why he's very jittery about all these things. And he did the same thing during Ignite as well. So he said, "Oh, this AI will write code for you and this and that." Like you called him out- >> The hyperbole- >> During your- >> from Satya Nadella, he's got a lot of hyperbole. (group talks over each other) >> All right, Let's, go ahead. >> Well, can I weigh in on the whole- >> Yeah, sure. >> Microsoft thing on whether OpenAI, here's the take on this. I think it's more like the browser moment to me, because I could relate to that experience with ChatG, personally, emotionally, when I saw that, and I remember vividly- >> You mean that aha moment (indistinct). >> Like this is obviously the future. Anything else in the old world is dead, website's going to be everywhere. It was just instant dot connection for me. And a lot of other smart people who saw this. Lot of people by the way, didn't see it. Someone said the web's a toy. At the company I was worked for at the time, Hewlett Packard, they like, they could have been in, they had invented HTML, and so like all this stuff was, like, they just passed, the web was just being passed over. But at that time, the browser got better, more websites came on board. So the structural advantage there was online web usage was growing, online user population. So that was growing exponentially with the rise of the Netscape browser. So OpenAI could stay on the right side of your list as durable, if they leverage the category that they're creating, can get the scale. And if they can get the scale, just like Twitter, that failed so many times that they still hung around. So it was a product that was always successful, right? So I mean, it should have- >> You're right, it was terrible, we kept coming back. >> The fail whale, but it still grew. So OpenAI has that moment. They could do it if Microsoft doesn't meddle too much with too much power as a vendor. They could be the Netscape Navigator, without the anti-competitive behavior of somebody else. So to me, they have the pole position. So they have an opportunity. So if not, if they don't execute, then there's opportunity. There's not a lot of barriers to entry, vis-a-vis say the CapEx of say a cloud company like AWS. You can't replicate that, Many have tried, but I think you can replicate OpenAI. >> And we're going to talk about that. Okay, so real quick, I want to bring in some ETR data. This isn't an ETR heavy segment, only because this so new, you know, they haven't coverage yet, but they do cover AI. So basically what we're seeing here is a slide on the vertical axis's net score, which is a measure of spending momentum, and in the horizontal axis's is presence in the dataset. Think of it as, like, market presence. And in the insert right there, you can see how the dots are plotted, the two columns. And so, but the key point here that we want to make, there's a bunch of companies on the left, is he like, you know, DataRobot and C3 AI and some others, but the big whales, Google, AWS, Microsoft, are really dominant in this market. So that's really the key takeaway that, can we- >> I notice IBM is way low. >> Yeah, IBM's low, and actually bring that back up and you, but then you see Oracle who actually is injecting. So I guess that's the other point is, you're not necessarily going to go buy AI, and you know, build your own AI, you're going to, it's going to be there and, it, Salesforce is going to embed it into its platform, the SaaS companies, and you're going to purchase AI. You're not necessarily going to build it. But some companies obviously are. >> I mean to quote IBM's general manager Rob Thomas, "You can't have AI with IA." information architecture and David Flynn- >> You can't Have AI without IA >> without, you can't have AI without IA. You can't have, if you have an Information Architecture, you then can power AI. Yesterday David Flynn, with Hammersmith, was on our Supercloud. He was pointing out that the relationship of storage, where you store things, also impacts the data and stressablity, and Zhamak from Nextdata, she was pointing out that same thing. So the data problem factors into all this too, Dave. >> So you got the big cloud and internet giants, they're all poised to go after this opportunity. Microsoft is investing up to 10 billion. Google's code red, which was, you know, the headline in the New York Times. Of course Apple is there and several alternatives in the market today. Guys like Chinchilla, Bloom, and there's a company Jasper and several others, and then Lena Khan looms large and the government's around the world, EU, US, China, all taking notice before the market really is coalesced around a single player. You know, John, you mentioned Netscape, they kind of really, the US government was way late to that game. It was kind of game over. And Netscape, I remember Barksdale was like, "Eh, we're going to be selling software in the enterprise anyway." and then, pshew, the company just dissipated. So, but it looks like the US government, especially with Lena Khan, they're changing the definition of antitrust and what the cause is to go after people, and they're really much more aggressive. It's only what, two years ago that (indistinct). >> Yeah, the problem I have with the federal oversight is this, they're always like late to the game, and they're slow to catch up. So in other words, they're working on stuff that should have been solved a year and a half, two years ago around some of the social networks hiding behind some of the rules around open web back in the days, and I think- >> But they're like 15 years late to that. >> Yeah, and now they got this new thing on top of it. So like, I just worry about them getting their fingers. >> But there's only two years, you know, OpenAI. >> No, but the thing (indistinct). >> No, they're still fighting other battles. But the problem with government is that they're going to label Big Tech as like a evil thing like Pharma, it's like smoke- >> You know Lena Khan wants to kill Big Tech, there's no question. >> So I think Big Tech is getting a very seriously bad rap. And I think anything that the government does that shades darkness on tech, is politically motivated in most cases. You can almost look at everything, and my 80 20 rule is in play here. 80% of the government activity around tech is bullshit, it's politically motivated, and the 20% is probably relevant, but off the mark and not organized. >> Well market forces have always been the determining factor of success. The governments, you know, have been pretty much failed. I mean you look at IBM's antitrust, that, what did that do? The market ultimately beat them. You look at Microsoft back in the day, right? Windows 95 was peaking, the government came in. But you know, like you said, they missed the web, right, and >> so they were hanging on- >> There's nobody in government >> to Windows. >> that actually knows- >> And so, you, I think you're right. It's market forces that are going to determine this. But Sarbjeet, what do you make of Microsoft's big bet here, you weren't impressed with with Nadella. How do you think, where are they going to apply it? Is this going to be a Hail Mary for Bing, or is it going to be applied elsewhere? What do you think. >> They are saying that they will, sort of, weave this into their products, office products, productivity and also to write code as well, developer productivity as well. That's a big play for them. But coming back to your antitrust sort of comments, right? I believe the, your comment was like, oh, fed was late 10 years or 15 years earlier, but now they're two years. But things are moving very fast now as compared to they used to move. >> So two years is like 10 Years. >> Yeah, two years is like 10 years. Just want to make that point. (Dave laughs) This thing is going like wildfire. Any new tech which comes in that I think they're going against distribution channels. Lina Khan has commented time and again that the marketplace model is that she wants to have some grip on. Cloud marketplaces are a kind of monopolistic kind of way. >> I don't, I don't see this, I don't see a Chat AI. >> You told me it's not Bing, you had an interesting comment. >> No, no. First of all, this is great from Microsoft. If you're Microsoft- >> Why? >> Because Microsoft doesn't have the AI chops that Google has, right? Google is got so much core competency on how they run their search, how they run their backends, their cloud, even though they don't get a lot of cloud market share in the enterprise, they got a kick ass cloud cause they needed one. >> Totally. >> They've invented SRE. I mean Google's development and engineering chops are off the scales, right? Amazon's got some good chops, but Google's got like 10 times more chops than AWS in my opinion. Cloud's a whole different story. Microsoft gets AI, they get a playbook, they get a product they can render into, the not only Bing, productivity software, helping people write papers, PowerPoint, also don't forget the cloud AI can super help. We had this conversation on our Supercloud event, where AI's going to do a lot of the heavy lifting around understanding observability and managing service meshes, to managing microservices, to turning on and off applications, and or maybe writing code in real time. So there's a plethora of use cases for Microsoft to deploy this. combined with their R and D budgets, they can then turbocharge more research, build on it. So I think this gives them a car in the game, Google may have pole position with AI, but this puts Microsoft right in the game, and they already have a lot of stuff going on. But this just, I mean everything gets lifted up. Security, cloud, productivity suite, everything. >> What's under the hood at Google, and why aren't they talking about it? I mean they got to be freaked out about this. No? Or do they have kind of a magic bullet? >> I think they have the, they have the chops definitely. Magic bullet, I don't know where they are, as compared to the ChatGPT 3 or 4 models. Like they, but if you look at the online sort of activity and the videos put out there from Google folks, Google technology folks, that's account you should look at if you are looking there, they have put all these distinctions what ChatGPT 3 has used, they have been talking about for a while as well. So it's not like it's a secret thing that you cannot replicate. As you said earlier, like in the beginning of this segment, that anybody who has more data and the capacity to process that data, which Google has both, I think they will win this. >> Obviously living in Palo Alto where the Google founders are, and Google's headquarters next town over we have- >> We're so close to them. We have inside information on some of the thinking and that hasn't been reported by any outlet yet. And that is, is that, from what I'm hearing from my sources, is Google has it, they don't want to release it for many reasons. One is it might screw up their search monopoly, one, two, they're worried about the accuracy, 'cause Google will get sued. 'Cause a lot of people are jamming on this ChatGPT as, "Oh it does everything for me." when it's clearly not a hundred percent accurate all the time. >> So Lina Kahn is looming, and so Google's like be careful. >> Yeah so Google's just like, this is the third, could be a third rail. >> But the first thing you said is a concern. >> Well no. >> The disruptive (indistinct) >> What they will do is do a Waymo kind of thing, where they spin out a separate company. >> They're doing that. >> The discussions happening, they're going to spin out the separate company and put it over there, and saying, "This is AI, got search over there, don't touch that search, 'cause that's where all the revenue is." (chuckles) >> So, okay, so that's how they deal with the Clay Christensen dilemma. What's the business model here? I mean it's not advertising, right? Is it to charge you for a query? What, how do you make money at this? >> It's a good question, I mean my thinking is, first of all, it's cool to type stuff in and see a paper get written, or write a blog post, or gimme a marketing slogan for this or that or write some code. I think the API side of the business will be critical. And I think Howie Xu, I know you're going to reference some of his comments yesterday on Supercloud, I think this brings a whole 'nother user interface into technology consumption. I think the business model, not yet clear, but it will probably be some sort of either API and developer environment or just a straight up free consumer product, with some sort of freemium backend thing for business. >> And he was saying too, it's natural language is the way in which you're going to interact with these systems. >> I think it's APIs, it's APIs, APIs, APIs, because these people who are cooking up these models, and it takes a lot of compute power to train these and to, for inference as well. Somebody did the analysis on the how many cents a Google search costs to Google, and how many cents the ChatGPT query costs. It's, you know, 100x or something on that. You can take a look at that. >> A 100x on which side? >> You're saying two orders of magnitude more expensive for ChatGPT >> Much more, yeah. >> Than for Google. >> It's very expensive. >> So Google's got the data, they got the infrastructure and they got, you're saying they got the cost (indistinct) >> No actually it's a simple query as well, but they are trying to put together the answers, and they're going through a lot more data versus index data already, you know. >> Let me clarify, you're saying that Google's version of ChatGPT is more efficient? >> No, I'm, I'm saying Google search results. >> Ah, search results. >> What are used to today, but cheaper. >> But that, does that, is that going to confer advantage to Google's large language (indistinct)? >> It will, because there were deep science (indistinct). >> Google, I don't think Google search is doing a large language model on their search, it's keyword search. You know, what's the weather in Santa Cruz? Or how, what's the weather going to be? Or you know, how do I find this? Now they have done a smart job of doing some things with those queries, auto complete, re direct navigation. But it's, it's not entity. It's not like, "Hey, what's Dave Vellante thinking this week in Breaking Analysis?" ChatGPT might get that, because it'll get your Breaking Analysis, it'll synthesize it. There'll be some, maybe some clips. It'll be like, you know, I mean. >> Well I got to tell you, I asked ChatGPT to, like, I said, I'm going to enter a transcript of a discussion I had with Nir Zuk, the CTO of Palo Alto Networks, And I want you to write a 750 word blog. I never input the transcript. It wrote a 750 word blog. It attributed quotes to him, and it just pulled a bunch of stuff that, and said, okay, here it is. It talked about Supercloud, it defined Supercloud. >> It's made, it makes you- >> Wow, But it was a big lie. It was fraudulent, but still, blew me away. >> Again, vanilla content and non accurate content. So we are going to see a surge of misinformation on steroids, but I call it the vanilla content. Wow, that's just so boring, (indistinct). >> There's so many dangers. >> Make your point, cause we got to, almost out of time. >> Okay, so the consumption, like how do you consume this thing. As humans, we are consuming it and we are, like, getting a nicely, like, surprisingly shocked, you know, wow, that's cool. It's going to increase productivity and all that stuff, right? And on the danger side as well, the bad actors can take hold of it and create fake content and we have the fake sort of intelligence, if you go out there. So that's one thing. The second thing is, we are as humans are consuming this as language. Like we read that, we listen to it, whatever format we consume that is, but the ultimate usage of that will be when the machines can take that output from likes of ChatGPT, and do actions based on that. The robots can work, the robot can paint your house, we were talking about, right? Right now we can't do that. >> Data apps. >> So the data has to be ingested by the machines. It has to be digestible by the machines. And the machines cannot digest unorganized data right now, we will get better on the ingestion side as well. So we are getting better. >> Data, reasoning, insights, and action. >> I like that mall, paint my house. >> So, okay- >> By the way, that means drones that'll come in. Spray painting your house. >> Hey, it wasn't too long ago that robots couldn't climb stairs, as I like to point out. Okay, and of course it's no surprise the venture capitalists are lining up to eat at the trough, as I'd like to say. Let's hear, you'd referenced this earlier, John, let's hear what AI expert Howie Xu said at the Supercloud event, about what it takes to clone ChatGPT. Please, play the clip. >> So one of the VCs actually asked me the other day, right? "Hey, how much money do I need to spend, invest to get a, you know, another shot to the openAI sort of the level." You know, I did a (indistinct) >> Line up. >> A hundred million dollar is the order of magnitude that I came up with, right? You know, not a billion, not 10 million, right? So a hundred- >> Guys a hundred million dollars, that's an astoundingly low figure. What do you make of it? >> I was in an interview with, I was interviewing, I think he said hundred million or so, but in the hundreds of millions, not a billion right? >> You were trying to get him up, you were like "Hundreds of millions." >> Well I think, I- >> He's like, eh, not 10, not a billion. >> Well first of all, Howie Xu's an expert machine learning. He's at Zscaler, he's a machine learning AI guy. But he comes from VMware, he's got his technology pedigrees really off the chart. Great friend of theCUBE and kind of like a CUBE analyst for us. And he's smart. He's right. I think the barriers to entry from a dollar standpoint are lower than say the CapEx required to compete with AWS. Clearly, the CapEx spending to build all the tech for the run a cloud. >> And you don't need a huge sales force. >> And in some case apps too, it's the same thing. But I think it's not that hard. >> But am I right about that? You don't need a huge sales force either. It's, what, you know >> If the product's good, it will sell, this is a new era. The better mouse trap will win. This is the new economics in software, right? So- >> Because you look at the amount of money Lacework, and Snyk, Snowflake, Databrooks. Look at the amount of money they've raised. I mean it's like a billion dollars before they get to IPO or more. 'Cause they need promotion, they need go to market. You don't need (indistinct) >> OpenAI's been working on this for multiple five years plus it's, hasn't, wasn't born yesterday. Took a lot of years to get going. And Sam is depositioning all the success, because he's trying to manage expectations, To your point Sarbjeet, earlier. It's like, yeah, he's trying to "Whoa, whoa, settle down everybody, (Dave laughs) it's not that great." because he doesn't want to fall into that, you know, hero and then get taken down, so. >> It may take a 100 million or 150 or 200 million to train the model. But to, for the inference to, yeah to for the inference machine, It will take a lot more, I believe. >> Give it, so imagine, >> Because- >> Go ahead, sorry. >> Go ahead. But because it consumes a lot more compute cycles and it's certain level of storage and everything, right, which they already have. So I think to compute is different. To frame the model is a different cost. But to run the business is different, because I think 100 million can go into just fighting the Fed. >> Well there's a flywheel too. >> Oh that's (indistinct) >> (indistinct) >> We are running the business, right? >> It's an interesting number, but it's also kind of, like, context to it. So here, a hundred million spend it, you get there, but you got to factor in the fact that the ways companies win these days is critical mass scale, hitting a flywheel. If they can keep that flywheel of the value that they got going on and get better, you can almost imagine a marketplace where, hey, we have proprietary data, we're SiliconANGLE in theCUBE. We have proprietary content, CUBE videos, transcripts. Well wouldn't it be great if someone in a marketplace could sell a module for us, right? We buy that, Amazon's thing and things like that. So if they can get a marketplace going where you can apply to data sets that may be proprietary, you can start to see this become bigger. And so I think the key barriers to entry is going to be success. I'll give you an example, Reddit. Reddit is successful and it's hard to copy, not because of the software. >> They built the moat. >> Because you can, buy Reddit open source software and try To compete. >> They built the moat with their community. >> Their community, their scale, their user expectation. Twitter, we referenced earlier, that thing should have gone under the first two years, but there was such a great emotional product. People would tolerate the fail whale. And then, you know, well that was a whole 'nother thing. >> Then a plane landed in (John laughs) the Hudson and it was over. >> I think verticals, a lot of verticals will build applications using these models like for lawyers, for doctors, for scientists, for content creators, for- >> So you'll have many hundreds of millions of dollars investments that are going to be seeping out. If, all right, we got to wrap, if you had to put odds on it that that OpenAI is going to be the leader, maybe not a winner take all leader, but like you look at like Amazon and cloud, they're not winner take all, these aren't necessarily winner take all markets. It's not necessarily a zero sum game, but let's call it winner take most. What odds would you give that open AI 10 years from now will be in that position. >> If I'm 0 to 10 kind of thing? >> Yeah, it's like horse race, 3 to 1, 2 to 1, even money, 10 to 1, 50 to 1. >> Maybe 2 to 1, >> 2 to 1, that's pretty low odds. That's basically saying they're the favorite, they're the front runner. Would you agree with that? >> I'd say 4 to 1. >> Yeah, I was going to say I'm like a 5 to 1, 7 to 1 type of person, 'cause I'm a skeptic with, you know, there's so much competition, but- >> I think they're definitely the leader. I mean you got to say, I mean. >> Oh there's no question. There's no question about it. >> The question is can they execute? >> They're not Friendster, is what you're saying. >> They're not Friendster and they're more like Twitter and Reddit where they have momentum. If they can execute on the product side, and if they don't stumble on that, they will continue to have the lead. >> If they say stay neutral, as Sam is, has been saying, that, hey, Microsoft is one of our partners, if you look at their company model, how they have structured the company, then they're going to pay back to the investors, like Microsoft is the biggest one, up to certain, like by certain number of years, they're going to pay back from all the money they make, and after that, they're going to give the money back to the public, to the, I don't know who they give it to, like non-profit or something. (indistinct) >> Okay, the odds are dropping. (group talks over each other) That's a good point though >> Actually they might have done that to fend off the criticism of this. But it's really interesting to see the model they have adopted. >> The wildcard in all this, My last word on this is that, if there's a developer shift in how developers and data can come together again, we have conferences around the future of data, Supercloud and meshs versus, you know, how the data world, coding with data, how that evolves will also dictate, 'cause a wild card could be a shift in the landscape around how developers are using either machine learning or AI like techniques to code into their apps, so. >> That's fantastic insight. I can't thank you enough for your time, on the heels of Supercloud 2, really appreciate it. All right, thanks to John and Sarbjeet for the outstanding conversation today. Special thanks to the Palo Alto studio team. My goodness, Anderson, this great backdrop. You guys got it all out here, I'm jealous. And Noah, really appreciate it, Chuck, Andrew Frick and Cameron, Andrew Frick switching, Cameron on the video lake, great job. And Alex Myerson, he's on production, manages the podcast for us, Ken Schiffman as well. Kristen Martin and Cheryl Knight help get the word out on social media and our newsletters. Rob Hof is our editor-in-chief over at SiliconANGLE, does some great editing, thanks to all. Remember, all these episodes are available as podcasts. All you got to do is search Breaking Analysis podcast, wherever you listen. Publish each week on wikibon.com and siliconangle.com. Want to get in touch, email me directly, david.vellante@siliconangle.com or DM me at dvellante, or comment on our LinkedIn post. And by all means, check out etr.ai. They got really great survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching, We'll see you next time on Breaking Analysis. (electronic music)

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back everyone. We're so glad that you're still with us. It's the Cube Live at the MGM Grand. This is our second day of coverage of Palo Alto Networks Ignite. This is takeaways from Ignite 22. Lisa Martin here with two really smart guys, Dave Valante. Dave, we're joined by one of our cube alumni, a friend, a friend of the, we say friend of the Cube. >>Yeah, otc. A friend of the Cube >>Karala joined us. Guys, it's great to have you here. It's been an exciting show. A lot of cybersecurity is one of my favorite topics to talk about. But I'd love to get some of the big takeaways from both of you. Dave, we'll start with you. >>A breathing room from two weeks ago. Yeah, that was, that was really pleasant. You know, I mean, I know was, yes, you sat in the analyst program, interested in what your takeaways were from there. But, you know, coming into this, we wrote a piece, Palo Alto's Gold Standard, what they need to do to, to keep that, that status. And we hear it a lot about consolidation. That's their big theme now, which is timely, right? Cause people wanna save money, they wanna do more with less. But I'm really interested in hearing zeus's thoughts on how that's playing in the market. How customers, how easy is it to just say, oh, hey, I'm gonna consolidate. I wanna get into that a little bit with you, how well the strategy's working. We're gonna get into some of the m and a activity and really bring your perspectives to the table. Well, >>It's, it's not easy. I mean, people have been calling for the consolidation of security for decades, and it's, it's, they're the first company that's actually made it happen. Right? And, and I think this is what we're seeing here is the culmination of this long term strategy, this company trying to build more of a platform. And they, you know, they, they came out as a firewall vendor. And I think it's safe to say they're more than firewall today. That's only about two thirds of their revenue now. So down from 80% a few years ago. And when I think of what Palo Alto has become, they're really a data company. Now, if you look at, you know, unit 42 in Cortex, the, the, the Cortex Data Lake, they've done an excellent job of taking telemetry from their products and from the acquisitions they have, right? And bringing that together into one big data lake. >>And then they're able to use that to, to do faster threat notification, forensics, things like that. And so I think the old model of security of create signatures for known threats, it's safe to say it never really worked and it wasn't ever gonna work. You had too many day zero exploits and things. The only way to fight security today is with a AI and ML based analytics. And they have, they're the gold standard. I think the one thing about your post that I would add the gold standard from a data standpoint, and that's given them this competitive advantage to go out and become a platform for a security. Which, like I said, the people have tried to do that for years. And the first one that's actually done it, well, >>We've heard this from some of the startups, like Lacework will say, oh, we treat security as a data problem. Of course there's a startup, Palo Alto's got, you know, whatever, 10, 15 years of, of, of history. But one of the things I wanted to explore with you coming into this was the notion of can you be best of breed and develop a suite? And we, we've been hearing a consistent answer to that question, which is, and, and do you need to, and the answer is, well, best of breed in security requires that full spectrum, that full view. So here's my question to you. So, okay, let's take Esty win relatively new for these guys, right? Yeah. Okay. And >>And one of the few products are not top two, top three in, right? Exactly. >>Yeah. So that's why I want to take that. Yeah. Because in bakeoffs, they're gonna lose on a head-to-head best of breed. And so the customer's gonna say, Hey, you know, I love your, your consolidation play, your esty win's. Just, okay, how about a little discount on that? And you know, these guys are premium priced. Yes. So, you know, are they in essentially through their pricing strategies, sort of creating that stuff, fighting that, is that friction for them where they've got, you know, the customer says, all right, well forget it, we're gonna go stove pipe with the SD WAN will consolidate some of the stuff. Are you seeing that? >>Yeah, I, I, I still think the sales model is that way. And I think that's something they need to work on changing. If they get into a situation where they have to get down into a feature battle of my SD WAN versus your SD wan, my firewall versus your firewall, frankly they've already lost, you know, because their value prop is the suite and, and is the platform. And I was talking to the CISO here that told me, he realizes now that you don't need best of breed everywhere to have best in class threat protection. In fact, best of breed everywhere leads to suboptimal threat protection. Cuz you have all these data data sets that are in silos, right? And so from a data scientist standpoint, right, there's the good data leads to good insights. Well, partial data leads to fragmented insights and that's, that's what the best, best of breed approach gives you. And so I was talking with Palo about this, can they have this vision of being best of breed and platform? I don't really think you can maintain best of breed everywhere across this portfolio this big, but you don't need to. >>That was my second point of my >>Question. That's the point. >>Yeah. And so, cuz cuz because you know, we've talked about this, that that sweets always win in the long run, >>Sweets >>Win. Yeah. But here's the thing, I, I wonder to your your point about, you know, the customer, you know, understanding that that that, that this resonates with them. I, my guess is a lot of customers, you know, at that mid-level and the fat middle are like still sort of wed, you know, hugging that, that tool. So there's, there's work to be done here, but I think they, they, they got it right Because if they devolve, to your point, if they devolve down to that speeds and feeds, eh, what's the point of that? Where's their valuable? >>You do not wanna get into a knife fight. And I, and I, and I think for them the, a big challenge now is convincing customers that the suite, the suite approach does work. And they have to be able to do that in actual customer examples. And so, you know, I I interviewed a bunch of customers here and the ones that have bought into XDR and xor and even are looking at their sim have told me that the, the, so think of soc operations, the old way heavily manually oriented, right? You have multiple panes of glass and you know, and then you've got, so there's a lot of people work before you bring the tools in, right? If done correctly with AI and ml, the machines would do all the heavy lifting and then you'd bring people in at the end to clean up the little bits that were missed, right? >>And so you, you moved to, from something that was very people heavy to something that's machine heavy and machines can work a lot faster than people. And the, and so the ones that I've talked that have, that have done that have said, look, our engineers have moved on to a lot different things. They're doing penetration testing, they're, you know, helping us with, with strategy and they're not fighting that, that daily fight of looking through log files. And the only proof point you need, Dave, is look at every big breach that we've had over the last five years. There's some SIM vendor up there that says, we caught it. Yeah. >>Yeah. We we had the data. >>Yeah. But, but, but the security team missed it. Well they missed it because you're, nobody can look at that much data manually. And so the, I I think their approach of relying heavily on machines to fight the fight is actually the right way. >>Is that a differentiator for them versus, we were talking before we went live that you and I first hit our very first segment back in 2017 at Fort Net. Is that, where do the two stand in your >>Yeah, it's funny cuz if you talk to the two vendors, they don't really see each other in a lot of accounts because Fort Net's more small market mid-market. It's the same strategy to some degree where Fort Net relies heavily on in-house development and Palo Alto relies heavily on acquisition. Yeah. And so I think from a consistently feature set, you know, Fort Net has an advantage there because it, it's all run off their, their their silicon. Where, where Palo's able to innovate very quickly. The, it it requires a lot of work right? To, to bring the front end and back ends together. But they're serving different markets. So >>Do you see that as a differentiator? The integration strategy that Palo Alto has as a differentiator? We talk to so many companies who have an a strong m and a strategy and, and execution arm. But the challenge is always integrating the technology so that the customer to, you know, ultimately it's the customer. >>I actually think they're, they're underrated as a, an acquirer. In fact, Dave wrote a post to a prior on Silicon Angle prior to Accelerate and he, he on, you put it on Twitter and you asked people to rank 'em as an acquirer and they were in the middle of the pack, >>Right? It was, it was. So it was Oracle, VMware, emc, ibm, Cisco, ServiceNow, and Palo Alto. Yeah. Or Oracle got very high marks. It was like 8.5 out of, you know, 10. Yeah. VMware I think was 6.5. Nice. Era was high emc, big range. IBM five to seven. Cisco was three to eight. Yeah. Yeah, right. ServiceNow was a seven. And then, yeah, Palo Alto was like a five. And I, which I think it was unfair. >>Well, and I think it depends on how you look at it. And I, so I think a lot of the acquisitions Palo Altos made, they've done a good job of integrating their backend data and they've almost ignored the front end. And so when you buy some of the products, it's a little clunky today. You know, if you work with Prisma Cloud, it could be a little bit cleaner. And even with, you know, the SD wan that took 'em a long time to bring CloudGenix in and stuff. But I think the approach is right. I don't, I don't necessarily believe you should integrate the front end until you've integrated the back end. >>That's >>The hard part, right? Because UL ultimately what you're gonna get, you're gonna get two panes of glass and one pane of glass and it might look pretty all mush together, but ultimately you're not solving the bigger problem, right. Of, of being able to create that big data like the, the fight security. And so I think, you know, the approach they've taken is the right one. I think from a user standpoint, maybe it doesn't show up as neatly because you don't see the frontend integration, but the way they're doing it is the right way to do it. And I'm glad they're doing it that way versus caving to the pressures of what, you know, the industry might want >>Showed up in the performance of the company. I mean, this company was basically gonna double revenues to 7 billion from 2020 to >>2023. Three. Think about that at that, that >>Make a, that's unbelievable, right? I mean, and then and they wanna double again. Yeah. You know, so, well >>What did, what did Nikesh was quoted as saying they wanna be the first cyber company that's a hundred billion dollars. He didn't give a timeline market cap. >>Right. >>Market cap, right. Do what I wanna get both of your opinions on what you saw and heard and felt this week. What do you think the likelihood is? And and do you have any projections on how, you know, how many years it's gonna take for them to get there? >>Well, >>Well I think so if they're gonna get that big, right? And, and we were talking about this pre-show, any company that's becoming a big company does it through ecosystem >>Bingo. >>Right? And that when you look around the show floor, it's not that impressive. And if that, if there's an area they need to focus on, it's building that ecosystem. And it's not with other security vendors, it's with application vendors and it's with the cloud companies and stuff. And they've got some relationships there, but they need to do more. I actually challenge 'em on that. One of the analyst sessions. They said, look, we've got 800 cortex partners. Well where are they? Right? Why isn't there a cortex stand here with a bunch of the small companies here? So I do think that that is an area they need to focus on. If they are gonna get to that, that market caps number, they will do so do so through ecosystem. Because every company that's achieved that has done it through ecosystem. >>A hundred percent agree. And you know, if you look at CrowdStrike's ecosystem, it's pretty similar. Yeah. You know, it doesn't really, you know, make much, much, not much different from this, but I went back and just looked at some, you know, peak valuations during the pandemic and shortly thereafter CrowdStrike was 70 billion. You know, that's what their roughly their peak Palo Alto was 56, fortune was 59 for the actually diverged. Right. And now Palo Alto has taken the, the top mantle, you know, today it's market cap's 52. So it's held 93% of its peak value. Everybody else is tanking. Even Okta was 45 billion. It's been crushed as you well know. But, so Palo Alto wasn't always, you know, the number one in terms of market cap. But I guess my point is, look, if CrowdStrike could got to 70 billion during Yeah. During the frenzy, I think it's gonna take, to answer your question, I think it's gonna be five years. Okay. Before they get back there. I think this market's gonna be tough for a while from a valuation standpoint. I think generally tech is gonna kind of go up and down and sideways for a good year and a half, maybe even two years could be even longer. And then I think there's gonna be some next wave of productivity innovation that that hits. And then you're gonna, you're almost always gonna exceed the previous highs. It's gonna take a while. Yeah, >>Yeah, yeah. But I think their ability to disrupt the SIM market actually is something I, I believe they're gonna do. I've been calling for the death of the sim for a long time and I know some people at Palo Alto are very cautious about saying that cuz the Splunks and the, you know, they're, they're their partners. But I, I think the, you know, it's what I said before, the, the tools are catching them, but they're, it's not in a way that's useful for the IT pro and, but I, I don't think the SIM vendors have that ecosystem of insight across network cloud endpoint. Right. Which is what you need in order to make a sim useful. >>CISO at an ETR roundtable said, if, if it weren't for my regulators, I would chuck my sim. >>Yes. >>But that's the only reason that, that this person was keeping it. So, >>Yeah. And I think the, the fact that most of those companies have moved to a perpetual MO or a a recurring revenue model actually helps unseat them. Typically when you pour a bunch of money into something, you remember the old computer associate days, nobody ever took it out cuz the sunk dollars you spent to do it. But now that you're paying an annual recurring fee, it's actually makes it easier to take out. So >>Yeah, it's it's an ebb and flow, right? Yeah. Because the maintenance costs were, you know, relatively low. Maybe it was 20% of the total. And then, you know, once every five years you had to do a refresh and you were still locked into the sort of maintenance and, and so yeah, I think you're right. The switching costs with sas, you know, in theory anyway, should be less >>Yeah. As long as you can migrate the data over. And I think they've got a pretty good handle on that. So, >>Yeah. So guys, I wanna get your perspective as a whole bunch of announcements here. We've only been here for a couple days, not a big conference as, as you can see from behind us. What Zs in your opinion was Palo Alto's main message and and what do you think about it main message at this event? And then same question for you. >>Yeah, I, I think their message largely wrapped around disruption, right? And, and they, in The's keynote already talked about that, right? And where they disrupted the firewall market by creating a NextGen firewall. In fact, if you look at all the new services they added to their firewall, you, you could almost say it's a NextGen NextGen firewall. But, but I do think the, the work they've done in the area of cloud and cortex actually I think is, is pretty impressive. And I think that's the, the SOC is ripe for disruption because it's for, for the most part, most socks still, you know, run off legacy playbooks. They run off legacy, you know, forensic models and things and they don't work. It's why we have so many breaches today. The, the dirty little secret that nobody ever wants to talk about is the bad guys are using machine learning, right? And so if you're using a signature based model, all they're do is tweak their model a little bit and it becomes, it bypasses them. So I, I think the only way to fight the the bad guys today is with you gotta fight fire with fire. And I think that's, that's the path they've, they've headed >>Down and the bad guys are hiding in plain sight, you know? >>Yeah, yeah. Well it's, it's not hard to do now with a lot of those legacy tools. So >>I think, I think for me, you know, the stat that we threw out earlier, I think yesterday at our keynote analysis was, you know, the ETR data shows that are, that are that last survey around 35% of the respondents said we are actively consolidating, sorry, 44%, sorry, 35 says we're actively consolidating vendors, redundant vendors today. That number's up to 44%. Yeah. It's by far the number one cost optimization technique. That's what these guys are pitching. And I think it's gonna resonate with people and, and I think to your point, they're integrating at the backend, their beeps are technical, right? I mean, they can deal with that complexity. Yeah. And so they don't need eye candy. Eventually they, they, they want to have that cuz it'll allow 'em to have deeper market penetration and make people more productive. But you know, that consolidation message came through loud and clear. >>Yeah. The big change in this industry too is all the new startups are all cloud native, right? They're all built on Amazon or Google or whatever. Yeah. And when your cloud native and you buy a cloud native integration is fast. It's not like having to integrate this big monolithic software stack anymore. Right. So I I think their pace of integration will only accelerate from here because everything's now cloud native. >>If a customer comes to you or when a customer comes to you and says, Zs help us with this cyber transformation we have, our board isn't necessarily with our executives in terms of execution of a security strategy. How do you advise them where Palo Alto is concerned? >>Yeah. You know, a lot, a lot of this is just fighting legacy mindset. And I've, I was talking with some CISOs here from state and local governments and things and they're, you know, they can't get more budget. They're fighting the tide. But what they did find is through the use of automation technology, they're able to bring their people costs way down. Right. And then be able to use that budget to invest in a lot of new projects. And so with that, you, you have to start with your biggest pain points, apply automation where you can, and then be able to use that budget to reinvest back in your security strategy. And it's good for the IT pros too, the security pros, my advice to, to it pros is if you're doing things today that aren't resume building, stop doing them. Right? Find a way to automate the money your job. And so if you're patching systems and you're looking through log files, there's no reason machines can't do that. And you go do something a lot more interesting. >>So true. It's like storage guys 10 years ago, provisioning loans. Yes. It's like, stop doing that. Yeah. You're gonna be outta a job. And so who, last question I have is, is who do you see as the big competitors, the horses on the track question, right? So obviously Cisco kind of service has led for a while and you know, big portfolio company, CrowdStrike coming at it from end point. You know who, who, who do you see as the real players going for that? You know, right now the market's three to 4%. The leader has three, three 4% of the market. You know who they're all going for? 10, 15, maybe 20% of the market. Who, who are the likely candidates? Yeah, >>I don't know if CrowdStrike really has the breadth of portfolio to compete long term though. I I think they've had a nice run, but I, we might start to see the follow 'em. I think Microsoft is gonna be for middle. They've laid down the gauntlet, right? They are a security vendor, right? We, we were at Reinvent and a AWS is the platform for security vendors. Yes. Middle, somewhere in the middle. But Microsoft make no mistake, they're in security. They've got some good products. I think a lot of 'em are kind of good enough and they, they tie it to the licensing and I'm not sure that works in security, but they've certainly got the ear of a lot of it pros. >>It might work in smb. >>Yeah. Yeah. It, it might. And, and I do like Zscaler. I, I know these guys poo poo the proxy model, but they've, they've done about as much with proxies as you can. And I, I think it's, it's a battle of, I love the, the, the near, you know, proxies are dead and Jay's model, you know, Jay over at c skater throw 'em back at 'em. So I, it's good to see that kind of fight going on between the two. >>Oh, it's great. Well, and, and again, ZScaler's coming at it from their cloud security angle. CrowdStrike's coming at it from endpoint. I, I do think CrowdStrike has an opportunity to build out the portfolio through m and a and maybe ecosystem. And then obviously, you know, Palo Alto's getting it done. How about Cisco? >>Yeah. Cisco's interesting. And I, I think if Cisco can make the network matter in security and it should, right? We're talking about how a lot of you need a lot of forensics to fight security today. Well, they're gonna see things long before anybody else because they have all that network data. If they can tie network security, I, I mean they could really have that business take off. But we've been saying that about Cisco for 20 years. >>But big install based though. Yeah. It's hard for a company, any company to just say, okay, hey Cisco customer sweep the floor and come with us. That's, that's >>A tough thing. They have a lot of good peace parts, right? And like duo's a good product and umbrella's a good product. They've, they've not done a good job. >>They're the opposite of these guys. >>They've not done a good job of the backend integration that, that's where Cisco needs to, to focus. And I do think g G two Patel there fixed the WebEx group and I think he's now, in fact when you talk to him, he's doing very little on WebEx that that group's running itself and he's more focused in security. So I, I think we could see a resurgence there. But you know, they have a, from a revenue perspective, it's a little misleading cuz they have this big legacy base that's in decline while they're moving to cloud and stuff. So, but they, but they, there's a lot of work there're trying to, to tie to network. >>Right. Lots of fuel for conversation. We're gonna have to carry this on, on Silicon angle.com guys. Yes. And Wikibon, lets do see us. Thank you so much for joining Dave and me giving us your insights as to this event. Where are you gonna be next? Are you gonna be on vacation? >>There's nothing more fun than mean on the cube, so, right. What's outside of that though? Yeah, you know, Christmas coming up, I gotta go see family and do the obligatory, although for me that's a lot of travel, so I guess >>More planes. Yeah. >>Hopefully not in Vegas. >>Not in Vegas. >>Awesome. Nothing against Vegas. Yeah, no, >>We love it. We >>Love it. Although I will say my year started off with ces. Yeah. And it's finishing up with Palo Alto here. The bookends. Yeah, exactly. In Vegas bookends. >>Well thanks so much for joining us. Thank you Dave. Always a pleasure to host a show with you and hear your insights. Reading your breaking analysis always kicks off my prep for show and it's always great to see, but predictions come true. So thank you for being my co-host bet. All right. For Dave Valante Enz as Carla, I'm Lisa Martin. You've been watching The Cube, the leader in live, emerging and enterprise tech coverage. Thanks for watching.

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back to Vegas, guys and girls, it's great to have you with us. The Cube Live. Si finishing our second day of coverage of Palo Alto Ignite. 22 from MGM Grand in Las Vegas. Lisa Martin here with Dave Valante. Dave Cybersecurity is one of my favorite topics to talk about because it is so interesting. It is so dynamic. My other favorite thing is to hear the voice of our vendors' customers. And we could to >>Do that. I always love to have the customer on you get you get right to the heart of the matter. Yeah. Really understand. You know, what I like to do is sort of when I listen to the keynotes, try to see how well it aligns with what the customers are actually doing. Yeah. So let's >>Do it. We're gonna unpack that now. Michael Fagan joins us, the Chief Transformation Officer at Village Roadshow. Welcome Michael. It's great to have you >>And thank you. It's a pleasure to be here. >>So this is a really interesting entertainment company. I find the name interesting, but talk to us a little bit about Village Roadshow so the audience gets an understanding of all of the things that you guys do cuz theme parks is part of >>This. Yeah, so Village Road show's Australia's largest cinema exhibitor in conjunction with our partners at event. We also own and operate Australia's largest theme parks. We have Warner Brothers movie World, wet and Wild. SeaWorld Top Golf in Australia is, is operated by us plus more. We also do studio, we also own movie studios, so Aquaman, parts of the Caribbean. We're, we're filming our movie studios Elvis last year. And we also distribute and produce movies and TV shows. Quite diverse group. >>Yeah, you guys have won a lot of awards. I mean, I don't know, academy Awards, golden Globe, all that stuff, you know, and so it's good. Congratulations. Yeah. >>Thank you. >>Cool stuff. I wanna also, before we dig into the use case here, talk to us about the role of a chief transformation officer. How long have you been in that role? What does it encompass and what do you get to drive from a transformation perspective? Yeah, >>So the, the, the nature and pace of disruption is accelerating and on, on one side. And then on the other side, the running business as usual is becoming increasingly complex and, and more difficult to do. So running both simultaneously and at pace can put organizations at risk, both financially and and other ways. So in my role as Chief Transformation officer, I support the rest of the executive team by giving them additional capacity and also bring capability to the team that wasn't there before. So I do a lot of strategic and thought leadership. There's some executive coaching in there, a lot of financial modeling and analysis. And I believe that when a transformation role in particularly a chief transformation role is done correctly, it's a very hands-on role. So there's certain things where I, I dive right down and I'm actually hands in, hands-on leading teams or leading pieces of work. So I might be leading particular projects. I tried to drive profit revenue and profitability across the divisions and does any multi or cross-divisional opportunities or initiative, then I will, I will lead those. >>The transformation, you know, a while ago was cloud, right? Okay, hey, cloud and transformation officers, whether or not they had that title, we'll tell you, look, you gotta change the operating model. You can't just, you know, lift and shift in the cloud. That's, you know, that's pennies. We want, you know, big bucks. That's the operating. Now it's, I'm my question is, is did the pandemic just accelerate your transformation or, or was it, you know, deeper than that? >>Yeah, so what in my role have both digital and business transformation, some of it has been organizational. I think the pandemic has had a, a significant and long lasting effect on society, not just on, on business. So I think if you think about how work work used to be a, a place you went to and how it was done beforehand, before the, before COVID versus now where, you know, previously, you know, within the enterprise you had all of the users, you had all of the applications, you had all of the data, you had all of the people. And then since March, 2020, just overnight, that kind of inverted and, you know, you had people working from home and a person working from home as a branch office of one. So, so we ended up with another thousand branches literally overnight. A lot of the applications that we use are now SASS or cloud-based, whether that's timekeeping with Kronos or communica employee communication or work Jam. So they're not sitting within our data center, they're not sitting within, within our enterprise. It's all external. >>So from a security perspective, you obviously had to respond to that and we heard a lot about endpoint and cloud security and refactoring the network and identity. These guys aren't really an identity. They partner for that, but still a lot of change in focus that the CISO had to deal with. How, how did you guys respond to that? And, and you had a rush to do it. Yeah. And so as you sit back now, where do you go from here? >>Well we had, we had two major triggers for our, our network and security transformation. The first being COVID itself, and then the second beam, we had a, a major MPLS telco renewal that came up. So that gave you an opportunity to look at what we were doing and essentially our network was designed for a near, that no longer exists for when, for when p like I said, when people, when people were from home, all the applications were inside. So, and we had aging infrastructure, our firewalls were end of life. So initially we started off with an SD WAN at the SD WAN layer and an SD WAN implementation. But when we investigated and saw the security capabilities that are available now, we that to a full sassy WAN implementation. >>Why Palo Alto Networks? Because you, you had, you said you had an aging infrastructure designed for an era that doesn't exist anymore, but you also had a number of tools. We've been talking about a consolidation a lot the last couple days. Yeah. How did, what did you consolidate and why with Palo Alto? >>So we had a great partner in Australia, incidentally also called Cube. Cube Networks. Yeah. That we worked with great >>Names. Yeah, right. >>So we, so we, we worked for Cube. We ran a, a form of tender process. And Palo Alto with, you know, Prisma access and Global Global Protect was the only, the only solution that gave us everything that we needed in terms of network modernization, the agility that we required. So for example, in our theme part, we want to send out a hotdog cart or an ice cream cart, and that becomes, all of a sudden you got a new branch that I want to spin up this branch in 10 minutes and then I wanna spin it back down again. So from agility perspective, from a flexibility perspective, the security that, that we wanted, you know, from a zero trust perspective, and they were the only, certainly from a zero trust perspective, they're probably the only vendor that, that exists that, that actually provided the, the, all those capabilities. >>And did you consolidate tools or you were in the process of consolidating tools now? >>Yeah, so we actually, we actually consolidated down to, to, to a, to a single vendor. And in my previous role I had, I had implemented SD WAN before and you know, interoperability is a, is a major issue in the IT industry. I think there's, it's probably the only industry in the, the only industry I can think of certainly that where we, we ship products that aren't ready. They're not of all the features, they, they don't have all the features that they should have. They're their plans. They were releasing patches, releasing additional features every, every couple of months. So, you know, if you, if if Ford sold the card, I said, Hey, you're gonna give you backseats in a couple of months, they'd be uproar. But, but we do that all the time in, in it. So I had, when I previously implemented an Sdwan transformation, I had products from two tier one vendors that just didn't talk to one another. And so when I went and spoke to those vendors, they just went, well, it's not me. It's clearly, clearly those guys. So, so there's a lot to be said for having a, you know, a champion team rather than a team of champions. And Palo Alto have got that full stack fully integrated that was, you know, exactly meant what we were looking for. >>They've been talking a lot the last couple days about integration and it, and I've talked with some of their executives and some analysts as well, including Dave about that seems to be a differentiator for them because they really focus on that. Their m and a strategy is very, it seems to be very clear and there's purpose on that backend integration instead of leaving it to the customer, like Village Road show to do it. They also talked a lot about the consolidation. I'm just curious, Michael, in terms of like what you've heard at the show in the last couple of days. >>Yeah, I mean I've been hearing to same mess, but actually we've, we've lived in a >>You're living it. That's what I wanted to >>Know. So, so, you know, we had a choice of, you know, do you try and purchase so-called best of breed products and then put a lot of effort into integrating them and trying to get them to work, which is not really what we want to spend time doing. I don't, I don't wanna be famous for, you know, integration and, you know, great infrastructure. I want to be, I want Village to be famous for delivering great experiences to our customers. Memories that last a lifetime. And you know, when kids grow up in Australia, they, everybody remembers going to the theme parks. That's what, that's what I want our team to be doing and to be delivering those great experiences, not to be trying to plug together bits of software and it may or may not work and have vendors pointing at one another and then we are left carrying the cannon and holding the >>Baby. So what was the before and after, can you give us a sense as to how life changed, you know, pre that consolidation versus post? >>Yeah, so our, our, our infrastructure, say our infrastructure was designed for, you know, the, you know, old ways of working where we had you knowm routers that were, you know, not designed for cloud, for modern traffic, including cloud Destin traffic, an old MPLS network. We used to back haul all the traffic from, from our branches back to central location run where we've got, you know, firewall walls, we've got a dmz, we could run advanced inspection services on that. So if you had a branch that wanted to access a website that was housed next door, even if it was across the country, then it would, we would pull that all the way back to Melbourne. We would apply advanced inspection services to it, send it up to the cloud out back across the country. Traffic would come back, come down to us, back out to our branch. >>So you talk about crossing the country four times, even at the website is, is situated next door now with, with our sasi sdwan transformation just pops out to the cloud now straight away. And the, the difference in performance for our, for our team and for our customers, it, it's phenomenal. So you'll talk about saving minutes, you know, on a log on and, and seconds then and on, on an average transaction and second zone sound like a lot. But when you, it's every click up, they're saving a second and add up. You're talking about thousands of man hours every month that we've saved. >>If near Zuke were sitting right here and said, what could we do better? You know, what do you need from us that we're not delivering today that you want to, you want us to deliver that would change your life. Yeah, >>There's two things. One, one of which I think they're all, they're already doing, but I actually haven't experienced myself. It's around the autonomous digital experience management. So I've now got a thousand users who are sitting at home and they've got, when they've got a problem, I don't know, is it, is it my problem or is it their problem? So I know that p were working on a, an A solution that digital experience solution, which can actually tell, well actually know you're sitting in your kitchen and your routes in your front room, maybe you should move closer to the route. So there, there they, that's one thing. And the second thing is using AI to tell me things that I wouldn't be able to figure out with a human training. A lot of time sifting through data. So things like where I've potentially overcompensated and, you know, overdelivered on the network and security side or of potentially underdelivered on a security side. So having AI to, you know, assess all of those millions and probably billions of, you know, transactions and packets that are moving around our network and say, Hey, you could optimize it more if you, if you dial this down or dial this up. >>So you said earlier we, this industry has a habit of shipping products before, you know they're ready. So based on your experience, seems like, first of all, it sounds like you got a at least decent technical background as well. When do you expect to have that capability? Realistically? When can we expect that as an industry? >>I think I, I think, like I said, the the rate and nature of change is, is, I think it's accelerating. The halflife of degree is short. I think when I left university, what I, what I learned in first year was, was obsolete within five years, I'd say now it's probably obsolete of you. What'd you learn in first year? It's probably obsolete by the time you finish your degree. >>Six months. Yeah, >>It's true. So I think the, the, the rate of change and the, the partnership that I see Palo building with the likes of AWS and Google and that and how they're coming together to, to solve, to jointly solve these problems is I think we will see this within 12 months. >>Who, who are your clouds? You got multiple clouds >>Or We got multiple clouds. Mostly aws, but there are certain things that we run that run in run in Azure as well. We, we don't really have much in GCP or, or, or some of the other >>Azure for collaboration and teams, stuff like that. >>Ah, we, we run, we run SAP that's we hosted in, in Azure and our cinema ticketing system is, is was run in Azure. It's, it was only available in, in in Azure the time we're mo we are mostly an AWS >>Shop. And what do you do with aws? I mean, pretty much everything else is >>Much every, everything else, anything that's customer facing our websites, they give us great stability. Great, great availability, great performance, you know, we've had and, and, and, and a very variable as well. So, we'll, you know, our, our pattern of selling movie tickets is typically, you know, fairly flat except when, you know, there's a launch of a, of a new movie. So all of a sudden we might say you might sell, you know, at 9:00 AM when, you know, spider-Man went on sale last year, I think we sold 100 times the amount of tickets in the forest, 10 minutes. So our website didn't just scale look beautifully, just took in all of that extra traffic scale up. We're at only any intervention and then scale back down >>Taylor Swift needs that she does need that. So yeah. And so is your vision to have Palo Alto networks security infrastructure have be a common sort of layer across those clouds and maybe even some on-prem? Is it, are you, are you working toward that? Yeah, >>We, yeah, we, yeah, we, we'd love to have, you know, our end, our end customers don't really care about the infrastructure that we run. They won't be >>Able to unless it breaks. >>Unless it breaks. Yeah. They wanna be able to go to see a movie. Do you wanna be able to get on a rollercoaster? They wanna be able to go, you know, play around around a top golf. So having that convergence and that seamless integration of working across cloud network security now for most of our team, they, they don't know and they don't need to know. In fact, I, I frankly don't want them to know and be, be thinking about networks and clouds. I kind of want them thinking about how do we sell more cinema tickets? How do we give a great experience to our guests? How do we give long lasting lifetime memories to, to the people who come visit our parks? >>That's what they want. They want that experience. Right. I'd love to get your final thoughts on, we, we had you give a great overview of the ch the role that you play as Chief transformation officer. You own digital transformation, you want business transformation. What advice would you give to either other treat chief transformation officers, CISOs, CSOs, CEOs about partnering, what's the right partner to really improve your security posture? >>I think there's, there's two things. One is if you haven't looked at this in the last two years and made some changes, you're outta date. Yeah. Because the world has changed. We've seen, I mean, I've heard somebody say it was two decades worth of, I actually think it's probably five 50 years worth of change in, in Australia in terms of working habits. So one, you need to do something. Yeah. Need to, you need to have a look at this. The second thing I think is to try and partner with someone that has similar values to your organization. So Village is a, it's a wonderful, innovative company. Very agile. So the, like the, the concept of gold class cinema, so, you know, big proceeds, recliners, waiter service, elevated foods concept that, that was invented by village in 1997. Thank you. And we had thanks finally came to the states so decade later, I mean we would've had the CEO of every major cinema chain in the world come to come to Melbourne and have a look at what Village is doing and go, yeah, we're gonna export that back around around the world. It's probably one of, one of Australia's unknown exports. Yeah. So it's, yeah, so, so partnering. So we've got a great innovation history and we'd like to think of ourselves as pretty agile. So working with partners who are, have a similar thought process and, and managed to an outcome and not to a contract Yeah. Is, is important for us. >>It's all about outcomes. And you've had some great outcomes, Michael, thank you for joining us on the program, walking us through Village Roadshow, the challenges that you had, how you tackled them, and, and next time I think I'm in a movie theater and I'm in reclining chair, I'm gonna think about you and village. So thank you. We appreciate your insights, your time. Thank you. Thanks Michael. For Michael Fagan and Dave Valante. I'm Lisa Martin. You've been watching The Cube. Our live coverage of Palo Alto Networks. Ignite comes to an end. We thank you so much for watching. We appreciate you. You're watching the Cube, the leader in live enterprise and emerging emerging tech coverage next year. >>Yeah.

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back everyone. We're so glad that you're still with us. It's the Cube Live at the MGM Grand. This is our second day of coverage of Palo Alto Networks Ignite. This is takeaways from Ignite 22. Lisa Martin here with two really smart guys, Dave Valante. Dave, we're joined by one of our cube alumni, a friend, a friend of the, we say friend of the Cube. >>Yeah, F otc. A friend of the Cube >>Karala joins us. Guys, it's great to have you here. It's been an exciting show. A lot of cybersecurity is one of my favorite topics to talk about. But I'd love to get some of the big takeaways from both of you. Dave, we'll start with >>You. A breathing room from two weeks ago. Yeah, that was, that was really pleasant. You know, I mean, I know was, yes, you sat in the analyst program, interested in what your takeaways were from there. But, you know, coming into this, we wrote a piece, Palo Alto's Gold Standard, what they need to do to, to keep that, that status. And we hear it a lot about consolidation. That's their big theme now, which is timely, right? Cause people wanna save money, they wanna do more with less. But I'm really interested in hearing zeus's thoughts on how that's playing in the market. How customers, how easy is it to just say, oh, hey, I'm gonna consolidate. I wanna get into that a little bit with you, how well the strategy's working. We're gonna get into some of the m and a activity and really bring your perspectives to the table. Well, >>It's, it's not easy. I mean, people have been calling for the consolidation of security for decades, and it's, it's, they're the first company that's actually made it happen. Right? And, and I think this is what we're seeing here is the culmination of this long-term strategy, this company trying to build more of a platform. And they, you know, they, they came out as a firewall vendor. And I think it's safe to say they're more than firewall today. That's only about two thirds of their revenue now. So down from 80% a few years ago. And when I think of what Palo Alto has become, they're really a data company. Now, if you look at, you know, unit 42 in Cortex, the, the, the Cortex Data Lake, they've done an excellent job of taking telemetry from their products and from the acquisitions they have, right? And bringing that together into one big data lake. >>And then they're able to use that to, to do faster threat notification, forensics, things like that. And so I think the old model of security of create signatures for known threats, it's safe to say it never really worked and it wasn't ever gonna work. You had too many days, zero exploits and things. The only way to fight security today is with a AI and ML based analytics. And they have, they're the gold standard. I think the one thing about your post that I would add, they're the gold standard from a data standpoint. And that's given them this competitive advantage to go out and become a platform for security. Which, like I said, the people have tried to do that for years. And the first one that's actually done it, well, >>We've heard this from some of the startups, like Lacework will say, oh, we treat security as a data problem. Of course there's a startup, Palo Alto's got, you know, whatever, 10, 15 years of, of, of history. But one of the things I wanted to explore with you coming into this was the notion of can you be best of breed and develop a suite? And we, we've been hearing a consistent answer to that question, which is, and, and do you need to, and the answer is, well, best of breed in security requires that full spectrum, that full view. So here's my question to you. So, okay, let's take Estee win relatively new for these guys, right? Yeah. Okay. And >>And one of the few products are not top two, top three in, right? >>Exactly. Yeah. So that's why I want to take that. Yeah. Because in bakeoffs, they're gonna lose on a head-to-head best of breed. And so the customer's gonna say, Hey, you know, I love your, your consolidation play, your esty win's. Just, okay, how about a little discount on that? And you know, these guys are premium priced. Yes. So, you know, are they in essentially through their pricing strategies, sort of creating that stuff, fighting that, is that friction for them where they've got, you know, the customer says, all right, well forget it, we're gonna go stove pipe with the SD WAN will consolidate some of the stuff. Are you seeing that? >>Yeah, I, I, I still think the sales model is that way. And I think that's something they need to work on changing. If they get into a situation where they have to get down into a feature battle of my SD WAN versus your SD wan, my firewall versus your firewall, frankly they've already lost, you know, because their value prop is the suite and, and is the platform. And I was talking with the CISO here that told me, he realizes now that you don't need best of breed everywhere to have best in class threat protection. In fact, best of breed everywhere leads to suboptimal threat protection. Cuz you have all these data data sets that are in silos, right? And so from a data scientist standpoint, right, there's the good data leads to good insights. Well, partial data leads to fragmented insights and that's, that's what the best, best of breed approach gives you. And so I was talking with Palo about this, can they have this vision of being best of breed and platform? I don't really think you can maintain best of breed everywhere across this portfolio this big, but you don't need to. >>That was my second point of my question. That's the point I'm saying. Yeah. And so, cuz cuz because you know, we've talked about this, that that sweets always win in the long run, >>Sweets win. >>Yeah. But here's the thing, I, I wonder to your your point about, you know, the customer, you know, understanding that that that, that this resonates with them. I, my guess is a lot of customers, you know, at that mid-level and the fat middle are like still sort of wed, you know, hugging that, that tool. So there's, there's work to be done here, but I think they, they, they got it right Because if they devolve, to your point, if they devolve down to that speeds and feeds, eh, what's the point of that? Where's their >>Valuable? You do not wanna get into a knife fight. And I, and I, and I think for them the, a big challenge now is convincing customers that the suite, the suite approach does work. And they have to be able to do that in actual customer examples. And so, you know, I I interviewed a bunch of customers here and the ones that have bought into XDR and xor and even are looking at their sim have told me that the, the, so think of soc operations, the old way heavily manually oriented, right? You have multiple panes of glass and you know, and then you've got, so there's a lot of people work before you bring the tools in, right? If done correctly with AI and ml, the machines would do all the heavy lifting and then you'd bring people in at the end to clean up the little bits that were missed, right? >>And so you, you moved to, from something that was very people heavy to something that's machine heavy and machines can work a lot faster than people. And the, and so the ones that I've talked that have, that have done that have said, look, our engineers have moved on to a lot different things. They're doing penetration testing, they're, you know, helping us with, with strategy and they're not fighting that, that daily fight of looking through log files. And the only proof point you need, Dave, is look at every big breach that we've had over the last five years. There's some SIM vendor up there that says, we caught it. Yeah. >>Yeah. We we had the data. >>Yeah. But, but, but the security team missed it. Well they missed it because you're, nobody can look at that much data manually. And so the, I I think their approach of relying heavily on machines to fight the fight is actually the right way. >>Is that a differentiator for them versus, we were talking before we went live that you and I first hit our very first segment back in 2017 at Fort Net. Is that, where do the two stand in your >>Yeah, it's funny cuz if you talk to the two vendors, they don't really see each other in a lot of accounts because Fort Net's more small market mid-market. It's the same strategy to some degree where Fort Net relies heavily on in-house development in Palo Alto relies heavily on acquisition. Yeah. And so I think from a consistently feature set, you know, Fort Net has an advantage there because it, it's all run off their, their their silicon. Where, where Palo's able to innovate very quickly. The, it it requires a lot of work right? To, to bring the front end and back ends together. But they're serving different markets. So >>Do you see that as a differentiator? The integration strategy that Palo Alto has as a differentiator? We talk to so many companies who have an a strong m and a strategy and, and execution arm. But the challenge is always integrating the technology so that the customer to, you know, ultimately it's the customer. >>I actually think they're, they're underrated as a, an acquirer. In fact, Dave wrote a post to a prior on Silicon Angle prior to Accelerate and he, he on, you put it on Twitter and you asked people to rank 'em as an acquirer and they were in the middle of the pack, >>Right? It was, it was. So it was Oracle, VMware, emc, ibm, Cisco, ServiceNow, and Palo Alto. Yeah. Or Oracle got very high marks. It was like 8.5 out of, you know, 10. Yeah. VMware I think was 6.5. Naira was high emc, big range. IBM five to seven. Cisco was three to eight. Yeah. Yeah, right. ServiceNow was a seven. And then, yeah, Palo Alto was like a five. And I, which I think it was unfair. Well, >>And I think it depends on how you look at it. And I, so I think a lot of the acquisitions Palo Alto's made, they've done a good job of integrating the backend data and they've almost ignored the front end. And so when you buy some of the products, it's a little clunky today. You know, if you work with Prisma Cloud, it could be a little bit cleaner. And even with, you know, the SD wan that took 'em a long time to bring CloudGenix in and stuff. But I think the approach is right. I don't, I don't necessarily believe you should integrate the front end until you've integrated the back end. >>That's >>The hard part, right? Because UL ultimately what you're gonna get, you're gonna get two panes of glass and one pane of glass and it might look pretty and all mush together, but ultimately you're not solving the bigger problem, right. Of, of being able to create that big data lake to, to fight security. And so I think, you know, the approach they've taken is the right one. I think from a user standpoint, maybe it doesn't show up as neatly because you don't see the frontend integration, but the way they're doing it is the right way to do it. And I'm glad they're doing it that way versus caving to the pressures of what, you know, the industry might want or >>Showed up in the performance of the company. I mean, this company was basically gonna double revenues to 7 billion from 2020 to >>2023. Think about that at that. That makes, >>I mean that's unbelievable, right? I mean, and then and they wanna double again. Yeah. You know, so, well >>What did, what did Nikesh was quoted as saying they wanna be the first cyber company that's a hundred billion dollars. He didn't give a timeline market >>Cap. Right. >>Market cap, right. Do what I wanna get both of your opinions on what you saw and heard and felt this week. What do you think the likelihood is? And and do you have any projections on how, you know, how many years it's gonna take for them to get there? >>Well, >>Well I think so if they're gonna get that big, right? And, and we were talking about this pre-show, any company that's becoming a big company does it through ecosystem >>Bingo >>Go, right? And that when you look around the show floor, it's not that impressive. No. And if that, if there's an area they need to focus on, it's building that ecosystem. And it's not with other security vendors, it's with application vendors and it's with the cloud companies and stuff. And they've got some relationships there, but they need to do more. I actually challenge 'em on that. One of the analyst sessions. They said, look, we've got 800 cortex partners. Well where are they? Right? Why isn't there a cortex stand here with a bunch of the small companies here? So I do think that that is an area they need to focus on. If they are gonna get to that, that market caps number, they will do so do so through ecosystem. Because every company that's achieved that has done it through ecosystem. >>A hundred percent agree. And you know, if you look at CrowdStrike's ecosystem, it's, I mean, pretty similar. Yeah. You know, it doesn't really, you know, make much, much, not much different from this, but I went back and just looked at some, you know, peak valuations during the pandemic and shortly thereafter CrowdStrike was 70 billion. You know, that's what their roughly their peak Palo Alto was 56, fortune was 59 for the actually diverged. Right. And now Palo Alto has taken the, the top mantle, you know, today it's market cap's 52. So it's held 93% of its peak value. Everybody else is tanking. Even Okta was 45 billion. It's been crushed as you well know. But, so Palo Alto wasn't always, you know, the number one in terms of market cap. But I guess my point is, look, if CrowdStrike could got to 70 billion during Yeah. During the frenzy, I think it's gonna take, to answer your question, I think it's gonna be five years. Okay. Before they get back there. I think this market's gonna be tough for a while from a valuation standpoint. I think generally tech is gonna kind of go up and down and sideways for a good year and a half, maybe even two years could be even longer. And then I think there's gonna be some next wave of productivity innovation that that hits. And then you're gonna, you're almost always gonna exceed the previous highs. It's gonna take a while. Yeah. >>Yeah, yeah. But I think their ability to disrupt the SIM market actually is something that I, I believe they're gonna do. I've been calling for the death of the sim for a long time and I know some people of Palo Alto are very cautious about saying that cuz the Splunks and the, you know, they're, they're their partners. But I, I think the, you know, it's what I said before, the, the tools are catching them, but they're, it's not in a way that's useful for the IT pro and, but I, I don't think the SIM vendors have that ecosystem of insight across network cloud endpoint. Right. Which is what you need in order to make a sim useful. >>CISO at an ETR round table said, if, if it weren't for my regulators, I would chuck my sim. >>Yes. >>But that's the only reason that, that this person was keeping it. No. >>Yeah. And I think the, the fact that most of those companies have moved to a perpetual MO or a a recurring revenue model actually helps unseat them. Typically when you pour a bunch of money into something, you remember the old computer associate says nobody ever took it out cuz the sunk dollars you spent to do it. But now that you're paying an annual recurring fee, it's actually makes it easier to take out. So >>Yeah, it's just an ebb and flow, right? Yeah. Because the maintenance costs were, you know, relatively low. Maybe it was 20% of the total. And then, you know, once every five years you had to do a refresh and you were still locked into the sort of maintenance and, and so yeah, I think you're right. The switching costs with sas, you know, in theory anyway, should be less >>Yeah. As long as you can migrate the data over. And I think they've got a pretty good handle on that. So, >>Yeah. So guys, I wanna get your perspective as a whole bunch of announcements here. We've only been here for a couple days, not a big conference as, as you can see from behind us. What Zs in your opinion was Palo Alto's main message and and what do you think about it main message at this event? And then same question for you. >>Yeah, I, I think their message largely wrapped around disruption, right? And, and they, and The's keynote already talked about that, right? And where they disrupted the firewall market by creating a NextGen firewall. In fact, if you look at all the new services they added to their firewall, you, you could almost say it's a NextGen NextGen firewall. But, but I do think the, the work they've done in the area of cloud and cortex actually I think is, is pretty impressive. And I think that's the, the SOC is ripe for disruption because it's for, for the most part, most socks still, you know, run off legacy playbooks. They run off legacy, you know, forensic models and things and they don't work. It's why we have so many breaches today. The, the dirty little secret that nobody ever wants to talk about is the bad guys are using machine learning, right? And so if you're using a signature based model, all they gotta do is tweak their model a little bit and it becomes, it bypasses them. So I, I think the only way to fight the the bad guys today is with you're gonna fight fire with fire. And I think that's, that's the path they've, they've headed >>Down. Yeah. The bad guys are hiding in plain sight, you know? Yeah, >>Yeah. Well it's, it's not hard to do now with a lot of those legacy tools. So >>I think, I think for me, you know, the stat that we threw out earlier, I think yesterday at our keynote analysis was, you know, the ETR data shows that are, that are that last survey around 35% of the respondents said we are actively consolidating, sorry, 44%, sorry, 35 says who are actively consolidating vendors, redundant vendors today that number's up to 44%. Yeah. It's by far the number one cost optimization technique. That's what these guys are pitching. And I think it's gonna resonate with people and, and I think to your point, they're integrating at the backend, their beeps are technical, right? I mean, they can deal with that complexity. Yeah. And so they don't need eye candy. Eventually they, they, they want to have that cuz it'll allow 'em to have deeper market penetration and make people more productive. But you know, that consolidation message came through loud and clear. >>Yeah. The big change in this industry too is all the new startups are all cloud native, right? They're all built on Amazon or Google or whatever. Yeah. And when your cloud native and you buy a cloud native integration is fast. It's not like having to integrate this big monolithic software stack anymore. Right. So I, I think their pace of integration will only accelerate from here because everything's now cloud native. >>If a customer comes to you or when a customer comes to you and says, Zs help us with this cyber transformation we have, our board isn't necessarily aligned with our executives in terms of execution of a security strategy. How do you advise them where Palo Alto is concerned? >>Yeah. You know, a lot, a lot of this is just fighting legacy mindset. And I've, I was talking with some CISOs here from state and local governments and things and they're, you know, they can't get more budget. They're fighting the tide. But what they did find is through the use of automation technology, they're able to bring their people costs way down. Right. And then be able to use that budget to invest in a lot of new projects. And so with that, you, you have to start with your biggest pain points, apply automation where you can, and then be able to use that budget to reinvest back in your security strategy. And it's good for the IT pros too, the security pros, my advice to the IT pros is, is if you're doing things today that aren't resume building, stop doing them. Right. Find a way to automate the money your job. And so if you're patching systems and you're looking through log files, there's no reason machines can't do that. And you go do something a lot more interesting. >>So true. It's like storage guys 10 years ago, provisioning loans. Yes. It's like, stop doing that. Yeah. You're gonna be outta a job. So who, last question I have is, is who do you see as the big competitors, the horses on the track question, right? So obviously Cisco kind of service has led for a while and you know, big portfolio company, CrowdStrike coming at it from end point. You know who, who, who do you see as the real players going for that? You know, right now the market's three to 4%. The leader has three, three 4% of the market. You know who they're all going for? 10, 15, maybe 20% of the market. Who, who are the likely candidates? Yeah, >>I don't know if CrowdStrike really has the breadth of portfolio to compete long term though. I I think they've had a nice run, but I, we might start to see the follow 'em. I think Microsoft is gonna be for middle. They've laid down the gauntlet, right? They are a security vendor, right? We, we were at Reinvent and a AWS is the platform for security vendors. Yes. Middle, somewhere in the middle. But Microsoft make no mistake, they're in security. They've got some good products. I think a lot of 'em are kind of good enough and they, they tie it to the licensing and I'm not sure that works in security, but they've certainly got the ear of a lot of it pros. >>It might work in smb. >>Yeah, yeah. It, it might. And, and I do like Zscaler. I, I know these guys poo poo the proxy model, but they've, they've done about as much with prox as you can. And I, I think it's, it's a battle of, I love the, the, the near, you know, proxies are dead and Jay's model, you know, Jay over at csca, throw 'em back at 'em. So I, it's good to see that kind of fight going on between the >>Two. Oh, it's great. Well, and, and again, ZScaler's coming at it from their cloud security angle. CrowdStrike's coming at it from endpoint. I, I do think CrowdStrike has an opportunity to build out the portfolio through m and a and maybe ecosystem. And then obviously, you know, Palo Alto's getting it done. How about Cisco? >>Yeah, Cisco's interesting. And I I think if Cisco can make the network matter in security and it should, right? We're talking about how a lot of you need a lot of forensics to fight security today. Well, they're gonna see things long before anybody else because they have all that network data. If they can tie network security, I, I mean they could really have that business take off. But we've been saying that about Cisco for 20 years. >>But big install based though. Yeah. It's hard for a company, any company to say, okay, hey Cisco customer sweep the floor and come with us. That's, that's >>A tough thing. They have a lot of good peace parts, right? And like duo's a good product and umbrella's a good product. They've, they've not done a good job. >>They're the opposite of these guys. >>They've not done a good job of the backend integration and that, that's where Cisco needs to, to focus. And I do think g G two Patel there fixed the WebEx group and I think he's now, in fact when you talk to him, he's doing very little on WebEx that that group's running itself and he's more focused in security. So I, I think we could see a resurgence there. But you know, they have a, from a revenue perspective, it's a little misleading cuz they have this big legacy base that's in decline while they're moving to cloud and stuff. So, but they, but they, there's a lot of Rick there trying to, to tie to network. >>Lots of fuel for conversation. We're gonna have to carry this on, on Silicon angle.com guys. Yes. And Wi KeePon. Lets do see us. Thank you so much for joining Dave and me giving us your insights as to this event. Where are gonna be next? Are you gonna be on >>Vacation? There's nothing more fun than mean on the cube. So what's outside of that though? Yeah, you know, Christmas coming up, I gotta go see family and be the obligatory, although for me that's a lot of travel, so I guess >>More planes. Yeah. >>Hopefully not in Vegas. >>Not in Vegas. >>Awesome. Nothing against Vegas. Yeah, no, >>We love it. We love >>It. Although I will say my year started off with ces. Yeah. And it's finishing up with Palo Alto here. The bookends. Yeah, exactly. In Vegas bookends. >>Well thanks so much for joining us. Thank you Dave. Always a pleasure to host a show with you and hear your insights. Reading your breaking analysis always kicks off my prep for show. And it, it's always great to see, but predictions come true. So thank you for being my co-host bet. All right. For Dave Valante Enz as Carla, I'm Lisa Martin. You've been watching The Cube, the leader in live, emerging and enterprise tech coverage. Thanks for watching.

>> Narrator: TheCUBE presents Ignite 22, brought to you by Palo Alto Networks. >> Good afternoon guys and gals. We're so glad you're here with us. Welcome back to the MGM Grand, Las Vegas. This is day two of theCUBE's coverage of Palo Alto Networks Ignite22. Lisa Martin here with Dave Valante. Dave, as I mentioned, our second day of coverage. We've learned a lot about cybersecurity, the complexity, the challenges, but also the opportunities. We've had some great conversations, really dissecting some recent survey data. We know that every industry, no industry is immune from this but healthcare is one of the ones that's quite vulnerable. We're going to be talking about that next, in part. >> Yeah. Cause we always talk about the super cloud and connecting hybrid across clouds and you know, on-prem, but also now out to the edge. >> Yes. >> You know, and nobody wants a separate stove pipe, but we saw this during the pandemic. We saw the pivot, work from home, to end point and cloud security rearchitecting the network, identity and you know, more stove pipes. Right? So, but that's not what the industry wants or needs, so. >> Right. >> Yeah. >> Well I never would think about, you know you go to the doctor's office, you go to a hospital, X-ray machines, CT scanners, all these proliferation of medical IoT devices. Great for the patient, great for the providers, but a lot of opportunities for the attackers, as well. We're going to be talking about that, in part, in our next conversation with an alumni that's coming back to the program. Anand Oswal is here. The SVP and GM of network security at Palo Alto Networks. Great to have you back. >> Great to have me. Thank you. >> It's been a few years. >> Oswal: Yeah. It's been a time. >> So, I was looking at some of the unit 42 research: medical devices are the weakest link on the hospital network. >> Oswal: Yeah. >> But, so great for patient care, for doctors, providers, et cetera. But, a challenge and an opportunity for the adversaries. >> Oswal: Yeah. >> What are some of the things that you guys are seeing? I know you have some news on the medical IoT front. >> Yeah. Thanks for having me by the way. So, if you look at every industry has benefited from connected devices. Changes the outcome and the experiences, both for the end users, as well as the businesses. And healthcare is no different. If you look at the experience that we had as patients over the last decade has changed dramatically. And in the pandemic, even more changes happened, right? This is really ushering in a new era of patient care. It's connected devices. You know, I have a family member of mine who has diabetes. And, as you know, you got to check the blood glucose level periodically. It's usually pricking, it's cumbersome, it can hurt you. But now, with this new IoT based glucose margin systems, you can monitor these levels in real time, constantly. If it drops, can inject the right amount of insulins. So, changing the experience and the outcome for patients. Taking data from this devices to ensure that you have different outcomes. So, really, changing how you experience as patient. But, like you said, along with all of this is adding increased cybersecurity. Right? And we've seen over the last, I don't know, year or so, a 200% increase in cyber attacks on healthcare organizations. And, in the next couple of years, you're going to see 1.3 billion, yes, the "B," billion, new connected devices come to healthcare. So, that's including the attack surface. So, we've got to stay vigilant. There's a lot of great things you get from connected devices. It has cyber risk, just plan it properly. >> But, it's hard just to secure a medical IoT devices. Why is it so challenging? And how do you help? >> Yeah. Look, you can only secure what you see, first of all, right? So, it's very important to understand what devices you have on your network. And these can't be done statically, right? Because you're, they're made by different manufacturers and you're adding so many every day. So, you need to use machine learning to identify what these devices are. But just not what are devices, who's the manufacturer? What's the make, what's the model? What's the unpatched vulnerabilities? That's one part. I tell people that having visibility is good, but just that's not enough. It's like me telling you, you have a leak in your house. I don't give you any information on where the leak is. How do I call the plumber? What's the home warranty? Home insurance coverage? So you got visibility. Then you need to do segmentation. Segmentation all about who can talk to whom. Should your CT scan machine or MRI machine be talking to a server in the corporate environment? Should be talking to your point of sale terminal in the hospital? Maybe not. Right? So you need to define those policies. Again, those can be manual. They have to be automated because you're adding new devices every day. After you do that, it's around the data that is transporting on those devices. Do they have threats? Are they command controlled connections? Because threats can move laterally and need to inspect this in real time every day, constantly. Not just one time. Right? That's the whole notion of zero trust, which is no notion of implied trust. You want to have least privilege access. And the most important is that, look, we talked about this before. Majority of healthcare organizations have legacy security architectures. You can't have it solved better, the point product a new sensor, a partial solution. You need to get fully integrated because you need to reduce their operational cost. You need to ensure that they have better security. Right? I tell people what do organization want? Make more money, save money, and steer out trouble. Right? In simple ways. >> Valante: Yeah. >> I need to ensure that they're able to get this done securely. That's very important. >> So, a lot of the devices, so you think about oT, a lot of the devices been naturally air gaped. That was sort of the safety. What's it like in healthcare? Is the MRI machine, was it historically net-, you know, fenced off from the network and how is that changing? >> Yeah. I'll give an example. I talked to a customer, this is a few months ago. And this happened before the pandemic, luckily. They were doing, a doctor was doing a surgery on a patient at roughly two in the morning, on a, and using a ventilator. And guess what happened? The ventilator rebooted and said: firmware upgrading. >> Yeah. >> Right? >> Wow. >> And luckily when I doctor, their customer, they said they had another ventilator that they could quickly do. This ventilator was connected to an ethernet cable, in this case. And somebody decided that two AM is the right time to upgrade things. Like, you know, you have windows of when you upgrade things. But, you need to be able to manage a lifecycle of these devices more intelligently. When is it being used? When it's upgraded? There's a life of a device, and then there's a cyber life. Now we have too many devices with end of life operating systems. We all remember the 2017 WannaCry attack. That was an end of life operating system. So, you have a shelf life and you have a cyber life. Need to be able to manage the life cycle of these devices and easily onboard new devices, but also have, be able to sunset devices as needed. >> Okay. So the business generally stays ahead, you know, of cyber, but are those worlds coming together? I mean, I feel like with digital transformation we're beginning to see that everybody talks about, you know, cyber can't just be a bolt on. >> Oswal: Yes. >> But it oftentimes is. So what's the state of play in healthcare? >> I think it's changing. If you think about the healthcare organizations or generally even oT environments, the decision maker is not just the CIO and CISO, it's also your plant manager, the hospital owner, or manager of the operations of the hospital. They have to be taken into account. The other, the other stakeholders: the clinical and biomed engineer who operates these devices, right? I was talking to a healthcare customer that said that asset utilization or devices important. Many times you find nurses or doctors will keep an infusion pump with them in their room because they want easy to use. And then they say, I want five more or 10 more, right? We all living in an environment where budget will be more and more important. So how do you get a full inventory of what's using what, how often are they used? For example, MRI machines are many times preset for scanning certain parts of the body. Now you can change it, but it takes time. It's effort. So if you know the actual utilization of what you're doing, you can be more efficient and have a much more efficient organization. >> And so how do they do that? Is that some kind of predictive analytics that they're using? Is it... >> Yes. It's the whole lifecycle of a zero trust architecture. It is the whole lifecycle of managing these devices effectively and then simplifying your operations. The three things that we have to do. >> How can zero trust be really tailored to healthcare specifically? >> Yeah. Let me tell you, first of all, when I talk of zero trust, I have a simple way of talking about it. Which is no notion of implied trust, right? Just because I'm in an environment doesn't mean have access to a device and application, et cetera. And when we think of medical device, it's like, who's the user who's accessing it? How do you authenticate that user? And that can be the things the organization has: password, an MFA, et cetera. That's, that's good. That's not enough. If you're accessing some, if I authentic authenticated you from this device, but what if this device itself is infected with malware? So, I need to know that it's the state of your device. Then what are you trying to access? Medical records, healthcare records, you'd like permission sets to access it. Are they read only, write only? Do you have confidential information about it? And when you're exchanging this information, is there malware in that data? You need to do this on a continuous basis. So, user, endpoint, access, and transaction. These four constructs have to be done continuously. That's the whole notion of zero trust. >> So, okay. Cause you had, we were talking off camera, you said, you know, get, say ask somebody what zero trust is, you get 10 different answers. 10 people, 10 different answers. So, I always would used to think unless a device or a person has been explicitly authorized and authenticated, they don't get access. But, you just added something more. It also has to be clean essentially. >> Yes. >> Right? And you've got the technology to do that? >> Absolutely. And we can, if you think about it, we can do this across all facets, all use cases. If you think of traditional network security, right? It doesn't secure the network. Like I said, it secures everything on the network. The users, the IoT devices, and the applications they access. Now I can be in the office, I can be on the road, or I can be home. I may use different notions of stacks. I may use a hardware-centric firewall for accessing data center based applications in my private data center. I may use a software firewall application for accessing things in the public cloud. I may use a cloud deliver SASE architecture from home or for remote branches. I wanted consistent security. The way I do threat, the way I do phishing protection, ransomware protection, IoT security. It should be consistent no matter where the user is, no matter where the data is, no matter where the applications is. And that's really what we can do with a consistent platform approach. >> So on-prem. In... >> The cloud, yes. >> In all the clouds, at the edge. >> Yes. >> Not only healthcare, but operational technologies? The factory? >> You want to make sure that it's not only the best in class security, it's also consistent security and consistent manageability. Right? Which means that the experience I have as an admin, from day minus one to day n. And it can be for any use case I have, it could be for securing my applications in my private data center, my application is the public cloud, or remote access from home or remote branch. I want that consistent security. I want that consistent policy. So, what is the treatment for you, the user, when you are in the office, on the go, or somewhere else? You don't want different experience. >> Valante: Yeah. >> You want same experience. >> Right? That goes... >> It should be optimal. It can be slow, it can be like, it takes you a long time to access your application either. Cause all of us are, we spoiled, we want it right away. >> Yeah. It can't be a blocker to productivity. >> Exactly. >> I was looking at some of the unit 42 data about, just the, all the vulnerabilities in different machines. We talk about cyber resilience a lot. How and, as I mentioned, and I think even the survey that Palo Alto Networks released yesterday, "What's Next in Cyber", was even demonstrating healthcare being one of the most vulnerable. >> Yes. >> And we talk about, you know, it being one of the weakest links. How can Palo Alto Networks work with healthcare organizations, large and small, across the globe to help them really dial up cyber resilience. >> Oswal: Yeah. >> And start reducing the vulnerabilities that are there as device proliferation is just going to happen. >> Yeah, absolutely. I think you hit a very good point. We have data which says that 83% of imaging systems run end of life operating system stacks, right? And you remember in 2017, the WannaCry attack started with an end of life operating system device. Right? It affected 150 countries in the UK alone. 70,000 devices, 30,000 patient cancellations. We know that, if you think about infusion pumps, three out of four have unpatched vulnerabilities. Which means that you can patch it. But it's very hard for the biomed or clinical engineer to understand what to do and what not to do. Healthcare organization have lot of compliance requirements. Right? They have HIPAA compliance, they have other regulations. So, you need to make them audit ready: inventory of the devices, status of each device, make it audit ready, compliance ready. So, they're able to do what they do best in serving patients versus worrying about other things that they, that we can automate for themselves. Lastly, I'll say is that, you also want to simplify the operations of the health environment, right? Having more point products, more point solutions, that's solving only a certain aspect of what you do. Like only visibility, telling you have a leak, but not putting the end solution. Adds more and more complexity to organizations. >> So it's a different dynamic in this world, healthcare world, because you got to all these devices and they're not, you know, I think about Patch Tuesday, Right? I mean Microsoft's always putting out patches. And so, that tells the hackers, Hey, you know, go in on Wednesday. >> Yeah. >> And hack away. It's probably different in healthcare. They're probably not as frequent patches published or maybe there are, I don't know. I'll be curious as to whether they are. But I mean the, the device manufacturers, they're not, you know, the biggest software company in the world. >> Yeah. >> You know, so they're probably not as on top of it. >> Yeah. >> So I'm not saying it's better or worse, it's just a different environment. >> The patches to the end devices may not be as frequent, but patches that you can apply on from a security perspective on a security stack are like happening continuously in real time. The second things that you also want to ensure that the capabilities of your security product itself are able to stop attacks inline, in real time. For example, 95% of all malware in the world is MORF malware, which means it's variations of existing malware. You can stop this inline real time, right? Attackers are using more and more sophisticated techniques today, to evade traditional sand boxing techniques. So, you have to out-innovate them. And that's what we've done by all our cloud services. We move them very early on to the cloud to get the agility and scale that we get. But we invested a lot in machine learning and deep learning to stop these day-zero threats in line, real time. Attackers are using that window of opportunity, like you mentioned, between the time when a breach is announced or detected, and patched. And that breach could, that time window could be a minute. They're going to exploit that time. You want to reduce that to almost zero, which means that you need to stop it in line, in real time, continuously. >> So, take the sandbox example. >> Yeah. >> So, what do you say? So, if I'm doing a sandbox on-prem, one of the vulnerabilities is if my capacity is out of 10,000 files, they're just going to overwhelm me with a hundred thousand and then I'm going to be trying to figure out what's going on. And while I'm doing that, they're going to be sneaking in. And is that an example of... >> No. >> Valante: That you address because you're in the cloud, or...? >> Yeah, that's one. But, think about examples where attackers are devising malware, are creating malware that will basically evade traditional sand boxing techniques. So, if I do a memory lookup on the register, that malware will diffuse. It only detonates on an end user on a device or a database. So, now you need to do intelligent techniques. So, we built this, lot of infrastructure for intelligent realtime memory analysis to ensure that we are able to stay ahead of the competition. And we did that for phishing, we did that for command control connections, we did for software exploits, we did data for malware, for DNS. We're able to stop about 11 to 12 million additional phishing sites than anybody else. We're able to have our sand boxing more effective than anybody else. We're able to stop 26% more malicious sessions than others in the industry. >> Valante: Why? Architecture? >> Architecture. Couple of things. First, architecture. Second is that, through a lot of innovation that we've done in both machine learning and deep learning, to be able to look at unstructured data and be able to stop the attacks inline, real time. Think about it, the traditional way of doing URL filtering has always been to build a database of URLs in the world. And you categorize as URLs into groups of categories: news, adult. And then you say, what's my risk profile for each of these? And you put a score and you say, I want to have this tolerance. That doesn't work anymore. The reason is because attackers are sophisticated. Websites come in, up and down, in seconds. Before I build a database, it's gone. I can't do this old way of doing things, signature and databases. I've got to use the power of machine learning. I've got to use the power of deep learning and data. >> And it's, are healthcare leaders, do they have an appetite for that? >> I think healthcare data looking for outcomes. They're looking, when I talk to healthcare professionals, they want to basically do what they do best. Serve patients, right? Give them optimal care. They want someone to take care of all these things holistically, end to end. Simplify all the things that they have to do from a compliance perspective, architectural perspective, reduce their cost, give them a better outcome. That's what they want. >> It's all about outcomes. >> Oswal: It's all about outcomes. >> And we know you cover much more than healthcare, but we obviously used most of our time on that. It's such an interesting, fascinating industry. Obviously, a lot of opportunities there for organizations to work with companies like Palo Alto to really dial up their cyber resilience. >> Absolutely. >> And ultimately, to your point, deliver the outcomes that they are there to do. >> Absolutely, yes. >> We'll have to have you back cause we just, I feel like we just scratched the surface. Right? >> Oswal: Happy to come back. >> Valante: Thank you. >> Oswal: Thank you. >> Awesome. >> Oswal: Thank you so much. >> Our pleasure to have you on the program. For Anand Oswald and Dave Valante, I'm Lisa Martin. You're watching theCUBE, the leader in live and emerging tech coverage. [Pedantic Music Fades]

>> Narrator: TheCUBE presents Ignite '22, brought to you by Palo Alto Networks. >> Greetings from the MGM Grand Hotel in beautiful Las Vegas. It's theCUBE Live Day two of our coverage of Palo Alto Networks, ignite 22. Lisa Martin, Dave Vellante. Dave, what can I say? This has been a great couple of days. The amount of content we have created and shared with our viewers on theCUBE is second to none. >> Well, the cloud has completely changed the way that people think about security. >> Yeah. You know at first it was like, oh, the cloud, how can that be secure? And they realized, wow actually cloud is pretty secure if we do it right. And so shared responsibility model and partnerships are critical. >> Partnerships are critical, especially as more and more organizations are multicloud by default. Right? These days we're going to be bring Google into the conversation. Josh Haslet joins us. Strategic Partnership Manager at Google. Welcome. Great to have you Josh. >> Hi Lisa, thanks for having me here. >> So you are a secret squirrel from Palo Alto Networks. Talk to me a little bit about your background and about your role at Google in terms of partnership management. >> Sure, I feel like we need to add that to my title. [Lisa] You should, secret squirrel. >> Great. Yeah, so as a matter of fact, I've been at Google for two and a half years. Prior to that, I was at Palo Alto Networks. I was managing the business development relationship with Google, and I was kind of at the inception of when the cash came in and, and decided that we needed to think about how to do security in a new way from a platform standpoint, right? And so it was exciting because when I started with the partnership, we were focusing on still securing you know, workloads in the cloud with next generation firewall. And then as we went through acquisitions the Palo Alto added it expanded the capabilities of what we could do from cloud security. And so it was very exciting, you know, to, to make sure that we could onboard with Google Cloud, take a look at how not only Palo Alto was enhancing their solutions as they built those and delivered those from Google Cloud. But then how did we help customers adopt cloud in a more easy fashion by making things, you know more tightly integrated? And so that's really been a lot of what I've been involved in, which has been exciting to see the growth of both organizations as we see customers shifting to cloud transformation. And then how do they deploy these new methodologies and tools from a security perspective to embrace this new way of working and this new way of, you know creating applications and doing digital transformation. >> Important, since work is no longer a place, it's an activity. Organizations have have to be able to cater to the distributed workforce. Of course, the, the, the workforce has to be able to access everything that they need to, but it has to be done in a secure way regardless of what kind of company you are. >> Yeah, you're right, Lisa. It's interesting. I mean, the pandemic has really changed and accelerated that transformation. I think, you know really remote working has started previous to that. And I think Nikesh called that out in the keynote too right? He, he really said that this has been ongoing for a while, but I think, you know organizations had to figure out how to scale and that was something that they weren't as prepared for. And a lot of the technology that was deployed for VPN connectivity or supporting remote work that was fixed hardware. And so cloud deployment and cloud architecture specifically with Prisma access really enabled this transformation to happen in a much faster, you know, manner. And where we've come together is how do we make sure that customers, no matter what device, what user what application you're accessing. As we take a look at ZTNA, Zero Trust Network Access 2.0, how can we come together to partner to make sure the customers have that wide range of coverage and capability? >> How, how do you how would you describe Josh Google's partner strategy generally and specifically, you know, in the world of cyber and what makes it unique and different? >> Yeah, so that's a great question. I think, you know, from Google Cloud perspective we heard TK mention this in the keynote with Nikesh. You know, we focus on on building a secure platform first and foremost, right? We want to be a trusted cloud for customers to deploy on. And so, you know, we find that as customers do one of two things, they're looking at, you know, reducing cost as they move to cloud and consolidate workloads or as they embrace innovation and look at, you know leveraging things like BigQuery for analytics and you know machine learning for the way that they want to innovate and stay ahead of the competition. They have to think about how do they secure in a new way. And so, not only do we work on how do we secure our own platform, we work with trusted partners to make sure that customers have you mentioned it earlier, Dave the shared security model, right? How do they take a look at their applications and their workloads and this new way of working as they go to CI/CD pipelines, they start thinking about DevSecOps. How do they integrate tooling that is frictionless and seamless for their, for their teams to deploy but allows them to quickly embrace that cloud transformation journey. And so, yes, partners are critical to that. The other thing is, you know we find that, you mentioned earlier, Lisa that customers are multicloud, right? That's kind of the the new normal as we look at enterprises today. And so Google Cloud's going to do a great job at securing our platform, but we need partners that can help customers deploy policy that embraces not only the things that they put in Google Cloud but as they're in their transformation journey. How that embraces the estates that are in data centers the things that are still on-prem. And really this is about making sure that the applications no matter where they are, the databases no matter where they are, and the users no matter where they are are all secure in that new framework of deploying and embracing innovation on public cloud. >> One of the things that almost everybody from Palo Alto Networks talks about is their partnering strategy their acquisition strategy integrations. And I was doing some research. There's over 50 joint integrations that Google Cloud and Palo Alto Networks. Have you talked about Zero Trust Network Access 2.0 that was announced yesterday. >> Correct. >> Give us a flavor of what that is and what does it deliver that 1.0 did not? >> Well, great. And what I'd like to do is touch a little bit on those 50 integrations because it's been, you know, a a building rolling thunder, shall we say as far as how have we taken a look at customers embracing the cloud. The first thing was we took a look at at how do we make sure that Palo Alto solutions are easier for customers to deploy and to orchestrate in Google Cloud making their journey to embracing cloud seamless and easy. The second thing was how could we make that deployment and the infrastructure even more easy to adopt by doing first party integrations? So earlier this year we announced cloud IDS intrusion detection system where we actually have first party directly in our console of customers being able to simply select, they want to turn on inspection of the traffic that's running on Google Cloud and it leverages the threat detection capability from Palo Alto Networks. So we've gone from third party integration alone to first party integration. And that really takes us to, you know, the direction of what we're seeing customers need to embrace now which is, this is your Zero Trusts strategy and Zero Trust 2.0 helps customers do a number of things. The first is, you know, we don't want to just verify a user and their access into the environment once. It needs to be continuous inspection, right? Cause their state could change. I think, you know, the, the teams we're talking about some really good ways of addressing, you know for instance, TSA checkpoints, right? And how does that experience look? We need to make sure that we're constantly evaluating that user's access into the environment and then we need to make sure that the content that's being accessed or, you know, loaded into the environment is inspected. So we need continuous content inspection. And that's where our partnership really comes together very well, is not only can we take care of any app any device, any user, and especially as we take a look at you know, embracing contractor like use cases for instance where we have managed devices and unmanaged devices we bring together beyond Corp and Prisma access to take a look at how can we make sure any device, any user any application is secure throughout. And then we've got content inspection of how that ZTNA 2.0 experience looks like. >> Josh, that threat data that you just talked about. >> Yeah. >> Who has access to that? Is it available to any partner, any customer, how... it seems like there's gold in them, NAR hills, so. >> There is. But, this could be gold going both ways. So how, how do you adjudicate and, how do you make sure that first of all that that data's accessible for, for good and not in how do you protect it against, you know, wrong use? >> Well, this is one of the great things about partnering with Palo Alto because technically the the threat intelligence is coming from their ingestion of malware, known threats, and unknown threats right into their technology. Wildfire, for instance, is a tremendous example of this where unit 42 does, you know, analysis on unknown threats based upon what Nikesh said on stage. They've taken their I think he said 27 days to identification and remediation down to less than a minute, right? So they've been able to take the intelligence of what they ingest from all of their existing customers the unknown vulnerabilities that are identified quickly assessing what those look like, and then pushing out information to the rest of their customers so that they can remediate and protect against those threats. So we get this shared intelligence from the way that Palo Alto leverages that capability and we've brought that natively into Google Cloud with cloud intrusion detection. >> So, okay, so I'm, I'm I dunno why I have high frequency trading in my mind cause it used to be, you know, like the norm was, oh it's going to take a year to identify an intrusion. And, and, and now it's down to, you know take was down to 27 days. Now it's down to a minute. Now it's not. That's best practice. And I'm, again, I'm thinking high frequency trading how do I beat the speed of light? And that's kind of where we're headed, right? >> Right. >> And so that's why he said one minute's not enough. We have to keep going. >> That's right. >> So guys got your best people working on that? >> Well, as a matter of fact, so Palo Alto Networks, you know when we take a look at what Nikesh said from stage, he talked about using machine learning and AI to get ahead of what we what they look at as far as predictability not only about behaviors in the environment so things that are not necessarily known threats but things that aren't behaving properly in the environment. And you can start to detect based on that. The second piece of it then is a lot of that technology is built on Google Cloud. So we're leveraging, their leveraging the capabilities that come together with you know, aggregation of, of logs the file stitching across the entire environment from the endpoint through to cloud operations the things that they detect for network content inspection putting all those files together to understand, you know where has the threat vector entered how has it gone lateral inside the environment? And then how do you make sure that you remediate all of those points of intrusion. And so yeah it's been exciting to see how our product teams have worked together to continue to advance the capabilities for speed for customers. >> And secure speed is critical. We had the opportunity this morning to speak with Lee Claridge, the chief product officer, and you know one of the things that I had heard about Lee is that despite all of the challenges in cybersecurity and the amorphous expansion of the threat network and the sophistication of the adversaries he's really optimistic about what it's going to enable organizations to do. I see you smiling. Do you share that optimism? >> I, I do. I think, you know, when you bring, when you bring leaders together to tackle big problems, I think, you know we've got the right teams working on the right things and we understand the problems that the customers are facing. And so, you know, from a a Google cloud perspective we understand that partnering with Palo Alto Networks helps to make sure that that optimism continues. You know, we work on continuous innovation when it comes to Google Cloud security framework, but then partnering with Palo Alto brings additional capabilities to the table. >> Vision for the, for the partnership. Where do you want to see it go? What's... we're two to five years down the road, what's it look like? Maybe two to three years. Let's go. >> Well, it was interesting. I, I think neer was the one that mentioned on stage about, you know how AI is going to start replacing us in our main jobs, right? I I think there's a lot of truth to that. I think as we look forward, we see that our teams are going to continue to help with automation remediation and we're going to have the humans working on things that are more interesting and important. And so that's an exciting place to go because today the reality is that we are understaffed in cybersecurity across the industry and we just can't hire enough people to make sure that we can detect, remediate and secure, you know every user endpoint and environment out there. So it's exciting to see that we've got a capability to move in a direction to where we can make sure that we get ahead of the threat actors. >> Yeah. So he said within five years your SOC will be AI based and and basically he elaborated saying there's a lot of stuff that you're doing today that you're not going to be doing tomorrow. >> That's true. >> And that's going to continue to be a moving target I would think Google is probably ahead in that game and ahead of most, right? I mean, you guys were there early. I mean, I remember when Hadoop was all the rage like just at the beginning you guys like, yeah, you know Google's like, no, no, no, we're not doing Hadoop anymore. That's like old news. So you tended to be, I don't know, at least five maybe seven years ahead of the industry. So I imagine you using a lot of those AI techniques in your own business today. >> Absolutely. I mean, I think you see it in our consumer products, and you certainly see it in the the capabilities we make available to enterprise as far as how they can innovate on our cloud. And we want to make sure that we continue to provide those capabilities, you know not only for the tools that we build but the tools that customers use. >> What's the, as we kind of get towards the end of our conversation here, we we talk about zero trust as, as a journey, as an approach. It's not a product, it's not a tool. What is the, who's involved in the zero trust journey from the customers perspective? Is this solely with the CSO, CSO, CIOs or is this at the CEO level going, we have to be a data company but we have to be a secure data company 24/7. >> It's interesting as you've seen malware, phishing, ransomware attacks. >> Yeah. >> This is not only just a CSO CIO conversation it's a board level conversation. And so, you know the way to address this new way of working where we have very distributed environments where you can't create a perimeter anymore. You need to strategize with zero trust. And so continuously, when we're talking to customers we're hearing that as a main initiative, you know from the CIO's office and from the board level. >> Got it, last question. The upgrade path for existing customers from 1., ZTNA 1.0 to 2.0. How simple is that? >> It's easy. You know, when we take- >> Is there an easy button? >> So here's the great thing [Dave] If you're feeling lucky. [Lisa] Yeah. (group laughs) >> Well, Palo Alto, right? Billing prisma access has really taken what was traditional security that was an on-prem or a data center deployed strategy to cloud-based. And so we've worked with customers like Princeton University who had to quickly transition from in-person learning to distance learning find a way to ramp their staff their faculty and their students. And we were able to, you know Palo Alto deploy it on Google Cloud's, you know network that solution in very quick order and had those, you know, everybody back up and running. So deployment and upgrade path is, is simple when you look at cloud deployed architectures to address zero trusts network. >> That's awesome. Some of those, some of those use cases that came out of the pandemic were mind blowing but also really set the table for other organizations to go, yes, this can be done. And it doesn't have to take forever because frankly where security is concerned, we don't have time. >> That's right. And it's so much faster than traditional architectures where you had to procure hardware. >> Yeah. >> Deploy it, configure it, and then, you know push agents out to all the endpoints and and get your users provisioned. In this case, we're talking about cloud delivered, right? So I've seen, you know, with Palo Alto deploying for customers that run on Google Cloud they've deployed tens of thousands of users in a very short order. You know, we're talking It was, it's not months anymore. It's not weeks anymore. It's days >> Has to be days. Josh, it's been such a pleasure having you on the program. Thank you for stopping by and talking with Dave and me about Google Cloud, Palo Alto Networks in in addition to secret squirrel. I feel like when you were describing your background that you're like the love child of Palo Alto Networks and Google Cloud, you might put that on your cartoon. >> That is a huge compliment. I really appreciate that, Lisa, thank you so much. >> Thanks so much, Josh. [Josh] It's been a pleasure being here with you. [Dave] Thank you >> Oh, likewise. For Josh Haslett and Dave, I'm Lisa Martin. You're watching theCUBE, the leader in live coverage for emerging and enterprise tech. (upbeat outro music)

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back everyone. Happy afternoon. It's Lisa Martin and Dave Valante of the Cube. We are live at MGM Grand. This is Palo Alto Ignite 22, our second day of coverage. Dave, we've had some amazing conversations, as we always do on the queue, but cybersecurity one of my favorite topics. So interesting to hear what Palo Alto Networks is doing, how it's differentiating itself and how it's ecosystem is >>Growing. Yeah, well one of the things I always, I often use ServiceNow as a reference example. I go back to 2013, had a kind of a tiny ecosystem and then sort of watched it grow. And one of those key signs was when the global system integrators actually began to lean in Accenture, obviously world class, one of the, you know, definitely in the top, you know, they talk about top five QBs, Accenture, you know, top five GSI easily. >>Yep. So, and in fact, Accenture, we've got Rex Stex in here, senior managing director at Accenture Security. You guys have been the GSI partner of the year for Palo Alto Networks for four years in a row, six years plus strong partnership. Give us a little flavor and history of the pan of the Palo Alto partnership with et cetera. >>I think, you know, we started early, right? And I think as they've evolved, we've evolved our partnership with them and as they've gone, you know, to more of a software footprint with, you know, around cloud security and network security and sassy, we've, we've seen a lot of growth and we're super excited about the opportunity that's ahead of us and the meaningful outcomes that we've been providing our clients as it relates to, you know, vendor consolidation, toll consolidation, tech debt reduction. You know, there's a lot of opportunity here to simplify our clients' lives with them. And that's something we're super excited about. >>Simplification, consolidation, been a theme of the last couple of days. Talk about some of the joint accomplishments that you guys have achieved. I know that you developed a lot of offers across all of Palo Alto Network's, GTMs, what are some of the highlights that come to mind? I >>Think one of the things that we're most excited about, you know, that being client specific is what we've been able to do on, on, on the network side with sasi and, and zero trust, network access. You know, as when Covid hit, there was a lot of change that happened with remote workforce and, you know, clients couldn't log in because their VPNs were crashing left and right. And so we were able to, you know, go in and help stand up, you know, this, you know, zero trust network infrastructure and help our clients get back online and get their employees back to work in a productive manner. And then it's evolved with the hybrid work model over time. And so it's, it's been a, that's probably the most gratifying cause there was a real crisis at, at a certain point in time, you know, a couple years ago were >>There Rex, were there unintended consequences of that, you know, rapid, we were forced, you know, the forced march to digital in terms of just multiple tools, plugging holes, and then sort of stepping back, you know, post isolation economy saying, okay, hey, we got through this, but now we need to take a new direction, new >>Strategy. I think that there, there isn't an intended consequence if you look at, most clients have, I saw a number 76, we counted as around 80 different security vendors and tools that they managed because a lot of people went and went after best of breed type capabilities. And, and so what we've seen now is, is the need to, you know, rationalize that, you know, their, their infrastructure and their, and their capability and, and consolidate and reduce that and, and move to, you know, more of what I would call platform providers. Cause if you may have, when you have 80 products, you have 80 integrations, 80 points of failure, and it gets very complex and, you know, there's a lot of finger pointing. And so as we're starting to see clients take a step back and say, Hey, look, if I, you know, spend the time to, you know, I call it modernization, but you know, modernize my security infrastructure and footprint focused around, you know, automation, orchestration, leveraging, you know, true ml and I know there's are buzzwords, but, you know, but you know, using 'em in, in, in the proper fashion, right? >>They, they can, you know, reduce that footprint, save a bunch of money, right? And, and, and drive that cost savings and then help scale their business. Cuz you have all these different vendors and what security is typically in the digital footprint is the slowdown, right? We, we've typically been the bottleneck in the past. And what we're seeing with, with, with what, you know, we've been very focused on is helping our clients scale their security footprints and their infrastructure and, you know, through automation orchestration, I i, I always say some folks do it your mess for less with labor arbitrage and bodies, but they're not enough security people in the world to do this. And so we're very focused on automation and orchestration and driving that into, into the market. >>Yeah. So you don't want to be in the business of, of filling those holes with labor. >>Exactly. You >>Want to actually get paid for outcomes. >>A hundred percent. And everything we've done is we've tried to simplify things not only for, you know, big Accenture, but even for our clients so that, you know, we can be focused on business outcomes, not necessarily technology outcomes. Cuz doing technology for the sake of technology. Is that unintended consequence that you described earlier, >>Speaking of transformation and outcomes I should say, what are you hearing most from CIOs and CISOs in terms of what they need now to be able to transform, to deliver the business outcomes so that they can become secure data companies regardless of industry? Yep. >>I think the, the biggest thing we're seeing right now is the need to, you know, leverage true automation and orchestration. We have to break the headcount model. There's not enough security professionals in the world to do, you know, to solve the world's problems. In order to scale that, you know, it's one of the reasons we're, you know, partnering with Palo Alto is because of, you know, the capabilities and the investments they've made in innovation to help drive that automation and orchestration through, you know, numerous capabilities from stock transformation to to to sassy cloud security, et cetera. But our clients need scale. They need to be able to go fast and net pace and they need to, they need to do it with confidence securely. And that, that's one of the big focuses. But the other focus is, is we're starting to see a need to, you know, vendor consolidation in the market. You've seen the acquisitions, I'm sure you've talked to people in over the last couple days. You know, there's, there's a, a tremendous amount of consolidation going around. And what our clients, you know, are asking for is, Hey, I need to reduce the number of vendors I interact with. I need to simplify my infrastructure, I need to focus on automation and, and orchestration from that perspective, >>What's happening with multi-cloud? What are you hearing from from customers? You know, we hear a lot of the, the, the conversations about, oh it's, you know, it's, and I agree by the way, multi-cloud is kind of a symptom of multi-vendor, you know, Chuck Whittens thing about multi-cloud by default versus design, you know, it's good, good line and I think rings true, but, but what a customer's telling you in terms of the real challenges generally and then specifically around security. >>I think it's, you know, each cloud service product has their own security capabilities and security models and, and, and being able to train the people to be able to manage those different models. I think that's where, you know, tools like, you know, Prisma Cloud for instance come in and help clients be able to manage the security and compliance of those infrastructures in, in a way to do that. And then to be able to manage applications security consistently, right? It's not just the cloud itself, but it's actually the applications that may, you know, cross, you know, be for, for resiliency but you know, be in, you know, multi-cloud, you know, multiple clouds and being able to make sure you have consistent security across those. And I think, you know, one of the things that it's permeated is, is just the, with data and identity and, and you know, cloud infrastructure and tolerance management, it's been a big problem cuz it's like the wild, wild west. I always look, when I look at identity and the cloud and how it's done, it, it looks like 1995 identity. It's, it's, it's ridiculously backwards. And so, you know, we've seen things like, you know, keem that have come into play to help manage those relationships and, and simplify it across multiple clouds consistently, if that makes sense. >>Yep. >>You, you mentioned Prisma Cloud most recently Accenture and Palo Alto developed the Secure Cloud Express. Correct. Can you talk to us a little bit about what that is and what outcomes is it gonna enable? Yeah, >>So great question and we're pretty excited about this cuz what we did with that was we manage cloud, you know, our cloud environments for numerous customers. So we've developed hundreds of policies that, you know, we implemented in Prisma Cloud to manage, you know, multiple clients, our internal infrastructure. And what we did was we said, well, most of our clients have to build those from scratch. So what we said is we will come in, in the best of week of time and come in and, and do a data-driven exercise to show our clients, you know, where where they sit from a, from a security perspective as it relates leveraging Prisma cloud and, and those policies that we've created. And what, what that has led to is another step, which is where we're focused on auto remediation. So, you know, when you, when you get, when you get the findings, then what do you do with them, right? If you have hundreds or thousands in some cases we've had clients with 1100 findings and they just sit there and they go, whoa, you know, so to speak. And so what we've done is we try to take those highest, most frequent findings and build securities code to auto remediate those for clients so they can choose to implement that and work down those, you know, findings very quickly, which helps, you know, drive more value out of, out of their prisma cloud >>Purchases. Accenture obviously has deep industry expertise around the globe. What are you seeing in terms of industries actually? So as they digitize not just their IT transformation but a business transformation, there are starting to see companies, financial services in particular bring their business to their cloud, sify their business. And specifically I'm interested in what's happening at the edge with operations technology. We just talked about healthcare and and medical devices. What's happening there? How connected or disconnected is that to the rest of the estate, the multi-cloud on-prem, et cetera? I >>Mean, I think OT is, is fairly disconnected, right? Sure. From, from that perspective, obviously, but I, I, I think what we're starting to see is an uptick, you know, on, I think secure edge and Sassy will come to OT cause it's a better way. Because what happens is if someone, you know, gets into the network, they can traverse it, right? And if they can apply those zero trust principles to ot, which is you're talking to people that have been, you know, wearing hard hats Yeah. And engineers, that's a big shift for them. And so, but I think that you'll start to see that play more prevalence, you know, with the industries like, you know, financial services, we're seeing a huge uptick in cloud adoption, right? They were, they were slow to do it, but now they're, they're going at pace and faster than most, right? Yeah, sure. And I think, you know, healthcare is a, is another big one where we've seen a lot of migration and a lot of need for multi-cloud. Cuz you know, some, they may be running their analytics on, you know, Google and, and their workloads on Azure, right? Or aws. And so you're starting to see a lot of people leveraging the best of what each cloud provider does well >>From that. And, and just an aside on that Palo Alto survey, we saw construction was one of the hardest hit industries. Yeah. Which I, I was like, what? And then of course it's because they're not really focused on security. They're focused on building stuff. No, >>It's really interesting. We're working with a large builder, I can't say the name, but one of the things that they're looking to do is, you know, they're moving to the cloud and they're building the capability to manage some of the, you know, largest skyscrapers in the world, but also manage the OT sensors and also do selling that creating another business, not only just managing those buildings, but managing other people's buildings for them and ha and selling security as a service for that because they built that capability around their devices and, and, and switches, hvac, et cetera. Do, >>Do you think that because I mean, you know, the operations technology, they're engineers and they're hardcore, like, don't touch my stuff. Exactly. And so do you feel like as, I mean I know that business has kind of done a reach around everything, you know, be becoming connected, but do you feel like they're gonna be more on top of it then, then, then sort of the, the broad commercial market has been? Or is it gonna be wild West all over again? >>My hope is that, you know, us as gsi, you know, my fellow GSIs, that we will help our clients make the better decisions this time around and, and not go to the wild, wild west. And you know, we see a lot of it in manufacturing, you know, if you saw, you know, with the, you know, the invasion Ukraine, you know, one of the big groups that was hit was manufacturing, right? There was factory shut down all over the world, you know, and, and so, you know, and that is an OT environment, but I, you know, what we've seen is them are, you know, those clients take more serious steps to protect those environments cuz they're on, you know, windows 10 servers running, you know, large machines. So we're starting to see a lot more care and feeding in into those environments as well. >>Can I ask you a question about the conversations that you're having? That survey that Dave mentioned, it's was released yesterday. There's a board behind us, what's next in cyber? That was the survey and amazing data that came from it. Like 96% of organizations have been hit by at least one attack in the last year. They were surprised that the number was that high, but we know that no industry, no company is safe. But one of the things that the survey found that, that surprised me was that we always say, oh, security is a board level conversation. We know that to some degree. But what they found was lack of alignment between the board and the executive level. In your Accenture's relationships, I know you guys have deep relationships across organizations and their boards. Can you help bring the board together with the executives and, and really not just talk about cybersecurity, but really develop a cybersecurity transformation strategy that actually delivers resilience? >>Yeah, no ab absolutely. And we've, we, we actually took a step back and, and reorganized our business this last year. And one of those areas that we focused on was within strategy and the C-suite agenda, right? And we actually published looking at gia, it was either the CEO handbook, I think it's what we called it, but they helped them and board be able to, you know, drive more meaningful conversations that relates to risk and and whatnot. And so we're very focused on that right now. And it's, we need to up-level our conversations within the organization. Cause even the buyers in these large, you know, two years ago was mainly the cso, now we're dealing with the cio, CTOs, cfo because these are, you know, meaningful business conversations, right? That are driving business outcomes and security needs to be a business enabler, not, not a a, a bottleneck >>Is the chief data officer starting to emerge as, as we see, you know, Nikesh said yesterday in his keynote and we talked about it with him when he was here, security is a data problem. >>Yep. It is. It's a huge data problem. And we're starting to, you know, I think we've talked a lot about zero trust, but zero trust data is, is a, is a significant problem, right? Because that you talk about the wild, wild west is we see clients that have people that have in, you know, they, they have access to, you know, what we call dev development environment data, right? But then you find out that they can hop four levels over into production data and this been exposed to, you know, the wrong people, you know, not focused on that least privileged aspect. I think data's a real problem, you know, per na kesha's statement in the cloud. It's something that really needs to be addressed. And I think we're starting to see a lot of innovation around that area. Cuz what typical data security has always been, I have all these problems, it creates, I call it noise, right? I got thousands of findings and then just, you know, need just sit there and they go, what do I do? Right? It's too much. And so I think there, there's gonna be more intelligence around that and more, you know, what I call auto remediation, right? Being able to remediate those findings quickly from from that >>Perspective. I've been watching this board behind us. Yeah. It's this what's next in cyber. And people come in and they write, it's just been growing, you know, all week and somebody just wrote sock transformation. Yeah. We were just sort of talking about earlier what, what, in your estimation, what percent of organizations that you target. I understand that you're not going after the, you know, mom and pop organizations, but what percent of that, you know, fat middle and the tip of the pyramid, that a euro, that's your sweet spot. What percent of those organizations don't have a sock? >>I mean, most every organization has a sock. You know, I talked to, you know, CISOs of large financial service organization, they said, do we even need a sock anymore? It could be a virtual sock so to speak, but I think, you know, am was SOC transformation. I think we could potentially head to something like that. But you know, but what's really been strange is there's been, you know, what we call soar, right? Security, you know, orchestration, automation, whatever. And what another, >>Another acronym, their >>Acronym that I security that I might brain is >>Hold apologize. >>But you know, they've, people have never really driven the value out of it because they build these automation playbooks and, and for one company to do it and build 20 of 'em or 30 of 'em to ha it doesn't pay off in the long run. And what we're starting to see is people, you know, bring to the table more crowdsource these capabilities so that they can scale those sock transformations. Cause it's really about, you know, orchestration and automation. That's where, you know, nirvana comes in because it's not about people with headsets on looking at, you know, 20 screens. It's not helpful, right? The humans, we make mistakes. And so if we can automate as much of that as possible, get rid of the false positives, leverage AI and and ML to do that. And I think we're starting to see, you know, what I would call more advanced AI and ml. I think in the early days in security, AI and ML was very nascent and, and, and now you're starting to see, you know, more powerful concepts come in better learning, better outcomes out of that. >>Well, it was a lot of modeling in the cloud still is, but it's increasingly going toward real time inference and that's, you know, game changing. >>Agreed. >>Last question for you. What's are some of the things that are next on the plate for Accenture and Palo Networks? What's next up? >>I think, you know, we're very focused on, on Sassy right now in, in the market. And I think we think that is, you know, I think both of us think that's the next big wave, right? Because I think what we learned out of, you know, these last two and a half, three years is that these concepts work, but they can actually scale out to drive significant cost savings. I mean, if you look at Accenture, you know, we don't have a a network backbone anymore. We're pure cloud wan, right? We're leveraging the internet for that. And I think that and what we're trying to do with Palo Alto and driving, you know, cloud WAN and Sassy as a service, I think will be super, super meaningful. And, and, and, and >>Well that's interesting. That has implications for a number of companies out >>There. Yeah. Well I think, you know, it's obviously the, you know, it, it's a, it is a big implication for a lot of, a lot of, you know, our customers even, right? Yeah. And so we have to be very careful and thoughtful about how we work to make that happen over time. >>Right. A lot of opportunity. Rex, thank you so much for joining us on the program and really dissecting what Accenture and Palo Alto are doing, all the value in it for organizations across industries. We appreciate your insights. Yep. >>Thank you >>For Rex Dexon and Dave Valante. I'm Lisa Martin, you're watching the Cubes stick around. Dave and I will be right back with our next guest. This is the Cube, the leader in live, emerging and enterprise tech coverage.

>> Narrator: theCUBE presents Ignite 22. Brought to you by Palo Alto Networks. >> Hey, welcome back to Las Vegas. Lisa Martin here with Dave Vellante. This is day two of theCUBE's coverage of Palo Alto Ignite 2022. Dave we're just talking about how many times we're in Vegas. And we were here two weeks ago with our guest who's back in Alumni. And it's a blur, right? >> It's true, I lost count. Luckily I'm not flying red eye tonight. So that's good. >> I'm impressed. >> Excited about that. >> Yeah >> I'm actually going to enjoy the, nightlife here for a period of time. And, you know, we were at re-Invent. >> Yeah. >> And what a difference. This is nice and relaxed. You have time. You're not getting bumped in the hallway. >> Right. >> A lot of time for learning. So it's been great show. >> It's been great. And one of the things that we've been talking about is the supply chain. Securing the modern software supply chain is really complicated. We've got an Alumni back with us, to talk about what Palo Alto is doing in that respect. Ankur Shah joins us. The SVP and GM of Cloud Security at Palo Alto Networks. Welcome back. >> Yeah, happy to be back. Good to see you again. Dave and Lisa. >> It's been two long weeks. >> Ankur: I know. It's been two weeks, yeah >> Dave: It's kind of crazy. I mean, ReInvent really was a blur. And it's like you had everything coming at you. And there was obviously a big chunk of security, but you. It was just so much to absorb. >> Yeah. >> Right? >> Yeah, and I couldn't get into any of the sessions versus at Ignite. I mean, you could, you could learn a lot. To your point Dave. And 70,000 people versus 3000 in change. Big difference. >> Dave: Yeah. >> Lisa: Huge difference. >> Yeah. >> Lisa: Huge difference. So we touched on the Cider acquisition. >> Ankur: Yeah. >> Which was announced the intent to acquire last month. Let's dig into a little bit more of that, and then some of the great things that had been announced. >> Ankur: Yeah. >> In the last couple of days. >> Oh, absolutely. So, this is something that we have been marinating for last nine months. Thinking about how best to secure supply chain. And this is software supply chain. The modern application software is fairly complex. You know, back in the days when I was a developer, it was a simple three tier application. Ship the code once a year, et cetera. But now with microservices, new architectures, Kubernetes Public Cloud, we talked about this. It's getting super complicated, and the customers are really worried about securing their entire supply chain. Which is nothing but the software pipeline. And so we started looking at a whole bunch of companies and Cider really stood out. I mean, they had, they were the innovators in this space. Very early days, we've seen supply chain attack. But there hasn't been a really good and strong solution in that space. And Cider just delivered that incredible team. Great technology, super excited about what that integration will look like. in the coming quarters. >> What do we need to know about them? I mean, I'll be honest with you, I wasn't familiar with Cider until I saw you guys made the announcement of the intent to acquire them. What, what should we know about them? Why Cider? What was it that attracted you to them? >> Ankur: Yeah, so, you know, we have a history of technology acquisitions as you know, over the last four years, just in the public cloud. We acquire over half a a dozen companies, small and large. And typically we are always looking for companies who have the next gen technology available. Technology that is more in tune with how application software is going to look like in future. So we're not always going after companies that are making you know, tens of hundreds of millions of dollars in a year and all. We're looking for the right tech. The future. And that's what we found in Cider. Like they have a really strong application security background. And AppSec just broadly speaking, supply chain is part of it. But application security, just broadly speaking, is right for disruption. You've got a lot of vendors, who have been around for like last two decades. Old school stuff, lots and lots of false positives. So we've been bolstering, beefing up our portfolio in the application security space. And Cider really fits right nicely into it. Because it can like I said, secure a lot of technology and tooling, that software developers use as part of their software supply chain. So, great founding team, great technology. It was a perfect fit. >> Talk about integration. We spoke with Nikesh yesterday, with Nir, with a whole bunch of folks. Lee this morning. BJ yesterday as well. And one of the things that seems to stick out at me. With all the shows that we do, is the focus that Palo Alto has on ensuring that it's making the right acquisitions. But that it's the integration, is really seems to be like leading part of the strategy. That seems to be a little bit of a differentiator to me. >> Yeah, it absolutely is. There are two ways to integrate a technology into an existing platform. And Prisma Cloud is a platform as you know. Code-to-cloud, CNAPP platform as we call it. One is just kind of slotted in, put the whole thing in a box. And that's basically making one plus one equal to two. We're looking for high leverage in integrations, whereby once that integration comes along. It makes the rest of the platform even better and superior. It makes that technology look even better. So that's why there's a lot of focus on ensuring that we're delivering the right type of integration, that delivers instant customer value. And that makes the overall platform even superior. So customers don't feel like hey, like there's just one more add-on, on top of the other thing. >> Lisa: Right, not a bolt on. >> So that's why there's a lot of focus on that. Getting the strategy nailed. Because the founding teams generally have a preconceived notion about how the world looks like. Then they understand how Prisma cloud and Palo Alto Networks think about it. And then, we sort of merge the two ideas, and build something that's incredible. So I am, we're spending a lot of time in integration. That honeymoon phase of like, let's high five acquisitions done, that's over. Now it's the grinding work of actually getting this right. And you know, getting hundreds and thousands of customers. >> Well I like how you don't have the private equity mentality. It's not about EBITDA and cashflow. We'll take care of that. >> Ankur: Yeah. >> You know, it's about getting that integration. Getting that flywheel effect, inside the platform. You know, we said one plus one equals, maybe even more than two. Can you explain Prisma Cloud Secrets Security? What is that all about? What do we need to know about that? >> Ankur: Absolutely. So, the developers, you know generally store some stuff in the code repo for their automation work to build application. And that thing, the API keys or as Secrets are stored in code repo. It shouldn't be. Or even if they are, they should be encrypted, or locked down and things of that nature. But, you know, the need for speed trumps everything else. Developers want to go fast. And sometimes they're like, okay well. I guess my application needs this particular, you know API access token or secret. I'm just going to stick it in the code. Now the challenge with that is that, if somebody gets hold of your code repo. Now not only is your code repo, which has all your sensitive data. Your code is the life and blood of a technology company. That's in trouble. But also those secrets and API access keys can be used to log into your cloud accounts. And there you may have sensitive customer data. Everything that you have as a technology company stored in that public cloud accounts. So that's the worry. It's usually the initial access for the kill chain. Because that's where the attacks start. Let me get the secret, let me get the API access key. And let me see what I can do in public cloud. So we are now giving customers the visibility into where the secrets are stored. More importantly, it just right there on developer's face. In the code repo as they're checking in the code. They say why, hey, there's a secret here. Are you sure you want to, you want to keep it like this, no? Okay, well then you can either encrypt it, or just get rid of it. So we're making, we're bringing security where the developers are in their code repo, et cetera. >> So I can see a lot of developers saying, yeah, go ahead, encrypt it. So I don't have to do anything else, you know, extra. It's almost, the analogy is a very small you know, version of this. Its like, use a password manager. You store all your passwords in your contacts on your phone, right? I mean, somebody gets a hold of your contacts, you're screwed. >> Ankur: That's exactly right. >> And so, but I could still see a lot of developers say, check in the box. Say, yeah just encrypt it, leave it there. But you're saying best practice is to not to do that, right? >> Yeah, usually you're not supposed to, you know, store all your secrets, et cetera in code repo to begin with. But if you do, you know, you use a key wall like technology to really encrypt it and store it in a secret manner, yeah. >> Dave: There's an old saying, bad user behavior trump's great security every time. >> Ankur: Every time. >> But this is an example where, we know you're going to have bad behavior. So we're going to protect the bad behavior. >> Yeah, and actually, sorry Lisa, just to that point. The bad user behavior trumps good security. The classic example, this happened three weeks ago. Three, four weeks ago, where Dropbox, one of the file sharing companies there. 120 plus code repos were exposed. And the way their attack started, was a simple social engineering attack. Bad user behavior. There was an email, hey, like your passwords are updated for your, you know, this code plugin. Can you enter the password? And boom, now you have access to the code repo. And now if you have secrets inside of it, now, you know all bets are off. >> Are there hard-coded secrets versus like, I mean, like I think like, like you were saying, Dave. Like usernames and passwords and tokens, versus like soft coded secrets. >> Ankur: It's, I think it, this is more so two forms of it, you know. The most primary one is what we call the API access keys. And this keys are used to access cloud accounts, workloads and things of that nature. But there are actually secret secrets. Could be database login passwords, et cetera. The application is using it to spin up databases. Now, you know, you have access to the data stores. Any other application, there's a login password, all of that stuff. So it's less about the user password, but more the application and databases and things of that nature. >> Dave: So again, and, again, everybody should be using password managers. But when you use a password manager, it's going to give you a long list of passwords, that are either been compromised or are weak. And you just go uh, okay. So can you help? How do you help customers identify what the high risk? You know, API, you know, access are versus those ones that they may not have to worry about. >> Ankur: Yeah, look. You know, secrets aside. Risk prioritization is one of the biggest topics that our customers have across the board, in cloud security. All the security vendors are really, really good at one thing, generating alerts. Everybody does it. They generate an alert. You know, your ring camera, if you've got one. I mean this pop up every day, like every minute rather. Well like can you prioritize it for me? What should I really look at it? So that's a number one thing. What Prisma Cloud does is, you know, contextualize it. What the real risk is? They can tell you like, hey, here's the kill chain. If this thing, you know, goes to public internet. These are the potential exposures that you have. So we provide a prioritized risk of critical alerts that customers have to take care of before they can start taking care of more hygiene type of stuff, right? So that's how we do it. Like we leverage a lot of technology. We apply a lot of context. We tell you like, hey, this code repo is not protected by multifactor authentication. And then there's a secret inside. Are you sure, you know, you don't want to fix it? So that's what we do. But it's a great question. Top of mind for all our customers. And that's how we think about it across the board. Versus generating just alerts all the time. >> Dave: Is the strategy, Because we all know phishing is the sort of most, you know obvious way to. It's the top way in which people get hacked. >> Ankur: Yeah. >> Is your strategy essentially to say. Okay we know that's going to happen, so we're going to try to protect it at the back end. How much of the, maybe it's an industry question. more so than just a Palo Alto specifically, How much emphasis is do you think the industry is taking or should be taking on stopping that, you know that those phishing attacks? Because if that's the number one problem you know, maybe that's where we should be starting. >> Yeah, it's a great question. It's typically the initial vector, for a lot of attacks to your point. But there is one thing that technology and AI cannot solve. Which is the user behavior, to your point. Like we can't get into the heads of the user. I mean, you can train them, you can do everything. You can't prevent somebody from clicking a button. Of course there's technology out there for email security that does that. But your point is, right, it's going to happen. Now what do you do? How do you protect your applications, your crown jewel? You know, whether it's in the cloud or it's in the code repo. So a lot of what we are trying to do in code security, or cloud security, or in general at Palo Alto Networks. is to protect those crown jewel. Because we can't prevent somebody from doing something. User behavior is hard to change. >> Dave: So it's almost like, okay, you left your front door open. Somebody's going to walk in, but oh, they walk into a vault. And they don't know where to go. And there's nowhere they can- >> Ankur: Yeah. >> You know, nothing they can take. They can't get to the silverware or the jewelry. >> I think that's it, yeah. >> What are some of the things, like as we look at, we're wrapping up calendar year '22 heading into '23. That customers can look to Palo Alto Networks to help them achieve? One of the things that we talked about with Nikesh and Niri yesterday, is consolidation. Like, and you guys just did a recent, survey. >> Ankur: Yeah. >> About the state of Cyber, and organizations on average have 366 apps in their environment. 31 security tools, 30 to 50 security tools. >> Ankur: Yeah. >> Consolidation is really key there. What are some of the things that you are excited about to deliver to customers where consolidation is concerned? >> Ankur: Yeah. >> Where software supply chain security is concerned in the next year? >> Yeah, absolutely. Look, there are over 3000 security vendors. And this can be, I mean you talked about average customer having 300. I was talking to a CSO, this was last year for one of the largest financial institution I go, "How many security tools do you have?" He got 120. I said, why? He goes, we have a no vendor left behind policy. >> Wow. >> It's crazy. >> Dave: What? >> Obviously he was joking, but it's crazy, right? Like that's how the CSO's are. >> Dave: I mean, he was kidding. >> Yeah. >> Dave: But recognized that. Wow. >> Yeah, and, this is the state the security industry is in. And our mission has been, and Lee and Nikesh and Niri talked about it. Is just platforms, will platforms take moonshots, things long term. And especially the, macro headwinds that we're seeing. We're hearing more and more from the customers that, look we're not going to buy point product. Then we got to buy another product that stitches it all together. We need platforms, whether it's for zero trust, Prisma SaaS, whether it's cloud. Prisma cloud or for your sock transformation. You know XIM and Cortex line of products. So I think you're going to see more and more of that in 2023. I'm confident in that. >> We heard from Lee today, the world record's 400. >> Yes. >> Yeah. >> That's crazy. >> He's going for it. He's got a ways to go. 120 He's got to... >> Maybe he wasn't, that guy wasn't kidding about his no vendor left behind policy. (laughing) Do you have Ankur, a favorite customer story that really articulates the value of what Palo Alto delivers and continues to. You know, 'cause one of the things that Nikesh said in his keynote was that you know, security's a data problem. Well every company these days, in every industry has to be a data company. But really what they need to be able to be is a secured data company. >> Ankur: Yeah. >> How are you guys enabling that? >> Oh, absolutely. Look, many customer examples come to mind, but speaking of data. You know, one of, some of our largest customers who are protecting their PCI workers where they have sensitive data. They're using for example, Prisma Cloud, to ensure that malicious attacks don't happen. And those workloads are used for credit card processing. They're processing tens of thousands of credit card transactions a second. And make sure that nobody gets hold of that. And that's why they have to make sure that nobody is. No attacker is trying to get hold of the sensitive data, to your point, So we have customers across financial services, media and entertainment technology company. Where we are helping them go as fast as possible in public cloud. Go through digital transformation, by securing their applications. >> Dave: What's the T-shirt say? I see code. >> Oh yeah. >> Dave: Secure from Code to Cloud. >> Lisa: Shift Happens. >> Shift Happens, Secrets from Code to Cloud. >> I love that. I was looking at that, going back to that, what's next in cyber survey? >> Ankur: Yeah. >> It said 74% of respondents, and I believe there was 1300 CIO's, CXO's that were surveyed globally. Where they said security is slowing down DevOps. Can customers look to Palo Alto Networks to help them? >> Ankur: Be enablers? >> Yes. >> Yeah, hundred percent. Look, the conversation over the last few years have changed now. Security used to say like, oh, I don't know about these people who are building applications. The DevOps is like security slowing down. I think there's an opportunity for companies like Palo Alto Networks, to build the bridge between the two. And the way we do it is make the securities easy, simple and not super intrusive. Where developers have to do a natural thing. And one part of it, and I talked about it earlier, is bring security where the developers are. In their code repo, in their IDE. Make it super simple. Don't make them do unnatural things. And it just, this is no different from changing the behavior of our kids. Right? Like you make them do unnatural things, they're not going to do it. But if it is part of their regular, you know, day-to-day operating procedures. I think they're going to be more open to change. Yeah. So I think it's possible. And Palo Alto has a huge responsibility to bridge the divide between the apps team, or the DevOps and the security organization. >> Lisa: Lots of great stuff to come. We thank you so much for coming back, two weeks. Only being on two weeks ago. We appreciate your insights, learning more information. It's great to see you at Palo Alto Ignite. And we'll have to have you back on. 'Cause we know that there's so much more to follow with respect to what you're doing. And shifting left, shift happens. >> Awesome. Lisa, Dave, thank you so much. It's been a pleasure. >> Lisa: Thank you so much. For Ankur Shah and Dave Vellante. I'm Lisa Martin. You're watching theCUBE. The leader in live and emerging tech coverage.

>>The cube presents Ignite 22, brought to you by Palo Alto Networks. >>Good morning. Live from the MGM Grand. It's the cube at Palo Alto Networks Ignite 2022. Lisa Martin here with Dave Valante, day two, Dave of our coverage, or last live day of the year, which I can't believe, lots of good news coming out from Palo Alto Networks. We're gonna sit down with its Chief product officer next and dissect all of that. >>Yeah. You know, oftentimes in, in events like this, day two is product day. And look, it's all about products and sales. Yeah, I mean those, that's the, the, the golden rule. Get the product right, get the sales right, and everything else will take care of itself. So let's talk product. >>Yeah, let's talk product. Lee Claridge joins us, the Chief Product Officer at Palo Alto Networks. Welcome Lee. Great to have >>You. Thank you so much. >>So we didn't get to see your keynote yesterday, but we heard one of the things, you know, we've been talking about the threat landscape, the challenges. We had Unit 42, Wendy on yesterday. We had Nash on and near talking about the massive challenges in the threat landscape. But we understand, despite that you are optimistic. I am. Talk about your optimism given the massive challenges that every organization is facing today. >>Look, cybersecurity's hard and often in cybersecurity in the industry, a lot of people get sort of really focused on what the threat actors are doing, why they're successful. We investigate breaches and we think of it, it just starts to feel somewhat overwhelming for a lot of folks. And I just happen to think a little bit differently. I, I look at it and I think it's actually a solvable problem. >>Talk about cyber resilience. How does Palo Alto Networks define that and how does it help customers achieve that? Cuz that's the, that's the holy grail these days. >>Yes. Look, the, the way I think about cyber resilience is basically in two pieces. One, it's all about how do we prevent the threat actors from actually being successful in the first place. Second, we also have to be prepared for what happens if they happen to find a way to get through, and how do we make sure that that happens? The blast radius is, is as narrowly contained as possible. And so the, the way that we approach this is, you know, I, I kind of think in terms of like threes three core principles. Number one, we have to have amazing technology and we have to constantly be, keep keeping up with and ideally ahead of what attackers are doing. It's a big part of my job as the chief product officer, right? Second is we, you know, one of the, the big transformations that's happened is the advent of, of AI and the opportunity, as long as we can do it, a great job of collecting great data, we can drive AI and machine learning models that can start to be used for our advantage as defenders, and then further use that to drive automation. >>So we take the human out of the response as much as possible. What that allows us to do is actually to start using AI and automation to disrupt attackers as it's happening. The third piece then becomes natively integrating these capabilities into a platform. And when we do that, what allows us to do is to make sure that we are consistently delivering cybersecurity everywhere that it needs to happen. That we don't have gaps. Yeah. So great tech AI and automation deliver natively integrated through platforms. This is how we achieve cyber resilience. >>So I like the positivity. In fact, Steven Schmidt, who's now the CSO of, of Amazon, you know, Steven, and it was the CSO at AWS at the time, the first reinforced, he stood up on stage and said, listen, this narrative that's all gloom and doom is not the right approach. We actually are doing a good job and we have the capability. So I was like, yeah, you know, okay. I'm, I'm down with that. Now when I, my question is around the, the portfolio. I, I was looking at, you know, some of your alternatives and options and the website. I mean, you got network security, cloud security, you got sassy, you got capp, you got endpoint, pretty much everything. You got cider security, which you just recently acquired for, you know, this whole shift left stuff, you know, nothing in there on identity yet. That's good. You partner for that, but, so could you describe sort of how you think about the portfolio from a product standpoint? How you continue to evolve it and what's the direction? Yes. >>So the, the, the cybersecurity industry has long had this, I'm gonna call it a major flaw. And the major flaw of the cybersecurity industry has been that every time there is a problem to be solved, there's another 10 or 20 startups that get funded to solve that problem. And so pretty soon what you have is you're, if you're a customer of this is you have 50, a hundred, the, the record is over 400 different cybersecurity products that as a customer you're trying to operationalize. >>It's not a good record to have. >>No, it's not a good record. No. This is, this is the opposite of Yes. Not a good personal best. So the, so the reason I start there in answering your question is the, the way that, so that's one end of the extreme, the other end of the extreme view to say, is there such a thing as a single platform that does everything? No, there's not. That would be nice. That was, that sounds nice. But the reality is that cybersecurity has to be much broader than any one single thing can do. And so the, the way that we approach this is, is three fundamental areas that, that we, Palo Alto Networks are going to be the best at. One is network security within network security. This includes hardware, NextGen, firewalls, software NextGen, firewalls, sassy, all the different security services that tie into that. All of that makes up our network security platforms. >>So everything to do with network security is integrated in that one place. Second is around cloud security. The shift to the cloud is happening is very real. That's where Prisma Cloud takes center stage. C a P is the industry acronym. If if five letters thrown together can be called an acronym. The, so cloud native application protection platform, right? So this is where we bring all of the different cloud security capabilities integrated together, delivered through one platform. And then security, security operations is the third for us. This is Cortex. And this is where we bring together endpoint security, edr, ndr, attack, surface management automation, all of this. And what we had, what we announced earlier this year is x Im, which is a Cortex product for actually integrating all of that together into one SOC transformation platform. So those are the three platforms, and that's how we deliver much, much, much greater levels of native integration of capabilities, but in a logical way where we're not trying to overdo it. >>And cider will fit into two or three >>Into Prisma cloud into the second cloud to two. Yeah. As part of the shift left strategy of how we secure makes sense applications in the cloud >>When you're in customer conversations. You mentioned the record of 400 different product. That's crazy. Nash was saying yesterday between 30 and 50 and we talked with him and near about what's realistic in terms of getting organizations to, to be able to consolidate. I'd love to understand what does cybersecurity transformation look like for the average organization that's running 30 to 50 point >>Solutions? Yeah, look, 30 to 50 is probably, maybe normal. A hundred is not unusual. Obviously 400 is the extreme example. But all of those are, those numbers are too big right now. I think, I think realistic is high. Single digits, low double digits is probably somewhat realistic for most organizations, the most complex organizations that might go a bit above that if we're really doing a good job. That's, that's what I think. Now second, I do really want to point out on, on the product guy. So, so maybe this is just my way of thinking, consolidation is an outcome of having more tightly and natively integrated capabilities. Got you. And the reason I flip that around is if I just went to you and say, Hey, would you like to consolidate? That just means maybe fewer vendors that that helps the procurement person. Yes. You know, have to negotiate with fewer companies. Yeah. Integration is actually a technology statement. It's delivering better outcomes because we've designed multiple capabilities to work together natively ourselves as the developers so that the customer doesn't have to figure out how to do it. It just happens that by, by doing that, the customer gets all this wonderful technical benefit. And then there's this outcome sitting there called, you've just consolidated your complexity. How >>Specialized is the customer? I think a data pipelines, and I think I have a data engineer, have a data scientists, a data analyst, but hyper specialized roles. If, if, let's say I have, you know, 30 or 40, and one of 'em is an SD wan, you know, security product. Yeah. I'm best of breed an SD wan. Okay, great. Palo Alto comes in as you, you pointed out, I'm gonna help you with your procurement side. Are there hyper specialized individuals that are aligned to that? And how that's kind of part A and B, how, assuming that's the case, how does that integration, you know, carry through to the business case? So >>Obviously there are specializations, this is the, and, and cybersecurity is really important. And so there, this is why there had, there's this tendency in the past to head toward, well I have this problem, so who's the best at solving this one problem? And if you only had one problem to solve, you would go find the specialist. The, the, the, the challenge becomes, well, what do you have a hundred problems to solve? I is the right answer, a hundred specialized solutions for your a hundred problems. And what what I think is missing in this approach is, is understanding that almost every problem that needs to be solved is interconnected with other problems to be solved. It's that interconnectedness of the problems where all of a sudden, so, so you mentioned SD wan. Okay, great. I have Estee wan, I need it. Well what are you connecting SD WAN to? >>Well, ideally our view is you would connect SD WAN and branch to the cloud. Well, would you run in the cloud? Well, in our case, we can take our SD wan, connect it to Prisma access, which is our cloud security solution, and we can natively integrate those two things together such that when you use 'em together, way easier. Right? All of a sudden we took what seemed like two separate problems. We said, no, actually these problems are related and we can deliver a solution where those, those things are actually brought together. And that's just one simple example, but you could, you could extend that across a lot of these other areas. And so that's the difference. And that's how the, the, the mindset shift that is happening. And, and I I was gonna say needs to happen, but it's starting to happen. I'm talking to customers where they're telling me this as opposed to me telling them. >>So when you walk around the floor here, there's a visual, it's called a day in the life of a fuel member. And basically what it has, it's got like, I dunno, six or seven different roles or personas, you know, one is management, one is a network engineer, one's a coder, and it gives you an X and an O. And it says, okay, put the X on things that you spend your time doing, put the o on things that you wanna spend your time doing a across all different sort of activities that a SecOps pro would do. There's Xs and O's in every one of 'em. You know, to your point, there's so much overlap going on. This was really difficult to discern, you know, any kind of consistent pattern because it, it, it, unlike the hyper specialization and data pipelines that I just described, it, it's, it's not, it, it, there's way more overlap between those, those specialization roles. >>And there's a, there's a second challenge that, that I've observed and that we are, we've, we've been trying to solve this and now I'd say we've become, started to become a lot more purposeful in, in, in trying to solve this, which is, I believe cybersecurity, in order for cyber security vendors to become partners, we actually have to start to become more opinionated. We actually have to start, guys >>Are pretty opinionated. >>Well, yes, but, but the industry large. So yes, we're opinionated. We build these products, but that have, that have our, I'll call our opinions built into it, and then we, we sell the, the product and then, and then what happens? Customer says, great, thank you for the product. I'm going to deploy it however I want to, which is fine. Obviously it's their choice at the end of the day, but we actually should start to exert an opinion to say, well, here's what we would recommend, here's why we would recommend that. Here's how we envisioned it providing the most value to you. And actually starting to build that into the products themselves so that they start to guide the customer toward these outcomes as opposed to just saying, here's a product, good luck. >>What's, what's the customer lifecycle, not lifecycle, but really kind of that, that collaboration, like it's one thing to, to have products that you're saying that have opinions to be able to inform customers how to deploy, how to use, but where is their feedback in this cycle of product development? >>Oh, look, my, this, this is, this is my life. I'm, this is, this is why I'm here. This is like, you know, all day long I'm meeting with customers and, and I share what we're doing. But, but it's, it's a, it's a 50 50, I'm half the time I'm listening as well to understand what they're trying to do, what they're trying to accomplish, and how, what they need us to do better in order to help them solve the problem. So the, the, and, and so my entire organization is oriented around not just telling customers, here's what we did, but listening and understanding and bringing that feedback in and constantly making the products better. That's, that's the, the main way in which we do this. Now there's a second way, which is we also allow our products to be customized. You know, I can say, here's our best practices, we see it, but then allowing our customer to, to customize that and tailor it to their environment, because there are going to be uniquenesses for different customers in parti, we need more complex environments. Explain >>Why fire firewalls won't go away >>From your perspective. Oh, Nikesh actually did a great job of explaining this yesterday, and although he gave me credit for it, so this is like a, a circular kind of reference here. But if you think about the firewalls slightly more abstract, and you basically say a NextGen firewalls job is to inspect every connection in order to make sure the connection should be allowed. And then if it is allowed to make sure that it's secure, >>Which that is the definition of an NextGen firewall, by the way, exactly what I just said. Now what you noticed is, I didn't describe it as a hardware device, right? It can be delivered in hardware because there are environments where you need super high throughput, low latency, guess what? Hardware is the best way of delivering that functionality. There's other use cases cloud where you can't, you, you can't ship hardware to a cloud provider and say, can you install this hardware in front of my cloud? No, no, no. You deployed in a software. So you take that same functionality, you instantly in a software, then you have other use cases, branch offices, remote workforce, et cetera, where you say, actually, I just want it delivered from the cloud. This is what sassy is. So when I, when I look at and say, the firewall's not going away, what, what, what I see is the functionality needed is not only not going away, it's actually expanding. But how we deliver it is going to be across these three form factors. And then the customer's going to decide how they need to intermix these form factors for their environment. >>We put forth this notion of super cloud a while about a year ago. And the idea being you're gonna leverage the hyperscale infrastructure and you're gonna build a, a, you're gonna solve a common problem across clouds and even on-prem, super cloud above the cloud. Not Superman, but super as in Latin. But it turned into this sort of, you know, superlative, which is fun. But the, my, my question to you is, is, is, is Palo Alto essentially building a common cross-cloud on-prem, presumably out to the edge consistent experience that we would call a super cloud? >>Yeah, I don't know that we've ever used the term surfer cloud to describe it. Oh, you don't have to, but yeah. But yes, based on how you describe it, absolutely. And it has three main benefits that I describe to customers all the time. The first is the end user experience. So imagine your employee, and you might work from the office, you might work from home, you might work while from, from traveling and hotels and conferences. And, and by the way, in one day you might actually work from all of those places. So, so the first part is the end user experience becomes way better when it doesn't matter where they're working from. They always get the same experience, huge benefit from productivity perspective, no second benefit security operations. You think about the, the people who are actually administering these policies and analyzing the security events. >>Imagine how much better it is for them when it's all common and consistent across everywhere that has to happen. Cloud, on-prem branch, remote workforce, et cetera. So there's a operational benefit that is super valuable. Third, security benefit. Imagine if in this, this platform-based approach, if we come out with some new amazing innovation that is able to detect and block, you know, new types of attacks, guess what, we can deliver that across hardware, software, and sassi uniformly and keep it all up to date. So from a security perspective, way better than trying to figure out, okay, there's some new technology, you know, does my hardware provider have that technology or not? Does my soft provider? So it's bringing that in to one place. >>From a developer perspective, is there a, a, a PAs layer, forgive me super PAs, that a allows the developers to have a common experience across irrespective of physical location with the explicit purpose of serving the objective of your platform. >>So normally when I think of the context of developers, I'm thinking of the context of, of the people who are building the applications that are being deployed. And those applications may be deployed in a data center, increasing the data centers, depending private clouds might be deployed into, into public cloud. It might even be hybrid in nature. And so if you think about what the developer wants, the developer actually wants to not have to think about security, quite frankly. Yeah. They want to think about how do I develop the functionality I need as quickly as possible with the highest quality >>Possible, but they are being forced to think about it more and more. Well, but anyway, I didn't mean to >>Interrupt you. No, it's a, it is a good, it's a, it's, it's a great point. The >>Well we're trying to do is we're trying to enable our security capabilities to work in a way that actually enables what the developer wants that actually allows them to develop faster that actually allows them to focus on the things they want to focus. And, and the way we do that is by actually surfacing the security information that they need to know in the tools that they use as opposed to trying to bring them to our tools. So you think about this, so our customer is a security customer. Yet in the application development lifecycle, the developer is often the user. So we, we we're selling, we're so providing a solution to security and then we're enabling them to surface it in the developer tools. And by, by doing this, we actually make life easier for the developers such that they're not actually thinking about security so much as they're just saying, oh, I pulled down the wrong open source package, it's outdated, it has vulnerabilities. I was notified the second I did it, and I was told which one I should pull down. So I pulled down the right one. Now, if you're a developer, do you think that's security getting your way? Not at all. No. If you're a developer, you're thinking, thank god, thank you, thank, thank you. Yeah. You told me at a point where it was easy as opposed to waiting a week or two and then telling me where it's gonna be really hard to fix it. Yeah. Nothing >>More than, so maybe be talking to Terraform or some other hash corp, you know, environment. I got it. Okay. >>Absolutely. >>We're 30 seconds. We're almost out of time. Sure. But I'd love to get your snapshot. Here we are at the end of calendar 2022. What are you, we know you're optimistic in this threat landscape, which we're gonna see obviously more dynamics next year. What kind of nuggets can you drop about what we might hear and see in 23? >>You're gonna see across everything. We do a lot more focus on the use of AI and machine learning to drive automated outcomes for our customers. And you're gonna see us across everything we do. And that's going to be the big transformation. It'll be a multi-year transformation, but you're gonna see significant progress in the next 12 months. All >>Right, well >>What will be the sign of that progress? If I had to make a prediction, which >>I'm better security with less effort. >>Okay, great. I feel like that's, we can measure that. I >>Feel, I feel like that's a mic drop moment. Lee, it's been great having you on the program. Thank you for walking us through such great detail. What's going on in the organization, what you're doing for customers, where you're meeting, how you're meeting the developers, where they are. We'll have to have you back. There's just, just too much to unpack. Thank you both so much. Actually, our pleasure for Lee Cler and Dave Valante. I'm Lisa Martin. You're watching The Cube Live from Palo Alto Networks Ignite 22, the Cube, the leader in live, emerging and enterprise tech coverage.

>> Announcer: TheCUBE presents Ignite '22, brought to you by Palo Alto Networks. >> Welcome back to Las Vegas. It's theCUBE covering Palo Alto Networks '22, from the MGM Grand, Lisa Martin with Dave Vellante. Dave, we are going to unpack in the next few minutes what we heard and saw at day one of Palo Alto Networks, Ignite. A lot of great conversations, some great guests on the program today. >> Yeah last event, CUBE event of the year. Probably last major tech event of the year. It's kind of an interesting choice of timing, two weeks after reInvent. But you know, this crowd is it's a lot of like network engineers, SecOps pros. There's not a lot of suits here. I think they were here yesterday, all the partners. >> Yeah. >> We talked to Carl Sunderland about, Hey, these, these guys want to know how do I grow my business? You know, so it was a lot of C level executives talking about their business, and how they partner with Palo Alto to grow. The crowd today is really, you know hardcore security professionals. >> Yeah. >> So we're hearing a story of consolidation. >> Yes. >> No surprise. We've talked about that and reported on it, you know, quite extensively. The one big takeaway, and I want, I came in, as you know, wanting to understand, okay, can you through m and a maintain, you know, build a suite of great, big portfolio and at the same time maintain best of breed? And the answer was consistent. We heard it from Nikesh, we heard it from Nir Zuk. The answer was you can't be best of breed without having that large portfolio, single data lake, you know? Single version of the truth, of there is such a thing. That was interesting, that in security, you have to have that visibility. I would imagine, that's true for a lot of things. Data, see what Snowflake and Databricks are both trying to do, now AWS. So to join, we heard that last week, so that was one of the big takeaways. What were your, some of your thoughts? >> Just impressed with the level of threat intelligence that Unit 42 has done. I mean, we had Wendy Whitmer on, and she was one of the alumni, great guest. The landscape has changed so dramatically. Every business, in any industry, nobody's safe. They have such great intelligence on what's going on with malware, with ransomware, with Smishing, that they're able to get, help organizations on their way to becoming cyber resilient. You know, we've been talking a lot about cyber resiliency lately. I always want to understand, well what does it mean? How do different organizations and customers define it? Can they actually really get there? And Wendy talked about yes, it is a journey, but organizations can achieve cyber resiliency. But they need to partner with Palo Alto Networks to be able to understand the landscape and ensure that they've got security established across their organization, as it's now growingly Multicloud. >> Yeah, she's a blonde-haired Wonder Woman, superhero. I always ask security pros that question. But you know, when you talk to people like Wendy Whitmore, Kevin Mandy is somebody else. And the people at AWS, or the big cloud companies, who are on the inside, looking at the threat intelligence. They have so much data, and they have so much knowledge. They can, they analyze, they could identify the fingerprints of nation states, different, you know, criminal organizations. And the the one thing, I think it was Wendy who said, maybe it was somebody else, I think it was Wendy, that they're they're tearing down and reforming, right? >> Yes. >> After they're discovered. Okay, they pack up and leave. They're like, you know, Oceans 11. >> Yep. >> Okay. And then they recruit them and bring them back in. So that was really fascinating. Nir Zuk, we'd never had him on theCUBE before. He was tremendous founder and and CTO of Palo Alto Networks, very opinionated. You know, very clear thinker, basically saying, look you're SOC is going to be run by AI >> Yeah. >> within the next five years. And machines are going to do things that humans can't do at scale, is really what he was saying. And then they're going to get better at that, and they're going to do other things that you have done well that they haven't done well, and then they're going to do well. And so, this is an interesting discussion about you know, I remember, you know we had an event with MIT. Eric Brynjolfsson and Andy McAfee, they wrote the book "Second Machine Age." And they made the point, machines have always replaced humans. This is the first time ever that machines are replacing humans in cognitive functions. So what does that mean? That means that humans have to rely on, you know, creativity. There's got to be new training, new thinking. So it's not like you're going to be out of a job, you're just going to be doing a different job. >> Right. I thought Nir Zuk did a great job of explaining that. We often hear people that are concerned with machines taking jobs. He did a great job of, and you did a great recap, of articulating the value that both bring, and the opportunities to the humans that the machines actually deliver as well. >> Yeah so, you know, we didn't, we didn't get deep into the products today. Tomorrow we're going to have a little bit more deep dive on products. We did, we had some partners on, AWS came on, talked about their ecosystem. BJ Jenkins so, you know, BJ Jenkins again I mean super senior executive. And if I were Nikesh, he's doing exactly what I would do. Putting him on a plane and saying, go meet with customers, go make rain, right? And that's what he's doing is, he's an individual who really knows how to interact with the C-suite, has driven value, you know, over the years. So they've got that angle goin', they're driving go to market. They've got the technology piece and they've, they got to build out the ecosystem. That I think is the big opportunity for them. You know, if they're going to double as a company, this ecosystem has to quadruple. >> Yeah, yeah. >> In my opinion. And I, we saw the same thing at CrowdStrike. We said the same thing about Service Now in 2013. And so, what's happened is the GSIs, the global system integrators start to get involved. They start to partner with them and then they get to get that flywheel effect. And then there's a supercloud, I think that, you know I think Nir Zuk said, Hey, we are basically building out that, he didn't use the term supercloud. But, we're building out that cross cloud capability. You don't need another stove pipe for the edge. You know, so they got on-prem, they got AWS, Azure, you said you have to, absolutely have to run on Microsoft. 'Cause I don't believe today, right? Today they run on, I heard somebody say they run on AWS and Google. >> Yeah. >> I haven't heard much about Microsoft. >> Right. >> Both AWS and Google are here. Microsoft, the bigger competitor in security, but Nir Zuk was unequivocal. Yes, of course you have to run, you got to run it on an Alibaba cloud. He didn't say that, but if you want to secure the China cloud, you got to run on Alibaba. >> Absolutely. >> And Oracle he said. Didn't mention IBM, but no reason they can't run on IBM's cloud. But unless IBM doesn't want 'em to. >> Well they're very customer focused and customer first. So it'll be interesting to see if customers take them in that direction. >> Well it's a good point, right? If customers say, Hey we want you running in this cloud, they will. And, but he did call out Oracle, which I thought was interesting. And so, Oracle's all about mission critical data, mission critical apps. So, you know, that's a good sign. You know, I mean there's so much opportunity in cyber, but so much confusion. You know, sneak had a raise today. It was a down round, no surprise there. But you know, these companies are going to start getting tight on cash, and you've seen layoffs, right? And so, I dunno who said it, I think it was Carl at the end said in a downturn, the strongest companies come out stronger. And that's generally, generally been the case. That kind of rich get richer. We see that in the last downturn? Yes and no, to a certain extent. It's still all about execution. I mean I think about EMC coming out of the last downturn. They did come out stronger and then they started to rocket, but then look what happened. They couldn't remain independent. They were just using m and a as a technique to hide the warts. You know so, what Nir Zuk said that was most interesting to me is when we acquire, we acquire with the intent of integrating. ServiceNow has a similar philosophy. I think that's why they've been somewhat successful. And Oracle, for sure, has had a similar philosophy. So, and that idea of shifting labor into vendor R and D has always been a winning formula. >> I think we heard that today. Excited for day two tomorrow. We've got some great conversations. We're going to be able to talk with some customers, the chief product officer is on. So we have more great content coming from our last live show over the year. Dave, it's been great co-hosting day one with you. Look forward to doing it tomorrow. >> Yeah, thanks for doing this. >> All right. >> All right. For Dave Vellante, I'm Lisa Martin. You've been watching theCUBE, the leader in live enterprise and emerging tech coverage. See you tomorrow. (gentle music fades)

(upbeat music) >> Announcer: TheCUBE presents Ignite '22 brought to you by Palo Alto Networks. >> Welcome back to Las Vegas guys and girls. Lisa Martin here with Dave Vellante. This is day one of the cube's two day coverage of Palo Alto Networks Ignite at the MGM Grand. Dave, we've been having some great conversations today, we have a great two day lineup execs from Palo Alto, it's partner network, customers, et cetera. Going to be talking about infrastructure as code. We talk about that a lot, how Palo is partnering with its partner ecosystem to really help customers deliver security across the organization. >> We do a predictions post every year. Hopefully you can hear me. So we do this predictions post every year. I've done it for a number of years, and I want to say it was either 2018 or 2019, we predicted that HashiCorp was one of these companies to watch. And then last August, on August 9th, we had supercloud event in Palo Alto. We had David McJannet in, who is the CEO of HashiCorp. And we really see Hashi as a key player in terms of affecting multicloud consistency. Sometimes we call it supercloud, you building on top of the hyperscale cloud. So super excited to have HashiCorp on. >> Really an important conversation. We've got an alumni back with us. Asvin Ramesh is here the senior director of Alliances at HashiCorp. Welcome back. >> Yeah, thank you. Good to be back. >> Great to have you. Talk to us a little bit about what's going on at HashiCorp, your relationship with Palo Alto Networks, and what's in it for customers. >> Yeah, no, no, great question. So, Palo Alto has been a fantastic partner of ours for many years now. We started way back in 2018, 2019 focusing on the basics, putting integrations in place that customers can be using together. And so it's been a great journey. Both are very synergistic. Palo Alto is focused on multicloud, so are we, we focus on cloud infrastructure automation, and ensuring that customers are able to bring in agility, reliability, security, and be able to deliver to their business. And then Palo Alto brings in great security components to that multicloud story. So it's a great story altogether. >> Some of the challenges that organizations have been facing. Palo Alto just released a survey, I think this morning if I can find it here what's next in cyber organizations facing massive headwinds ransomware becoming a household word, business email compromise being a challenge. But also in the last couple of years the massive shift to multi-club or organizations are living an operating need to do so securely. It's no longer nice to have anymore. It's absolutely table stakes for survival, and being able to thrive and grow for any business. >> Yeah, no, I think it's almost a sort of rethinking of how you would build your infrastructure up. So the more times you do it right the better you are built to scale. That's been one of the bedrocks of how we've been working with Palo Alto, which is rethinking how should IT be building their infrastructure in a multicloud world. And I think the market timing is right for both of us in terms of the progress that we've been able to make. >> So, I mean Terraform has really become sort of a key ingredient to the cloud operating model, especially across clouds. Kind of describe how partners, and customers are are implementing that cross-cloud capability. What's that journey look like? What's the level of maturity today? >> Yeah, great question, Dave. So we sort of see customers in three buckets. The first bucket is when customers are in the initial phases of their cloud journey. So they have disparate teams in their business units try out clouds themselves. Typically there is some event that occurs either some sort of a security scare or a a cloud cost event that triggers a rethinking of how they should be thinking about this in a scalable way. So that leads to where the cloud operating model which is a framework that HashiCorp has. And we use that successfully with customers to talk them through how they should be thinking about their process, about how they should be standardizing how people operate, and then the products they should be including, but then you come to that stage, and you start to think about a centralized platform team that is putting in golden workflows, that is putting in as a service mindset for their business units thinking through policies at a corporate level. And then that is a second stage. And then, but this is also in some customers more around public clouds. But then the third stage that we see is when they start embracing their private cloud or the on-prem data center, and have the same principles address across both public clouds, and the on-prem data center, and then Terraform scale for any infrastructure. So, once you start to put these practices in place not just from a technology standpoint, but from a process, and product standpoint, you're easily able to scale with that central platform organization. >> So, it's all about that consistency across your estate irrespective of whether it's on-prem in AWS, Azure, Google, the Edge, maybe. I mean, that's starting, right? >> Asvin: Yes. >> And so when you talk about the... Break it down a little bit process and product, where do you and Palo Alto sort of partner and add value? What's that experience like? >> Yeah, so, I think as I mentioned earlier the bedrock is having ways in which customers are able to use our products together, right? And then being able to evangelize the usage of that product. So one example I'll give you is with Prisma Cloud, and Terraform Cloud to your point about Terraform earlier. So customers can be using Prisma Cloud with Terraform Cloud in a way that you can get security context telemetry during an infrastructure run, and then use policies that you have in Prisma Cloud to be able to get or run or to implement or run or make sure essentially it is adhering to your security policy or any other audits that you want to create or any other cost that you want to be able to control. >> Where are your customer conversations these days? We know that security is a board level conversation. Interestingly, in that same survey that Palo Alto released this morning that I mentioned they found that there's a big lack of alignment between the board and the C-suite staff, the executive suite in terms of security. Where are your conversations, and how are you maybe facilitating that alignment that needs to be there? Because security it's not a nice to have. >> Yeah, I think in our experience, the alignment is there. I think especially with the macro environment it's more about where where do you allocate those resources. I think those are conversations that we're just starting to see happen, but I think it's the natural progression of how the environment is moving, and maybe another quarter or two, I think we'll see greater alignment there. >> So, and I saw some data that said I guess it was a study you guys did 90% of customer say multicloud is working for them. That surprised me 'cause you hear all this negativity around multicloud, I've been kind of negative about multicloud to be honest. Like that's a symptom of MNA, and a or multi-vendor. But how do you interpret that? When they say multicloud is working? How so? >> Yeah, I think the maturity of customers are varied as I mentioned through the stages, right? So, there are customers who even in the initial phases of their journey where they have different business units using different clouds, and from a C standpoint that might still look like multicloud, right? Though the way we think about it is you should be really in stage two, and stage three to real leverage the real power of multicloud. But I think it's that initial hump that you need to go through, and being able to get oriented towards it, have the right set of skillsets, the thought process, the product, the process in place. And once you have that then you'll start reaping the benefits over a period of time, especially when some other environments events happen, and you're able to easily adjust to that because you're leveraging this multicloud environment, and you have a clear policy of where you'll use which cloud. >> So I interpreted that data as, okay, multicloud is working from the standpoint of we are multicloud, okay? So, and our business is working, but when I talk to customers, they want more to your point, they want that consistent experience. And so it's been by, to use somebody else's term, by default. Chuck Whitten I think came up with that term versus by design. And now I think they have an objective of, okay, let's make multicloud work even better. Maybe I can say that. And so what does that experience look like? That means a common experience all the way through my stack, my infrastructure stack, which is that's going to be interesting to see how that goes down 'cause you got three separate clouds, and are doing their own APIs. But certainly from a security standpoint, the PaaS layer, even as I go up the stack, how do you see that outcome, and say the next two to five years? >> Yeah, so, we go back to our customers, and they're very successful ones who've used the cloud operating model. And for us the cloud operating model for us includes four layers. So on the infrastructure layer, we have Terraform and Packer, on the security layer we have Vault and Boundary, on the networking layer we have Consul, and then on applications we have Nomad and Waypoint. But then you really look at, from a people process, and product standpoint, for people it's how do you standardize the workflows that they're able to use, right? So if you have a central platform team in place that is looking at common use cases that multiple business units are using. and then creates a golden workflow, for example, right? For these various business units to be able to use or creates what we call a system of record for cloud adoption it helps multiple business units then latch onto this work that this central platform team is doing. And they need to have a product mindset, right? So not like a project that you just start and end with. You have this continuous improvement mindset within that platform team. And they build these processes, they build these golden workflows, they build these policies in place, and then they offer that as a service to the business units to be able to use. So that increases the adoption of multicloud. And also more importantly, you can then allow that multicloud usage to be governed in the way that aligns with your overall corporate objectives. And obviously in self-interest, you'd use Terraform or Vault because you can then use it across multiple clouds. >> Well, let's say I buy into that. Okay, great. So I want that common experience 'cause so when you talk about infrastructure, take us through an example. So when I hear infrastructure, I say, okay if I'm using an S3 bucket over here an Azure blob over there, they got different APIs, they got different primitives. I want you to abstract that away. Is that what you do? >> Yeah, so I think we've seen different use cases being used across different clouds too. So I don't think it's sort of as simple as, hey, should I use this or that? It is ensuring that the common tool that you use to be able to leverage safer provisioning, right? Is Terraform. So the central team is then trained in not only just usage of Terraform open source, but their Terraform cloud, which is our managed service, and Terraform enterprise which is the self-managed, but on-prem product, it's them being qualified to be able to build these consistent workflows using whatever tool that they have or whatever skew that they have from Terraform. And then applying business logic on top of that to your point about, hey, we'd like to use AWS for these kind of workloads. We'd like to use GCP, for example, on data or use Microsoft Azure for some other type of- >> Collaboration >> Right? But the common tooling, right? Remains around the usage of Terraform, and they've trained their teams there's a standard workflow, there's standard process around it. >> Asvin, I was looking at that survey the HashiCorp state of cloud strategy survey, and it talked about skill shortages as being the number one barrier to multicloud. We talk about the cyber skills gap all the time. It's huge. It's obviously a huge issue. I saw some numbers just the other day that there's 26 million developers but there's less than 3 million cybersecurity professionals. How does HashiCorp and Palo Alto Networks, how do you help customers address that skills gap so that they that they can leverage multicloud as a driver of the business? >> Yeah, another great question. So I think I'd say in two or three different ways. One is be able to provide greater documentation for our customers to be able to self use the product so that with the existing people, for example, you build out a known example, right? You're trying to achieve this goal here is how you use our products together. And so they'll be able to self-service, right? So that's one. Second is obviously both of us have great services partners, so we are always working with these services partners to get their teams trained and scaled up around these skill gaps. And I think I'd say the third which is where we see a lot of adoption is around usage of the managed services that we have. If you take Palo Alto's example in this Palo Alto will speak better to it, but they have SOC services, right? That you can consume. So, they're performing that service for you. Similarly, on our side we have a HashiCorp Cloud Platform, HCP, where you can consume Vault as a service, you can consume Consul as a service. Terraform cloud is a managed service, so you don't need as many people to be able to run that service. And we abstract all the complexity associated with that by ourselves, right? So I'd say these are the three ways that we address it. >> So Zero Trust across big buzzword. We heard this in this morning keynotes, AWS is always saying, well, we'll talk about it too, but, okay, customers are starting to talk about Zero Trust. You talk to CISOs, they're like, yes, we're adopting this mentality of unless you're trusted, we don't trust you. So, okay, cool. So you think about the cloud you've got the shared responsibility model, and then you've got the application developers are being asked to do more, secure the code. You got the CISO now has to deal with not only the shared responsibility model, but shared responsibility models across clouds, and got to bring his or her security ethos to the app dev team, and then you got to audit kind of making sure they're like the last line of defense. So my question is when you think about code security and Zero Trust in that new environment the problem with a lot of the clouds is they don't make the CISOs life any easier. So I got to believe that your objective with Palo Alto is to actually make the organization's lives easier. So, how do you deal with all that complexity in specifically in a Zero Trust multicloud environment? >> Yeah, so I'll give you a specific example. So, on code to cloud security which is one of Palo Alto's sort of key focus area is that Prisma Cloud and Terraform Cloud example that I gave, right? Where you'd be able to use what we call run tasks essentially, web hook integrations to be able to get a run or provide some telemetry back to Prisma Cloud for customers to be able to make a decision. On the Zero Trust side, we partner both on the Prisma Cloud side, and the Cortex XSOAR side around our products of Vault and and Consul. So what Vault does is it allows you to control secrets, it allows you to store secrets. So a Prisma Cloud or a Cortex customer can be using secrets from Vault familiarly for that particular transaction or workflow itself, right? Rather than, and so it's based on identity, and not on the basis of just the secret sort of lying around. Same thing with console helps you with discovery, and management of services. So, Cortex and you can automate, a lot of this work can get automated using the product that I talked about from Zero Trust. I think the key thing for Zero Trust in our view is it is a end destination, right? So it'll take certain time, depends on the enterprise, depends on where things are. It's a question of specifically focusing on value that Palo Alto and HashiCorp's products bring to solve specific use cases within that Zero Trust bucket, and solve one problem at a time rather than try to say that, hey, only Palo Alto, and only HashiCorp or whatever will solve everything in Zero Trust, right? Because that is not going to be- >> And to your point, it's never going to end, right? I mean you're talk about Cortex bringing a lot of automation. You guys bring a lot of automation now Palo Alto just bought Cider Security. Now we're getting into supply chain. I mean it going to hit it at the edge and IoT, the people don't want another IoT stove pipe. >> Lisa: No. >> Right? They want that to be part of the whole picture. So, you're never done. >> Yeah, no, but it is this continuous journey, right? And again, different companies are different parts of that journey, and then you go and rinse and repeat, you maybe acquire another company, and then they have a different maturity, so you get them on board on this. And so we see this as a multi-generational shift as Dave like to call it. And we're happy to be in the middle of it with Palo Alto Networks. >> It's definitely a multi-generational shift. Asvin, it's been great having you back on theCUBE. Thank you for giving us the update on what Hashi and Palo Alto are doing, the value in it for customers, the cloud operating model. And we should mention that HashiCorp yesterday just won a Technology Partner of the Year award. Congratulations. Yes. >> We're very, very thrilled with the recognition from Palo Alto Networks for the Technology Partner of the Year. >> Congrats. >> Thank you Keep up the great partnership. Thank you so much. We appreciate your insights. >> Thank you so much. >> For our guest, and for Dave Vellante, I'm Lisa Martin, live in Las Vegas. You watching theCUBE, the leader in live enterprise and emerging tech coverage. (upbeat music)