(upbeat music) >> Welcome everyone to theCUBE's presentation of the AWS Startup Showcase AI/ML Top Startups Building Foundation Model Infrastructure. This is season three, episode one of our ongoing series covering exciting startups from the AWS ecosystem to talk about data and analytics. I'm your host, Lisa Martin and today we're excited to be joined by two guests from Astronomer. Steven Hillion joins us, it's Chief Data Officer and Jeff Fletcher, it's director of ML. They're here to talk about machine learning and data orchestration. Guys, thank you so much for joining us today. >> Thank you. >> It's great to be here. >> Before we get into machine learning let's give the audience an overview of Astronomer. Talk about what that is, Steven. Talk about what you mean by data orchestration. >> Yeah, let's start with Astronomer. We're the Airflow company basically. The commercial developer behind the open-source project, Apache Airflow. I don't know if you've heard of Airflow. It's sort of de-facto standard these days for orchestrating data pipelines, data engineering pipelines, and as we'll talk about later, machine learning pipelines. It's really is the de-facto standard. I think we're up to about 12 million downloads a month. That's actually as a open-source project. I think at this point it's more popular by some measures than Slack. Airflow was created by Airbnb some years ago to manage all of their data pipelines and manage all of their workflows and now it powers the data ecosystem for organizations as diverse as Electronic Arts, Conde Nast is one of our big customers, a big user of Airflow. And also not to mention the biggest banks on Wall Street use Airflow and Astronomer to power the flow of data throughout their organizations. >> Talk about that a little bit more, Steven, in terms of the business impact. You mentioned some great customer names there. What is the business impact or outcomes that a data orchestration strategy enables businesses to achieve? >> Yeah, I mean, at the heart of it is quite simply, scheduling and managing data pipelines. And so if you have some enormous retailer who's managing the flow of information throughout their organization they may literally have thousands or even tens of thousands of data pipelines that need to execute every day to do things as simple as delivering metrics for the executives to consume at the end of the day, to producing on a weekly basis new machine learning models that can be used to drive product recommendations. One of our customers, for example, is a British food delivery service. And you get those recommendations in your application that says, "Well, maybe you want to have samosas with your curry." That sort of thing is powered by machine learning models that they train on a regular basis to reflect changing conditions in the market. And those are produced through Airflow and through the Astronomer platform, which is essentially a managed platform for running airflow. So at its simplest it really is just scheduling and managing those workflows. But that's easier said than done of course. I mean if you have 10 thousands of those things then you need to make sure that they all run that they all have sufficient compute resources. If things fail, how do you track those down across those 10,000 workflows? How easy is it for an average data scientist or data engineer to contribute their code, their Python notebooks or their SQL code into a production environment? And then you've got reproducibility, governance, auditing, like managing data flows across an organization which we think of as orchestrating them is much more than just scheduling. It becomes really complicated pretty quickly. >> I imagine there's a fair amount of complexity there. Jeff, let's bring you into the conversation. Talk a little bit about Astronomer through your lens, data orchestration and how it applies to MLOps. >> So I come from a machine learning background and for me the interesting part is that machine learning requires the expansion into orchestration. A lot of the same things that you're using to go and develop and build pipelines in a standard data orchestration space applies equally well in a machine learning orchestration space. What you're doing is you're moving data between different locations, between different tools, and then tasking different types of tools to act on that data. So extending it made logical sense from a implementation perspective. And a lot of my focus at Astronomer is really to explain how Airflow can be used well in a machine learning context. It is being used well, it is being used a lot by the customers that we have and also by users of the open source version. But it's really being able to explain to people why it's a natural extension for it and how well it fits into that. And a lot of it is also extending some of the infrastructure capabilities that Astronomer provides to those customers for them to be able to run some of the more platform specific requirements that come with doing machine learning pipelines. >> Let's get into some of the things that make Astronomer unique. Jeff, sticking with you, when you're in customer conversations, what are some of the key differentiators that you articulate to customers? >> So a lot of it is that we are not specific to one cloud provider. So we have the ability to operate across all of the big cloud providers. I know, I'm certain we have the best developers that understand how best practices implementations for data orchestration works. So we spend a lot of time talking to not just the business outcomes and the business users of the product, but also also for the technical people, how to help them better implement things that they may have come across on a Stack Overflow article or not necessarily just grown with how the product has migrated. So it's the ability to run it wherever you need to run it and also our ability to help you, the customer, better implement and understand those workflows that I think are two of the primary differentiators that we have. >> Lisa: Got it. >> I'll add another one if you don't mind. >> You can go ahead, Steven. >> Is lineage and dependencies between workflows. One thing we've done is to augment core Airflow with Lineage services. So using the Open Lineage framework, another open source framework for tracking datasets as they move from one workflow to another one, team to another, one data source to another is a really key component of what we do and we bundle that within the service so that as a developer or as a production engineer, you really don't have to worry about lineage, it just happens. Jeff, may show us some of this later that you can actually see as data flows from source through to a data warehouse out through a Python notebook to produce a predictive model or a dashboard. Can you see how those data products relate to each other? And when something goes wrong, figure out what upstream maybe caused the problem, or if you're about to change something, figure out what the impact is going to be on the rest of the organization. So Lineage is a big deal for us. >> Got it. >> And just to add on to that, the other thing to think about is that traditional Airflow is actually a complicated implementation. It required quite a lot of time spent understanding or was almost a bespoke language that you needed to be able to develop in two write these DAGs, which is like fundamental pipelines. So part of what we are focusing on is tooling that makes it more accessible to say a data analyst or a data scientist who doesn't have or really needs to gain the necessary background in how the semantics of Airflow DAGs works to still be able to get the benefit of what Airflow can do. So there is new features and capabilities built into the astronomer cloud platform that effectively obfuscates and removes the need to understand some of the deep work that goes on. But you can still do it, you still have that capability, but we are expanding it to be able to have orchestrated and repeatable processes accessible to more teams within the business. >> In terms of accessibility to more teams in the business. You talked about data scientists, data analysts, developers. Steven, I want to talk to you, as the chief data officer, are you having more and more conversations with that role and how is it emerging and evolving within your customer base? >> Hmm. That's a good question, and it is evolving because I think if you look historically at the way that Airflow has been used it's often from the ground up. You have individual data engineers or maybe single data engineering teams who adopt Airflow 'cause it's very popular. Lots of people know how to use it and they bring it into an organization and say, "Hey, let's use this to run our data pipelines." But then increasingly as you turn from pure workflow management and job scheduling to the larger topic of orchestration you realize it gets pretty complicated, you want to have coordination across teams, and you want to have standardization for the way that you manage your data pipelines. And so having a managed service for Airflow that exists in the cloud is easy to spin up as you expand usage across the organization. And thinking long term about that in the context of orchestration that's where I think the chief data officer or the head of analytics tends to get involved because they really want to think of this as a strategic investment that they're making. Not just per team individual Airflow deployments, but a network of data orchestrators. >> That network is key. Every company these days has to be a data company. We talk about companies being data driven. It's a common word, but it's true. It's whether it is a grocer or a bank or a hospital, they've got to be data companies. So talk to me a little bit about Astronomer's business model. How is this available? How do customers get their hands on it? >> Jeff, go ahead. >> Yeah, yeah. So we have a managed cloud service and we have two modes of operation. One, you can bring your own cloud infrastructure. So you can say here is an account in say, AWS or Azure and we can go and deploy the necessary infrastructure into that, or alternatively we can host everything for you. So it becomes a full SaaS offering. But we then provide a platform that connects at the backend to your internal IDP process. So however you are authenticating users to make sure that the correct people are accessing the services that they need with role-based access control. From there we are deploying through Kubernetes, the different services and capabilities into either your cloud account or into an account that we host. And from there Airflow does what Airflow does, which is its ability to then reach to different data systems and data platforms and to then run the orchestration. We make sure we do it securely, we have all the necessary compliance certifications required for GDPR in Europe and HIPAA based out of the US, and a whole bunch host of others. So it is a secure platform that can run in a place that you need it to run, but it is a managed Airflow that includes a lot of the extra capabilities like the cloud developer environment and the open lineage services to enhance the overall airflow experience. >> Enhance the overall experience. So Steven, going back to you, if I'm a Conde Nast or another organization, what are some of the key business outcomes that I can expect? As one of the things I think we've learned during the pandemic is access to realtime data is no longer a nice to have for organizations. It's really an imperative. It's that demanding consumer that wants to have that personalized, customized, instant access to a product or a service. So if I'm a Conde Nast or I'm one of your customers, what can I expect my business to be able to achieve as a result of data orchestration? >> Yeah, I think in a nutshell it's about providing a reliable, scalable, and easy to use service for developing and running data workflows. And talking of demanding customers, I mean, I'm actually a customer myself, as you mentioned, I'm the head of data for Astronomer. You won't be surprised to hear that we actually use Astronomer and Airflow to run all of our data pipelines. And so I can actually talk about my experience. When I started I was of course familiar with Airflow, but it always seemed a little bit unapproachable to me if I was introducing that to a new team of data scientists. They don't necessarily want to have to think about learning something new. But I think because of the layers that Astronomer has provided with our Astro service around Airflow it was pretty easy for me to get up and running. Of course I've got an incentive for doing that. I work for the Airflow company, but we went from about, at the beginning of last year, about 500 data tasks that we were running on a daily basis to about 15,000 every day. We run something like a million data operations every month within my team. And so as one outcome, just the ability to spin up new production workflows essentially in a single day you go from an idea in the morning to a new dashboard or a new model in the afternoon, that's really the business outcome is just removing that friction to operationalizing your machine learning and data workflows. >> And I imagine too, oh, go ahead, Jeff. >> Yeah, I think to add to that, one of the things that becomes part of the business cycle is a repeatable capabilities for things like reporting, for things like new machine learning models. And the impediment that has existed is that it's difficult to take that from a team that's an analyst team who then provide that or a data science team that then provide that to the data engineering team who have to work the workflow all the way through. What we're trying to unlock is the ability for those teams to directly get access to scheduling and orchestrating capabilities so that a business analyst can have a new report for C-suite execs that needs to be done once a week, but the time to repeatability for that report is much shorter. So it is then immediately in the hands of the person that needs to see it. It doesn't have to go into a long list of to-dos for a data engineering team that's already overworked that they eventually get it to it in a month's time. So that is also a part of it is that the realizing, orchestration I think is fairly well and a lot of people get the benefit of being able to orchestrate things within a business, but it's having more people be able to do it and shorten the time that that repeatability is there is one of the main benefits from good managed orchestration. >> So a lot of workforce productivity improvements in what you're doing to simplify things, giving more people access to data to be able to make those faster decisions, which ultimately helps the end user on the other end to get that product or the service that they're expecting like that. Jeff, I understand you have a demo that you can share so we can kind of dig into this. >> Yeah, let me take you through a quick look of how the whole thing works. So our starting point is our cloud infrastructure. This is the login. You go to the portal. You can see there's a a bunch of workspaces that are available. Workspaces are like individual places for people to operate in. I'm not going to delve into all the deep technical details here, but starting point for a lot of our data science customers is we have what we call our Cloud IDE, which is a web-based development environment for writing and building out DAGs without actually having to know how the underpinnings of Airflow work. This is an internal one, something that we use. You have a notebook-like interface that lets you write python code and SQL code and a bunch of specific bespoke type of blocks if you want. They all get pulled together and create a workflow. So this is a workflow, which gets compiled to something that looks like a complicated set of Python code, which is the DAG. I then have a CICD process pipeline where I commit this through to my GitHub repo. So this comes to a repo here, which is where these DAGs that I created in the previous step exist. I can then go and say, all right, I want to see how those particular DAGs have been running. We then get to the actual Airflow part. So this is the managed Airflow component. So we add the ability for teams to fairly easily bring up an Airflow instance and write code inside our notebook-like environment to get it into that instance. So you can see it's been running. That same process that we built here that graph ends up here inside this, but you don't need to know how the fundamentals of Airflow work in order to get this going. Then we can run one of these, it runs in the background and we can manage how it goes. And from there, every time this runs, it's emitting to a process underneath, which is the open lineage service, which is the lineage integration that allows me to come in here and have a look and see this was that actual, that same graph that we built, but now it's the historic version. So I know where things started, where things are going, and how it ran. And then I can also do a comparison. So if I want to see how this particular run worked compared to one historically, I can grab one from a previous date and it will show me the comparison between the two. So that combination of managed Airflow, getting Airflow up and running very quickly, but the Cloud IDE that lets you write code and know how to get something into a repeatable format get that into Airflow and have that attached to the lineage process adds what is a complete end-to-end orchestration process for any business looking to get the benefit from orchestration. >> Outstanding. Thank you so much Jeff for digging into that. So one of my last questions, Steven is for you. This is exciting. There's a lot that you guys are enabling organizations to achieve here to really become data-driven companies. So where can folks go to get their hands on this? >> Yeah, just go to astronomer.io and we have plenty of resources. If you're new to Airflow, you can read our documentation, our guides to getting started. We have a CLI that you can download that is really I think the easiest way to get started with Airflow. But you can actually sign up for a trial. You can sign up for a guided trial where our teams, we have a team of experts, really the world experts on getting Airflow up and running. And they'll take you through that trial and allow you to actually kick the tires and see how this works with your data. And I think you'll see pretty quickly that it's very easy to get started with Airflow, whether you're doing that from the command line or doing that in our cloud service. And all of that is available on our website >> astronomer.io. Jeff, last question for you. What are you excited about? There's so much going on here. What are some of the things, maybe you can give us a sneak peek coming down the road here that prospects and existing customers should be excited about? >> I think a lot of the development around the data awareness components, so one of the things that's traditionally been complicated with orchestration is you leave your data in the place that you're operating on and we're starting to have more data processing capability being built into Airflow. And from a Astronomer perspective, we are adding more capabilities around working with larger datasets, doing bigger data manipulation with inside the Airflow process itself. And that lends itself to better machine learning implementation. So as we start to grow and as we start to get better in the machine learning context, well, in the data awareness context, it unlocks a lot more capability to do and implement proper machine learning pipelines. >> Awesome guys. Exciting stuff. Thank you so much for talking to me about Astronomer, machine learning, data orchestration, and really the value in it for your customers. Steve and Jeff, we appreciate your time. >> Thank you. >> My pleasure, thanks. >> And we thank you for watching. This is season three, episode one of our ongoing series covering exciting startups from the AWS ecosystem. I'm your host, Lisa Martin. You're watching theCUBE, the leader in live tech coverage. (upbeat music)

(light airy music) >> Hello, everyone, welcome to theCUBE's presentation of the AWS Startup Showcase, AI and machine learning. "Top Startups Building Generative AI on AWS." This is season three, episode one of the ongoing series covering the exciting startups from the AWS ecosystem, talking about AI machine learning. We have three great guests Bratin Saha, VP, Vice President of Machine Learning and AI Services at Amazon Web Services. Tom Mason, the CTO of Stability AI, and Aidan Gomez, CEO and co-founder of Cohere. Two practitioners doing startups and AWS. Gentlemen, thank you for opening up this session, this episode. Thanks for coming on. >> Thank you. >> Thank you. >> Thank you. >> So the topic is hype versus reality. So I think we're all on the reality is great, hype is great, but the reality's here. I want to get into it. Generative AI's got all the momentum, it's going mainstream, it's kind of come out of the behind the ropes, it's now mainstream. We saw the success of ChatGPT, opens up everyone's eyes, but there's so much more going on. Let's jump in and get your early perspectives on what should people be talking about right now? What are you guys working on? We'll start with AWS. What's the big focus right now for you guys as you come into this market that's highly active, highly hyped up, but people see value right out of the gate? >> You know, we have been working on generative AI for some time. In fact, last year we released Code Whisperer, which is about using generative AI for software development and a number of customers are using it and getting real value out of it. So generative AI is now something that's mainstream that can be used by enterprise users. And we have also been partnering with a number of other companies. So, you know, stability.ai, we've been partnering with them a lot. We want to be partnering with other companies as well. In seeing how we do three things, you know, first is providing the most efficient infrastructure for generative AI. And that is where, you know, things like Trainium, things like Inferentia, things like SageMaker come in. And then next is the set of models and then the third is the kind of applications like Code Whisperer and so on. So, you know, it's early days yet, but clearly there's a lot of amazing capabilities that will come out and something that, you know, our customers are starting to pay a lot of attention to. >> Tom, talk about your company and what your focus is and why the Amazon Web Services relationship's important for you? >> So yeah, we're primarily committed to making incredible open source foundation models and obviously stable effusions been our kind of first big model there, which we trained all on AWS. We've been working with them over the last year and a half to develop, obviously a big cluster, and bring all that compute to training these models at scale, which has been a really successful partnership. And we're excited to take it further this year as we develop commercial strategy of the business and build out, you know, the ability for enterprise customers to come and get all the value from these models that we think they can get. So we're really excited about the future. We got hugely exciting pipeline for this year with new modalities and video models and wonderful things and trying to solve images for once and for all and get the kind of general value and value proposition correct for customers. So it's a really exciting time and very honored to be part of it. >> It's great to see some of your customers doing so well out there. Congratulations to your team. Appreciate that. Aidan, let's get into what you guys do. What does Cohere do? What are you excited about right now? >> Yeah, so Cohere builds large language models, which are the backbone of applications like ChatGPT and GPT-3. We're extremely focused on solving the issues with adoption for enterprise. So it's great that you can make a super flashy demo for consumers, but it takes a lot to actually get it into billion user products and large global enterprises. So about six months ago, we released our command models, which are some of the best that exist for large language models. And in December, we released our multilingual text understanding models and that's on over a hundred different languages and it's trained on, you know, authentic data directly from native speakers. And so we're super excited to continue pushing this into enterprise and solving those barriers for adoption, making this transformation a reality. >> Just real quick, while I got you there on the new products coming out. Where are we in the progress? People see some of the new stuff out there right now. There's so much more headroom. Can you just scope out in your mind what that looks like? Like from a headroom standpoint? Okay, we see ChatGPT. "Oh yeah, it writes my papers for me, does some homework for me." I mean okay, yawn, maybe people say that, (Aidan chuckles) people excited or people are blown away. I mean, it's helped theCUBE out, it helps me, you know, feed up a little bit from my write-ups but it's not always perfect. >> Yeah, at the moment it's like a writing assistant, right? And it's still super early in the technologies trajectory. I think it's fascinating and it's interesting but its impact is still really limited. I think in the next year, like within the next eight months, we're going to see some major changes. You've already seen the very first hints of that with stuff like Bing Chat, where you augment these dialogue models with an external knowledge base. So now the models can be kept up to date to the millisecond, right? Because they can search the web and they can see events that happened a millisecond ago. But that's still limited in the sense that when you ask the question, what can these models actually do? Well they can just write text back at you. That's the extent of what they can do. And so the real project, the real effort, that I think we're all working towards is actually taking action. So what happens when you give these models the ability to use tools, to use APIs? What can they do when they can actually affect change out in the real world, beyond just streaming text back at the user? I think that's the really exciting piece. >> Okay, so I wanted to tee that up early in the segment 'cause I want to get into the customer applications. We're seeing early adopters come in, using the technology because they have a lot of data, they have a lot of large language model opportunities and then there's a big fast follower wave coming behind it. I call that the people who are going to jump in the pool early and get into it. They might not be advanced. Can you guys share what customer applications are being used with large language and vision models today and how they're using it to transform on the early adopter side, and how is that a tell sign of what's to come? >> You know, one of the things we have been seeing both with the text models that Aidan talked about as well as the vision models that stability.ai does, Tom, is customers are really using it to change the way you interact with information. You know, one example of a customer that we have, is someone who's kind of using that to query customer conversations and ask questions like, you know, "What was the customer issue? How did we solve it?" And trying to get those kinds of insights that was previously much harder to do. And then of course software is a big area. You know, generating software, making that, you know, just deploying it in production. Those have been really big areas that we have seen customers start to do. You know, looking at documentation, like instead of you know, searching for stuff and so on, you know, you just have an interactive way, in which you can just look at the documentation for a product. You know, all of this goes to where we need to take the technology. One of which is, you know, the models have to be there but they have to work reliably in a production setting at scale, with privacy, with security, and you know, making sure all of this is happening, is going to be really key. That is what, you know, we at AWS are looking to do, which is work with partners like stability and others and in the open source and really take all of these and make them available at scale to customers, where they work reliably. >> Tom, Aidan, what's your thoughts on this? Where are customers landing on this first use cases or set of low-hanging fruit use cases or applications? >> Yeah, so I think like the first group of adopters that really found product market fit were the copywriting companies. So one great example of that is HyperWrite. Another one is Jasper. And so for Cohere, that's the tip of the iceberg, like there's a very long tail of usage from a bunch of different applications. HyperWrite is one of our customers, they help beat writer's block by drafting blog posts, emails, and marketing copy. We also have a global audio streaming platform, which is using us the power of search engine that can comb through podcast transcripts, in a bunch of different languages. Then a global apparel brand, which is using us to transform how they interact with their customers through a virtual assistant, two dozen global news outlets who are using us for news summarization. So really like, these large language models, they can be deployed all over the place into every single industry sector, language is everywhere. It's hard to think of any company on Earth that doesn't use language. So it's, very, very- >> We're doing it right now. We got the language coming in. >> Exactly. >> We'll transcribe this puppy. All right. Tom, on your side, what do you see the- >> Yeah, we're seeing some amazing applications of it and you know, I guess that's partly been, because of the growth in the open source community and some of these applications have come from there that are then triggering this secondary wave of innovation, which is coming a lot from, you know, controllability and explainability of the model. But we've got companies like, you know, Jasper, which Aidan mentioned, who are using stable diffusion for image generation in block creation, content creation. We've got Lensa, you know, which exploded, and is built on top of stable diffusion for fine tuning so people can bring themselves and their pets and you know, everything into the models. So we've now got fine tuned stable diffusion at scale, which is democratized, you know, that process, which is really fun to see your Lensa, you know, exploded. You know, I think it was the largest growing app in the App Store at one point. And lots of other examples like NightCafe and Lexica and Playground. So seeing lots of cool applications. >> So much applications, we'll probably be a customer for all you guys. We'll definitely talk after. But the challenges are there for people adopting, they want to get into what you guys see as the challenges that turn into opportunities. How do you see the customers adopting generative AI applications? For example, we have massive amounts of transcripts, timed up to all the videos. I don't even know what to do. Do I just, do I code my API there. So, everyone has this problem, every vertical has these use cases. What are the challenges for people getting into this and adopting these applications? Is it figuring out what to do first? Or is it a technical setup? Do they stand up stuff, they just go to Amazon? What do you guys see as the challenges? >> I think, you know, the first thing is coming up with where you think you're going to reimagine your customer experience by using generative AI. You know, we talked about Ada, and Tom talked about a number of these ones and you know, you pick up one or two of these, to get that robust. And then once you have them, you know, we have models and we'll have more models on AWS, these large language models that Aidan was talking about. Then you go in and start using these models and testing them out and seeing whether they fit in use case or not. In many situations, like you said, John, our customers want to say, "You know, I know you've trained these models on a lot of publicly available data, but I want to be able to customize it for my use cases. Because, you know, there's some knowledge that I have created and I want to be able to use that." And then in many cases, and I think Aidan mentioned this. You know, you need these models to be up to date. Like you can't have it staying. And in those cases, you augmented with a knowledge base, you know you have to make sure that these models are not hallucinating. And so you need to be able to do the right kind of responsible AI checks. So, you know, you start with a particular use case, and there are a lot of them. Then, you know, you can come to AWS, and then look at one of the many models we have and you know, we are going to have more models for other modalities as well. And then, you know, play around with the models. We have a playground kind of thing where you can test these models on some data and then you can probably, you will probably want to bring your own data, customize it to your own needs, do some of the testing to make sure that the model is giving the right output and then just deploy it. And you know, we have a lot of tools. >> Yeah. >> To make this easy for our customers. >> How should people think about large language models? Because do they think about it as something that they tap into with their IP or their data? Or is it a large language model that they apply into their system? Is the interface that way? What's the interaction look like? >> In many situations, you can use these models out of the box. But in typical, in most of the other situations, you will want to customize it with your own data or with your own expectations. So the typical use case would be, you know, these are models are exposed through APIs. So the typical use case would be, you know you're using these APIs a little bit for testing and getting familiar and then there will be an API that will allow you to train this model further on your data. So you use that AI, you know, make sure you augmented the knowledge base. So then you use those APIs to customize the model and then just deploy it in an application. You know, like Tom was mentioning, a number of companies that are using these models. So once you have it, then you know, you again, use an endpoint API and use it in an application. >> All right, I love the example. I want to ask Tom and Aidan, because like most my experience with Amazon Web Service in 2007, I would stand up in EC2, put my code on there, play around, if it didn't work out, I'd shut it down. Is that a similar dynamic we're going to see with the machine learning where developers just kind of log in and stand up infrastructure and play around and then have a cloud-like experience? >> So I can go first. So I mean, we obviously, with AWS working really closely with the SageMaker team, do fantastic platform there for ML training and inference. And you know, going back to your point earlier, you know, where the data is, is hugely important for companies. Many companies bringing their models to their data in AWS on-premise for them is hugely important. Having the models to be, you know, open sources, makes them explainable and transparent to the adopters of those models. So, you know, we are really excited to work with the SageMaker team over the coming year to bring companies to that platform and make the most of our models. >> Aidan, what's your take on developers? Do they just need to have a team in place, if we want to interface with you guys? Let's say, can they start learning? What do they got to do to set up? >> Yeah, so I think for Cohere, our product makes it much, much easier to people, for people to get started and start building, it solves a lot of the productionization problems. But of course with SageMaker, like Tom was saying, I think that lowers a barrier even further because it solves problems like data privacy. So I want to underline what Bratin was saying earlier around when you're fine tuning or when you're using these models, you don't want your data being incorporated into someone else's model. You don't want it being used for training elsewhere. And so the ability to solve for enterprises, that data privacy and that security guarantee has been hugely important for Cohere, and that's very easy to do through SageMaker. >> Yeah. >> But the barriers for using this technology are coming down super quickly. And so for developers, it's just becoming completely intuitive. I love this, there's this quote from Andrej Karpathy. He was saying like, "It really wasn't on my 2022 list of things to happen that English would become, you know, the most popular programming language." And so the barrier is coming down- >> Yeah. >> Super quickly and it's exciting to see. >> It's going to be awesome for all the companies here, and then we'll do more, we're probably going to see explosion of startups, already seeing that, the maps, ecosystem maps, the landscape maps are happening. So this is happening and I'm convinced it's not yesterday's chat bot, it's not yesterday's AI Ops. It's a whole another ballgame. So I have to ask you guys for the final question before we kick off the company's showcasing here. How do you guys gauge success of generative AI applications? Is there a lens to look through and say, okay, how do I see success? It could be just getting a win or is it a bigger picture? Bratin we'll start with you. How do you gauge success for generative AI? >> You know, ultimately it's about bringing business value to our customers. And making sure that those customers are able to reimagine their experiences by using generative AI. Now the way to get their ease, of course to deploy those models in a safe, effective manner, and ensuring that all of the robustness and the security guarantees and the privacy guarantees are all there. And we want to make sure that this transitions from something that's great demos to actual at scale products, which means making them work reliably all of the time not just some of the time. >> Tom, what's your gauge for success? >> Look, I think this, we're seeing a completely new form of ways to interact with data, to make data intelligent, and directly to bring in new revenue streams into business. So if businesses can use our models to leverage that and generate completely new revenue streams and ultimately bring incredible new value to their customers, then that's fantastic. And we hope we can power that revolution. >> Aidan, what's your take? >> Yeah, reiterating Bratin and Tom's point, I think that value in the enterprise and value in market is like a huge, you know, it's the goal that we're striving towards. I also think that, you know, the value to consumers and actual users and the transformation of the surface area of technology to create experiences like ChatGPT that are magical and it's the first time in human history we've been able to talk to something compelling that's not a human. I think that in itself is just extraordinary and so exciting to see. >> It really brings up a whole another category of markets. B2B, B2C, it's B2D, business to developer. Because I think this is kind of the big trend the consumers have to win. The developers coding the apps, it's a whole another sea change. Reminds me everyone use the "Moneyball" movie as example during the big data wave. Then you know, the value of data. There's a scene in "Moneyball" at the end, where Billy Beane's getting the offer from the Red Sox, then the owner says to the Red Sox, "If every team's not rebuilding their teams based upon your model, there'll be dinosaurs." I think that's the same with AI here. Every company will have to need to think about their business model and how they operate with AI. So it'll be a great run. >> Completely Agree >> It'll be a great run. >> Yeah. >> Aidan, Tom, thank you so much for sharing about your experiences at your companies and congratulations on your success and it's just the beginning. And Bratin, thanks for coming on representing AWS. And thank you, appreciate for what you do. Thank you. >> Thank you, John. Thank you, Aidan. >> Thank you John. >> Thanks so much. >> Okay, let's kick off season three, episode one. I'm John Furrier, your host. Thanks for watching. (light airy music)

(energetic music) >> Everyone, welcome back to theCUBE's coverage of WiDS 2023. This is the eighth annual Women in Data Science Conference. As you know, WiDS is not just a conference or an event, it's a movement. This is going to include over 100,000 people in the next year WiDS 2023 in 200-plus countries. It is such a powerful movement. If you've had a chance to be part of the Livestream or even be here in person with us at Stanford University, you know what I'm talking about. This is Lisa Martin. I have had the pleasure all day of working with two fantastic graduate students in Stanford's Data Journalism Master's Program. Hannah Freitag has been here. Tracy Zhang, ladies, it's been such a pleasure working with you today. >> Same wise. >> I want to ask you both what are, as we wrap the day, I'm so inspired, I feel like I could go build an airplane. >> Exactly. >> Probably can't. But WiDS is just the inspiration that comes from this event. When you walk in the front door, you can feel it. >> Mm-hmm. >> Tracy, talk a little bit about what some of the things are that you heard today that really inspired you. >> I think one of the keyword that's like in my mind right now is like finding a mentor. >> Yeah. >> And I think, like if I leave this conference if I leave the talks, the conversations with one thing is that I'm very positive that if I want to switch, say someday, from Journalism to being a Data Analyst, to being like in Data Science, I'm sure that there are great role models for me to look up to, and I'm sure there are like mentors who can guide me through the way. So, like that, I feel reassured for some reason. >> It's a good feeling, isn't it? What do you, Hannah, what about you? What's your takeaway so far of the day? >> Yeah, one of my key takeaways is that anything's possible. >> Mm-hmm. >> So, if you have your vision, you have the role model, someone you look up to, and even if you have like a different background, not in Data Science, Data Engineering, or Computer Science but you're like, "Wow, this is really inspiring. I would love to do that." As long as you love it, you're passionate about it, and you are willing to, you know, take this path even though it won't be easy. >> Yeah. >> Then you can achieve it, and as you said, Tracy, it's important to have mentors on the way there. >> Exactly. >> But as long as you speak up, you know, you raise your voice, you ask questions, and you're curious, you can make it. >> Yeah. >> And I think that's one of my key takeaways, and I was just so inspiring to hear like all these women speaking on stage, and also here in our conversations and learning about their, you know, career path and what they learned on their way. >> Yeah, you bring up curiosity, and I think that is such an important skill. >> Mm-hmm. >> You know, you could think of Data Science and think about all the hard skills that you need. >> Mm, like coding. >> But as some of our guests said today, you don't have to be a statistician or an engineer, or a developer to get into this. Data Science applies to every facet of every part of the world. >> Mm-hmm. >> Finances, marketing, retail, manufacturing, healthcare, you name it, Data Science has the power and the potential to unlock massive achievements. >> Exactly. >> It's like we're scratching the surface. >> Yeah. >> But that curiosity, I think, is a great skill to bring to anything that you do. >> Mm-hmm. >> And I think we... For the female leaders that we're on stage, and that we had a chance to talk to on theCUBE today, I think they all probably had that I think as a common denominator. >> Exactly. >> That curious mindset, and also something that I think as hard is the courage to raise your hand. I like this, I'm interested in this. I don't see anybody that looks like me. >> But that doesn't mean I shouldn't do it. >> Exactly. >> Exactly, in addition to the curiosity that all the women, you know, bring to the table is that, in addition to that, being optimistic, and even though we don't see gender equality or like general equality in companies yet, we make progress and we're optimistic about it, and we're not like negative and complaining the whole time. But you know, this positive attitude towards a trend that is going in the right direction, and even though there's still a lot to be done- >> Exactly. >> We're moving it that way. >> Right. >> Being optimistic about this. >> Yeah, exactly, like even if it means that it's hard. Even if it means you need to be your own role model it's still like worth a try. And I think they, like all of the great women speakers, all the female leaders, they all have that in them, like they have the courage to like raise their hand and be like, "I want to do this, and I'm going to make it." And they're role models right now, so- >> Absolutely, they have drive. >> They do. >> Right. They have that ambition to take something that's challenging and complicated, and help abstract end users from that. Like we were talking to Intuit. I use Intuit in my small business for financial management, and she was talking about how they can from a machine learning standpoint, pull all this data off of documents that you upload and make that, abstract that, all that complexity from the end user, make something that's painful taxes. >> Mm-hmm. >> Maybe slightly less painful. It's still painful when you have to go, "Do I have to write you a check again?" >> Yeah. (laughs) >> Okay. >> But talking about just all the different applications of Data Science in the world, I found that to be very inspiring and really eye-opening. >> Definitely. >> I hadn't thought about, you know, we talk about climate change all the time, especially here in California, but I never thought about Data Science as a facilitator of the experts being able to make sense of what's going on historically and in real-time, or the application of Data Science in police violence. We see far too many cases of police violence on the news. It's an epidemic that's a horrible problem. Data Science can be applied to that to help us learn from that, and hopefully, start moving the needle in the right direction. >> Absolutely. >> Exactly. >> And especially like one sentence from Guitry from the very beginnings I still have in my mind is then when she said that arguments, no, that data beats arguments. >> Yes. >> In a conversation that if you be like, okay, I have this data set and it can actually show you this or that, it's much more powerful than just like being, okay, this is my position or opinion on this. And I think in a world where increasing like misinformation, and sometimes, censorship as we heard in one of the talks, it's so important to have like data, reliable data, but also acknowledge, and we talked about it with one of our interviewees that there's spices in data and we also need to be aware of this, and how to, you know, move this forward and use Data Science for social good. >> Mm-hmm. >> Yeah, for social good. >> Yeah, definitely, I think they like data, and the question about, or like the problem-solving part about like the social issues, or like some just questions, they definitely go hand-in-hand. Like either of them standing alone won't be anything that's going to be having an impact, but combining them together, you have a data set that illustrate a point or like solves the problem. I think, yeah, that's definitely like where Data Set Science is headed to, and I'm glad to see all these great women like making their impact and combining those two aspects together. >> It was interesting in the keynote this morning. We were all there when Margot Gerritsen who's one of the founders of WiDS, and Margot's been on the program before and she's a huge supporter of what we do and vice versa. She asked the non-women in the room, "Those who don't identify as women, stand up," and there was a handful of men, and she said, "That's what it's like to be a female in technology." >> Oh, my God. >> And I thought that vision give me goosebumps. >> Powerful. (laughs) >> Very powerful. But she's right, and one of the things I think that thematically another common denominator that I think we heard, I want to get your opinions as well from our conversations today, is the importance of community. >> Mm-hmm. >> You know, I was mentioning this stuff from AnitaB.org that showed that in 2022, the percentage of females and technical roles is 27.6%. It's a little bit of an increase. It's been hovering around 25% for a while. But one of the things that's still a problem is attrition. It doubled last year. >> Right. >> And I was asking some of the guests, and we've all done that today, "How would you advise companies to start moving the needle down on attrition?" >> Mm-hmm. >> And I think the common theme was network, community. >> Exactly. >> It takes a village like this. >> Mm-hmm. >> So you can see what you can be to help start moving that needle and that's, I think, what underscores the value of what WiDS delivers, and what we're able to showcase on theCUBE. >> Yeah, absolutely. >> I think it's very important to like if you're like a woman in tech to be able to know that there's someone for you, that there's a whole community you can rely on, and that like you are, you have the same mindset, you're working towards the same goal. And it's just reassuring and like it feels very nice and warm to have all these women for you. >> Lisa: It's definitely a warm fuzzy, isn't it? >> Yeah, and both the community within the workplace but also outside, like a network of family and friends who support you to- >> Yes. >> To pursue your career goals. I think that was also a common theme we heard that it's, yeah, necessary to both have, you know your community within your company or organization you're working but also outside. >> Definitely, I think that's also like how, why, the reason why we feel like this in like at WiDS, like I think we all feel very positive right now. So, yeah, I think that's like the power of the connection and the community, yeah. >> And the nice thing is this is like I said, WiDS is a movement. >> Yes. >> This is global. >> Mm-hmm. >> We've had some WiDS ambassadors on the program who started WiDS and Tel Aviv, for example, in their small communities. Or in Singapore and Mumbai that are bringing it here and becoming more of a visible part of the community. >> Tracy: Right. >> I loved seeing all the young faces when we walked in the keynote this morning. You know, we come here from a journalistic perspective. You guys are Journalism students. But seeing all the potential in the faces in that room just seeing, and hearing stories, and starting to make tangible connections between Facebook and data, and the end user and the perspectives, and the privacy and the responsibility of AI is all... They're all positive messages that need to be reinforced, and we need to have more platforms like this to be able to not just raise awareness, but sustain it. >> Exactly. >> Right. It's about the long-term, it's about how do we dial down that attrition, what can we do? What can we do? How can we help? >> Mm-hmm. >> Both awareness, but also giving women like a place where they can connect, you know, also outside of conferences. Okay, how do we make this like a long-term thing? So, I think WiDS is a great way to, you know, encourage this connectivity and these women teaming up. >> Yeah, (chuckles) girls help girls. >> Yeah. (laughs) >> It's true. There's a lot of organizations out there, girls who Code, Girls Inc., et cetera, that are all aimed at helping women kind of find their, I think, find their voice. >> Exactly. >> And find that curiosity. >> Yeah. Unlock that somewhere back there. Get some courage- >> Mm-hmm. >> To raise your hand and say, "I think I want to do this," or "I have a question. You explained something and I didn't understand it." Like, that's the advice I would always give to my younger self is never be afraid to raise your hand in a meeting. >> Mm-hmm. >> I guarantee you half the people weren't listening or, and the other half may not have understood what was being talked about. >> Exactly. >> So, raise your hand, there goes Margot Gerritsen, the founder of WiDS, hey, Margot. >> Hi. >> Keep alumni as you know, raise your hand, ask the question, there's no question that's stupid. >> Mm-hmm. >> And I promise you, if you just take that chance once it will open up so many doors, you won't even know which door to go in because there's so many that are opening. >> And if you have a question, there's at least one more person in the room who has the exact same question. >> Exact same question. >> Yeah, we'll definitely keep that in mind as students- >> Well, I'm curious how Data Journalism, what you heard today, Tracy, we'll start with you, and then, Hannah, to you. >> Mm-hmm. How has it influenced how you approach data-driven, and storytelling? Has it inspired you? I imagine it has, or has it given you any new ideas for, as you round out your Master's Program in the next few months? >> I think like one keyword that I found really helpful from like all the conversations today, was problem-solving. >> Yeah. >> Because I think, like we talked a lot about in our program about how to put a face on data sets. How to put a face, put a name on a story that's like coming from like big data, a lot of numbers but you need to like narrow it down to like one person or one anecdote that represents a bigger problem. And I think essentially that's problem-solving. That's like there is a community, there is like say maybe even just one person who has, well, some problem about something, and then we're using data. We're, by giving them a voice, by portraying them in news and like representing them in the media, we're solving this problem somehow. We're at least trying to solve this problem, trying to make some impact. And I think that's like what Data Science is about, is problem-solving, and, yeah, I think I heard a lot from today's conversation, also today's speakers. So, yeah, I think that's like something we should also think about as Journalists when we do pitches or like what kind of problem are we solving? >> I love that. >> Or like kind of what community are we trying to make an impact in? >> Yes. >> Absolutely. Yeah, I think one of the main learnings for me that I want to apply like to my career in Data Journalism is that I don't shy away from complexity because like Data Science is oftentimes very complex. >> Complex. >> And also data, you're using for your stories is complex. >> Mm-hmm. >> So, how can we, on the one hand, reduce complexity in a way that we make it accessible for broader audience? 'Cause, we don't want to be this like tech bubble talking in data jargon, we want to, you know, make it accessible for a broader audience. >> Yeah. >> I think that's like my purpose as a Data Journalist. But at the same time, don't reduce complexity when it's needed, you know, and be open to dive into new topics, and data sets and circling back to this of like raising your hand and asking questions if you don't understand like a certain part. >> Yeah. >> So, that's definitely a main learning from this conference. >> Definitely. >> That like, people are willing to talk to you and explain complex topics, and this will definitely facilitate your work as a Data Journalist. >> Mm-hmm. >> So, that inspired me. >> Well, I can't wait to see where you guys go from here. I've loved co-hosting with you today, thank you. >> Thank you. >> For joining me at our conference. >> Wasn't it fun? >> Thank you. >> It's a great event. It's, we, I think we've all been very inspired and I'm going to leave here probably floating above the ground a few inches, high on the inspiration of what this community can deliver, isn't that great? >> It feels great, I don't know, I just feel great. >> Me too. (laughs) >> So much good energy, positive energy, we love it. >> Yeah, so we want to thank all the organizers of WiDS, Judy Logan, Margot Gerritsen in particular. We also want to thank John Furrier who is here. And if you know Johnny, know he gets FOMO when he is not hosting. But John and Dave Vellante are such great supporters of women in technology, women in technical roles. We wouldn't be here without them. So, shout out to my bosses. Thank you for giving me the keys to theCube at this event. I know it's painful sometimes, but we hope that we brought you great stories all day. We hope we inspired you with the females and the one male that we had on the program today in terms of raise your hand, ask a question, be curious, don't be afraid to pursue what you're interested in. That's my soapbox moment for now. So, for my co-host, I'm Lisa Martin, we want to thank you so much for watching our program today. You can watch all of this on-demand on thecube.net. You'll find write-ups on siliconeangle.com, and, of course, YouTube. Thanks, everyone, stay safe and we'll see you next time. (energetic music)

>> Narrator: TheCUBE's live coverage is made possible by funding from Dell Technologies, creating technologies that drive human progress. (upbeat music intro) (logo background tingles) >> Hi everybody, welcome back to day three of MWC23, my name is Dave Vellante and we're here live at the Theater of Barcelona, Lisa Martin, David Nicholson, John Furrier's in our studio in Palo Alto. Lot of buzz at the show, the Mobile World Daily Today, front page, Netflix chief hits back in fair share row, Greg Peters, the co-CEO of Netflix, talking about how, "Hey, you guys want to tax us, the telcos want to tax us, well, maybe you should help us pay for some of the content. Your margins are higher, you have a monopoly, you know, we're delivering all this value, you're bundling Netflix in, from a lot of ISPs so hold on, you know, pump the brakes on that tax," so that's the big news. Lockheed Martin, FOSS issues, AI guidelines, says, "AI's not going to take over your job anytime soon." Although I would say, your job's going to be AI-powered for the next five years. We're going to talk about data, we've been talking about the disaggregation of the telco stack, part of that stack is a data layer. John Kreisa is here, the CMO of Couchbase, John, you know, we've talked about all week, the disaggregation of the telco stacks, they got, you know, Silicon and operating systems that are, you know, real time OS, highly reliable, you know, compute infrastructure all the way up through a telemetry stack, et cetera. And that's a proprietary block that's really exploding, it's like the big bang, like we saw in the enterprise 20 years ago and we haven't had much discussion about that data layer, sort of that horizontal data layer, that's the market you play in. You know, Couchbase obviously has a lot of telco customers- >> John: That's right. >> We've seen, you know, Snowflake and others launch telco businesses. What are you seeing when you talk to customers at the show? What are they doing with that data layer? >> Yeah, so they're building applications to drive and power unique experiences for their users, but of course, it all starts with where the data is. So they're building mobile applications where they're stretching it out to the edge and you have to move the data to the edge, you have to have that capability to deliver that highly interactive experience to their customers or for their own internal use cases out to that edge, so seeing a lot of that with Couchbase and with our customers in telco. >> So what do the telcos want to do with data? I mean, they've got the telemetry data- >> John: Yeah. >> Now they frequently complain about the over-the-top providers that have used that data, again like Netflix, to identify customer demand for content and they're mopping that up in a big way, you know, certainly Amazon and shopping Google and ads, you know, they're all using that network. But what do the telcos do today and what do they want to do in the future? They're all talking about monetization, how do they monetize that data? >> Yeah, well, by taking that data, there's insight to be had, right? So by usage patterns and what's happening, just as you said, so they can deliver a better experience. It's all about getting that edge, if you will, on their competition and so taking that data, using it in a smart way, gives them that edge to deliver a better service and then grow their business. >> We're seeing a lot of action at the edge and, you know, the edge can be a Home Depot or a Lowe's store, but it also could be the far edge, could be a, you know, an oil drilling, an oil rig, it could be a racetrack, you know, certainly hospitals and certain, you know, situations. So let's think about that edge, where there's maybe not a lot of connectivity, there might be private networks going in, in the future- >> John: That's right. >> Private 5G networks. What's the data flow look like there? Do you guys have any customers doing those types of use cases? >> Yeah, absolutely. >> And what are they doing with the data? >> Yeah, absolutely, we've got customers all across, so telco and transportation, all kinds of service delivery and healthcare, for example, we've got customers who are delivering healthcare out at the edge where they have a remote location, they're able to deliver healthcare, but as you said, there's not always connectivity, so they need to have the applications, need to continue to run and then sync back once they have that connectivity. So it's really having the ability to deliver a service, reliably and then know that that will be synced back to some central server when they have connectivity- >> So the processing might occur where the data- >> Compute at the edge. >> How do you sync back? What is that technology? >> Yeah, so there's, so within, so Couchbase and Couchbase's case, we have an autonomous sync capability that brings it back to the cloud once they get back to whether it's a private network that they want to run over, or if they're doing it over a public, you know, wifi network, once it determines that there's connectivity and, it can be peer-to-peer sync, so different edge apps communicating with each other and then ultimately communicating back to a central server. >> I mean, the other theme here, of course, I call it the software-defined telco, right? But you got to have, you got to run on something, got to have hardware. So you see companies like AWS putting Outposts, out to the edge, Outposts, you know, doesn't really run a lot of database to mind, I mean, it runs RDS, you know, maybe they're going to eventually work with companies like... I mean, you're a partner of AWS- >> John: We are. >> Right? So do you see that kind of cloud infrastructure that's moving to the edge? Do you see that as an opportunity for companies like Couchbase? >> Yeah, we do. We see customers wanting to push more and more of that compute out to the edge and so partnering with AWS gives us that opportunity and we are certified on Outpost and- >> Oh, you are? >> We are, yeah. >> Okay. >> Absolutely. >> When did that, go down? >> That was last year, but probably early last year- >> So I can run Couchbase at the edge, on Outpost? >> Yeah, that's right. >> I mean, you know, Outpost adoption has been slow, we've reported on that, but are you seeing any traction there? Are you seeing any nibbles? >> Starting to see some interest, yeah, absolutely. And again, it has to be for the right use case, but again, for service delivery, things like healthcare and in transportation, you know, they're starting to see where they want to have that compute, be very close to where the actions happen. >> And you can run on, in the data center, right? >> That's right. >> You can run in the cloud, you know, you see HPE with GreenLake, you see Dell with Apex, that's essentially their Outposts. >> Yeah. >> They're saying, "Hey, we're going to take our whole infrastructure and make it as a service." >> Yeah, yeah. >> Right? And so you can participate in those environments- >> We do. >> And then so you've got now, you know, we call it supercloud, you've got the on-prem, you've got the, you can run in the public cloud, you can run at the edge and you want that consistent experience- >> That's right. >> You know, from a data layer- >> That's right. >> So is that really the strategy for a data company is taking or should be taking, that horizontal layer across all those use cases? >> You do need to think holistically about it, because you need to be able to deliver as a, you know, as a provider, wherever the customer wants to be able to consume that application. So you do have to think about any of the public clouds or private networks and all the way to the edge. >> What's different John, about the telco business versus the traditional enterprise? >> Well, I mean, there's scale, I mean, one thing they're dealing with, particularly for end user-facing apps, you're dealing at a very very high scale and the expectation that you're going to deliver a very interactive experience. So I'd say one thing in particular that we are focusing on, is making sure we deliver that highly interactive experience but it's the scale of the number of users and customers that they have, and the expectation that your application's always going to work. >> Speaking of applications, I mean, it seems like that's where the innovation is going to come from. We saw yesterday, GSMA announced, I think eight APIs telco APIs, you know, we were talking on theCUBE, one of the analysts was like, "Eight, that's nothing," you know, "What do these guys know about developers?" But you know, as Daniel Royston said, "Eight's better than zero." >> Right? >> So okay, so we're starting there, but the point being, it's all about the apps, that's where the innovation's going to come from- >> That's right. >> So what are you seeing there, in terms of building on top of the data app? >> Right, well you have to provide, I mean, have to provide the APIs and the access because it is really, the rubber meets the road, with the developers and giving them the ability to create those really rich applications where they want and create the experiences and innovate and change the way that they're giving those experiences. >> Yeah, so what's your relationship with developers at Couchbase? >> John: Yeah. >> I mean, talk about that a little bit- >> Yeah, yeah, so we have a great relationship with developers, something we've been investing more and more in, in terms of things like developer relations teams and community, Couchbase started in open source, continue to be based on open source projects and of course, those are very developer centric. So we provide all the consistent APIs for developers to create those applications, whether it's something on Couchbase Lite, which is our kind of edge-based database, or how they can sync that data back and we actually automate a lot of that syncing which is a very difficult developer task which lends them to one of the developer- >> What I'm trying to figure out is, what's the telco developer look like? Is that a developer that comes from the enterprise and somebody comes from the blockchain world, or AI or, you know, there really doesn't seem to be a lot of developer talk here, but there's a huge opportunity. >> Yeah, yeah. >> And, you know, I feel like, the telcos kind of remind me of, you know, a traditional legacy company trying to get into the developer world, you know, even Oracle, okay, they bought Sun, they got Java, so I guess they have developers, but you know, IBM for years tried with Bluemix, they had to end up buying Red Hat, really, and that gave them the developer community. >> Yep. >> EMC used to have a thing called EMC Code, which was a, you know, good effort, but eh. And then, you know, VMware always trying to do that, but, so as you move up the stack obviously, you have greater developer affinity. Where do you think the telco developer's going to come from? How's that going to evolve? >> Yeah, it's interesting, and I think they're... To kind of get to your first question, I think they're fairly traditional enterprise developers and when we break that down, we look at it in terms of what the developer persona is, are they a front-end developer? Like they're writing that front-end app, they don't care so much about the infrastructure behind or are they a full stack developer and they're really involved in the entire application development lifecycle? Or are they living at the backend and they're really wanting to just focus in on that data layer? So we lend towards all of those different personas and we think about them in terms of the APIs that we create, so that's really what the developers are for telcos is, there's a combination of those front-end and full stack developers and so for them to continue to innovate they need to appeal to those developers and that's technology, like Couchbase, is what helps them do that. >> Yeah and you think about the Apples, you know, the app store model or Apple sort of says, "Okay, here's a developer kit, go create." >> John: Yeah. >> "And then if it's successful, you're going to be successful and we're going to take a vig," okay, good model. >> John: Yeah. >> I think I'm hearing, and maybe I misunderstood this, but I think it was the CEO or chairman of Ericsson on the day one keynotes, was saying, "We are going to monetize the, essentially the telemetry data, you know, through APIs, we're going to charge for that," you know, maybe that's not the best approach, I don't know, I think there's got to be some innovation on top. >> John: Yeah. >> Now maybe some of these greenfield telcos are going to do like, you take like a dish networks, what they're doing, they're really trying to drive development layers. So I think it's like this wild west open, you know, community that's got to be formed and right now it's very unclear to me, do you have any insights there? >> I think it is more, like you said, Wild West, I think there's no emerging standard per se for across those different company types and sort of different pieces of the industry. So consequently, it does need to form some more standards in order to really help it grow and I think you're right, you have to have the right APIs and the right access in order to properly monetize, you have to attract those developers or you're not going to be able to monetize properly. >> Do you think that if, in thinking about your business and you know, you've always sold to telcos, but now it's like there's this transformation going on in telcos, will that become an increasingly larger piece of your business or maybe even a more important piece of your business? Or it's kind of be steady state because it's such a slow moving industry? >> No, it is a big and increasing piece of our business, I think telcos like other enterprises, want to continue to innovate and so they look to, you know, technologies like, Couchbase document database that allows them to have more flexibility and deliver the speed that they need to deliver those kinds of applications. So we see a lot of migration off of traditional legacy infrastructure in order to build that new age interface and new age experience that they want to deliver. >> A lot of buzz in Silicon Valley about open AI and Chat GPT- >> Yeah. >> You know, what's your take on all that? >> Yeah, we're looking at it, I think it's exciting technology, I think there's a lot of applications that are kind of, a little, sort of innovate traditional interfaces, so for example, you can train Chat GPT to create code, sample code for Couchbase, right? You can go and get it to give you that sample app which gets you a headstart or you can actually get it to do a better job of, you know, sorting through your documentation, like Chat GPT can do a better job of helping you get access. So it improves the experience overall for developers, so we're excited about, you know, what the prospect of that is. >> So you're playing around with it, like everybody is- >> Yeah. >> And potentially- >> Looking at use cases- >> Ways tO integrate, yeah. >> Hundred percent. >> So are we. John, thanks for coming on theCUBE. Always great to see you, my friend. >> Great, thanks very much. >> All right, you're welcome. All right, keep it right there, theCUBE will be back live from Barcelona at the theater. SiliconANGLE's continuous coverage of MWC23. Go to siliconangle.com for all the news, theCUBE.net is where all the videos are, keep it right there. (cheerful upbeat music outro)

(soft corporate jingle) >> Announcer: theCUBE's live coverage is made possible by funding from Dell Technologies. Creating technologies that drive human progress. (upbeat jingle intro) >> Welcome back to Barcelona. We're here live at the Fira. (laughs) Just amazing day two of MWC23. It's packed today. It was packed yesterday. It's even more packed today. All the news is flowing. Check out siliconangle.com. John Furrier is in the studio in Palo Alto breaking all the news. And, we are here live. Really excited to have Udayan Mukherjee who's the Senior Fellow and Chief Architect of wireless product at Network and Edge for Intel. And, Manish Singh is back. He's the CTO of Telecom Systems Business at Dell Jets. Welcome. >> Thank you. >> Thank you >> We're going to talk about greening the network. I wonder, Udayan, if you could just set up why that's so important. I mean, it's obvious that it's an important thing, great for the environment, but why is it extra important in Telco? >> Yeah, thank you. Actually, I'll tell you, this morning I had a discussion with an operator. The first thing he said, that the electricity consumption is more expensive nowadays that total real estate that he's spending money on. So, it's like that is the number one thing that if you can change that, bring that power consumption down. And, if you talk about sustainability, look what is happening in Europe, what's happening in all the electricity areas. That's the critical element that we need to address. Whether we are defining chip, platforms, storage systems, that's the number one mantra right now. You know, reduce the power. Electricity consumption, because it's a sustainable planet that we are living in. >> So, you got CapEx and OpEx. We're talking about the big piece of OpEx is now power consumption? >> Power Consumption >> That's the point. Okay, so in my experience, servers are the big culprit for power consumption, which is powered by core semiconductors and microprocessors. So, what's the strategy to reduce the power consumption? You're probably not going to reduce the bill overall. You maybe just can keep pace, but from a technical standpoint, how do you attack that? >> Yeah, there are multiple defined ways of adding. Obviously the process technology, that micro (indistinct) itself is evolving to make it more low-power systems. But, even within the silicon, the server that we develop, if you look in a CPU, there is a lot of power states. So, if you have a 32 code platform, as an example, every code you can vary the frequency and the C-states, power states. So, if you look into any traffic, whether it's a radio access network, packet code. At any given time the load is not peak. So, your power consumption, actual what we are drawing from the wall, it also needs to vary with that. So, that's how if you look into this there's a huge savings. If you go to Intel booth or Ericson booth or anyone, you will see right now every possible, the packet code, radio access network, everything network. They're talking about our energy consumption, how they're lowering this. These states, as we call it power states, C-state P-state they've built in intel chip for a long time. The cloud providers are taking advantage of it. But Telcos, with even two generation before they used to actually switch it off in the bios. I say no, we need peak. Now, that thing is changing. Now, it's all like, how do I take advantage of the built in technologies? >> I remember the enterprise virtualization, Manish, was a big play. I remember PG&E used to give rebates to customers that would install virtualized software, VMware. >> And SSDs. >> Yeah. And SSDs, you know, yes. Because, the spinning disc was, but, nowhere near with a server consumption. So, how virtualized is the telco network? And then, what I'm saying is there other things, other knobs, you can of course turn. So, what's your perspective on this as a server player? >> Yeah, absolutely. Let me just back up a little bit and start at the big picture to share what Udayan said. Here, day two, every conversation I've had yesterday and today morning with every operator, every CTO, they're coming in and first topic they're talking about is energy. And, the reason is, A, it's the right thing to do, sustainability, but, it's also becoming a P&L issue. And, the reason it's becoming a P&L issue is because we are in this energy inflationary environment where the energy costs are constantly going up. So, it's becoming really important for the service providers to really drive more efficiency onto their networks, onto their infrastructure. Number one. Two, then to your question on what all knobs need to be turned on, and what are the knobs? So, Udayan talked about within the intel, silicon, the C-states, P-states and all these capabilities that are being brought up, absolutely important. But again, if we take a macro view of it. First of all, there are opportunities to do infrastructure audit. What's on, why is it on, does it need to be on right now? Number two, there are opportunities to do infrastructure upgrade. And, what I mean by that is as you go from previous generation servers to next generation servers, better cooling, better performance. And through all of that you start to gain power usage efficiency inside a data center. And, you take that out more into the networks you start to achieve same outcomes on the network site. Think about from a cooling perspective, air cooling but for that matter, even liquid cooling, especially inside the data centers. All opportunities around PUE, because PUE, power usage efficiency and improvement on PUE is an opportunity. But, I'll take it even further. Workloads that are coming onto it, core, RAN, these workloads based on the dynamic traffic. Look, if you look at the traffic inside a network, it's not constant, it's varied. As the traffic patterns change, can you reduce the amount of infrastructure you're using? I.e. reduce the amount of power that you're using and when the traffic loads are going up. So, the workloads themselves need to become more smarter about that. And last, but not the least. From an orchestration layer if you think about it, where you are placing these workloads, and depending on what's available, you can start to again, drive better energy outcomes. And, not to forget acceleration. Where you need acceleration, can you have the right hardware infrastructures delivering the right kind of accelerations to again, improve those energy efficiency outcomes. So, it's a complex problem. But, there are a lot of levers, lot of tools that are in place that the service providers, the technology builders like us, are building the infrastructure, and then the workload providers all come together to really solve this problem. >> Yeah, Udayan, Manish mentioned this idea of moving from one generation to a new generation and gaining benefits. Out there on the street, if you will. Most of the time it's an N plus 2 migration. It's not just moving from last generation to this next generation, but it's really a generation ago. So, those significant changes in the dynamics around power density and cooling are meaningful? You talk about where performance should be? We start talking about the edge. It's hard to have a full-blown raised data center floor edge everywhere. Do these advances fundamentally change the kinds of things that you can do at the base of a tower? >> Yeah, absolutely. Manish talked about that, the dynamic nature of the workload. So, we are using a lot of this AIML to actually predict. Like for example, your multiple force in a systems. So, why is the 32 core as a system, why is all running? So, your traffic profile in the night times. So, you are in the office areas, in the night has gone home and nowadays everybody's working from remote anyway. So, why is this thing a full blown, spending the TDP, the total power and extreme powers. You bring it down, different power states, C-states. We talked about it. Deeper C-states or P-states, you bring the frequency down. So, lot of those automation, even at the base of the tower. Lot of our deployment right now, we are doing a whole bunch of massive MIMO deployment. Virtual RAN in Verizon network. All actually cell-site deployment. Those eight centers are very close to the cell-site. And, they're doing aggressive power management. So, you don't have to go to a huge data centers, even there's a small rack of systems, four to five, 10 systems, you can do aggressive power management. And, you built it up that way. >> Okay. >> If I may just build on what Udayan said. I mean if you look at the radio access network, right? And, let's start at the bottom of the tower itself. The infrastructure that's going in there, especially with Open RAN, if you think about it, there are opportunities now to do a centralized RAN where you could do more BBU pooling. And, with that, not only on a given tower but across a given given coverage area, depending on what the traffics are, you can again get the infrastructure to become more efficient in terms of what traffic, what needs are, and really start to benefit. The pooling gains which is obviously going to give you benefit on the CapEx side, but from an energy standpoint going to give you benefits on the OpEx side of things. So that's important. The second thing I will say is we cannot forget, especially on the radio access side of things, that it's not just the bottom of the tower what's happening there. What's happening on the top of the tower especially with the radio, that's super important. And, that goes into how do you drive better PA efficiency, how do you drive better DPD in there? This is where again, applying AI machine learning there is a significant amount of opportunity there to improve the PA performance itself. But then, not only that, looking at traffic patterns. Can you do sleep modes, micro sleep modes to deep sleep modes. Turning down the cells itself, depending on the traffic patterns. So, these are all areas that are now becoming more and more important. And, clearly with our ecosystem of partners we are continuing to work on these. >> So we hear from the operators, it's an OpEx issue. It's hitting the P&L. They're in search of PUE of one. And, they've historically been wasteful, they go full throttle. And now, you're saying with intelligence you can optimize that consumption. So, where does the intelligence live? Is it in the rig. Where is it all throughout the network? Is it in the silicon? Maybe you could paint a picture as to where those smarts exist. >> I can start. It's across the stack. It starts, we talked about the C-states, P-states. If you want to take advantage of that, that intelligence is in the workload, which has to understand when can I really start to clock things down or turn off the cores. If you really look at it from a traffic pattern perspective you start to really look at a rig level where you can have power. And, we are working with the ecosystem partners who are looking at applying machine learning on that to see what can we really start to turn on, turn off, throttle things down, depending on what the, so yes, it's across the stack. And lastly, again, I'll go back to cannot forget orchestration, where you again have the ability to move some of these workloads and look at where your workload placements are happening depending on what infrastructure is and what the traffic needs are at that point in time. So it's, again, there's no silver bullet. It has to be looked across the stack. >> And, this is where actually if I may, last two years a sea change has happened. People used to say, okay there are C-states and P-states, there's silicon every code. OS operating system has a governor built in. We rely on that. So, that used to be the way. Now that applications are getting smarter, if you look at a radio access network or the packet core on the control plane signaling application, they're more aware of the what is the underlying silicon power state sleep states are available. So, every time they find some of these areas there's no enough traffic there, they immediately goes to a transition. So, the workload has become more intelligent. The rig application we talked about. Every possible rig application right now are apps on xApps. Most of them are on energy efficiency. How are they using it? So, I think lot more even the last two years. >> Can I just say one more thing there right? >> Yeah. >> We cannot forget the infrastructure as well, right? I mean, that's the most important thing. That's where the energy is really getting drawn in. And, constant improvement on the infrastructure. And, I'll give you some data points, right? If you really look at the power at servers, right? From 2013 to 2023, like a decade. 85% energy intensity improvement, right? So, these gains are coming from performance with better cooling, better technology applications. So, that's super critical, that's important. And, also to just give you another data point. Apart from the infrastructure what cache layers we are running and how much CPU and compute requirements are there, that's also important. So, looking at it from a cache perspective are we optimizing the required infrastructure blocks for radio access versus core? And again, really taking that back to energy efficiency outcomes. So, some of the work we've been doing with Wind River and Red Hat and some of our ecosystem partners around that for radio access network versus core. Really again, optimizing for those different use cases and the outcomes of those start to come in from an energy utilization perspective >> So, 85% improvement in power consumption. Of course you're doing, I don't know, 2, 300% more work, right? So, let's say, and I'm just sort of spit balling numbers but, let's say that historically powers on the P&L has been, I don't know, single digits, maybe 10%. Now, it's popping up the much higher. >> Udayan: Huge >> Right? >> I mean, I don't know what the number is. Is it over 20% in some cases or is it, do you have a sense of that? Or let's say it is. The objective I presume is you're probably not going to lower the power bill overall, but you're going to be able to lower the percent of cost on the OpEx as you grow, right? I mean, we're talking about 5G networks. So much more data >> Capacity increasing. >> Yeah, and so is it, am I right about that the carriers, the best they can hope for is to sort of stay even on that percentage or maybe somewhat lower that percentage? Or, do you think they can actually cut the bill? What's the goal? What are they trying to do? >> The goal is to cut the bill. >> It is! >> And the way you get started to cut the bill is, as I said, first of all on the radio side. Start to see where the improvements are and look, there's not a whole lot there to be done. I mean, the PS are as efficient as they can be, but as I said, there are things in DPD and all that still can be improved. But then, sleep modes and all, yes there are efficiencies in there. But, I'll give you one important, another interesting data point. We did a work with ACG Research on our 16G platform. The power edge service that we have recently launched based on Intel's Sapphire Rapids. And, if you look at the study there. 30% TCR reduction, 10% in CapEx gains, 30% in OpEx gains from moving away from these legacy monolithic architectures to cloud native architectures. And, a large part of that OpEx gain really starts to come from energy to the point of 800 metric tonnes of carbon reduction to the point of you could have, and if you really translate that to around 160 homes electric use per year, right? So yes, I mean the opportunity there is to reduce the bill. >> Wow, that's big, big goal guys. We got to run. But, thank you for informing the audience on the importance and how you get there. So, appreciate that. >> One thing that bears mentioning really quickly before we wrap, a lot of these things we're talking about are happening in remote locations. >> Oh, back to that point of distributed nature of telecom. >> Yes, we talked about a BBU being at the base of a tower that could be up on a mountain somewhere. >> No, you made the point. You can't just say, oh, hey we're going to go find ambient air or going to go... >> They don't necessarily... >> Go next to a waterfall. >> We don't necessarily have the greatest hydro tower. >> All right, we got to go. Thanks you guys. Alright, keep it right there. Wall to wall coverage is day two of theCUBE's coverage of MWC 23. Stay right there, we'll be right back. (corporate outro jingle)

>> Narrator: theCUBE presents Ignite 22. Brought to you by Palo Alto Networks. >> Hey, welcome back to Las Vegas. Lisa Martin here with Dave Vellante. This is day two of theCUBE's coverage of Palo Alto Ignite 2022. Dave we're just talking about how many times we're in Vegas. And we were here two weeks ago with our guest who's back in Alumni. And it's a blur, right? >> It's true, I lost count. Luckily I'm not flying red eye tonight. So that's good. >> I'm impressed. >> Excited about that. >> Yeah >> I'm actually going to enjoy the, nightlife here for a period of time. And, you know, we were at re-Invent. >> Yeah. >> And what a difference. This is nice and relaxed. You have time. You're not getting bumped in the hallway. >> Right. >> A lot of time for learning. So it's been great show. >> It's been great. And one of the things that we've been talking about is the supply chain. Securing the modern software supply chain is really complicated. We've got an Alumni back with us, to talk about what Palo Alto is doing in that respect. Ankur Shah joins us. The SVP and GM of Cloud Security at Palo Alto Networks. Welcome back. >> Yeah, happy to be back. Good to see you again. Dave and Lisa. >> It's been two long weeks. >> Ankur: I know. It's been two weeks, yeah >> Dave: It's kind of crazy. I mean, ReInvent really was a blur. And it's like you had everything coming at you. And there was obviously a big chunk of security, but you. It was just so much to absorb. >> Yeah. >> Right? >> Yeah, and I couldn't get into any of the sessions versus at Ignite. I mean, you could, you could learn a lot. To your point Dave. And 70,000 people versus 3000 in change. Big difference. >> Dave: Yeah. >> Lisa: Huge difference. >> Yeah. >> Lisa: Huge difference. So we touched on the Cider acquisition. >> Ankur: Yeah. >> Which was announced the intent to acquire last month. Let's dig into a little bit more of that, and then some of the great things that had been announced. >> Ankur: Yeah. >> In the last couple of days. >> Oh, absolutely. So, this is something that we have been marinating for last nine months. Thinking about how best to secure supply chain. And this is software supply chain. The modern application software is fairly complex. You know, back in the days when I was a developer, it was a simple three tier application. Ship the code once a year, et cetera. But now with microservices, new architectures, Kubernetes Public Cloud, we talked about this. It's getting super complicated, and the customers are really worried about securing their entire supply chain. Which is nothing but the software pipeline. And so we started looking at a whole bunch of companies and Cider really stood out. I mean, they had, they were the innovators in this space. Very early days, we've seen supply chain attack. But there hasn't been a really good and strong solution in that space. And Cider just delivered that incredible team. Great technology, super excited about what that integration will look like. in the coming quarters. >> What do we need to know about them? I mean, I'll be honest with you, I wasn't familiar with Cider until I saw you guys made the announcement of the intent to acquire them. What, what should we know about them? Why Cider? What was it that attracted you to them? >> Ankur: Yeah, so, you know, we have a history of technology acquisitions as you know, over the last four years, just in the public cloud. We acquire over half a a dozen companies, small and large. And typically we are always looking for companies who have the next gen technology available. Technology that is more in tune with how application software is going to look like in future. So we're not always going after companies that are making you know, tens of hundreds of millions of dollars in a year and all. We're looking for the right tech. The future. And that's what we found in Cider. Like they have a really strong application security background. And AppSec just broadly speaking, supply chain is part of it. But application security, just broadly speaking, is right for disruption. You've got a lot of vendors, who have been around for like last two decades. Old school stuff, lots and lots of false positives. So we've been bolstering, beefing up our portfolio in the application security space. And Cider really fits right nicely into it. Because it can like I said, secure a lot of technology and tooling, that software developers use as part of their software supply chain. So, great founding team, great technology. It was a perfect fit. >> Talk about integration. We spoke with Nikesh yesterday, with Nir, with a whole bunch of folks. Lee this morning. BJ yesterday as well. And one of the things that seems to stick out at me. With all the shows that we do, is the focus that Palo Alto has on ensuring that it's making the right acquisitions. But that it's the integration, is really seems to be like leading part of the strategy. That seems to be a little bit of a differentiator to me. >> Yeah, it absolutely is. There are two ways to integrate a technology into an existing platform. And Prisma Cloud is a platform as you know. Code-to-cloud, CNAPP platform as we call it. One is just kind of slotted in, put the whole thing in a box. And that's basically making one plus one equal to two. We're looking for high leverage in integrations, whereby once that integration comes along. It makes the rest of the platform even better and superior. It makes that technology look even better. So that's why there's a lot of focus on ensuring that we're delivering the right type of integration, that delivers instant customer value. And that makes the overall platform even superior. So customers don't feel like hey, like there's just one more add-on, on top of the other thing. >> Lisa: Right, not a bolt on. >> So that's why there's a lot of focus on that. Getting the strategy nailed. Because the founding teams generally have a preconceived notion about how the world looks like. Then they understand how Prisma cloud and Palo Alto Networks think about it. And then, we sort of merge the two ideas, and build something that's incredible. So I am, we're spending a lot of time in integration. That honeymoon phase of like, let's high five acquisitions done, that's over. Now it's the grinding work of actually getting this right. And you know, getting hundreds and thousands of customers. >> Well I like how you don't have the private equity mentality. It's not about EBITDA and cashflow. We'll take care of that. >> Ankur: Yeah. >> You know, it's about getting that integration. Getting that flywheel effect, inside the platform. You know, we said one plus one equals, maybe even more than two. Can you explain Prisma Cloud Secrets Security? What is that all about? What do we need to know about that? >> Ankur: Absolutely. So, the developers, you know generally store some stuff in the code repo for their automation work to build application. And that thing, the API keys or as Secrets are stored in code repo. It shouldn't be. Or even if they are, they should be encrypted, or locked down and things of that nature. But, you know, the need for speed trumps everything else. Developers want to go fast. And sometimes they're like, okay well. I guess my application needs this particular, you know API access token or secret. I'm just going to stick it in the code. Now the challenge with that is that, if somebody gets hold of your code repo. Now not only is your code repo, which has all your sensitive data. Your code is the life and blood of a technology company. That's in trouble. But also those secrets and API access keys can be used to log into your cloud accounts. And there you may have sensitive customer data. Everything that you have as a technology company stored in that public cloud accounts. So that's the worry. It's usually the initial access for the kill chain. Because that's where the attacks start. Let me get the secret, let me get the API access key. And let me see what I can do in public cloud. So we are now giving customers the visibility into where the secrets are stored. More importantly, it just right there on developer's face. In the code repo as they're checking in the code. They say why, hey, there's a secret here. Are you sure you want to, you want to keep it like this, no? Okay, well then you can either encrypt it, or just get rid of it. So we're making, we're bringing security where the developers are in their code repo, et cetera. >> So I can see a lot of developers saying, yeah, go ahead, encrypt it. So I don't have to do anything else, you know, extra. It's almost, the analogy is a very small you know, version of this. Its like, use a password manager. You store all your passwords in your contacts on your phone, right? I mean, somebody gets a hold of your contacts, you're screwed. >> Ankur: That's exactly right. >> And so, but I could still see a lot of developers say, check in the box. Say, yeah just encrypt it, leave it there. But you're saying best practice is to not to do that, right? >> Yeah, usually you're not supposed to, you know, store all your secrets, et cetera in code repo to begin with. But if you do, you know, you use a key wall like technology to really encrypt it and store it in a secret manner, yeah. >> Dave: There's an old saying, bad user behavior trump's great security every time. >> Ankur: Every time. >> But this is an example where, we know you're going to have bad behavior. So we're going to protect the bad behavior. >> Yeah, and actually, sorry Lisa, just to that point. The bad user behavior trumps good security. The classic example, this happened three weeks ago. Three, four weeks ago, where Dropbox, one of the file sharing companies there. 120 plus code repos were exposed. And the way their attack started, was a simple social engineering attack. Bad user behavior. There was an email, hey, like your passwords are updated for your, you know, this code plugin. Can you enter the password? And boom, now you have access to the code repo. And now if you have secrets inside of it, now, you know all bets are off. >> Are there hard-coded secrets versus like, I mean, like I think like, like you were saying, Dave. Like usernames and passwords and tokens, versus like soft coded secrets. >> Ankur: It's, I think it, this is more so two forms of it, you know. The most primary one is what we call the API access keys. And this keys are used to access cloud accounts, workloads and things of that nature. But there are actually secret secrets. Could be database login passwords, et cetera. The application is using it to spin up databases. Now, you know, you have access to the data stores. Any other application, there's a login password, all of that stuff. So it's less about the user password, but more the application and databases and things of that nature. >> Dave: So again, and, again, everybody should be using password managers. But when you use a password manager, it's going to give you a long list of passwords, that are either been compromised or are weak. And you just go uh, okay. So can you help? How do you help customers identify what the high risk? You know, API, you know, access are versus those ones that they may not have to worry about. >> Ankur: Yeah, look. You know, secrets aside. Risk prioritization is one of the biggest topics that our customers have across the board, in cloud security. All the security vendors are really, really good at one thing, generating alerts. Everybody does it. They generate an alert. You know, your ring camera, if you've got one. I mean this pop up every day, like every minute rather. Well like can you prioritize it for me? What should I really look at it? So that's a number one thing. What Prisma Cloud does is, you know, contextualize it. What the real risk is? They can tell you like, hey, here's the kill chain. If this thing, you know, goes to public internet. These are the potential exposures that you have. So we provide a prioritized risk of critical alerts that customers have to take care of before they can start taking care of more hygiene type of stuff, right? So that's how we do it. Like we leverage a lot of technology. We apply a lot of context. We tell you like, hey, this code repo is not protected by multifactor authentication. And then there's a secret inside. Are you sure, you know, you don't want to fix it? So that's what we do. But it's a great question. Top of mind for all our customers. And that's how we think about it across the board. Versus generating just alerts all the time. >> Dave: Is the strategy, Because we all know phishing is the sort of most, you know obvious way to. It's the top way in which people get hacked. >> Ankur: Yeah. >> Is your strategy essentially to say. Okay we know that's going to happen, so we're going to try to protect it at the back end. How much of the, maybe it's an industry question. more so than just a Palo Alto specifically, How much emphasis is do you think the industry is taking or should be taking on stopping that, you know that those phishing attacks? Because if that's the number one problem you know, maybe that's where we should be starting. >> Yeah, it's a great question. It's typically the initial vector, for a lot of attacks to your point. But there is one thing that technology and AI cannot solve. Which is the user behavior, to your point. Like we can't get into the heads of the user. I mean, you can train them, you can do everything. You can't prevent somebody from clicking a button. Of course there's technology out there for email security that does that. But your point is, right, it's going to happen. Now what do you do? How do you protect your applications, your crown jewel? You know, whether it's in the cloud or it's in the code repo. So a lot of what we are trying to do in code security, or cloud security, or in general at Palo Alto Networks. is to protect those crown jewel. Because we can't prevent somebody from doing something. User behavior is hard to change. >> Dave: So it's almost like, okay, you left your front door open. Somebody's going to walk in, but oh, they walk into a vault. And they don't know where to go. And there's nowhere they can- >> Ankur: Yeah. >> You know, nothing they can take. They can't get to the silverware or the jewelry. >> I think that's it, yeah. >> What are some of the things, like as we look at, we're wrapping up calendar year '22 heading into '23. That customers can look to Palo Alto Networks to help them achieve? One of the things that we talked about with Nikesh and Niri yesterday, is consolidation. Like, and you guys just did a recent, survey. >> Ankur: Yeah. >> About the state of Cyber, and organizations on average have 366 apps in their environment. 31 security tools, 30 to 50 security tools. >> Ankur: Yeah. >> Consolidation is really key there. What are some of the things that you are excited about to deliver to customers where consolidation is concerned? >> Ankur: Yeah. >> Where software supply chain security is concerned in the next year? >> Yeah, absolutely. Look, there are over 3000 security vendors. And this can be, I mean you talked about average customer having 300. I was talking to a CSO, this was last year for one of the largest financial institution I go, "How many security tools do you have?" He got 120. I said, why? He goes, we have a no vendor left behind policy. >> Wow. >> It's crazy. >> Dave: What? >> Obviously he was joking, but it's crazy, right? Like that's how the CSO's are. >> Dave: I mean, he was kidding. >> Yeah. >> Dave: But recognized that. Wow. >> Yeah, and, this is the state the security industry is in. And our mission has been, and Lee and Nikesh and Niri talked about it. Is just platforms, will platforms take moonshots, things long term. And especially the, macro headwinds that we're seeing. We're hearing more and more from the customers that, look we're not going to buy point product. Then we got to buy another product that stitches it all together. We need platforms, whether it's for zero trust, Prisma SaaS, whether it's cloud. Prisma cloud or for your sock transformation. You know XIM and Cortex line of products. So I think you're going to see more and more of that in 2023. I'm confident in that. >> We heard from Lee today, the world record's 400. >> Yes. >> Yeah. >> That's crazy. >> He's going for it. He's got a ways to go. 120 He's got to... >> Maybe he wasn't, that guy wasn't kidding about his no vendor left behind policy. (laughing) Do you have Ankur, a favorite customer story that really articulates the value of what Palo Alto delivers and continues to. You know, 'cause one of the things that Nikesh said in his keynote was that you know, security's a data problem. Well every company these days, in every industry has to be a data company. But really what they need to be able to be is a secured data company. >> Ankur: Yeah. >> How are you guys enabling that? >> Oh, absolutely. Look, many customer examples come to mind, but speaking of data. You know, one of, some of our largest customers who are protecting their PCI workers where they have sensitive data. They're using for example, Prisma Cloud, to ensure that malicious attacks don't happen. And those workloads are used for credit card processing. They're processing tens of thousands of credit card transactions a second. And make sure that nobody gets hold of that. And that's why they have to make sure that nobody is. No attacker is trying to get hold of the sensitive data, to your point, So we have customers across financial services, media and entertainment technology company. Where we are helping them go as fast as possible in public cloud. Go through digital transformation, by securing their applications. >> Dave: What's the T-shirt say? I see code. >> Oh yeah. >> Dave: Secure from Code to Cloud. >> Lisa: Shift Happens. >> Shift Happens, Secrets from Code to Cloud. >> I love that. I was looking at that, going back to that, what's next in cyber survey? >> Ankur: Yeah. >> It said 74% of respondents, and I believe there was 1300 CIO's, CXO's that were surveyed globally. Where they said security is slowing down DevOps. Can customers look to Palo Alto Networks to help them? >> Ankur: Be enablers? >> Yes. >> Yeah, hundred percent. Look, the conversation over the last few years have changed now. Security used to say like, oh, I don't know about these people who are building applications. The DevOps is like security slowing down. I think there's an opportunity for companies like Palo Alto Networks, to build the bridge between the two. And the way we do it is make the securities easy, simple and not super intrusive. Where developers have to do a natural thing. And one part of it, and I talked about it earlier, is bring security where the developers are. In their code repo, in their IDE. Make it super simple. Don't make them do unnatural things. And it just, this is no different from changing the behavior of our kids. Right? Like you make them do unnatural things, they're not going to do it. But if it is part of their regular, you know, day-to-day operating procedures. I think they're going to be more open to change. Yeah. So I think it's possible. And Palo Alto has a huge responsibility to bridge the divide between the apps team, or the DevOps and the security organization. >> Lisa: Lots of great stuff to come. We thank you so much for coming back, two weeks. Only being on two weeks ago. We appreciate your insights, learning more information. It's great to see you at Palo Alto Ignite. And we'll have to have you back on. 'Cause we know that there's so much more to follow with respect to what you're doing. And shifting left, shift happens. >> Awesome. Lisa, Dave, thank you so much. It's been a pleasure. >> Lisa: Thank you so much. For Ankur Shah and Dave Vellante. I'm Lisa Martin. You're watching theCUBE. The leader in live and emerging tech coverage.

>>Good afternoon from the Venetian Expo, center, hall, whatever you wanna call it, in Las Vegas. Lisa Martin here. It's day four. I'm not sure what this place is called. Wait, >>What? >>Lisa Martin here with Dave Ante. This is the cube. This is day four of a ton of coverage that we've been delivering to you, which, you know, cause you've been watching since Monday night, Dave, we are almost at the end, we're almost at the show wrap. Excited to bring back, we've been talking about security, a lot about security. Excited to bring back a, an alumni to talk about that. But what's your final thoughts? >>Well, so just in, in, in the context of security, we've had just three in a row talking about cyber, which is like the most important topic. And I, and I love that we're having Palo Alto Networks on Palo Alto Networks is the gold standard in security. Talk to CISOs, they wanna work with them. And, and it was, it's interesting because I've been following them for a little bit now, watch them move to the cloud and a couple of little stumbling points. But I said at the time, they're gonna figure it out and, and come rocking back. And they have, and the company's just performing unbelievably well despite, you know, all the macro headwinds that we love to >>Talk about. So. Right. And we're gonna be unpacking all of that with one of our alumni. As I mentioned, Anker Shaw is with us, the SVP and GM of Palo Alto Networks. Anker, welcome back to the Cub. It's great to see you. It's been a while. >>It's good to be here after a couple years. Yeah, >>Yeah. I think three. >>Yeah, yeah, for sure. Yeah. Yeah. It's a bit of a blur after Covid. >>Everyone's saying that. Yeah. Are you surprised that there are still this many people on the show floor? Cuz I am. >>I am. Yeah. Look, I am not, this is my fourth, last year was probably one third or one fourth of this size. Yeah. But pre covid, this is what dream went looked like. And it's energizing, it's exciting. It's just good to be doing the good old things. So many people and yeah. Amazing technology and innovation. It's been incredible. >>Let's talk about innovation. I know you guys, Palo Alto Networks recently acquired cyber security. Talk to us a little bit about that. How is it gonna compliment Prisma? Give us all the scoop on that. >>Yeah, for sure. Look, some of the recent, the cybersecurity attacks that we have seen are related to supply chain, the colonial pipeline, many, many supply chain. And the reason for that is the modern software supply chain, not the physical supply chain, the one that AWS announced, but this is the software supply chain is really incredibly complicated, complicated developers that are building and shipping code faster than ever before. And the, the site acquisition at the center, the heart of that was securing the entire supply chain. White House came with a new initiative on supply chain security and SBO software bill of material. And we needed a technology, a company, and a set of people who can really deliver to that. And that's why we acquired that for supply chain security, otherwise known as cicd, security, c >>IDC security. Yeah. So how will that complement PRIs McCloud? >>Yeah, so look, if you look at our history lease over the last four years, we have been wanting to, our mission mission has been to build a single code to cloud platform. As you may know, there are over 3000 security vendors in the industry. And we said enough is enough. We need a platform player who can really deliver a unified cohesive platform solution for our customers because they're sick and tired of buying PI point product. So our mission has been to deliver that code to cloud platform supply chain security was a missing piece and we acquired them, it fits right really nicely into our portfolio of products and solution that customers have. And they'll have a single pin of glass with this. >>Yeah. So there's a lot going on. You've got, you've got an adversary that is incredibly capable. Yeah. These days and highly motivated and extremely sophisticated mentioned supply chain. It's caused a shift in, in CSO strategies, talking about the pandemic, of course we know work from home that changed things. You've mentioned public policy. Yeah. And, and so, and as well you have the cloud, cloud, you know, relatively new. I mean, it's not that new, but still. Yeah. But you've got the shared responsibility model and not, not only do you have the shared responsibility model, you have the shared responsibility across clouds and OnPrem. So yes, the cloud helps with security, but that the CISO has to worry about all these other things. The, the app dev team is being asked to shift left, you know, secure and they're not security pros. Yeah. And you know, kind audit is like the last line of defense. So I love this event, I love the cloud, but customers need help in making their lives simpler. Yeah. And the cloud in and of itself, because, you know, shared responsibility doesn't do that. Yeah. That's what Palo Alto and firms like yours come in. >>Absolutely. So look, Jim, this is a unable situation for a lot of the Cisco, simply because there are over 26 million developers, less than 3 million security professional. If you just look at all the announcement the AWS made, I bet you there were like probably over 2000 features. Yeah. I mean, they're shipping faster than ever before. Developers are moving really, really fast and just not enough security people to keep up with the velocity and the innovation. So you are right, while AWS will guarantee securing the infrastructure layer, but everything that is built on top of it, the new machine learning stuff, the new application, the new supply chain applications that are developed, that's the responsibility of the ciso. They stay up at night, they don't know what's going on because developers are bringing new services and new technology. And that's why, you know, we've always taken a platform approach where customers and the systems don't have to worry about it. >>What AWS new service they have, it's covered, it's secured. And that's why the adopters, McCloud and Palo Alto Networks, because regardless what developers bring, security is always there by their side. And so security teams need just a simple one click solution. They don't have to worry about it. They can sleep at night, keep the bad actors away. And, and that's, that's where Palo Alto Networks has been innovating in this area. AWS is one of our biggest partners and you know, we've integrated with, with a lot of their services. We launch about three integrations with their services. And we've been doing this historically for more and >>More. Are you still having conversations with the security folks? Or because security is a board level conversation, are your conversations going up a stack because this is a C-suite problem, this is a board level initiative? >>Absolutely. Look, you know, there was a time about four years ago, like the best we could do is director of security. Now it's just so CEO level conversation, board level conversation to your point, simply because I mean, if, if all your financial stuff is going to public cloud, all your healthcare data, all your supply chain data is going to public cloud, the board is asking very simple question, what are you doing to secure that? And to be honest, the question is simple. The answer's not because all the stuff that we talked about, too many applications, lots and lots of different services, different threat vectors and the bad actors, the bad guys are always a step ahead of the curve. And that's why this has become a board level conversation. They wanna make sure that things are secure from the get go before, you know, the enterprises go too deep into public cloud adoption. >>I mean there, there was shift topics a little bit. There was hope or kinda early this year that that cyber was somewhat insulated from the sort of macro press pressures. Nobody's safe. Even the cloud is sort of, you know, facing those, those headwinds people optimizing costs. But one thing when you talk to customers is, I always like to talk about that, that optiv graph. We've all seen it, right? And it's just this eye test of tools and it's a beautiful taxonomy, but there's just too many tools. So we're seeing a shift from point tools to platforms because obviously a platform play, and that's a way. So what are you seeing in the, in the field with customers trying to optimize their infrastructure costs with regard to consolidating to >>Platforms? Yeah. Look, you rightly pointed out one thing, the cybersecurity industry in general and Palo Alto networks, knock on wood, the stocks doing well. The macro headwinds hasn't impacted the security spend so far, right? Like time will tell, we'll, we'll see how things go. And one of the primary reason is that when you know the economy starts to slow down, the customers again want to invest in platforms. It's simple to deploy, simple to operationalize. They want a security partner of choice that knows that they, it's gonna be by them through the entire journey from code to cloud. And so that's why platform, especially times like these are more important than they've ever been before. You know, customers are investing in the, the, the product I lead at Palo Alto network called Prisma Cloud. It's in the cloud network application protection platform seen app space where once again, customers that investing in platform from quote to cloud and avoiding all the point products for sure. >>Yeah. Yeah. And you've seen it in, in Palo Alto's performance. I mean, not every cyber firm has is, is, >>You know, I know. Ouch. CrowdStrike Yeah. >>Was not. Well you saw that. I mean, and it was, and and you know, the large customers were continuing to spend, it was the small and mid-size businesses Yeah. That were, were were a little bit soft. Yeah. You know, it's a really, it's really, I mean, you see Okta now, you know, after they had some troubles announcing that, you know, their, their, their visibility's a little bit better. So it's, it's very hard to predict right now. And of course if TOMA Brava is buying you, then your stock price has been up and steady. That's, >>Yeah. Look, I think the key is to have a diversified portfolio of products. Four years ago before our CEO cash took over the reins of the company, we were a single product X firewall company. Right. And over time we have added XDR with the first one to introduce that recently launched x Im, you know, to, to make sure we build an NextGen team, cloud security is a completely net new investment, zero trust with access as workers started working remotely and they needed to make sure enterprises needed to make sure that they're accessing the applications securely. So we've added a lot of portfolio products over time. So you have to remain incredibly diversified, stay strong, because there will be stuff like remote work that slowed down. But if you've got other portfolio product like cloud security, while those secular tailwinds continue to grow, I mean, look how fast AWS is growing. 35, 40%, like $80 billion run rate. Crazy at that, that scale. So luckily we've got the portfolio of products to ensure that regardless of what the customer's journey is, macro headwinds are, we've got portfolio of solutions to help our customers. >>Talk a little bit about the AWS partnership. You talked about the run rate and I was reading a few days ago. You're right. It's an 82 billion arr, massive run rate. It's crazy. Well, what are, what is a Palo Alto Networks doing with aws and what's the value in it to help your customers on a secure digital transformation journey? >>Well, absolutely. We have been doing business with aws. We've been one of their security partners of choice for many years now. We have a presence in the marketplace where customers can through one click deploy the, the several Palo Alto Networks security solutions. So that's available. Like I said, we had launch partner to many, many new products and innovation that AWS comes up with. But always the day one partner, Adam was talking about some of those announcements and his keynote security data lake was one of those. And they were like a bunch of others related to compute and others. So we have been a partner for a long time, and look, AWS is an incredibly customer obsessed company. They've got their own security products. But if the customer says like, Hey, like I'd like to pick this from yours, but there's three other things from Palo Alto Networks or S MacCloud or whatever else that may be, they're open to it. And that's the great thing about AWS where it doesn't have to be wall garden open ecosystem, let the customer pick the best. >>And, and that's, I mean, there's, there's examples where AWS is directly competitive. I mean, my favorite example is Redshift and Snowflake. I mean those are directly competitive products, but, but Snowflake is an unbelievably great relationship with aws. They do cyber's, I think different, I mean, yeah, you got guard duty and you got some other stuff there. But generally speaking, the, correct me if I'm wrong, the e the ecosystem has more room to play on AWS than it may on some other clouds. >>A hundred percent. Yeah. Once again, you know, guard duty for examples, we've got a lot of customers who use guard duty and Prisma Cloud and other Palo Alto Networks products. And we also ingest the data from guard duty. So if customers want a single pane of glass, they can use the best of AWS in terms of guard duty threat detection, but leverage other technology suite from, you know, a platform provider like Palo Alto Networks. So you know, that that, you know, look, world is a complicated place. Some like blue, some like red, whatever that may be. But we believe in giving customers that choice, just like AWS customers want that. Not a >>Problem. And at least today they're not like directly, you know, in your space. Yeah. You know, and even if they were, you've got such a much mature stack. Absolutely. And my, my frankly Microsoft's different, right? I mean, you see, I mean even the analysts were saying that some of the CrowdStrike's troubles for, cuz Microsoft's got the good enough, right? So >>Yeah. Endpoint security. Yeah. And >>Yeah, for sure. So >>Do you have a favorite example of a customer where Palo Alto Networks has really helped them come in and, and enable that secure business transformation? Anything come to mind that you think really shines a light on Palo Alto Networks and what it's able to do? >>Yeah, look, we have customers across, and I'm gonna speak to public cloud in general, right? Like Palo Alto has over 60,000 customers. So we've been helping with that business transformation for years now. But because it's reinvented aws, the Prisma cloud product has been helping customers across different industry verticals. Some of the largest credit card processing companies, they can process transactions because we are running security on top of the workloads, the biggest financial services, biggest healthcare customers. They're able to put the patient health records in public cloud because Palo Alto Networks is helping them get there. So we are helping accelerated that digital journey. We've been an enabler. Security is often perceived as a blocker, but we have always treated our role as enabler. How can we get developers and enterprises to move as fast as possible? And like, my favorite thing is that, you know, moving fast and going digital is not a monopoly of just a tech company. Every company is gonna be a tech company Oh absolutely. To public cloud. Yes. And we want to help them get there. Yeah. >>So the other thing too, I mean, I'll just give you some data. I love data. I have a, ETR is our survey partner and I'm looking at Data 395. They do a survey every quarter, 1,250 respondents on this survey. 395 were Palo Alto customers, fortune 500 s and P 500, you know, big global 2000 companies as well. Some small companies. Single digit churn. Yeah. Okay. Yeah. Very, very low replacement >>Rates. Absolutely. >>And still high single digit new adoption. Yeah. Right. So you've got that tailwind going for you. Yeah, >>Right. It's, it's sticky because especially our, our main business firewall, once you deploy the firewall, we are inspecting all the network traffic. It's just so hard to rip and replace. Customers are getting value every second, every minute because we are thwarting attacks from public cloud. And look, we, we, we provide solutions not just product, we just don't leave the product and ask the customers to deploy it. We help them with deployment consumption of the product. And we've been really fortunate with that kind of gross dollar and netten rate for our customers. >>Now, before we wrap, I gotta tease, the cube is gonna be at Palo Alto Ignite. Yeah. In two weeks back here. I think we're at D mgm, right? We >>Were at D MGM December 13th and >>14th. So give us a little, show us a little leg if you would. What could we expect? >>Hey, look, I mean, a lot of exciting new things coming. Obviously I can't talk about it right now. The PR Inc is still not dry yet. But lots of, lots of new innovation across our three main businesses. Network security, public cloud, security, as well as XDR X. Im so stay tuned. You know, you'll, you'll see a lot of new exciting things coming up. >>Looking forward to it. >>We are looking forward to it. Last question on curf. You, if you had a billboard to place in New York Times Square. Yeah. You're gonna take over the the the Times Square Nasdaq. What does the billboard say about why organizations should be working with Palo Alto Networks? Yeah. To really embed security into their dna. Yeah. >>You know when Jim said Palo Alto Networks is the gold standard for security, I thought it was gonna steal it. I think it's pretty good gold standard for security. But I'm gonna go with our mission cyber security partner's choice. We want to be known as that and that's who we are. >>Beautifully said. Walker, thank you so much for joining David in the program. We really appreciate your insights, your time. We look forward to seeing you in a couple weeks back here in Vegas. >>Absolutely. Can't have enough of Vegas. Thank you. Lisa. >>Can't have in Vegas, >>I dunno about that. By this time of the year, I think we can have had enough of Vegas, but we're gonna be able to see you on the cubes coverage, which you could catch up. Palo Alto Networks show Ignite December, I believe 13th and 14th on the cube.net. We want to thank Anker Shaw for joining us. For Dave Ante, this is Lisa Martin. You're watching the Cube, the leader in live enterprise and emerging tech coverage.

>>Set restaurants. And who says TEUs had got a little ass more skin in the game for us, in charge of his destiny? You guys are excited. Robert Worship is Chief Alumni. >>My name is Dave Ante, and I'm a long time industry analyst. So when you're as old as I am, you've seen a lot of transitions. Everybody talks about industry cycles and waves. I've seen many, many waves. Met a lot of industry executives and of a little bit of a, an industry historian. When you interview many thousands of people, probably five or 6,000 people as I have over the last half of a decade, you get to interact with a lot of people's knowledge and you begin to develop patterns. And so that's sort of what I bring is, is an ability to catalyze the conversation and, you know, share that knowledge with others in the community. Our philosophy is everybody's expert at something. Everybody's passionate about something and has real deep knowledge about that's something well, we wanna focus in on that area and extract that knowledge and share it with our communities. This is Dave Ante. Thanks for watching the Cube. >>Hello everyone and welcome back to the Cube where we are streaming live this week from CubeCon. I am Savannah Peterson and I am joined by an absolutely stellar lineup of cube brilliance this afternoon. To my left, a familiar face, Lisa Martin. Lisa, how you feeling? End of day two. >>Excellent. It was so much fun today. The buzz started yesterday, the momentum, the swell, and we only heard even more greatness today. >>Yeah, yeah, abs, absolutely. You know, I, I sometimes think we've hit an energy cliff, but it feels like the energy is just >>Continuous. Well, I think we're gonna, we're gonna slide right into tomorrow. >>Yeah, me too. I love it. And we've got two fantastic analysts with us today, Sarge and Keith. Thank you both for joining us. We feel so lucky today. >>Great being back on. >>Thanks for having us. Yeah, Yeah. It's nice to have you back on the show. We were, had you yesterday, but I miss hosting with you. It's been a while. >>It has been a while. We haven't done anything in since, Since pre >>Pandemic, right? Yeah, I think you're >>Right. Four times there >>Be four times back in the day. >>We, I always enjoy whole thing, Lisa, cuz she's so well prepared. I don't have to do any research when I come >>Home. >>Lisa will bring up some, Oh, sorry. Jeep, I see that in 2008 you won this award for Yeah. Being just excellent and I, I'm like, Oh >>Yeah. All right Keith. So, >>So did you do his analysis? >>Yeah, it's all done. Yeah. Great. He only part, he's not sitting next to me too. We can't see it, so it's gonna be like a magic crystal bell. Right. So a lot of people here. You got some stats in terms of the attendees compared >>To last year? Yeah, Priyanka told us we were double last year up to 8,000. We also got the scoop earlier that 2023 is gonna be in Chicago, which is very exciting. >>Oh, that is, is nice. Yeah, >>We got to break that here. >>Excellent. Keith, talk to us about what some of the things are that you've seen the last couple of days. The momentum. What's the vibe? I saw your tweet about the top three things you were being asked. Kubernetes was not one of them. >>Kubernetes were, was not one of 'em. This conference is starting to, it, it still feels very different than a vendor conference. The keynote is kind of, you know, kind of all over the place talking about projects, but the hallway track has been, you know, I've, this is maybe my fifth or sixth CU con in person. And the hallway track is different. It's less about projects and more about how, how do we adjust to the enterprise? How do we Yes. Actually do enterprise things. And it has been amazing watching this community grow. I'm gonna say grow up and mature. Yes. You know, you know, they're not wearing ties yet, but they are definitely understanding kind of the, the friction of implementing new technology in, in an enterprise. >>Yeah. So ge what's your, what's been your take, We were with you yesterday. What's been the take today to take aways? >>NOMA has changed since yesterday, but a few things I think I, I missed talking about that yesterday were that, first of all, let's just talk about Amazon. Amazon earnings came out, it spooked the market and I think it's relevant in this context as well, because they're number one cloud provider. Yeah. And all, I mean, almost all of these technologies on the back of us here, they are related to cloud, right? So it will have some impact on these. Like we have to analyze that. Like will it make the open source go faster or slower in, in lieu of the fact that the, the cloud growth is slowing. Right? So that's, that's one thing that's put that's put that aside. I've been thinking about the, the future of Kubernetes. What is the future of Kubernetes? And in that context, I was thinking like, you know, I think in, when I put a pointer there, I think in tangents, like, what else is around this thing? So I think CN CNCF has been writing the success of Kubernetes. They are, that was their number one flagship project, if you will. And it was mature enough to stand on its own. It it was Google, it's Google's Borg dub da Kubernetes. It's a genericized version of that. Right? So folks who do tech deep down, they know that, Right. So I think it's easier to stand with a solid, you know, project. But when the newer projects come in, then your medal will get tested at cncf. Right. >>And cncf, I mean they've got over 140 projects Yeah. Right now. So there's definitely much beyond >>Kubernetes. Yeah. So they, I have numbers there. 18 graduated, right, 37 in incubation and then 81 in Sandbox stage. They have three stages, right. So it's, they have a lot to chew on and the more they take on, the less, you know, quality you get goes into it. Who is, who's putting the money behind it? Which vendors are sponsoring like cncf, like how they're getting funded up. I think it >>Something I pay attention to as well. Yeah. Yeah. Lisa, I know you've got >>Some insight. Those are the things I was thinking about today. >>I gotta ask you, what's your take on what Keith said? Are you also seeing the maturation of the enterprise here at at coupon? >>Yes, I am actually, when you say enterprise versus what's the other side? Startups, right? Yeah. So startups start using open source a lot more earlier or lot more than enterprises. The enterprise is what they need. Number one thing is the, for their production workloads, they want a vendor sporting them. I said that yesterday as well, right? So it depend depending on the size of the enterprise. If you're a big shop, definitely if you have one of the 500 or Fortune five hundreds and your tech savvy shop, then you can absorb the open source directly coming from the open source sort of universe right. Coming to you. But if you are the second tier of enterprise, you want to go to a provider which is managed service provider, or it can be cloud service provider in this case. Yep. Most of the cloud service providers have multiple versions of Kubernetes, for example. >>I'm not talking about Kubernetes only, but like, but that is one example, right? So at Amazon you can get five different flavors of Kubernetes, right? Fully manage, have, manage all kind of stuff. So people don't have bandwidth to manage that stuff locally. You have to patch it, you have to roll in the new, you know, updates and all that stuff. Like, it's a lot of work for many. So CNCF actually is formed for that reason. Like the, the charter is to bring the quality to open source. Like in other companies they have the release process and they, the stringent guidelines and QA and all that stuff. So is is something ready for production? That's the question when it comes to any software, right? So they do that kind of work and, and, and they have these buckets defined at high level, but it needs more >>Work. Yeah. So one of the things that, you know, kind of stood out to me, I have good friend in the community, Alex Ellis, who does open Fast. It's a serverless platform, great platform. Two years ago or in 2019, there was a serverless day date. And in serverless day you had K Native, you had Open Pass, you had Ws, which is supported by IBM completely, not CNCF platforms. K native came into the CNCF full when Google donated the project a few months ago or a couple of years ago, now all of a sudden there's a K native day. Yes. Not a serverless day, it's a K native day. And I asked the, the CNCF event folks like, what happened to Serverless Day? I missed having open at serverless day. And you know, they, they came out and said, you know what, K native got big enough. >>They came in and I think Red Hat and Google wanted to sponsor a K native day. So serverless day went away. So I think what what I'm interested in and over the next couple of years is, is they're gonna be pushback from the C against the cncf. Is the CNCF now too big? Is it now the gatekeeper for do I have to be one of those 147 projects, right? In order enough to get my project noticed the open, fast, great project. I don't think Al Alex has any desire to have his project hosted by cncf, but it probably deserves, you know, shoulder left recognition with that. So I'm pushing to happen to say, okay, if this is open community, this is open source. If CNC is the place to have the cloud native conversation, what about the projects that's not cncf? Like how do we have that conversation when we don't have the power of a Google right. Or a, or a Lenox, et cetera, or a Lenox Foundation. So GE what, >>What are your thoughts on that? Is, is CNC too big? >>I don't think it's too big. I think it's too small to handle the, what we are doing in open source, right? So it's a bottle. It can become a bottleneck. Okay. I think too big in a way that yeah, it has, it has, it has power from that point of view. It has that cloud, if you will. The people listen to it. If it's CNCF project or this must be good, it's like in, in incubators. Like if you are y white Combinator, you know, company, it must be good. You know, I mean, may not be >>True, but, >>Oh, I think there's a bold assumption there though. I mean, I think everyone's just trying to do the best they can. And when we're evaluating projects, a very different origin and background, it's incredibly hard. Very c and staff is a staff of 30 people. They've got 180,000 people that are contributing to these projects and a thousand maintainers that they're trying to uphold. I think the challenge is actually really great. And to me, I actually look at events as an illustration of, you know, what's the culture and the health of an organization. If I were to evaluate CNCF based on that, I'd say we're very healthy right now. I would say that we're in a good spot. There's a lot of momentum. >>Yeah. I, I think CNCF is very healthy. I'm, I'm appreciative for it being here. I love coupon. It's becoming the, the facto conference to have this conversation has >>A totally >>Different vibe to other, It's a totally different vibe. Yeah. There needs to be a conduit and truth be told, enterprise buyers, to subject's point, this is something that we do absolutely agree on, on enterprise buyers. We want someone to pick winners and losers. We do, we, we don't want a box of Lego dumped on our, the middle of our table. We want somebody to have sorted that out. So while there may be five or six different service mesh solutions, at least the cncf, I can go there and say, Oh, I'll pick between the three or four that are most popular. And it, it's a place to curate. But I think with that curation comes the other side of it. Of how do we, how, you know, without the big corporate sponsor, how do I get my project pushed up? Right? Elevated. Elevated, Yep. And, and put onto the show floor. You know, another way that projects get noticed is that startups will adopt them, Push them. They may not even be, I don't, my CNCF project may not, my product may not even be based on the CNCF product. But the new stack has a booth, Ford has a booth. Nothing to do with a individual prod up, but promoting open source. What happens when you're not sponsored? >>I gotta ask you guys, what do you disagree on? >>Oh, so what, what do we disagree on? So I'm of the mindset, I can, I can say this, I I believe hybrid infrastructure is the future of it. Bar none. If I built my infrastructure, if I built my application in the cloud 10 years ago and I'm still building net new applications, I have stuff that I built 10 years ago that looks a lot like on-prem, what do I do with it? I can't modernize it cuz I don't have the developers to do it. I need to stick that somewhere. And where I'm going to stick that at is probably a hybrid infrastructure. So colo, I'm not gonna go back to the data center, but I'm, I'm gonna look, pick up something that looks very much like the data center and I'm saying embrace that it's the future. And if you're Boeing and you have, and Boeing is a member, cncf, that's a whole nother topic. If you have as 400 s, hpu X, et cetera, stick that stuff. Colo, build new stuff, but, and, and continue to support OpenStack, et cetera, et cetera. Because that's the future. Hybrid is the future. >>And sub g agree, disagree. >>I okay. Hybrid. Nobody can deny that the hybrid is the reality, not the future. It's a reality right now. It's, it's a necessity right now you can't do without it. Right. And okay, hybrid is very relative term. You can be like 10% here, 90% still hybrid, right? So the data center is shrinking and it will keep shrinking. Right? And >>So if by whole is the data center shrinking? >>This is where >>Quick one quick getting guys for it. How is growing by a clip? Yeah, but there's no data supporting. David Lym just came out for a report I think last year that showed that the data center is holding steady, holding steady, not growing, but not shrinking. >>Who sponsored that study? Wait, hold on. So the, that's a question, right? So more than 1 million data centers have been closed. I have, I can dig that through number through somebody like some organizations we published that maybe they're cloud, you know, people only. So the, when you get these kind of statements like it, it can be very skewed statements, right. But if you have seen the, the scene out there, which you have, I know, but I have also seen a lot of data centers walk the floor of, you know, a hundred thousand servers in a data center. I cannot imagine us consuming the infrastructure the way we were going into the future of co Okay. With, with one caveat actually. I am not big fan of like broad strokes. Like make a blanket statement. Oh no, data center's dead. Or if you are, >>That's how you get those esty headlines now. Yeah, I know. >>I'm all about to >>Put a stake in the ground. >>Actually. The, I think that you get more intelligence from the new end, right? A small little details if you will. If you're golden gold manak or Bank of America, you have so many data centers and you will still have data centers because performance matters to you, right? Your late latency matters for applications. But if you are even a Fortune 500 company on the lower end and or a healthcare vertical, right? That your situation is different. If you are a high, you know, growth startup, your situation is different, right? You will be a hundred percent cloud. So cloud gives you velocity, the, the, the pace of change, the pace of experimentation that actually you are buying innovation through cloud. It's proxy for innovation. And that's how I see it. But if you have, if you're stuck with older applications, I totally understand. >>Yeah. So the >>We need that OnPrem. Yeah, >>Well I think the, the bring your fuel sober, what we agree is that cloud is the place where innovation happens. Okay? At some point innovation becomes legacy debt and you have thus hybrid, you are not going to keep your old applications up to date forever. The, the, the math just doesn't add up. And where I differ in opinion is that not everyone needs innovation to keep moving. They need innovation for a period of time and then they need steady state. So Sergeant, we >>Argue about this. I have a, I >>Love this debate though. I say it's efficiency and stability also plays an important role. I see exactly what you're talking about. No, it's >>Great. I have a counter to that. Let me tell you >>Why. Let's >>Hear it. Because if you look at the storage only, right? Just storage. Just take storage computer network for, for a minute. There three cost reps in, in infrastructure, right? So storage earlier, early on there was one tier of storage. You say pay the same price, then now there are like five storage tiers, right? What I'm trying to say is the market sets the price, the market will tell you where this whole thing will go, but I know their margins are high in cloud, 20 plus percent and margin will shrink as, as we go forward. That means the, the cloud will become cheaper relative to on-prem. It, it, in some cases it's already cheaper. But even if it's a stable workload, even in that case, we will have a lower tier of service. I mean, you, you can't argue with me that the cloud versus your data center, they are on the same tier of services. Like cloud is a better, you know, product than your data center. Hands off. >>I love it. We, we are gonna relish in the debates between the two of you. Mic drops. The energy is great. I love it. Perspective. It's not like any of us can quite see through the crystal ball that we have very informed opinions, which is super exciting. Yeah. Lisa, any last thoughts today? >>Just love, I love the debate as well. That, and that's, that's part of what being in this community is all about. So sharing about, sharing opinions, expressing opinions. That's how it grows. That's how, that's how we innovate. Yeah. Obviously we need the cloud, but that's how we innovate. That's how we grow. Yeah. And we've seen that demonstrated the last couple days and I and your, your takes here on the Cuban on Twitter. Brilliant. >>Thank you. I absolutely love it. I'm gonna close this out with a really important analysis on the swag of the show. Yes. And if you know, yesterday we were looking at what is the weirdest swag or most unique swag We had that bucket hat that took the grand prize. Today we're gonna focus on something that's actually quite cool. A lot of the vendors here have really dedicated their swag to being local to Detroit. Very specific in their sourcing. Sonotype here has COOs. They're beautiful. You can't quite feel this flannel, but it's very legit hand sound here in Michigan. I can't say that I've been to too many conferences, if any, where there was this kind of commitment to localizing and sourcing swag from around the corner. We also see this with the Intel booth. They've got screen printers out here doing custom hoodies on spot. >>Oh fun. They're even like appropriately sized. They had local artists do these designs and if you're like me and you care about what's on your wrist, you're familiar with Shinola. This is one of my favorite swags that's available. There is a contest. Oh going on. Hello here. Yeah, so if you are Atan, make sure that you go and check this out. The we, I talked about this on the show. We've had the founder on the show or the CEO and yeah, I mean Shine is just full of class as since we are in Detroit as well. One of the fun themes is cars. >>Yes. >>And Storm Forge, who are also on the show, is actually giving away an Aston Martin, which is very exciting. Not exactly manufactured in Detroit. However, still very cool on the car front and >>The double oh seven version named the best I >>Know in the sixties. It's love it. It's very cool. Two quick last things. We talk about it a lot on the show. Every company now wants to be a software company. Yep. On that vein, and keeping up with my hat theme, the Home Depot is here because they want everybody to know that they in fact are a technology company, which is very cool. They have over 500,000 employees. You can imagine there's a lot of technology that has to go into keeping Napa. Absolutely. Yep. Wild to think about. And then last, but not at least very quick, rapid fire, best t-shirt contest. If you've ever ran to one of these events, there are a ton of T-shirts out there. I rate them on two things. Wittiest line and softness. If you combine the two, you'll really be our grand champion for the year. I'm just gonna hold these up and set them down for your laughs. Not afraid to commit, which is pretty great. This is another one designed by locals here. Detroit Code City. Oh, love it. This one made me chuckle the most. Kiss my cash. >>Oh, that's >>Good. These are also really nice and soft, which is fantastic. Also high on the softness category is this Op Sarah one. I also like their bird logo. These guys, there's just, you know, just real nice touch. So unfortunately, if you have the fumble, you're not here with us, live in Detroit. At least you're gonna get taste of the swag. I taste of the stories and some smiles hear from those of us on the cube. Thank you both so much for being here with us. Lisa, thanks for another fabulous day. Got it, girl. My name's Savannah Peterson. Thank you for joining us from Detroit. We're the cube and we can't wait to see you tomorrow.

(upbeat music) >> Hey guys, welcome back to the show floor of KubeCon + CloudNativeCon '22 North America from Detroit, Michigan. Lisa Martin here with John Furrier. This is day one, John at theCUBE's coverage. >> CUBE's coverage. >> theCUBE's coverage of KubeCon. Try saying that five times fast. Day one, we have three wall-to-wall days. We've been talking about Kubernetes, containers, adoption, cloud adoption, app modernization all morning. We can't talk about those things without addressing security. >> Yeah, this segment we're going to hear container and Kubernetes security for modern application 'cause the enterprise are moving there. And this segment with Red Hat's going to be important because they are the leader in the enterprise when it comes to open source in Linux. So this is going to be a very fun segment. >> Very fun segment. Two guests from Red Hat join us. Please welcome Doron Caspin, Senior Principal Product Manager at Red Hat. Michael Foster joins us as well, Principal Product Marketing Manager and StackRox Community Lead at Red Hat. Guys, great to have you on the program. >> Thanks for having us. >> Thank you for having us. >> It's awesome. So Michael StackRox acquisition's been about a year. You got some news? >> Yeah, 18 months. >> Unpack that for us. >> It's been 18 months, yeah. So StackRox in 2017, originally we shifted to be the Kubernetes-native security platform. That was our goal, that was our vision. Red Hat obviously saw a lot of powerful, let's say, mission statement in that, and they bought us in 2021. Pre-acquisition we were looking to create a cloud service. Originally we ran on Kubernetes platforms, we had an operator and things like that. Now we are looking to basically bring customers in into our service preview for ACS as a cloud service. That's very exciting. Security conversation is top notch right now. It's an all time high. You can't go with anywhere without talking about security. And specifically in the code, we were talking before we came on camera, the software supply chain is real. It's not just about verification. Where do you guys see the challenges right now? Containers having, even scanning them is not good enough. First of all, you got to scan them and that may not be good enough. Where's the security challenges and where's the opportunity? >> I think a little bit of it is a new way of thinking. The speed of security is actually does make you secure. We want to keep our images up and fresh and updated and we also want to make sure that we're keeping the open source and the different images that we're bringing in secure. Doron, I know you have some things to say about that too. He's been working tirelessly on the cloud service. >> Yeah, I think that one thing, you need to trust your sources. Even if in the open source world, you don't want to copy paste libraries from the web. And most of our customers using third party vendors and getting images from different location, we need to trust our sources and we have a really good, even if you have really good scanning solution, you not always can trust it. You need to have a good solution for that. >> And you guys are having news, you're announcing the Red Hat Advanced Cluster Security Cloud Service. >> Yes. >> What is that? >> So we took StackRox and we took the opportunity to make it as a cloud services so customer can consume the product as a cloud services as a start offering and customer can buy it through for Amazon Marketplace and in the future Azure Marketplace. So customer can use it for the AKS and EKS and AKS and also of course OpenShift. So we are not specifically for OpenShift. We're not just OpenShift. We also provide support for EKS and AKS. So we provided the capability to secure the whole cloud posture. We know customer are not only OpenShift or not only EKS. We have both. We have free cloud or full cloud. So we have open. >> So it's not just OpenShift, it's Kubernetes, environments, all together. >> Doron: All together, yeah. >> Lisa: Meeting customers where they are. >> Yeah, exactly. And we focus on, we are not trying to boil the ocean or solve the whole cloud security posture. We try to solve the Kubernetes security cluster. It's very unique and very need unique solution for that. It's not just added value in our cloud security solution. We think it's something special for Kubernetes and this is what Red that is aiming to. To solve this issue. >> And the ACS platform really doesn't change at all. It's just how they're consuming it. It's a lot quicker in the cloud. Time to value is right there. As soon as you start up a Kubernetes cluster, you can get started with ACS cloud service and get going really quickly. >> I'm going to ask you guys a very simple question, but I heard it in the bar in the lobby last night. Practitioners talking and they were excited about the Red Hat opportunity. They actually asked a question, where do I go and get some free Red Hat to test some Kubernetes out and run helm or whatever. They want to play around. And do you guys have a program for someone to get start for free? >> Yeah, so the cloud service specifically, we're going to service preview. So if people sign up, they'll be able to test it out and give us feedback. That's what we're looking for. >> John: Is that a Sandbox or is that going to be in the cloud? >> They can run it in their own environment. So they can sign up. >> John: Free. >> Doron: Yeah, free. >> For the service preview. All we're asking for is for customer feedback. And I know it's actually getting busy there. It's starting December. So the quicker people are, the better. >> So my friend at the lobby I was talking to, I told you it was free. I gave you the sandbox, but check out your cloud too. >> And we also have the open source version so you can download it and use it. >> Yeah, people want to know how to get involved. I'm getting a lot more folks coming to Red Hat from the open source side that want to get their feet wet. That's been a lot of people rarely interested. That's a real testament to the product leadership. Congratulations. >> Yeah, thank you. >> So what are the key challenges that you have on your roadmap right now? You got the products out there, what's the current stake? Can you scope the adoption? Can you share where we're at? What people are doing specifically and the real challenges? >> I think one of the biggest challenges is talking with customers with a slightly, I don't want to say outdated, but an older approach to security. You hear things like malware pop up and it's like, well, really what we should be doing is keeping things into low and medium vulnerabilities, looking at the configuration, managing risk accordingly. Having disparate security tools or different teams doing various things, it's really hard to get a security picture of what's going on in the cluster. That's some of the biggest challenges that we talk with customers about. >> And in terms of resolving those challenges, you mentioned malware, we talk about ransomware. It's a household word these days. It's no longer, are we going to get hit? It's when? It's what's the severity? It's how often? How are you guys helping customers to dial down some of the risk that's inherent and only growing these days? >> Yeah, risk, it's a tough word to generalize, but our whole goal is to give you as much security information in a way that's consumable so that you can evaluate your risk, set policies, and then enforce them early on in the cluster or early on in the development pipeline so that your developers get the security information they need, hopefully asynchronously. That's the best way to do it. It's nice and quick, but yeah. I don't know if Doron you want to add to that? >> Yeah, so I think, yeah, we know that ransomware, again, it's a big world for everyone and we understand the area of the boundaries where we want to, what we want to protect. And we think it's about policies and where we enforce it. So, and if you can enforce it on, we know that as we discussed before that you can scan the image, but we never know what is in it until you really run it. So one of the thing that we we provide is runtime scanning. So you can scan and you can have policy in runtime. So enforce things in runtime. But even if one image got in a way and get to your cluster and run on somewhere, we can stop it in runtime. >> Yeah. And even with the runtime enforcement, the biggest thing we have to educate customers on is that's the last-ditch effort. We want to get these security controls as early as possible. That's where the value's going to be. So we don't want to be blocking things from getting to staging six weeks after developers have been working on a project. >> I want to get you guys thoughts on developer productivity. Had Docker CEO on earlier and since then I had a couple people messaging me. Love the vision of Docker, but Docker Hub has some legacy and it might not, has does something kind of adoption that some people think it does. Are people moving 'cause there times they want to have these their own places? No one place or maybe there is, or how do you guys see the movement of say Docker Hub to just using containers? I don't need to be Docker Hub. What's the vis-a-vis competition? >> I mean working with open source with Red Hat, you have to meet the developers where they are. If your tool isn't cutting it for developers, they're going to find a new tool and really they're the engine, the growth engine of a lot of these technologies. So again, if Docker, I don't want to speak about Docker or what they're doing specifically, but I know that they pretty much kicked off the container revolution and got this whole thing started. >> A lot of people are using your environment too. We're hearing a lot of uptake on the Red Hat side too. So, this is open source help, it all sorts stuff out in the end, like you said, but you guys are getting a lot of traction there. Can you share what's happening there? >> I think one of the biggest things from a developer experience that I've seen is the universal base image that people are using. I can speak from a security standpoint, it's awesome that you have a base image where you can make one change or one issue and it can impact a lot of different applications. That's one of the big benefits that I see in adoption. >> What are some of the business, I'm curious what some of the business outcomes are. You talked about faster time to value obviously being able to get security shifted left and from a control perspective. but what are some of the, if I'm a business, if I'm a telco or a healthcare organization or a financial organization, what are some of the top line benefits that this can bubble up to impact? >> I mean for me, with those two providers, compliance is a massive one. And just having an overall look at what's going on in your clusters, in your environments so that when audit time comes, you're prepared. You can get through that extremely quickly. And then as well, when something inevitably does happen, you can get a good image of all of like, let's say a Log4Shell happens, you know exactly what clusters are affected. The triage time is a lot quicker. Developers can get back to developing and then yeah, you can get through it. >> One thing that we see that customers compliance is huge. >> Yes. And we don't want to, the old way was that, okay, I will provision a cluster and I will do scans and find things, but I need to do for PCI DSS for example. Today the customer want to provision in advance a PCI DSS cluster. So you need to do the compliance before you provision the cluster and make all the configuration already baked for PCI DSS or HIPAA compliance or FedRAMP. And this is where we try to use our compliance, we have tools for compliance today on OpenShift and other clusters and other distribution, but you can do this in advance before you even provision the cluster. And we also have tools to enforce it after that, after your provision, but you have to do it again before and after to make it more feasible. >> Advanced cluster management and the compliance operator really help with that. That's why OpenShift Platform Plus as a bundle is so popular. Just being able to know that when a cluster gets provision, it's going to be in compliance with whatever the healthcare provider is using. And then you can automatically have ACS as well pop up so you know exactly what applications are running, you know it's in compliance. I mean that's the speed. >> You mentioned the word operator, I get triggering word now for me because operator role is changing significantly on this next wave coming because of the automation. They're operating, but they're also devs too. They're developing and composing. It's almost like a dashboard, Lego blocks. The operator's not just manually racking and stacking like the old days, I'm oversimplifying it, but the new operators running stuff, they got observability, they got coding, their servicing policy. There's a lot going on. There's a lot of knobs. Is it going to get simpler? How do you guys see the org structures changing to fill the gap on what should be a very simple, turn some knobs, operate at scale? >> Well, when StackRox originally got acquired, one of the first things we did was put ACS into an operator and it actually made the application life cycle so much easier. It was very easy in the console to go and say, Hey yeah, I want ACS my cluster, click it. It would get provisioned. New clusters would get provisioned automatically. So underneath it might get more complicated. But in terms of the application lifecycle, operators make things so much easier. >> And of course I saw, I was lucky enough with Lisa to see Project Wisdom in AnsibleFest. You going to say, Hey, Red Hat, spin up the clusters and just magically will be voice activated. Starting to see AI come in. So again, operations operator is got to dev vibe and an SRE vibe, but it's not that direct. Something's happening there. We're trying to put our finger on. What do you guys think is happening? What's the real? What's the action? What's transforming? >> That's a good question. I think in general, things just move to the developers all the time. I mean, we talk about shift left security, everything's always going that way. Developers how they're handing everything. I'm not sure exactly. Doron, do you have any thoughts on that. >> Doron, what's your reaction? You can just, it's okay, say what you want. >> So I spoke with one of our customers yesterday and they say that in the last years, we developed tons of code just to operate their infrastructure. That if developers, so five or six years ago when a developer wanted VM, it will take him a week to get a VM because they need all their approval and someone need to actually provision this VM on VMware. And today they automate all the way end-to-end and it take two minutes to get a VM for developer. So operators are becoming developers as you said, and they develop code and they make the infrastructure as code and infrastructure as operator to make it more easy for the business to run. >> And then also if you add in DataOps, AIOps, DataOps, Security Ops, that's the new IT. It seems to be the new IT is the stuff that's scaling, a lot of data's coming in, you got security. So all that's got to be brought in. How do you guys view that into the equation? >> Oh, I mean you become big generalists. I think there's a reason why those cloud security or cloud professional certificates are becoming so popular. You have to know a lot about all the different applications, be able to code it, automate it, like you said, hopefully everything as code. And then it also makes it easy for security tools to come in and look and examine where the vulnerabilities are when those things are as code. So because you're going and developing all this automation, you do become, let's say a generalist. >> We've been hearing on theCUBE here and we've been hearing the industry, burnout, associated with security professionals and some DataOps because the tsunami of data, tsunami of breaches, a lot of engineers getting called in the middle of the night. So that's not automated. So this got to get solved quickly, scaled up quickly. >> Yes. There's two part question there. I think in terms of the burnout aspect, you better send some love to your security team because they only get called when things get broken and when they're doing a great job you never hear about them. So I think that's one of the things, it's a thankless profession. From the second part, if you have the right tools in place so that when something does hit the fan and does break, then you can make an automated or a specific decision upstream to change that, then things become easy. It's when the tools aren't in place and you have desperate environments so that when a Log4Shell or something like that comes in, you're scrambling trying to figure out what clusters are where and where you're impacted. >> Point of attack, remediate fast. That seems to be the new move. >> Yeah. And you do need to know exactly what's going on in your clusters and how to remediate it quickly, how to get the most impact with one change. >> And that makes sense. The service area is expanding. More things are being pushed. So things will, whether it's a zero day vulnerability or just attack. >> Just mix, yeah. Customer automate their all of things, but it's good and bad. Some customer told us they, I think Spotify lost the whole a full zone because of one mistake of a customer because they automate everything and you make one mistake. >> It scale the failure really. >> Exactly. Scaled the failure really fast. >> That was actually few contact I think four years ago. They talked about it. It was a great learning experience. >> It worked double edge sword there. >> Yeah. So definitely we need to, again, scale automation, test automation way too, you need to hold the drills around data. >> Yeah, you have to know the impact. There's a lot of talk in the security space about what you can and can't automate. And by default when you install ACS, everything is non-enforced. You have to have an admission control. >> How are you guys seeing your customers? Obviously Red Hat's got a great customer base. How are they adopting to the managed service wave that's coming? People are liking the managed services now because they maybe have skills gap issues. So managed service is becoming a big part of the portfolio. What's your guys' take on the managed services piece? >> It's just time to value. You're developing a new application, you need to get it out there quick. If somebody, your competitor gets out there a month before you do, that's a huge market advantage. >> So you care how you got there. >> Exactly. And so we've had so much Kubernetes expertise over the last 10 or so, 10 plus year or well, Kubernetes for seven plus years at Red Hat, that why wouldn't you leverage that knowledge internally so you can get your application. >> Why change your toolchain and your workflows go faster and take advantage of the managed service because it's just about getting from point A to point B. >> Exactly. >> Well, in time to value is, you mentioned that it's not a trivial term, it's not a marketing term. There's a lot of impact that can be made. Organizations that can move faster, that can iterate faster, develop what their customers are looking for so that they have that competitive advantage. It's definitely not something that's trivial. >> Yeah. And working in marketing, whenever you get that new feature out and I can go and chat about it online, it's always awesome. You always get customers interests. >> Pushing new code, being secure. What's next for you guys? What's on the agenda? What's around the corner? We'll see a lot of Red Hat at re:Invent. Obviously your relationship with AWS as strong as a company. Multi-cloud is here. Supercloud as we've been saying. Supercloud is a thing. What's next for you guys? >> So we launch the cloud services and the idea that we will get feedback from customers. We are not going GA. We're not going to sell it for now. We want to get customers, we want to get feedback to make the product as best what we can sell and best we can give for our customers and get feedback. And when we go GA and we start selling this product, we will get the best product in the market. So this is our goal. We want to get the customer in the loop and get as much as feedback as we can. And also we working very closely with our customers, our existing customers to announce the product to add more and more features what the customer needs. It's all about supply chain. I don't like it, but we have to say, it's all about making things more automated and make things more easy for our customer to use to have security in the Kubernetes environment. >> So where can your customers go? Clearly, you've made a big impact on our viewers with your conversation today. Where are they going to be able to go to get their hands on the release? >> So you can find it on online. We have a website to sign up for this program. It's on my blog. We have a blog out there for ACS cloud services. You can just go there, sign up, and we will contact the customer. >> Yeah. And there's another way, if you ever want to get your hands on it and you can do it for free, Open Source StackRox. The product is open source completely. And I would love feedback in Slack channel. It's one of the, we also get a ton of feedback from people who aren't actually paying customers and they contribute upstream. So that's an awesome way to get started. But like you said, you go to, if you search ACS cloud service and service preview. Don't have to be a Red Hat customer. Just if you're running a CNCF compliant Kubernetes version. we'd love to hear from you. >> All open source, all out in the open. >> Yep. >> Getting it available to the customers, the non-customers, they hopefully pending customers. Guys, thank you so much for joining John and me talking about the new release, the evolution of StackRox in the last season of 18 months. Lot of good stuff here. I think you've done a great job of getting the audience excited about what you're releasing. Thank you for your time. >> Thank you. >> Thank you. >> For our guest and for John Furrier, Lisa Martin here in Detroit, KubeCon + CloudNativeCon North America. Coming to you live, we'll be back with our next guest in just a minute. (gentle music)

foreign [Music] to the special presentation of cloud native at scale the cube and Platform 9 special presentation going in and digging into the next generation super cloud infrastructure as code and the future of application development we're here with dick Lee who's the Chief Architect and co-founder of platform nine pick great to see you Cube alumni we we met at openstack event in about eight years ago or later earlier uh when openstack was going great to see you and great congratulations on the success of platform nine thank you very much yeah you guys been at this for a while and this is really the the Year we're seeing the the crossover of kubernetes because of what happens with containers everyone now was realized and you've seen what docker's doing with the new Docker the open source Docker now just the success of containerization and now the kubernetes layer that we've been working on for years is coming bearing fruit this is huge exactly yes and so as infrastructure as code comes in we talked to baskar talking about super cloud I met her about you know the new Arlo our our lawn um you guys just launched the infrastructure's code is going to another level and it's always been devops infrastructure is code that's been the ethos that's been like from day one developers just code I think you saw the rise of serverless and you see now multi-cloud or on the horizon connect the dots for us what is the state of infrastructure as code today so I think I think um I'm glad you mentioned it everybody or most people know about infrastructure as code but with kubernetes I think that project has evolved at the concept even further and these days it's um infrastructure as configuration right so which is an evolution of infrastructure as code so instead of telling the system here's how I want my infrastructure by telling it you know do step a b c and d uh instead with kubernetes you can describe your desired State declaratively using things called manifest resources and then the system kind of magically figures it out and tries to converge the state towards the one that you specify so I think it's it's a even better version of infrastructure as code yeah and that really means it's developer just accessing resources okay that declare okay give me some compute stand me up some turn the lights on turn them off turn them on that's kind of where we see this going and I like the configuration piece some people say composability I mean now with open source so popular you don't have to have to write a lot of code this code being developed and so it's integration it's configuration these are areas that we're starting to see computer science principles around automation machine learning assisting open source because you've got a lot of code that's what you're hearing software supply chain issues so infrastructure as code has to factor in these new Dynamics can you share your opinion on these new dynamics of as open source grows the glue layers the configurations the integration what are the core issues I think one of the major core issues is with all that power comes complexity right so um You know despite its expressive Power Systems like kubernetes and declarative apis let you express a lot of complicated and complex Stacks right but you're dealing with um hundreds if not thousands of these yaml files or resources and so I think you know the emergence of systems and layers to help you manage that complexity is becoming a key Challenge and opportunity in this space I wrote a LinkedIn post today those comments about you know hey Enterprise is the new breed the trend of SAS companies moving uh our consumer consumer-like thinking into the Enterprise has been happening for a long time but now more than ever you're seeing it the old way used to be solve complexity with more complexity and then lock the customer in now with open source it's speed simplification and integration right these are the new Dynam power dynamics for developers so as companies are starting to now deploy and look at kubernetes what are the things that need to be in place because you have some I won't say technical debt but maybe some shortcuts some scripts here that make it look like infrastructure as code people have done some things to simulate or or make infrastructures code happen yes but to do it at scale yes is harder what's your take on this what's your view it's hard because there's a proliferation of of methods tools Technologies so for example today it's a very common for devops and platform engineering tools I mean sorry teams to have to deploy a large number of kubernetes clusters but then apply the applications and configurations on top of those clusters and they're using a wide range of tools to do this right for example maybe ansible or terraform or bash scripts to bring up the infrastructure and then the Clusters and then they may use a different set of tools such as Argo CD or other tools to apply configurations and applications on top of the Clusters so you have this sprawl of tools you also you also have this sprawl of configurations and files because the more objects you're dealing with the more resources you have to manage and there's a risk of drift that people call that where you know you think you have things under control but some people from various teams will make changes here and there and then before the end of the day systems break and you have no idea of tracking them so I think there's real need to kind of unify simplify and try to solve these problems using a smaller more unified set of tools and methodology apologies and that's something that we try to do with this new project Arlon yeah so so we're going to get to our line in a second I want to get to the yr lawn you guys announced that at argocon which was put on here in Silicon Valley at the community meeting by Intuit they had their own little day over their headquarters but before we get there um Bhaskar your CEO came on and he talked about super cloud at our inaugural event what's your definition of super cloud if you had to kind of explain that to someone at a cocktail party or someone in the industry technical how would you look at the super cloud Trend that's emerging has become a thing what's your what would be your contribution to that definition or the narrative well it's it's uh funny because I've actually heard of the term for the first time today speaking to you earlier today but I think based on what you said I I already get kind of some of the the gist and the the main Concepts it seems like uh super cloud the way I interpret that is you know um clouds and infrastructure um programmable infrastructure all of those things are becoming commodity in a way and everyone's got their own flavor but there's a real opportunity for people to solve real business Problems by perhaps trying to abstract away you know all of those various implementations and then building uh um better abstractions that are perhaps business or application specific to help companies and businesses solve real business problems yeah I remember it's a great great definition I remember not to date myself but back in the old days you know IBM had its proprietary Network operating system so the deck for the mini computer vintage deck net and sna respectively um but tcpip came out of the OSI the open systems interconnect and remember ethernet beat token ring out so not to get all nerdy for all the young kids out there look just look up token ring you'll see if I never heard of it it's IBM's you know a connection for the internet at the layer two is Amazon the ethernet right so if TCP could be the kubernetes and containers abstraction that made the industry completely change at that point in history so at every major inflection point where there's been serious industry change and wealth creation and business value there's been an abstraction Yes somewhere yes what's your reaction to that I think um this is um I think a saying that's been heard many times in this industry and I forgot who originated it but um I think the saying goes like there's no problem that can't be solved with another layer of indirection right and we've seen this over and over and over again where Amazon and its peers have inserted this layer that has simplified you know Computing and infrastructure management and I believe this trend is going to continue right the next set of problems are going to be solved with these insertions of additional abstraction layers I think that that's really a yeah it's going to continue it's interesting just when I wrote another post today on LinkedIn called the Silicon Wars AMD stock is down arm has been on the rise we've been reporting for many years now that arm's going to be huge it has become true if you look at the success of the infrastructure as a service layer across the clouds Azure AWS Amazon's clearly way ahead of everybody the stuff that they're doing with the Silicon and the physics and the atoms the pro you know this is where the Innovation they're going so deep and so strong at is the more that they get that gets gone they have more performance so if you're an app developer wouldn't you want the best performance and you'd want to have the best abstraction layer that gives you the most ability to do infrastructures code or infrastructure for configuration for provisioning for managing services and you're seeing that today with service meshes a lot of action going on in the service mesh area in this community of kubecon which we'll be covering so that brings up the whole what's next you guys just announced our lawn at argocon which came out of Intuit we've had Mariana Tesla out our supercloud event she's a CTO you know they're all in the cloud so there contributed that project where did Arlon come from what was the origination what's the purpose why our lawn why this announcement yeah so um the the Inception of the project this was the result of um us realizing that problem that we spoke about earlier which is complexity right with all of this these clouds these infrastructure all the variations around and you know compute storage networks and um the proliferation of tools we talked about the ansibles and terraforms and kubernetes itself you can think of that as another tool right we saw a need to solve that complexity problem and especially for people and users who use kubernetes at scale so when you have you know hundreds of clusters thousands of applications thousands of users spread out over many many locations there there needs to be a system that helps simplify that management right so that means fewer tools more expressive ways of describing the state that you want and more consistency and and that's why um you know we built um Arlon and we built it um recognizing that many of these problems or sub problems have already been solved so Arlon doesn't try to reinvent the wheel it instead rests on the shoulders of several Giants right so for example kubernetes is one building block get Ops and Argo CD is another one which provides a very structured way of applying configuration and then we have projects like cluster API and cross-plane which provide apis for describing infrastructure so Arlon takes all of those building blocks and um builds a thin layer which gives users a very expressive way of defining configuration and desired state so that's that's kind of the Inception and what's the benefit of that what does that give what does that give the developer the user in this case the developers the the platform engineer team members the devops engineers they uh get a ways to provision not just infrastructure and clusters but also applications and configurations they get away a system for provisioning configuring deploying and doing life cycle Management in a in a much simpler way okay especially as I said if you're dealing with a large number of applications so it's like an operating fabric if you will yes for them okay so let's get into what that means for up above and below the the abstraction or thin layer below is the infrastructure we talked a lot about what's going on below that yeah above our workloads at the end of the day and I talked to cxos and um I.T folks that are now devops Engineers they care about the workloads and they want the infrastructure's code to work they want to spend their time getting in the weeds figuring out what happened when someone made a push that that happened or something happened they need observability and they need to to know that it's working that's right and as my workloads running if effectively so how do you guys look at the workload side because now you have multiple workloads on these fabric right so workloads so kubernetes has defined kind of a standard way to describe workloads and you can you know tell kubernetes I want to run this container this particular way or you can use other projects that are in the kubernetes cloud native ecosystem like k-native where you can express your application in more at a higher level right but what's also happening is in addition to the workloads devops and platform engineering teams they need to very often deploy the applications with the Clusters themselves clusters are becoming this commodity it's it's becoming this um host for the application and it kind of comes bundled with it in many cases it's like an appliance right so devops teams have to provision clusters at a really incredible rate and they need to tear them down clusters are becoming more extremely like an ec2 instance spin up a cluster we've heard people used words like that that's right and before Arlon you kind of had to do all of that using a different set of tools as I explained so with our own you can kind of express everything together you can say I want a cluster with a health monitoring stack and a logging stack and this Ingress controller and I want these applications and these security policies you can describe all of that using something we call the profile and then you can stamp out your app your applications and your clusters and manage them in a very essentially standard that creates a mechanism it's standardized declarative kind of configurations and it's like a Playbook you just deploy it now what's this between say a script like I have scripts I can just automate Scripts or yes this is where that um declarative API and um infrastructures configuration comes in right because scripts yes you can automate scripts but the order in which they run matters right they can break things can break in the middle and um and sometimes you need to debug them whereas the declarative way is much more expressive and Powerful you just tell the system what you want and then the system kind of uh figures it out and there are these things called controllers which will in the background reconcile all the state to converge towards your desire to say it's a much more powerful expressive and reliable way of getting things done so infrastructure as configuration is built kind of on it's a superset of infrastructures code because different Evolution you need Edge restaurant's code but then you can configure The Code by just saying do it you're basically declaring and saying go go do that that's right okay so all right so Cloud native at scale take me through your vision of what that means someone says hey what is cloud native at scale mean what's success look like how does it roll out in the future as you that future next couple years I mean people are now starting to figure out okay it's not as easy as it sounds kubernetes has value we're going to hear this year kubecon a lot of this what is cloud native at scale mean yeah there are different interpretations but if you ask me when people think of scale they think of a large number of deployments right geographies many you know supporting thousands or tens or millions of users there's that aspect to scale there's also um an equally important aspect of scale which is also something that we try to address with Arlon and that is just complexity for the people operating this or configuring this right so in order to describe that desired State and in order to perform things like maybe upgrades or updates on a very large scale you want the humans behind that to be able to express and direct the system to do that in in relatively simple terms right and so we want uh the tools and the abstractions and the mechanisms available to the user to be as powerful but as simple as possible so there's I think there's going to be a number and there have been a number of cncf and Cloud native projects that are trying to attack that complexity problem as well and Arlon kind of Falls in in that category okay so I'll put you on the spot where I've got kubecon coming up and obviously this will be shipping this seg series out before what do you expect to see at kubecon issue it's the big story this year what's the what's the most important thing happening is it in the open source community and also within a lot of the the people jockeying for leadership I know there's a lot of projects and still there's some white space on the overall systems map about the different areas get runtime and observability in all these different areas what's the where's the action where's the smoke where's the fire where's the piece where's the tension yeah so uh I think uh one thing that has been happening over the past couple of coupons and I expect to continue and and that is uh the the word on the street is kubernetes getting boring right which is good right or I mean simple well um well maybe yeah invisible no drama right so so the rate of change of the kubernetes features and and all that has slowed but in a positive way um but um there's still a general sentiment and feeling that there's just too much stuff if you look at a stack necessary for uh hosting applications based on kubernetes they're just still too many moving Parts too many uh components right too much complexity I go I keep going back to the complexity problem so I expect kubecon and all the vendors and the players and the startups and the people there to continue to focus on that complexity problem and introduce a further simplifications uh to to the stack yeah Vic you've had a storied career VMware over decades with them uh obviously 12 years for the 14 years or something like that big number co-founder here platform I think it's been around for a while at this game uh we man we'll talk about openstack that project you we interviewed at one of their events so openstack was the beginning of that this new Revolution I remember the early days was it wasn't supposed to be an alternative to Amazon but it was a way to do more cloud cloud native I think we had a Colorado team at that time I mean it's a joke we you know about about the dream it's happening now now at platform nine you guys have been doing this for a while what's the what are you most excited about as the Chief Architect what did you guys double down on what did you guys pivot from or two did you do any pivots did you extend out certain areas because you guys are in a good position right now a lot of DNA in Cloud native um what are you most excited about and what is platform nine bring to the table for customers and for people in the industry watching this yeah so I think our mission really hasn't changed over the years right it's been always about taking complex open source software because open source software it's powerful it solves new problems you know every year and you have new things coming out all the time right openstack was an example within kubernetes took the World by storm but there's always that complexity of you know just configuring it deploying it running it operating it and our mission has always been that we will take all that complexity and just make it you know easy for users to consume regardless of the technology right so the successor to kubernetes you know I don't have a crystal ball but you know you have some indications that people are coming up of new and simpler ways of running applications there are many projects around there who knows what's coming uh next year or the year after that but platform will a Platform 9 will be there and we will you know take the Innovations from the the community we will contribute our own Innovations and make all of those things uh very consumable to customers simpler faster cheaper always a good business model technically to make that happen yeah I think the reigning in the chaos is key you know now we have now visibility into the scale final question before we depart you know this segment um what is that scale how many clusters do you see that would be a high a watermark for an at scale conversation around an Enterprise um is it workloads we're looking at or or clusters how would you yeah how would you describe that and when people try to squint through and evaluate what's a scale what's the at scale kind of threshold yeah and the number of clusters doesn't tell the whole story because clusters can be small in terms of the number of nodes or they can be large but roughly speaking when we say you know large-scale cluster deployments we're talking about um maybe a hundreds uh two thousands yeah and final final question what's the role of the hyperscalers you've got AWS continuing to do well but they got their core I asked they got a pass they're not too too much putting assess out there they have some SAS apps but mostly it's the ecosystem they have marketplaces doing over two billion dollars billions of transactions a year um and and it's just like just sitting there it has really they're now innovating on it but that's going to change ecosystems what's the role the cloud play and the cloud native at scale the the hyperscale yeah Abus Azure Google you mean from a business they have their own interests that you know that they're uh they will keep catering to they they will continue to find ways to lock their users into their ecosystem of uh services and and apis um so I don't think that's going to change right they're just going to keep well they got great uh performance I mean from a from a hardware standpoint yes that's going to be key right yes I think the uh the move from x86 being the dominant away and platform to run workloads is changing right that that that and I think the the hyperscalers really want to be in the game in terms of you know the the new risk and arm ecosystems and platforms yeah that joking aside Paul maritz when he was the CEO of VMware when he took over once said I remember our first year doing the cube the cloud is one big distributed computer it's it's hardware and you've got software and you got middleware and uh he kind of over these kind of tongue-in-cheek but really you're talking about large compute and sets of services that is essentially a distributed computer yes exactly it's we're back in the same game Vic thank you for coming on the segment appreciate your time this is uh Cloud native at scale special presentation with platform nine really unpacking super cloud rlon open source and how to run large-scale applications uh on the cloud cloud native philadelph4 developers and John Furrier with the cube thanks for watching and we'll stay tuned for another great segment coming right up foreign [Music]

>> Male: TheCUBE presents, UIPATH, Forward 5 brought to you by, UIPATH. >> Okay the party has started here at forward 5 UIPATH big customer event if you're watching the cube. We're wrapping up day one with the co-CE0 segment. Daniel Dines is here. He's the founder and Co-CEO of UIPATH and Rob Enslin, is co-CEO. Gents, great to see you. Thanks for spending some time with us. I know you're super busy. >> Thanks Dave. >> So I've been looking forward to this. Daniel you know I've followed the company for a long time. The really interesting path you took, to get to where you are today. How did you guys meet? And why did you decide to hire Rob? >> Male: (laughs) >> Rob: Well let me start. I uh, I was looking for a partner. Actually, in our work to your stand here, we are talking about how, how you feel in this job. You feel so alone. Because you are the center of all pressure points. And having a partner, having someone that has your back, it's kind of awesome. So I was looking for a partner. And our current friend, Carl Escenbach, he introduced us to each other, and we instantly clicked. And this is the type of job where it's uh either work well or it doesn't. It cannot be anything in the middle. >> Right, okay with Carl, we know Carl well. Awesome operator. Knows the business super well. So Rob, what attracted you to UIPATH? You had a great situation at google. You guys were growing like crazy. Why did you decide to come here? What did you see that attracted you? >> Yeah you know when I, when I went to google, I went to google because I really believed that data and AI was necessary for companies. And business is to be competitive in the future. And we did some great stuff at google cloud in the 3 years. But I knew UIPATH from a couple of years ago when they were mainly a RPA space. And I just felt that there was a place in time when automation was going expand. And as I sat down with Carl a couple of times, spoke to carl. And then I sat down with Daniel, I knew that there was something special with UIPATH, that could be a generational opportunity. Not any for myself but for the company in the future. And then I, you know I got to know Daniel. And at this stage of my career I was like, I'm pretty fussy about what I want to do and what I want and where I want to go. First of all, I want to go to a company that had great product, had a great culture, and I wanted to work with somebody that we could shake the future together and you know, Daniel and I just hit it off from the very first time we met. He got to meet my family, my dogs and we did the whole, we did the whole courting thing before we actually decided this was going to be a good thing for both of us. >> Dave: That's good. >> Rob: Yeah. >> Dave: You got to meet the family. That's very good. >> We just had, John Furrier and I just had, Mohit Aron and Sanjay Poonen into out studio. Cause Mohit, you know, formal google. Long time. And they decided to kind of split duties. Mohit's going into product, he didn't keep his CEO title. He walked. How are you guys splitting you time? What are each of you going to, responsible for? >> Daniel: Well its, its kind of similar. On a day by day operation I, I rely heavily on Rob. We do it together. Strategic decisions about the company's destiny. I'm doing mostly the product these days. Which is a big relief for me. And I think we also split a bit of customers visit. Which is great. I still enjoy meeting customers. I need, customers are food for my cause. >> Dave: (laughs) yeah and your awesome product visionary. You've been there since day one. Now Rob, you said in the key note today that you've seen around about a hundred customers. You've transverse the world. What did you learn from them that informed you? That gave you confidence that the the move to the internet platform, even though you had already started that. >> Male: Yeah. >> But you're really doubling down on that >> Rob: You know when I... >> from a stand point. >> Rob: You know Dave, when you think about it, like I was, I was so impressed that Daniel had the vision to create a platform 3 years ago. >> Dave: Yeah. >> All right. And as we went around the world. As I went around the world, and it was one of the very first things I've seen. I've got to understand how customers see UIPATH, from their advantage point. What are they looking for from us? Why is this company, why doe customers like this company so much? And as I went around the world. I went to Asia a couple, I went to Asia, Australia, Singapore, Japan. I was in Europe twice. We did the trip together. We went to visit customers. And it was very much the same thing. Helps us expand automation faster. And we are so surprise, at the break of your platform. We never knew that. And so it kind of just had, for me, it was conviction. It's like, this walls is the right decision you've made. There's so much opportunity there. And that's, you know that's kind of what I've learned through the last four five months. >> Dave: Now as you know Daniel, I've written a lot about your company. One of the things I've said is that, that start ups, if I can call you that back pre-IPO, typically don't have as much international exposure as UIPATH had. I mean you sort of, you sort of started as an international company and became more US centric. You said, in the, in the key note today, you're talking to Ray Wong about people may don't understand that challenges of FX. Point being, when you convert international dollars into US dollars there are less of them cause the dollars stronger. But still, I've always felt like that international footprint is an advantage. Rob you came from SAP, you know, again European based company. I don't, (stutters), do you regret that? Now? I mean I know it's technical, I'm sure you don't, but talk about that sort of international exposure? Why that's a long term benefit. >> Well, you, first of all, you expand faster. I think we expanded faster than our competition because our global footprint was larger. And we had the courage. Go in Japan, for instance. Everybody told me, it's impossible to make for such a small starter. It's impossible to make a business in Japan. But we didn't believe it. We're just crazy and we went there, and be built a very sizable business in Japan. Fifty-five percent of our revenue, even today, it's outside U.S. Now of course that has a down side. When uh, When the local currencies, you know, are losing the value compared to the dollars, we're impacted. As we go to... to investors, until now, so we are seeing like a (indistinct) in terms of ARI. It's huge. Only because (indistinct) and losing the business in Russia. But it still, it's the strength of our company. Things will come back. And then, you know, the growth engine will re-accelerate again. >> Dave: Yeah but when the dollars weakens that'll be in your favor. Rob I want to pick up on something you said today in your keynote. You went back and started, you know the cycles of ERP and you know, internet, et cetera. I kind of have a love hate with ERP. I have to be honest. >> Male: (laughing) >> But it, but but (chuckles) but if I go back to that. Late eighties nineties, you wouldn't have be able to pick SAP as the winner. And then SAP emerged. You know, very clearly. But the more interesting thing, is that the customers who are implementing ERP well. The practitioners did better than their peers, and dominated their industries. And their stocks went up. Their evaluations went up. Different worlds obviously but, do you see the same thing happening with RPA and automation? What gives you confidence that that's the case? >> I absolutely do see the same thing happening with automation and RPA being a part of, in being a part of that. The reason, the reason I believe that is speed is so critical. (stutters) And if you think about how hard it is for a CIO or a c level executive to consume the technology coming at them, plus all the changes in the world being thrown at them. It's compiling and compiling and compiling. We have an incredible solution, that can help companies. And there comes certain times, the love outcomes to the business. Like no one else gets. And when I see that, I view that as just like the beginning of what's going to happen in the future so, in many ways, and I've said this to many of my friends, it feels like 1992, 1993 to me. And it's interesting because no one really understood then why SAP would be great in 1992 and 93. And they got a couple of things right. They got the eco system right. Their new partners were important. And the knew they needed to drive business outcome for companies, in which they did. And so I feel like we are in a very similar place. Very different technology obviously. And the speed of change now is so dramatic, compared to what it was. And there's very few technology that can provide that level of speed and accomodation to their customers. >> All right, let's talk about priorities. You guys got a lot of work to do and you've, you've laid it out to the financial community. You've got to have profitable growth, because of FX, it part, you've lowered your forecast. But I think there's some conservative in their as well. Um, but you got to do that balance. You've given some guidance on gross margins. Cloud maybe brings that down a little bit. RnD I saw wide range. Thirteen to seventeen percent. I hope you keep spending on RnD. Big fan of that. You know stock buybacks and, RnD if in your position are going to be better. And the product priorities, continue to build that out. But question, let's start with the product. So you've got an on-prem stack and you've got a cloud stack that's emerging, how do you balance those out? How do you do the integration? You've done a great job with the integration. Does it, are you concerned about your ability to continue to work at that speed with two code bases? I wonder if you could address that? >> Daniel: We've become a cloud first company. We deliver all of our products first in the cloud. We've deliver on the two week (indistinct) in the cloud. So that helps us integrate quite fast. I think we made a very good business decision to build our cloud team in Seattle. In Bellevue to be specific. And we have access to great talent that knows how to build serious cloud service. Which is hard to find dollar. And uh, so, and also we, we have, we benef- one of our only benefits was, we have the really good architecture. We have an architecture that work easily on-prem and on the cloud. And even today, our work flow foundation, our local designers, were easy to modernize. So right now we are launching studio weapon. But behind the scene, it's the same workflow engine. Our customers don't have to rewrite anything. It just works. And it does the same to take our own brand product and brand it in the multicloud. So, it's, there is no friction at all. Actually cloud is just helping us accelerate. But we benefit then again of a really solid architectural foundation. >> Daniel: Architecture matters. We've seen that in this industry. We got the B52s rocking out in the background, I love it, but I've got so many questions for you guys. I want to talk about the go to market. Because Rob, it's obviously a strength of yours. You've come in. You've communicated to the street, that you're reshaping the sales floors. Are they lowering the ratios of sales? People, the customers at the high end, mid range as well, using digital. I mean the numbers are one to ten now. At the top. One to maybe fifty at the mid range. Where are you in terms of that journey? You've got to find people, you got to train them, how do you get the productivity out of those guys? Take us through your thinking there? >> Rob: Yeah firstly, I think we have enough resources. Having resources is not an issue. Um, we have an incredible vehicle to acquire customers inside the company. Our digital sales motion, it's probably the best I've seen. And so we have the ability to acquire customers really fast. And we get the first workload in really fast. The challenge is we need to, we need to be able to drive a (indistinct) model and we graduate customs when we acquire them into the direct sales floors. And then direct sales floors, we're not going to go one to thirty, we're talking one to ten for the direct sales floor. And even the high up in the pyramid, we want to have an even denser model than that. And the whole purpose is to drive the time to consumption much quicker, much faster. So we know exactly if we acquire a customer, will they spend? Do they have a (indistinct) spend? On what level do they have a (indistinct) spend? And therefore when we capture them, we can immediately surround them, and put the right resources so we can grow faster. We think this will have a significant impact on the organization. We'll start to implement certain pieces in the next quarter. Um, things like packaging solutions. Putting them in, enabling the sales organization. And buy the beginning of next year, we'll be ready to actually go full board, globally. We already put some pieces in place when I joined. Chris Weber, my chief business officer, did a great job doing some of those pieces. So we're on the journey already. >> Dave: Yeah and even before you guys were public and you weren't publishing your NRR numbers. Our ETR survey partner, we, we always thought you had very low churn. And I think you broke out just yesterday. The, the NRR for overseas vs U.S, U.S I think was 140 plus percent. >> Male: Yeah >> Very very strong. A little, a little less overseas but the churn is still very low. >> Male: Yep. >> Okay so that's super positive. Customer affinity, I was wanted to code these events. I listen to the key notes very carefully, and then interview customers on the cube, and I try to identify, is there alignment there? And I see very strong alignment, I have to say, and strong customer affinity. So that's in your favor. I have, Daniel, I got another question for you on product. What is Symantec automation? What the heck is that? Can you explain that? I don't understand >> Dave, have you seen the demo in my (indistinct)? >> Dave: You know, I had to leave and do interviews, so I, uh, I missed it. >> I think, I think that demo answer complete your question. So in the s-, you know there saying that great, you can not distinguish great technology by magic. I think technology should be simple. And we, we show today, one of the simplest demo that you can imagine. But it's so, such a complex technology behind the scene, that you also can not imagine. So what was demo? We show how one business user, without any technical skills, can build any type of document. Can be a passport, can be an invoice, can be a legal (indistinct), and just go, "I want to copy data from here, and I want to paste data there". Can be a spreadsheet, can be another obligation, and like a human user, without understanding, without having prior knowledge about data, document layout, about screens, screens layouts, nothing, we analyze real time. Document. We discover, we discover the meaning of the information. We analyze the screen. We understand the screen but we understand the meaning of the screen. And we understand how the information in one side relate to the other side. And we just connects the dots and we copy the information and we paste it. A job that you'll do as a human user, maybe three minutes, is done in ten seconds. This is powerful. >> Yeah that is powerful. Thank you for that. I mean, and you take the date, whether it's transaction data or unstructured data and and and bring meaning out of it. That's powerful. Last question and I'll let you guys go. Rob, you got traders, and you've got long term investors. All right traders going to be defensive, today. I get that. Make the case for UIPATH, for long term investors. >> Rob: I think we're going to be a multi-gern- multi-billion company and we're going to be a generational company of our time. And we will define enterprise automation. And it's going to be a long term game and we feel like really strong that we'll be the lead in that game. >> Dave: Guys, thanks so much for coming to the cube. Great show. Always fun at UiPath Forward. Really appreciate your time. Thank you. >> Thanks dave. >> Appreciate it as well. >> Okay wrap it up, day one, we're here tomorrow, first thing, Dave Vellante and Dave Nicholson. Thanks for watching, forward 5, Uipath big customer event, we'll see you tomorrow. (music)

(gentle music) >> Hi everybody, this is Dave Vellante of TheCUBE. This is day two of Fal.Con 2022, CrowdStrike's big customer event. Over 2000 people here, a hundred sessions, a lot of deep security talk. Amol Kulkarni is here. He's the chief product and engineering officer at CrowdStrike, and we're going to get into it. Amol, thanks for coming to theCUBE. >> Great to be here. >> I enjoyed your keynote today. It was very informative. First of all, how's the show going for you? >> It's going fantastic. I mean, first and foremost, like to be having everyone here in person, after three years, that's just out the world, right? So great to meet and a lot of great conversations across the board with customers, partners. It's been fantastic. >> Yeah, so I want to start with Cloud Native, it's kind of your dogma. This whole, the new acronym is CNAP Cloud Native Application Protection Platform. >> Amol: That's right. >> There's a mouthful. What is that? How does it relate to what you guys are doing? >> Yeah, so CNAP is what Gartner has coined as the term for covering entire cloud security. And they have identified various components in it. The first and foremost is the runtime protection, cloud workload protection, as we call it. Second is posture management. That's CSBM cloud security posture management. Third is CIEM, which we announced today. And then the fourth is shift left, kind of Dev SecOps part of cloud security. And all together Gartner coins that as a solution or a suite, if you will, to cover various aspects of cloud security. >> Okay, so shift left and then shield right. You still got to shield right. Is that where network security comes in? Which is not your main focus, but okay. So now it explains... Gartner is an acronym. Now I get it. But the CIEM announcement cloud infrastructure entitlement management. So you're managing identities. Is that right? Explain that in more detail. >> So, yeah, so I mean, as in the on-premise world, but even more exacerbated in the crowd world you have lots and lots of identities, both human identities and service accounts that are accessing cloud services. And lot of the time the rigor is not there in terms of what permissions those identities are provisioned with. So are they over provisioned? Do they have lots of rights that they should not have? Are they able... Are services able to connect to resources that they should not be able to connect to all of that falls under the entitlement management, the identity entitlement management part. And that's where CIEM comes in. So what we said is, we have a great identity security story for on-premise, right? And now we are applying that to understand identities, the entitlements they have, secrets that are lying around, maybe leaked, or just, available for adversaries to exploit in the cloud security world. So taking all of that into account and giving you... Giving customers a snapshot view of one single view to say; these are the identities, these are their permissions, this is where you can trim them down because these are the dependencies that are present across services. And you see something that's not right from a dependency perspective, you can say, okay, this connection doesn't make sense. There's something malicious going on here. So there's a lot that you can do by having that scope of identities. Be very narrowed down. It's a first step in the zero trust journey for the cloud infrastructure. >> So I have to ask you when you now extend this conversation to the edge, and operations technology. Traditionally the infrastructure has been air gapped by, you know, brute force air gap. Don't worry about it. And maybe hasn't had to worry so much about the hygiene. So now as you... as the business drives and forces essentially digital connect... Digital transformation and connectivity >> Connectivity. Yeah. >> I mean, wow, that's a playground for the hackers. >> You absolutely nailed it. So most of these infrastructure was not designed with security in mind, unfortunately, right? As you said, most of it was air-gapped, disconnected. And now everything is getting to be connected because the updates are being pushed rapidly changes are happening. So, and that really, in some sense has changed the environment in which these devices are operating. The operational technology, industrial control. We had the colonial pipeline breach last year. And, that really opened people's eyes like, Hey, nation state adversaries are going to come after critical infrastructure. And that can... That is going to cause impact directly to the end end users, to the citizens. So we have to protect this infrastructure. And that's why we announced discover for IOT as a new module that looks at and understands all the IOT and industrial control systems assets. >> So that didn't require an architectural change though. Right? That was a capability that you introduced with partners. Right? Am I right about that? You don't have to re-architect anything. It's just... Your architecture fits perfectly into those scenarios. >> Absolutely, absolutely. Yeah, yeah, yeah. You actually... While the pace of change is there, architectural change is almost very difficult, because these are very large systems. They are built up over time. It take an industrial control system. The tracing speed is very different from a laptop. So yeah, you can't impose any architectural change. It has to be seamless from what the customers have. >> You were talking, I want to go back to CNAP. You were talking about the protecting the run time. You can do that with an agent. You had said agent... In your keynote. Agentless solutions don't give you runtime security protection. Can you double click on that and just elaborate? >> Yeah, absolutely. So what agentless solutions today are doing they're essentially tapping into APIs from AWS or Azure CloudTrail, for example and looking at misconfigurations. So that is indeed a challenge. So that is one part of the story, but that only gives you a partial view. Let's say that an attacker attacks and uses a existing credential. A legitimate credential to access one of the cloud services. And from there they escalate the privileges and then now start branching off the, the CSP, and the agentless-only solutions will not catch that. Right? So what you need is you, you need this agentless part but you have to couple that with; seeing the activity that's actually happening the living of the land attacks that cannot be caught by the CSP end-piece. So you need a combination of agentless and agent runtime to give that overall protection. >> What's the indicator of attack for a hacker that's living off the land, meaning using your own tools against you. >> That's right. So the indicators of attack are saying accessing services, for example, that are not normally accessed or escalating privileges. So you come in as a normal user, but then suddenly you have admin privileges because you have escalated those privileges, or you are moving laterally very rapidly from one place to another, or spraying across a lot of services in order to do reconnaissance and understand what is out there. So it's almost like looking for what is an abnormal attack path, abnormal behavior compared to what is normal and the good part is cloud. There's a lot that is normal, right? It's fairly constrained. It's not like a end user who is downloading stuff from the internet. And like doing all sorts of things. Cloud services are fairly constrained, so you can profile and you can figure out where there is a drift from the normal. And that's really the indicator of attack. In some sense, from cloud services >> In a previous life I want to change subjects. In a previous life. I spent a lot of time with CIOs. Helping them look at their application portfolio, understanding what to rationalize, what to get rid of, what to invest in, you know, bringing in new projects, cause you know, it's just you never throw a stuff away in IT. >> There is no obsolescence >> Right. So, but they wanted to... Anytime you go through these rationalization exercises change management is everything. And one of the hardest things to do was to map and understand the business impact of all the dependencies across the portfolio. Cause when application A needs this dataset. If you retire it, you're going to... It has ripple effects. And you talked about that in a security context today when you were talking about the asset graph and the threat graphs giving you the ability to understand those dependencies. Can you add some color to that? >> Absolutely. Absolutely. So what we've done with the asset graph; It's a fundamental piece of technology that we've been building now for some time that complements the thread graph. And the asset graph looks at: Assets, identities, applications, and configuration. All of those aspects. And the interconnections between them. So if a user is accessing an application on a server, all those, and in what role, all of that relationship is tied together in the asset graph. So what that does now is, it gives you an ability to say this application connects to this application. And that's the dependency on that port, for example. So you can now build up a dependency map and then the thread graph, what it does, it looks at the continuous activity that's happening. So if you now take the events that are coming into the thread graph and the graphical representation of those, combine it with the asset graph, you get that full dependency map. And now you can start doing that impact analysis that you talked about. Which is... It's an unsolved problem, right? And that's why security as I said in my keynote is most people do not have their security tools enabled to the highest level or they don't have full coverage just because the pace of change is so rapid. They cannot keep up with it. So we want to enable change management, at a rapid pace where businesses and customers can say; we are confident about the change management, about the change we are going to implement. Because we know what the potential impact would be. We can validate, test it in a smaller subset and then roll it out quickly. And that's the journey we are on. Sort of the theme of my talk was to make IT and security friends again. >> Right, you talked about that gap and bringing those two together. You also had a great quote in there; 'The pace of change and securities is insane.' And so this assets graph capability, dependencies and the threat graph, help you manage that accelerating pace of change. Before I forget, I want to ask you about your interview with Girls Who Code. What was that like? Who'd you interview? I unfortunately couldn't see it. I apologize. >> Yeah, fantastic. So, Reshma Saujani she heads Girls Who Code and she first off had a very very powerful talk just from her own own experiences. And essentially, like, what do we need to do to get more women into computer science first, but then within that, into cybersecurity. and what all have they done with Girls Who Code. So very, I mean, we were very touched at the audience was like super into her talk. And then I had a chance to chat with her for a few minutes, ask her a few questions. Just my view was more like, okay. What can we do together? What can CrowdStrike do in our position, in to attract more women? We've done a lot in terms of tailoring our job descriptions to make sure it's more... Remove the biases. Tuning the interview processes to be more welcoming and Reshma gave an example saying; 'Hey, many of these interviews, they start with a baseball discussion.' And I mean, some women may maybe interested in it but may not all maybe. And so is that the right? Is it a gender kind-of affirming or gender neutral kind-of discussion or do you want to have other topics? So a lot of that is about training the interviewers because most of the interviewers are men, unfortunately. That's the mix we have. And it was a great discussion. I mean, just like very practical. She's very much focused on increasing the number of people and increasing the pipeline which is honestly the biggest problem. Because if we have a lot of candidates we would definitely hire them and essentially improve the diversity. And we've done a great job with our intern program, for example, which has helped significantly improve the diversity on our workforce. >> And, but the gap keeps getting bigger in terms of unfulfilled jobs. That leads me to developers as a constituency. Because you guys are building the security cloud. You're on a mission to do that. And to me, if you have a security cloud, it's got to be programmable. You're going to have developers there. You don't... From what I can tell you have a specific developer platform, but it's organic. It's sort of happening out there. What's the strategy around, I mean, the developer today is so critical in terms of implementing a lot of security strategy and putting it into action. They've got to secure the run time. They got to worry about the APIs. They got to secure the PaaS. They got to secure the containers. Right, and so what's your developer strategy. >> Yeah, so within cloud security, enabling developers to implement DevSecOps as a as a philosophy, as a strategy, is critical. And so we, we have a lot of offerings there on the shift-left side, for example, you talked about securing containers. So we have container image assessment where we plug in into the container repositories to check for vulnerabilities and bad configuration in the container images. We then complement that with the runtime side where our agent can protect the container from runtime violations, from breakouts, for example. So it's a combination. It's a full spectrum, right? From the developer building an application, all the way to the end. Second I'd say is, we are a very much an API first company. So all of the things that you can do from a user interface perspective, you can do from APIs what is enable that is a bunch of partners a rich partner ecosystem that is building using those APIs. So the developers within our partners are leveraging those APIs to build very cool applications. And the manifestation of that is CrowdStrike store where essentially we have as Josh mentioned, in his ski-notes, we have a agent cloud architecture that is very rich. And we said, okay, why can't we open that up for partners to enable them to leverage that architecture for their scenarios? So we have a lot of applications that are built on the CrowdStrike store, leveraging our platform, right. Areas that we are not in, for example. >> And here, describe it. Is there a PaaS layer that's purpose-built for CrowdStrike so that developers can build applications? >> That's a great question. So I'll say that we have a beginnings of a PaaS layer. We definitely talked about CrowdStrike store as being passed for cybersecurity but there's a lot more to do. And we are in the process of building up an application platform so that customers can build the applications for their SOC workflow or IT workflow and and Falcon Fusion is a key part of that. So Falcon Fusion is our automation platform built right into the security cloud. And what that enables customers to do is to define... Encode their business process the way they want and leverage the platform the way they want. >> It seems like a logical next step. Because you're going to enable a consistent experience across the board. And fulfill your promise, your brand promise, and the capabilities that you bring. And this ecosystem will explode once you announce that. >> And that's the notion we talk about of being the sales force of security. >> Right, right. Yeah. That's the next step. Amol, thank you so much. I got to run and wrap. We really appreciate you coming on theCUBE. >> Thank you very much. >> Congratulations on your keynote and all the success and great event. >> Appreciate it. Thank you very much for the time and great chatting with you. >> You're very welcome. All right, keep it right there. We'll be back very shortly to wrap up from Fal.Con 2022. This is Dave Vellante for theCUBE. (soft electronic music)

>>Okay. We're back at the area in Las Vegas, Falcon 22. You're watching the cube. My name is Dave Valante. Michael cent is here. He's the chief technology officer at CrowdStrike. Michael. Good to see you. Thanks. Thanks >>For >>Having me. Yeah. So this is your first time I think, on the cube. It is, and, and it's really a pleasure. I've been following you, watching you very closely. You're, you know, quite prominent and, and, you know, very articulate. I loved your keynote talking about what is XDR. I think you guys are gonna do really well in that space, cuz you've got clarity of vision and execution. Talk about some of the announcements that you made this week, particularly interested in, in insight. XDR what's that all about? >>Yeah. So I've been talking about XDR for a while and trying to help push the right narrative. There's a lot of marketing in the industry with XDR. So we've been talking a lot about what it, what it means that the benefit that it provides from a technology perspective, what you need in the architecture. So we firmly believe it's a philosophy and we build all of our technology to work together, but it's bringing in third parties. And that was really a lot of the, the announcements. My keynote was to show everybody the work that we've been doing to bring in data from Zscaler and Proofpoint. And we talked about bringing in data from a whole range of different vendors, firewall vendors, and we've been doing XDR use cases for a long time. So a big part of our strategy is to make security easy. And we've been doing a lot of XDR use cases with our Falcon insight module. So the announcement that I made was to relaunch Falcon insight as insight XDR and it means all of our close to 20,000 customers have access to the product. >>So that gets bundled right in it's like SAS automatically part of the portfolio >>Log off on Friday, come back on Monday and you're good to go. >>And then, and you, you just, you just called out Zscaler and Proofpoint you, I think you also mentioned Palo Alto network, Cisco for net as well. You're pulling in telemetry from, yeah, >>We've got a, we got a long map of, of people that we're integrating with. We talked about Cisco, we talked about for drop and for net, we announced that we're gonna be pulling in telemetry from, from Palo and a range of other vendors, Microsoft and others. And that's what XDR is about. It's about first party and third party integration and making all of the telemetry work together. >>I was talking to George about this yesterday is I think there's a lot of confusion. Sometimes when you have the dogma of cloud native, you know, snowflake, same thing, no, we're not doing OnPrem. This is hybrid. People think that that you're excluding on-prem data, but you're not, you can ingest on-prem data, right? >>We absolutely are not excluding on-prem. We will support and, and secure every workload, whether it's on-prem or in the cloud, whether it's connected to the internet or offline, a lot of the, the indicators of attack and the, and the detection techniques that we have are on the sensor itself. So you don't have to be connected anywhere for that capability to work. You get the benefit when you connect to the cloud of the additional visibility, the additional protection, but the core capabilities on the sensor that we have >>Given that you guys started 11 years ago, plus two days now, and you had that dogma cloud cloud, first cloud cloud, only Nate cloud native. Was there ever a point where you're like, you know, boy, we might be missing some of the market, you know? And, and you, you, you held true to your principles. Two part question. Did you ever question that and by focusing all your resources on cloud, what, what has that given you? >>It's there's been a Eliza focus on having a, a native cloud platform. It's easy to say cloud native. And if you look at a lot of the vendors in the industry today, if you are a, a customer and you ask them, Hey, can you gimme an on-premise product? I'm not gonna buy your product. They've got an on premise product. The problem is when you have two different versions, you end up having compromise. You have to manage two code bases, impact to your engineering team. Their features are different customers. Ultimately are the ones that miss out because if I have the on-prem version or if the cloud version, I may not get the same capability for us, it's been very clear. It's been a laser focus to be a cloud and cloud only from day one. >>You've renamed humo. I gotta stop using humo. I guess it's not called log scale, Falcon, complete log scale. You're bringing together security and observability. Although you're not doing the full spectrum of observability, you're just sort of focusing on, you know, part of it. Can you explain that? >>Yeah. So first of all, we did rebrand and bring the homeo brand closer to a crowd strike by renaming it Falcon log scale. And just to be clear, it's not just the rebranding of the name. We've been spending a lot of time. We made that acquisition in March of, of last year, and we've been doing a lot of work on the technology. We built out long, the Falcon long term retention. We built a whole bunch of capability into the product. So now was the right time to rebrand it as Falcon log scale. And at the same time, we also announced Falcon complete log scale. And it's part of the complete franchise. And that's where customers can get the value and the benefit of log scale, but they don't have to set it up. They don't have to manage it. They leave that to us. >>So you get pretty much involved in, in the, the M and a activity. You talked on stage yesterday about reify and, and what's going on there. You guys got, obviously gotta, still do that. You, but you made investments this week. You announced investments in salt security, the API specialist, and, and also Vanta compliance automation. What's the thinking behind that, you know, explain actually the fund that you guys are sprinkling around as a strategic investor and why those companies. Yeah. >>So there's two, two parts that, that I'm involved in on that part of my team. One is the M and a team. And one is the Falcon fund side of the business. Obviously two very different things. The, the M and a part of CrowdStrike, we're always looking to see for every technology space that we want to get into, you know, what is the best option build by a partner? Sometimes it's built sometimes it's a, it's a hybrid approach of build and partner. Other times we go down the path of M and a, and I was super excited about reify, great company, great technology. And as you said, we made announcements to we're investing as part of the fund into, into van and salt. We, we, we are very blessed. We're very fortunate to have achieved a lot of success in a short period of time. And we think we've got an opportunity to help fledgling companies to help them guide through the process of setting up the company, helping them with engineering principles and guidelines, helping them with the go to market perspective. So the fund is really about that. It's finding the next cybersecurity company working closely together, and it's been a huge success. You had banter and salt on earlier, and there's so much excitement about what they do. >>Yeah. I mean, it's clear, clear, compliment to what you guys are doing. I want to ask you about your lightweight agent. There, there are other firms that say they have a lightweight agent too. You know, what, what makes your lightweight agent so different? So special? >>Yeah. I've never seen a PowerPoint presentation. That's wrong. It's very easy to, to say your lightweight agent is, is, you know, super lightweight. And many times when you look at them, they're, they're not lightweight. They take a lot of effort to install. They need reboots. If you've got security, that's part of the operating system. If you've got security that requires to reboot, you can't go to a bank and say, Hey, you've got a hundred thousand machines. We're gonna install all of this technology, but you've gotta reboot it once, twice, three times. So what ends up happening is you see deployment cycles that go on for 12 months. I've spoken to organizations here this week that said we had budgeted to roll out your product in 18 months because of what we experienced in the past. And we did it in seven weeks. That's a lightweight agent with no reboot. And then you look at the updates. You look at the CPU resource utilization. So again, very easy to say lightweight. I haven't seen anything like what we've built at crowd strike. >>How do you keep an agent lightweight when you're both acquiring in companies and adding modules? I think you're, you're over 20 modules now. How, how is it that the, the agent can remain so lightweight? >>So we spent a lot of time building out the agent cloud architecture that we have, the, the concept of our agent is very different. It's not collecting data, storing it, trying to sell, send it up. We have a smart agent with smart filtering built in. So we're very careful in terms of the data that we collect, but think of the aperture on a camera. You know, if you wanna let more light in you, you widen the aperture. It's the same as our, our agent. If we wanna bring in more telemetry, we, we widen that aperture. So we're very efficient on the network. And we collect data. When machine process runs, we collect that telemetry. We use it in different ways, but we collect once and reuse it many times. So it's the same agent for NextGen AV for EDR, for our spotlight vulnerability management module. And when we're looking at M M and a, so coming back to your, your question, we will look at technology. And if we can't bring that technology and incorporate it into the agent that we already have, we won't acquire it. Worst thing in security is complexity. When you give an organization, 1, 2, 3, 5 plus agents, and then they have 3, 4, 5 plus management consoles. It's too hard when they're under attack. >>Well, it's like my, my business partner co-host John furrier says is that as an industry, we tend to solve complexity with more complexity. And it's, that's problematic. Can you talk about your, your threat graph? Like, what is that? Is it a, is it a graph database? Is it a purpose built? Is it a time series, database, a combination? What, what is >>That? Yeah, it is a graph database. When we, when, when the company was started, obviously the vision was to crowdsource telemetry from so many machines from millions of devices around the world. And the thesis at the time was as that capability scales out, there's nothing commercially available that will be able to ingest all of that data. And today we are processing over 7 trillion events every single week. We, we can't go and get something off the shelf. So we've had to build the, the technology from the ground up. That's the first part. Secondly, there is a temporal element to this. There's a time element. And we, we have an ontology built where we track the relationship between all the telemetry that we get. The reason why I believe we stand alone in EDI is because of that time element, the relationship that we have, and we just have so much context that makes it easy for the threat hunter speed and, and ease of use is critical in cyber. >>So you see in data in the database world, everything's kind of converging with all this function, you know, 11 years ago, these were pretty rudimentary. I shouldn't say rudimentary, but immature markets they've come a long way. If you had to start, if, if those capabilities that are there today with graph databases and time series databases were available in, in 2010, would you have used off the shelf technology, or would you have still developed your >>Own? We would've done the same thing that we've done today. >>And, and why can you explain what that, what that is it a performance thing? Is it just control? >>Yeah, look, it, it, it's everything that I talked about before, the, the benefit that you get from the approach that we've taken and the scalability that the requirements that we need, we still today, there's nothing that we can, we can go and get off the shelf that can scale and give us the performance that we need that can give us the ability to, to have that relationship data, the ontology of, of what we have in the platform and the way that we inter operate with all of the different modules that just wouldn't exist. We wouldn't have that capability. And what you'd find is we'd be pretty much the same as every other vendor where they have on-prem solutions, they have hybrid hosted solutions. And when you have those trade offs, you see it in the product. >>Yeah. So the, the point is you're very focused on the purpose of your, your proprietary technology. You're not trying to serve the all things to all people. You used the term yesterday in your keynote, which it, it caught my attention. You used the term ground truth, and it has very specific meaning. Can you explain what you meant by what is ground truth, you know, in the world? And what, what, what does it mean to CrowdStrike? Yeah, >>I was talking about ground truth as it relates to the acquisition of reify and the big thing for us, we wanted to bring additional capability to the platform, to give our customers external and internal visibility of all their assets and all their vulnerabilities. What's important with us, with our agent is today, we give you a single source of truth. When we put that agent onto a device, we tell you everything about the hardware. We tell you everything about who's logged in. We tell you everything about the applications that are running the relationships between the, of the device and the application. We're not a CMDB. We feed CMDB with information that is instant, that is live. And when we look at reify, it broadens again, I'll use the same word. It broadens the aperture. It gives us more visibility around what's going on. So we're, we're super excited about that because having information about all of your assets, all of your users, the applications they use, whether they're vulnerable, how you need to protect them, having it at your finger fingertips, it's a game changer >>Contract, can CrowdStrike be a generational company. And what do you have to do to ensure that that outcome occurs? We, >>We, I think we absolutely are. And, and we're we're path paving a path to, you know, really continuing to build out that platform. I said, in my keynote that I think we're at an early innings. I, if you buy, for example, as a customer, our insight module, cuz you wanna start with EDR, you've got 21 modules to go yesterday. Today we, we talked about discover 2.0, we talked about discover for IOT. I talked about the, the repository acquisition, a whole range of technology built on that single cloud agent architecture. And we've heard the success stories here this week from customers that have just gotten so much benefit. They've rolled out one agent and they've turned off eight or nine from other security vendors. So absolutely we can be a generational company with what we're doing. What >>Are the blockers to customers turning on those additional modules? Cause not, not all customers are using our modules. Is it that they've made an investment in an alternative technology and they're sort of hugging onto it or are there other technical blockers? Yes. >>It many times it's the investment, right? So if you've made a, an investment in the company, you've got a year to go, you might wanna sweat that asset. But typically what we find is the benefit that we have. It's a very simple conversation. If we can give people a cost and a technology benefit, they're gonna make the transition to move. There's so many technical benefits. We talked about the single agent, but the actual features of the modules themselves. But the big thing for us is we've done over 4,700 business value assessments where we sit down with an organization and we look at what they have. We look at what their spend is. We look at their FTEs, we look at the security outcomes that they get. And then we come out with a model that shows them technology and business value. And that's what really drives them to make the switch. >>So the business value in that VVA is not just a, a reduction in expected loss. That's part of it, better security you're gonna, you know, be, be, be lower your risk. But you're saying it's also the labor associated with that. Yeah, >>Absolutely. It's it's how do you operationalize the solution? How many people do you need? How long does it take you to respond? You know, how do you interact with third parties with your suppliers is taking in all of that data. We've spent a long time building out that model and it's, it's proving to be very successful customers. Love it. Is >>That, is that sort of novel ROI thinking in the security business or I'm trying to think of, I mean, I know for years it would watch art. Coviello stand up at RSA and tell us how, how this year's worse than last year. And so, but, but, but I never really heard, you know, a strong business case that would resonate with the, with the P and L manager, other than, you know, we gotta do this or we're gonna get hacked and you're gonna be screwed. Is that new thinking? Or am I, did I just miss it? >>I don't know if I wanna size new thinking. I think what happened, what changed was 10, 15 years ago at a conference you'd stand up and everybody would tell you ransomwares up and fishing is up. And at the end of it, people are trying to work out. Is that good? Or is that bad? It went up 20% based off what that doesn't work anymore. Everyone, you know, got tired of that. And a few of us have been doing it for a while. I I'm, I'm sort of two and a half decades into this. And if you, if you try to use that model of scaring people, they switch off, they want to understand the benefit. You know, the break in the car is so you can go and stop safely when you need it. And I look at security the same way we want to accelerate the company. We want to help companies do their job, but security is there to make sure they don't get into trouble. >>Yeah. It's like having two security guards by your side, right? I mean, they're gonna help you get through the crowd and move forward. So Michael, thanks so much for coming to the cube. Thanks for having me your time. You're you're very welcome. All right. Keep it right there. After this short break, Dave ante will be back with the cube live coverage from Falcon 22 at the area in Las Vegas.

(upbeat music) >> Welcome back to The Cube's coverage of Fal.Con 22. I'm Dave Vellante with Dave Nicholson. This is day one of our coverage. We had the big keynotes this morning. Derek Jeter was one of the keynotes. We have a big Yankee fan here: George Kurtz is the co-founder and CEO of CrowdStrike. George, thanks for coming on The Cube. >> It's great to be here. >> Boston fan, you know, I tweeted out Derek Jeter. He broke my heart many times, but I can't hate on Jeter. You got to have respect for the guy. >> Well, I still remember I was in Japan when Boston was down you know, by three games and came back to win. So I've got my own heartbreak as well. >> It did heal some wounds, but it almost changed the rivalry, you know? I mean, >> Yeah. >> Once, it's kind of neutralized it, you know? It's just not as interesting. I mean, I'm a season ticket holder. I go to all the games and Yankee games are great. A lot of it used to be, you would never walk into Fenway park with, you know pin stripes, when today there's as many Yankee fans as there are... >> I know. >> Boston fans. Anyway, at Fenway, I mean. >> Yeah. >> Why did you start CrowdStrike? >> Biggest thing for me was to really change the game in how people were looking at security. And at my previous company, I think a lot of people were buying security and not getting the outcome that they wanted. Not- I got acquired by a company, not my first company. So, to be clear, and before I started CrowdStrike, I was in the antivirus world, and they were spending a lot of money with antivirus vendors but not getting the outcome I thought they should achieve, which is to stop the breach, not just stop malware. And for me, security should be outcome based not sort of product based. And the biggest thing for us was how could we create the sales force of security that was focused on getting the right outcome: stopping the breach. >> And the premise, I've seen it, the unstoppable breach is a myth. No CSOs don't live by that mantra, but you do. How are you doing on that journey? >> Well I think, look, there's no 100% of anything in security, but what we've done is really created a platform that's focused on identifying and stopping breaches as well as now, extending that out into helping IT identify assets and their hygiene and basically providing more visibility into IT assets. So, we talked about the convergence of that. Maybe we'll get into it, but. >> Dave Vellante: Sure. >> We're doing pretty well. And from our standpoint, we've got a lot of customers, almost 20,000, that rely on us day to day to help stop the breach. >> Well, and when you dig into the CrowdStrike architecture, what's so fascinating is, you know, Dave, we've talked about this: agent bad. Well, not necessarily, if you can have a lightweight agent that can scale and support a number of modules, then you can consolidate all these point tools out there. You talked about in your keynote, your pillars, workloads, which really end points >> Right. >> ID, which we're going to talk about. Identity data and network security. You're not a network security specialist, >> Right. >> But the other three, >> Yes. >> You're knocking down. >> Yeah. >> You guys went deep into that today. Talk about that. >> We did, most folks are going to know us for endpoint and Cloud workload protection and visibility. We did an acquisition almost two years to the day on preempt. And that was our identity play, identity threat protection and detection. And that really turned out to be a smart move, because it's the hottest topic right now. If you look at all the breaches over the last couple years, it's all identity based. Big, big talking points in our keynotes today. >> Dave Vellante: Right. >> And then the third area is on data, and data is really the you know, the new currency that people trade in. So how do you identify and protect endpoints and workloads? How do you tie that together with identity, as well as understanding how you connect the dots and the data and where data flows? And that's really been our focus and we continue to deliver on that for customers. >> And you've had a real dogma, I'll call it, about Cloud Native. I've had this conversation with Frank Slootman, "No we're not going to do a halfway house." You, I think, said it really well today. I think it was you who said it. If you've got On-Prem and Cloud, you got two code bases, >> George Kurtz: Right. >> That you got to maintain. >> That's it, yeah. >> And that means you're taking away resources from one or the other. >> That's exactly right. And what a lot of our competitors have done is they started On-Prem as an AV vendor, and then they took what they had and they basically put it in a Cloud instance called a Cloud, which doesn't really scale. And then, you know, where they need to, they basically still keep their On-Prem, and that just diffuses your engineering team. And most of the On-Prem stuff doesn't even have the features of what they're trying to offer from the Cloud. So either you're Cloud Native or you're not. You can't be halfway. >> But it doesn't mean that you can't include and ingest On-Prem data- >> Well, absolutely. >> into your platform, and that's what I think most people just some reason don't seem to understand. >> Well our agents run wherever. They certainly run On-Prem. >> Dave Vellante: Right. Right. >> And they run in the Cloud, they run wherever. But the crowd in the CrowdStrike is the fact that we can crowdsource this threat information at scale into our threat graph, which gives us unique insight, 7 trillion events per week. And you can't do that if you're not Cloud Native. And that crowd gives the, we call, community immunity. We see all kinds of attacks across 176 different countries. That benefit accrues to all of our customers. >> But how do you envision and maintain and preserve a lightweight agent that can support so many modules? As you do more acquisitions and you knock down new areas and bring in new functionality, go after things like operations technology, how is it that you're able to keep that agent lightweight? >> Well, we started as a platform company, meaning that the whole idea was we're going to build a lightweight agent. First iteration had no security capabilities. It was collect data, get it into a common data architecture or threat graph, in one spot. And then once we had the data then we applied AI to it and we created different workflows. So, the first incarnation was get data into the Cloud at scale. And that still holds true today. So if you think about why we can actually have all these different modules without an impact on the performance, it's we collect data one time. It's a threat data, you know? We're not collecting user data, but threat data collection mechanism. Once we have all that data, then we can slice and dice and create other modules. So the new modules never have to even touch the agent 'cause we've already collected the data. >> I'm going to just keep going, Dave, unless you shove your way in. >> No, no, go ahead. No, no, no. I'm waiting to pounce. >> But okay, so, I think, George, but George, I need to ask you about a comment that you made about we're not just shoving it into a data lake. But you are collecting all the data. Can you explain that nuance? >> Yeah. So there's a difference between a collect and forward agent. It means they just collect a bunch of data. They'll probably store it in a lot of space on the endpoint. It's slow and cumbersome, and then they'll forward it up into another data lake. So you have no context going into no context. Our agent is a smart agent, which actually allows us to always track the context of all these processes in what's happening on the endpoint. And it's a mini graph, meaning we keep track of the relationships. And as we ship that contextual information to the Cloud, we never lose that context. And then it goes into the bigger graph database, always with the same level of context. So, we keep the context of each individual workload or endpoint, and then across the Cloud, we have the context of all of those put together. It's massive. And that allows us to create different insights rather than a data lake, which is, you know, you're looking for, you're creating a bigger needle stack looking for needles. >> And I'm envisioning almost an index that is super, super fast. I mean, you're talking about sub, well second kind of near real time responses, correct? >> Absolutely. So a lot of what we do in terms of protection is already pushed down to the endpoint , 'cause it has intelligence and the AI model. And then again, the Cloud is always looking for different anomalies, not only on each individual endpoint or workload, but across the entire spectrum of our customer base. And that's all real time. It continually self-learns from all the data we collect. >> So when, yeah, when you've made these architectural decisions over time, there was a time when saying that you needed to run an agent could be a deal killer somewhere for people who argued against that. >> George Kurtz: Right. >> You've made the right decision there, clearly. Having everything be crowdsourced into Cloud makes perfect sense. Has that, though, posed a challenge from a sovereignty perspective? If you were deploying stuff On-Prem all over the place, you don't need to worry about that. Everything is here >> George Kurtz: Yeah. >> in a given country. How do you address the challenges of sovereignty when these agents are sending data into some sort of centralized Cloud space that crosses boundaries? >> Well, yeah, I guess what we would, let me go back to the beginning. So I started company in 2011 and I had to convince people that delivering endpoint security from the Cloud was going to be a good thing. >> Dave Vellante: Right. (chuckles) >> You know, you go into a Swiss bank and a bunch of other places and they're like, you're crazy. Right? >> Dave Nicholson: Right. >> They all became customers afterwards, right? And you have to just look at what they're doing. And the question I would have in the early days is, well, let me ask you are you using Dropbox, Box? Are you using a Microsoft? You know, what are you using? Well, they're all sending data to the Cloud. So good news! You already have a model, you've already approved that, right? So let's talk about our benefit. And you know, you can either have an adversary steal your data or you can send threat data to our Cloud, which by the way is in a lot of sovereign Clouds that are out there. And when you actually break it down to what we're sending to the Cloud, it's threat data, right? It isn't user files and documents and stuff. It's threat data. So, we work through all of that. And the Cloud is bigger than CrowdStrike. So you look at Sales Force, Service Now, Workday, et cetera. That's being used all over the place, Box, Dropbox. We just tagged onto it. Like why shouldn't security be the platform of record, and why shouldn't CrowdStrike be the platform of record and be the pillar of Cloud security? >> Explain your observability strategy, 'cause you acquired Humio for, I mean, I think it was $400 million, which is a song. >> Yeah. >> And then Reposify is the latest acquisition. I see that as an extension, 'cause it gives you visibility. Is that part of your security, of your observability play? Explain where you do play and don't play. >> Sure. Well observability is a big, you know, fluffy word. Where we play is in probably the first two areas of observability, right? There's five, kind of, pillars. We're focused on event collection. Let's get events from the endpoints. Let's get events from really anywhere in the network. And we can do that with Humio is now log scale. And then the second piece is with our agents, let's get an understanding of their, the asset itself. What is the asset? What state is it in? Does it have vulnerabilities? Does it have, you know, is it running out of disc space? Is it have, does it have a performance issue? Those are really the first two, kind of, areas of observability. We're not in application performance, we're in let's collect data from the endpoint and other sources, and let's understand if the thing is working, right? And that's a huge value for customers. And we can do that because we already have a privileged spot on the endpoint with our agent. >> Got it. Question on the TAM. Like I look at your TAMs, your charts, I love it. You know, generally do. Were you taking known data from you know, firms like IDC >> George Kurtz: Yeah. >> and saying, okay we're going to play there, now we're made this acquisition. We're new modules, now we're playing there. Awesome. I think you got a big TAM. And I guess that's, that's the point. There's no lack of market for you. >> George Kurtz: Right. >> But I do feel like there's this unknown unquantifiable piece of your TAM. IDC can't see it, 'cause they're kind of looking back >> George Kurtz: Right. >> seein' what the market do last year and we'll forecast it out. It's almost, you got to be a futurist to see it. How do you think about your total available market and the opportunity that's out there? >> Well, it's well in excess of 120 billion and we've actually updated that recently. So it's even beyond that. But if you look at all the modules each module has a discreet TAM and again, for what, you know, what we're focused on is how do you give an outcome to a customer? So a lot of the modules map back into specific TAM and product categories. When you add 'em all up and when you look at, you know, some of the new things that we're coming out with, again, it's well in excess of 120 billion. So that's why we like to say like, you know, we're not an endpoint company. We're really, truly a security platform company that was born in the Cloud. And I think if you see the growth rates, and one of the things that we've talked about, and I think you might have pointed out in prior podcasts, is we're the second fastest company to 2 billion dollars in annual recurring revenue, only behind Zoom. And you know I would argue- great company, by the way, a customer- but that was a black Swan event in a pandemic, right? >> Dave Vellante: I'll say! >> Yeah. >> So we are rarefied air when you think about the capabilities that we have and the performance and the TAM that's available to us. >> The other thing I said in my breaking analysis was 'cause you guys aspire to be a generational company. And I think you got a really good shot at being one, but to be a generational company, you have to have an ecosystem. So I'd love you to talk about the ecosystem, but where you want to see it in five years. >> Well, it really is a good point and we are a partner first company. Ecosystem is really important. Cameras probably can't see all the vendors that are here that are our partners, right? It's a big part of this show that we're at. You see a lot of, well, you see some vendors behind us. >> Yep. >> We have to realize in 2022, and I think this is something that we did well and it's my philosophy, is we are not the only game in town. We like to be, and we are, for many companies the security platform on record, but we don't do everything. We talked about network in other areas. We can't do everything. You can't be good and try to do everything. So, for customers today, what they're looking at is best of platform. And in the early days of security, I've been in it over 30 years, it used to be best of breed products, then it was best of suite, now it's best of platform. So what do I mean by that? It means that customers don't want to engineer their own solution. They, like Lego blocks, they want to pull the platforms, and they want to stitch 'em together via API. And they want to say, okay, CrowdStrike works with Okta, works with Zscaler, works with Proofpoint, et cetera. And that's what customers want. So, ecosystem is incredibly important for us. >> Explain that. You mentioned Okta, I had another question for you. I was at Reinforce, and I saw this better together presentation, CrowdStrike and Okta talking about identity. You've got an identity module. Explain to people how you're not competing with Okta. You guys complement each other, there. >> Well, an identity kind of broker, if you will, is basically what Okta does in others, right? So you log in single sign on and you get access. They broker access to all these other applications. >> Dave Vellante: Right. >> That's not what we do. What we do is we look at those endpoints and workloads and domain controllers and directory services and we figure out, are there vulnerabilities and are there threats associated with them? And we call that out. The second piece, which is critical, is we prevent lateral movement. So if credentials are stolen we can prevent those credentials from being laundered or used and moved laterally, which is a key part of how breaches happen. We then create a trust score on those endpoints and workloads. And we basically say, okay, do we think the trust on the endpoint and workload is high or low? Do we think the identity, you know, is it George on the endpoint, or not? We give that a score. And we pass that along to Okta or Ping or whoever, and they then use that as part of their calculus in how they broker access to other resources. So it really is better together. >> So your execution has been stellar. This is my competition question. You obviously have competition out there. I think architecturally, you've got some advantages. You have a great relationship with AWS. I don't know what's going on with Google, but Kevin's up on stage. >> George Kurtz: Yeah. >> They're now part of Google. >> George Kurtz: We have a great relationship with them. >> Microsoft obviously, a competitor. You obviously do some things in, >> Right. >> in Azure. Are you building the security Cloud? >> We are. We think we are, because when you look at the amount of data that we actually ingest, when you look at companies using us for critical decisions and critical protection, not only on their On-Prem, but also in their Cloud environment, and the knowledge we have, we think it is a security Cloud. You know, you had, you had Salesforce and Workday and ServiceNow and each of them had their respective Clouds. When I started the company, there was no security Cloud. You know, it wasn't any of the companies that you know. It wasn't the firewall companies, wasn't the AV companies. And I think we really defined ourselves as the security Cloud. And the level of knowledge and insights we have in our Cloud, I think, are world class. >> But you know, it's a difference of being those- 'cause you mentioned those other, you know, seminal Clouds. They, like Salesforce, Workday, they're building their own Clouds. Maybe not so much Workday, but certainly Salesforce and ServiceNow built their own >> Yeah. >> Clouds, their own data centers. You're building on top of hyperscalers, correct? >> Well, >> Well you have your own data centers, too. >> We have our own data centers, yeah. So when we first started, we started in AWS as many do, and we have a great relationship there. We continue to build out. We are a huge customer and we also have, you know, with data sovereignty and those sort of things, we've got a lot of our sort of data that sits in our private Cloud. So it's a hybrid approach and we think it's the best of both worlds. >> Okay. And you mean you can manage those costs and it's, how do you make the decision? Is it just sovereignty or is it cost as well? >> Well, there's an operational element. There's cost. There's everything. There's a lot that goes into it. >> Right. >> And at the end of the day we want to make sure that we're using the right technology in the right Clouds to solve the right problem. >> Well, George, congratulations on being back in person. That's got to feel good. >> It feels really good. >> Got a really good audience here. I don't know what the numbers are but there's many thousands here, >> Thousands, yeah. >> at the ARIA. Really appreciate your time. And thanks for having The Cube here. You guys built a great set for us. >> Well, we appreciate all you do. I enjoy your programs. And I think hopefully we've given the audience a good idea of what CrowdStrike's all about, the impact we have and certainly the growth trajectory that we're on. So thank you. >> Fantastic. All right, George Kurtz, Dave Vellante for Dave Nicholson. We're going to wrap up day one. We'll be back tomorrow, first thing in the morning, live from the ARIA. We'll see you then. (calm music)

>>Hello, everyone. Welcome to the cubes presentation of the a startup showcase. This is our season two episode four of the ongoing series covering exciting hot startups from the a AWS ecosystem. And here we talk about cybersecurity. I'm John furrier, your host we're joined by Carl Mattson, CISO, chief information security officer of no name security, keep alumni. We just chatted with you at reinforce a business event. We're here to talk about securing APIs from code to production. Carl, thanks for joining. >>Good to see you again. Thanks for the invitation, John. >>You know, one of the hottest topics right now about APIs is, you know, it's a double edged sword, you know, on one hand, it's the goodness of cloud APIs make the cloud. That's the API first. Now you're starting to see them all over the place. Is APIs everywhere, securing them and manage them. It's really a top conversation at many levels. One, you're gonna have a great API, but if you're gonna manipulate the business logic, that's a problem too. So a lot going on with APIs, they're the underpinnings of the modern enterprise. So take us through your view here. How are you guys looking at this? You want to continue to use APIs, they're critical connective tissue in the cloud, but you also gotta have good plumbing. Where, what do you do? How do you secure that? How do you manage it? How do you lock it down? >>Yeah, so the, the more critical APIs become the more important it becomes to look at the, the API as really a, a, a unique class of assets, because the, the security controls we employ from configuration management and asset management, application security, both testing and, and protection like, like EDR, the, the, the platforms that we use to control our environments. They're, they're, they're poorly suited for APIs. And so >>As the API takes prominence in the organization, it goes from this sort of edge case of, of, of a utility now to like a real, a real crown jewel asset. And we have to have, you know, controls and, and technologies in place and, and, and skilled teams that can really focus in on those controls that are, that are unique to the API, especially necessary when the API is carrying like business critical workloads or sensitive data for customers. So we really have to, to sharpen our tools, so to speak, to, to focus on the API as the centerpiece of a, of an application security program, >>You know, you guys have a comprehensive view. I know the philosophy of the company is rooted in, in, in API life cycle development management runtime. Can you take a minute to explain and give an overview of no name security? And then I wanna jump into specifically the security platform and the capabilities. >>Sure. So we're an API security company just under three years old now. And, and we we've taken a new look at the API, looking at it from a, from a, a full lifecycle perspective. So it, it, isn't new to application security professionals that APIs are, are a software asset that needs to be tested for security, vulnerabilities, security testing prior to moving into production. But the reality is, is the API security exposures that are hitting the news almost every day. A lot of those things have to do with things like runtime errors and misconfigurations or changes made on the fly, cuz APIs are, are changed very rapidly. So in order for us to counter API risks, we have to look at the, the full life cycle from, from the moment the developer begins, coding the source code level through the testing gates, through the, the operational configuration. And then to that really sophisticated piece of looking at the business logic. And, and as you mentioned, the, the business logic of the API is, is unique and can be compromised with, with exploits that, that are specific to an API. So looking at the whole continuum of API controls, that's what we focused on. >>It's interesting, you know, we've had APIs for a while. I mean, I've never heard and seen so much activity now more than ever around APIs and security. Why is it recently we're seeing this conversation increase with specific solutions and why are we seeing more breaches and concerns about security? Because APIs are hardened. I mean, like, what's the big deal. Why now what's the big focus? Why is APIs becoming more in the conversation for CSOs and companies to secure? And why is it a problem? >>Well, take, take APIs that we had, you know, eight, 10 years ago, most of those were, were internally facing APIs. And so there were a lot of elements of the API design that we would not have put in place if we had intended that to be public facing authentication and authorization. That that was, is we kind of get away with a little bit of sloppy hygiene when it's internal to the network. But now that we're exposing those APIs and we're publishing APIs to the world, there's a degree of precision required. So when we, when we put an API out there for public consumption, the stakes are just much higher. The level of precision we need the business criticality, just the operational viability and the integrity of that API has to be precise in a way that really wasn't necessary when the API was sort of a general purpose internal network utility as it was in the past. And then the other, other area of course, is then just the sheer use of a API at the infrastructure layer. So you think about AWS, for example, most of the workloads in the modern cloud, they communicate and talk via API. And so those are even if they're internally facing APIs misconfigurations can occur and they could be public facing, or they could be compromised. And so we wanna look at all, all of the sort of facets of APIs, because now there's so much at stake with getting API security, right. >>You know, this brings up the whole conversation around API to API, and you guys talk about life cycle, right? The full life cycle of an API. Can you take me through that and what you mean by that? Because, you know, some people will say, Hey, APIs are pretty straightforward. You got source code, you can secure it. Code scanning, do a pen test. We're done why the full cycle approach is it because APIs are talking to third parties? Is it because what I mean, what's the reason what, what's the focus, why full life cycle of an API? Why should a company take this approach? >>Sure. So there's, there's really three sort of primary control areas that we look at for, for APIs as like what I call the traditional controls. There would be those to, to test and ensure that the source code itself has as quality or is, is secure. And that can, that can, of course, usually a step one. And that's, that's an important thing to, to do, but let's say let's for the sake of discussion that API that is designed securely is deployed into production, but the production environment in which it's deployed, doesn't protect that API the way that the developer intended. So a great example would be if an API gateway doesn't enforce the authentication policy intended by the developer. And so there we have, there's not the developer's fault. Now we have a misconfiguration in production. And so that's a, that's a type of example also where now a, an attacker can send a sort of a single request to that API without authentication or with, you know, misformed authentication types and, and succeed resulting in data. >>The waft didn't protect against it. It was secure code. And so when we look at the sequence of API controls, they all really have to be in sync because source code is really the first and most important job, but good, good API design and source code doesn't solve all challenges for their production environment. We have to look at the whole life cycle in order to counter the risk IBM's research last year in its X worth survey, estimated that 60% of all API breaches are due to misconfiguration, not to source code design. And so that's really where we have to marry the two of the runtime protection configuration management with the, the, the source code testing and design. >>It's, it's interesting, you know, we've all been around the block, we've seen the early days and you know, it was really great back in the day you sling an API, Hey, you know, Carl, you have an API for that. Oh, sure. I'll bang it out tonight. You know? So, so the, you know, they've gotten better, I'm over simplifying, but you get the idea they've been kind of really cool to work with and connect with systems. It's now plumbing. Okay. So organizations have, are dealing with this, they're dealing with APIs and more of them, how do they know where they stand? Is there like a API discovery capability? What do they do? What does a CSO do? What does a staff do saying, okay, you know what? We don't wanna stop the API movement cuz that's key to the cloud. How do we reign it in? How do we reign in the chaos? What do they do? Is there playbook? What does, how does an organization know exactly where it stands with the state of their APIs? >>Yeah. That, and that's usually where we started a discussion with a, with a customer is, is, is a diagnosis, right? Because when we, when we look at sort of diagnosing what our API risk exposure, the, you know, the, the first critical control is always know your assets and, and that we, we have to discover them. So we, we, we employ usually discovery as the very first step to see the full ecosystem of APIs, whether they're internal, external facing, whether they're routed through a gateway or whether they're routed through a WF, we have to see the full picture and then analyze that API footprint in terms of its network context, it's vulnerabilities, it's configuration qualities so that we can see a picture of where we are now in, in any particular organization, we may find that there's a, a, a, a high quality of source code. >>Perhaps the gaps are in configuration, or we may see the reverse. And so we, we don't necessarily make an assumption about what we'll find, but we know that that observability is really the, the first step in that, in that process is just to really get a firm sort of objective understanding of, of where the APIs are. And, and the really important part about the, the observability to the API inventory is to do it with the context also of the sense of the data types. Because, you know, for example, we see organizations, our own research showed that for organizations over 10,000 employees, the average population of APIs is over 25,000 in each organization, 25,000 AP thousand APIs is an extraordinary amount to, to even contemplate a human understanding of. So we have to fingerprint our APIs. We have to look at the sensitive data types so that we can apply our intellect and our resources towards protecting those APIs, which have, which are carrying sensitive data, or which are carrying critical workloads, because there are a lot of APIs that still remain today, even sort of internally facing utilities, work courses that keep the lights on, but not particularly high risk when it comes to sensitive data. >>So that, that, that triage process of like really honing in on the, on the high risk activity or the high risk APIs that they're carrying sensitive data, and then then sort of risk exposure assessing them and to see where an organization is. That's always the first step, >>You know, it's interesting. I like your approach of having this security platform that gives the security teams, the ability to kinda let the developers do their thing and, and then have this kind of security ops kind of platform to watch and monitor and any potential attacks. So I can see the picture there. I have to ask you though, as a CSO, I mean, what's different now, because back in the old days where API's even on the radar and two, there's a big discussion around software supply chain. This kind of this API is now a new area. As you'd been referring to people, stealing data, things are in transit with APIs. What is the, the big picture, if you had to kind of scope out the magnitude of like the API problem and, and relevance for a fellow CSO, how, how would you have that conversation? You'd be like, Hey, APIs are outta control. You gotta reign it in. Or is it a 10 and a 10? Is it a eight? I mean, yep. Take me through a conversation you're having with security teams or other CSOs around the magnitude of the scoped scoping the problem. >>Yeah. So I, I think of the, the, the API sort of problem space has a lot of echoes to the, to the conversations and the thought processes we were having about public cloud adoption a few years ago. Right. But there was, there were early adopters of public cloud and, and over the course of time, there was sort of a, an acquiescence to public cloud services. And now we have like actually like robust enterprise grade controls available in public cloud. And now we're all racing to get there. If we, if we have anything in the data center left, we're, we're trying to get to the public cloud as fast as possible. And so I think organization by organization, you'll, you'll see a, a, a reminiscent sort of trajectory of, of API utilization, because like an application we're out of gone are the days of the monolithic application, where it's a single, you know, a single website with one code base. >>And I kind of compare that to the data center, this comparison, which is the monolithic application is now sort of being decomposed into microservices and APIs. There are different differences in terms of how far along that decomposition into microservices and organization is. But we definitely see that the, that that trend continues and that applications in the, you know, three to five to 10 year timeframe, they increasingly become only APIs. So that an organization's app development team is almost exclusively creating APIs as, as the, as the output of software development. Whereas there's a, there's a journey to, towards that path that we see. And so, so a security team looking at this problem set, what I, you know, advise for, for a CISO. The looking at this maybe for the first time is to think about this as this is the competency that we, our security teams need to have. That competency may, may be at different degrees of criticality, depending on where that company is in transition. But it's not a, it's not a question of if it's a question of when and how fast do we need to develop this competency in a team because our applications will become almost exclusively APIs over time, just like our infrastructures are on the way to becoming almost exclusively public cloud hosted over time. >>Yeah. I mean, get on the API bus basically is the message like, look it, if you're not on this, you're gonna have a lot of problems. So in a way there's a proactive nature here for security teams at the same time, it's still out there and growing, I mean, the DevOps movement was essentially kind of cavalier, very Maverick oriented, sling APIs around no problem, Linga Franco connecting to other systems and API to an endpoint to another application. That's what it was. And so as it matures, it becomes much more of a, as you say, connective tissue in the cloud native world, this is real. You agree with that obviously? >>Yeah, absolutely. I mean, I think that the, I think that these, these API connections are, are, are the connective tissue of most of what we do right now. Even if we are, are not, you know, presently conscious of it, but they're, they're increasingly gonna become more and more central. So that's, that's, that's a, that's a journey whether, whether the, the focus on API security is to let's say, put the toothpaste back in the tube for something that's already broken, or whether it is preventative or prep preparing for where the organization goes in the future. But both of those, both of those are true. Or both of those are valid reasons to emphasize the investment in API security as a, as a talent processes, technologies all the above. >>Okay. You sold me on I'm the customer for a minute. Okay. And now I'm gonna replay back to you. Hey, Carl, love it. You sold me on this. I'm gonna get out front we're we're in lift and shift mode, but we can see APIs as we start building out our cloud native. And, but I'm really trying to hire a team. I got a skills gap here too. Yep. That's one customer. Yep. The other customers, Hey man, we've been on this train for a while. Kyle. We, we, we feel you, we in DevOps pioneer, we're now scaling out. We got all kinds of sprawl, API sprawl. How do I reign it in? And what do you guys do? What's your answer to those scenarios from a security platform perspective and how does that, what's the value proposition in those scenarios? >>I think the value proposition of what we've done is really to, to lean into the API as the, as the answer key to the problem set. So, you know, whether it's integrating security testing into a code repo, or a C I C D pipeline, we can automate security testing and we can do that very efficiently in, in such a way that one applic when a one API security specialist with the right tools, it ins insulates the organization from having to go out and hire 10 more people, because they've all, all of a sudden have this explosive growth and development. There's so much about API security that can capitalize on automation and capitalize on API integrations. So the API integrations with web application firewalls, with SIM systems, those types of workflows that we can automate really do empower a team to, to use automation to scale and to approach the problem set without needing to go to the, the, sort of the impossible ask of growing these growing teams of people with special skills and, and who aren't available anyways, or they're extremely expensive. So we definitely see ourselves as, as a, as a sort of leaning into the API as, as part of the answer and creating opportunities for automation. >>Yeah. So I got one more kind of customer role play here. I says, I love this. This is a great conversation. You know, there's always the, the person in the room, Carl, hold on, boss. This is gonna complicate everything on the network layer, application changes. There's a lot of risks here. I'm nervous. What's your, how do you guys handle that objection that comes up all the time. You know, the, the person that's always blocking deals like, oh, it's risky implementing no name or this approach. How do you, how do you address the frictionless nature of developers? Wanna try stuff now they wanna get it in and they wanna try things. How do you answer the quote, complication or risk to network and application changes? >>Sure. Two, two really specific answers. The, the first is, is for the developers. We wanna put a API security in their hands because when they can, when they can test and model the security risks on their APIs, while they're developing, like in their IDE and in their code repos, they can iterate through security fixes and bugs like lightning fast. And they, and developers Le really appreciate that. They appreciate having the instant feedback loop within their workspace, within their workbench. So developers love being able to self-service security. And we want to empower developers to, to do that. Self-service rather than tossing code over the fence and waiting two weeks for the security team to test it, then tossing it back with a list of bugs and defects that annoys everybody. It's an inefficient. So >>For the record, just for the record, you guys are self-service to the developers. >>Yeah. Self-service to the developers. And that's really by customer sort of configuration choices. There are configuration choices that have, for example, the security team, establishing policy, establishing boundaries for testing activities that allow the developers to test source code iterate through, you know, defect, fixes, things like that. And then perhaps you establish like a firm control gate that says that, you know, vulnerabilities of, of medium and above are a, have to be remediated prior to that code committing to the next gate. That's the type of control that the security policy owner can can apply, but yes, the developers can self-service service and the, and the security team can set the threshold by which the, the, the, the source code moves through the SDLC. Everybody will. Yep. Exactly. And, and, but we're, we have to, we have to practice that too, because that's a, that's a new way of, of, of the security team and the developers interacting. >>So we, we, we, we have to have patterns that that teams can then adopt procedurally because we aren't, we aren't yet accustomed to having a lot of procedures that work that way. So yeah, we, we have templates, we've got professional services that we want to help those teams get that, that equation, right? Because it it's a, it's a truly win-win situation when you can really stick the landing on getting the developers, the self-service options with the security team, having the confidence level that the controls are employed. And then on, on the network side, by the way, I, I too am mortified of breaking infrastructure and, and which is exactly why, you know, what, what we do architecturally out of band is, is really a, a game changer because there are technologies we can put in, in line, there are disruptors and operational risks that we can incur when we are, where we utilizing a technology that, that can break things, can break business, critical traffic. >>So what we do is we lean into the, the, the sort of the network nodes and the, and the hosts that the organization already has identifying those APIs, creating the behavioral models that really identify misuse in progress, and then automate, blocking, but doing that out of, out of band, that's really important. That's how I feel about our infrastructure. I, I don't want sort of unintended disruption. I want, I want to utilize a platform that's out of band that I can use. That's much more lightweight than, you know, putting another box in, in the network line. Yeah, >>What's interesting is what you're talking about is kind of the new school of thought. And the script has flipped. The old school was solve complexity with more complexity, get in the way, inject some measurements, software agents on the network, get in the way and the developer, Hey, here's a new tool. We agreed in a, in a vacuum, go do this. I think now more than ever, developers are setting the agenda on, on, on the tooling, if it's, and it has to be self-service at our super cloud event that was validated across the board. That if it's self-service, it's gotta be self-service for the developer. Otherwise they won't use it pretty much. >>Oh, well, I couldn't agree more. And the other part too, is like, no matter what business we're in the security business is, is yeah, it has to honor like the, the, the business need for innovation. We have to honor the business need for, for, for speed. And we have to do our best to, to, to empower the, the sort of the strategy and empower the intent that the developers are, are delivering on. And yes, we need to be, we need to be seeking every opportunity to, to lift that developer up and, and give them the tools sort of in the moment we wanna wrap the developer in armor, not wake them down with an anchor. And that's the, that's the thing that we, we want to keep striving towards is, is making that possible for the security team. >>So you guys are very relevant right now. APIs are the favorite environment for hackers was seeing that with breaches and in the headlines every day, I love this comprehensive approach, developer focused op security team enablement, operationally relevant to all, all, all parties. I have to ask you, how do you answer and, and talk about the competition, cuz with the rise of this trend, a lot of more people entering this market, how should a customer decide between no name and everyone else pitch in API security? What's the, is there nuances? Is there differences? How do you compare what's the differentiation? >>Yeah, I think, you know, the, the, the first thing to mention is that, you know, companies that are in the space of API security, we, we have a lot more in common. We probably have differences cause we're focused on the same problems, but there's, there's really two changes that we've made bringing to market an API platform. Number one is to look full lifecycle. So it used to be that you could buy, you know, DAST and SAS software testing tools, no name has API testing in, so, you know, for source code and for pipeline integrations along with then the runtime and posture management, which is really the production network. And so we really do think that we span east west a much broader set of controls for the API. And then the second characteristic is, is architectural fit. Particularly in a runtime production environment, you have to have a solution that does, does not create significant disruptions. >>It doesn't require agent deployment that can maximize the, the, the infrastructure that an organization already has. So we think our, you know, a big advantage for us in, in the production environment is that we can, we can adapt to the contour of the customer. We don't have to have the customer adapt to the contour of our architecture. So that flexibility really serves well, particularly with complex organizations, global organizations or those that have on, you know, data centers and, and, and public cloud and, and multiple varieties. So our ability to sort of adapt to a customer's architecture really makes us sort of like a universal tool for organizations. And we think that's really, you know, bears out in the, in the customers, in the large organizations and enterprises that have adapted us because we can adapt really any condition. >>Yeah. And that's great alignment too, from an execution consumption standpoint, it's gotta be fast with a developer. You gotta be frictionless as much as possible. Good stuff there. I have to ask you Carl, as, as you are a CISO chief information security officer, you know, your peers are out there. They're they're, they got, man there's so much going on around them. They gotta manage the current, protect the future and architect, the next level infrastructure for security. What do you, what do you see out there as a CSO with your peers in the marketplace? You know, practitioners, you know, evaluating companies, evaluating technologies, managing the threat landscape, unlimited surface area, evolving with the edge coming online, what's on their mind. How do you see it? What's your, what's your view there? What's your vision if you were, if you were in the hot seat in a big organization, I mean, obviously you're got a hot seat there with no name, but you're also, you know, you're seeing both sides of the coin at no name, you know, the CISO. So are they the frog and boiling water right now? Or like, like what's going on in their world right now? How would you describe the state of, of the CISO in cyber security? >>Yeah, there's, there's, there's two kind of tactical themes. I think almost every CISO shares the, the, the, the, the first tactical theme is, is I as a CISO. I probably know there's a technology out there to solve a little bit of every problem possible. Like, that's you objectively true. But what I don't wanna do is I don't wanna buy 75 technologies when I could buy 20 platforms or 12 that could solve that problem set. So the first thing I wanna do is as I, I want to communicate what we do from the perspective of, of like a single platform that does multiple things from source code testing, to posture and configuration to runtime defense, because I, a CISO's sensibilities is, is, is, is challenged by having 15 technologies. I really just want a couple to manage because it's complexity that we're managing when we're managing all these technologies. >>Even if something works for a point problem set, I, I don't want another technology to implement and manage. That's, that's just throwing money. Oftentimes at, at suboptimal, you know, we're not getting the results when we just throw tools at a problem. So the, that that platform concept is I think really appealing cuz every CSO is looking to consider, how do I reduce the number of technologies that I have? The second thing is every organization faces the challenge of talent. So what are, what are my options for talent, for mitigating? What is sort of, I, I can't hire enough qualified people at a remotely reasonable price to staff, what I'd like to. So I have to pursue both the utilizing third parties who have expertise in professional services that I can deploy to, to, to, to solve my problems, but also then to employing automation. So, you know, the, a great example would be if I have a team that has a, you know, a five person application security team, and now next year, my applications security or my, my applications team is gonna develop three times the number of, of applications and APIs. >>I can't scale my team by a factor of three, just to meet that demand. I have to pursue automation opportunities. And so we really want to measure the, the, the successes that we can achieve with automation so that a CISO can look at us as, as an answer to complexity rather than as a source of new complexity, because it is true that we're overwhelmed with the options at our disposal. Most of those options create more complexity than they solve for. And, and, you know, I pursue that in, in my practice, which is to, is to figure out how to sort of limit the complexity of what is already very complicated, you know, role and protecting an organization. >>Got it. And when you, when, when the CSO says Carl, what's in it for me with no name, what's the answer, what's the bumper bumper sticker. >>It, it's reducing complexity. It's making a very sophisticated problem. Set, simple to solve for APIs are a, are a class of assets that there's an answer for that answer includes automation and includes professional services. And we can, we can achieve a high degree of sophistication relatively speaking with a low amount of effort. When we look across our security team, this is a, this is a solvable problem space and, and we can do so pretty efficiently. >>Awesome. Well call, thank you so much for showcasing no name. And the last minute we have here, give a quick plug for the company, give a little stats, some factoids that people might be interested in. How big is the company? What are you guys doing enthusiastic about the solution? Share some, yep. Give the plug. >>Sure. We're, we're, we're a company of just about 300 employees now all across the globe, Asia Pacific, north America, Europe, and the middle east, you know, tremendous success with the release of our, of our software testing module, which we call active testing. We have such a variety of ways also to, to sort of test and take Nona for a test drive from sandboxes to POVs and, and some really amazing opportunities to, to show and tell and have the organizations diagnose quickly where, where they are. And so we, we love to, we love to, to, to show off the platform and, and let people take it for a test drive. So, you know, no name, security.com and any, anywhere in the world, you are, we can, we can deploy a, a, a sales engineer who can help show you the platform and, and show you all the things that, that we can, we can offer for the organization. >>Carl, great insight. Thank you again for sharing the stats and talk about the industry and really showcasing some of the key things you guys are doing in the industry for customers. We really appreciate it. Thanks for coming on. >>Thanks John. Appreciate it. >>Okay. That's the, this is the ADBU startup showcase. John fur, your host season two, episode four of this ongoing series covering the exciting new growing startups from the AWS ecosystem in cybersecurity. Thanks for watching.