(lighthearted music) >> Hey all. Welcome back to theCube's coverage of Kubecon North America '22 CloudNativeCon. We're in Detroit. We've been here all day covering day one of the event from our perspective. Three days of coverage coming at you. Lisa Martin here with John Furrier. John, a lot of buzz today. A lot of talk about the maturation of Kubernetes with different services that vendors are offering. We talked a little bit about security earlier today. One of the things that is a hot topic is national security. >> Yeah, this is a huge segment we got coming up. It really takes that all that nerd talk about Kubernetes and puts it into action. We actually see demonstrable results. This is about advanced artificial intelligence for tactical decision making at the edge to support our military operations because a lot of the deaths are because of bad technology. And this has been talked about. We've been covering Silicon Angle, we wrote a story there now on this topic. This should be a really exciting segment so I'm really looking forward to it. >> Excellent, so am I. Please welcome back one of our alumni, Nick Barcet senior director, customer led open innovation at Red Hat. Great to have you back. Greg Forrest joins us as well from Lockheed Martin Director of AI Foundations. Guys, great to have you on the program. Nick, what's been your perception before we dig into the news and break that open of KubeCon 2022? >> So, KubeCon is always a wonderful event because we can see people working with us in the community developing new stuff, people that we see virtually all year. But it's the time at which we can really establish human contact and that's wonderful. And it's also the moments where we can make big topic move forward and the topics have been plenty at this KubeCon from MicroShift to KCP, to AI, to all domains have been covered. >> Greg, you're the director of AI foundations at Lockheed Martin. Obviously well known, contractors to the military lot of intellectual property, storied history. >> Greg: Sure. >> Talk about this announcement with Red Hat 'cause I think this is really indicative of what's happening at the edge. Data, compute, industrial equipment, and people, in this case lives are in danger or to preserve peace. This is a killer story in terms of understanding what this all means. What's your take on this relationship with Red Hat? What's the secret sauce? >> Yeah, it's really important for us. So part of our 21st century security strategy as a company is to partner with companies like Red Hat and Big Tech and bring the best of the commercial world into the Department of Defense for our soldiers on the ground. And that's exactly what we announced today or Tuesday in our partnership. And so the ability to take commercial products and utilize them in theater is really important for saving lives on the ground. And so we can go through exactly what we did as part of this demonstration, but we took MicroShift at the edge and we were able to run our AI payloads on that. That provided us with the ability to do things like AI based RF sensing, so radio frequency sensing. And we were also able to do computer vision based technologies at the edge. So we went out, we had a small UAV that went out and searched for a target on the ground. It found a target using its radio frequency capabilities, the RF capabilities. Then once we're able to hone in on that target, what Red Hat device edge and MicroShift enables us to do is actually then switch sensing modalities. And then we're able to look at this target via the camera and use computer vision-based technologies to actually more accurately locate the target and then track that target in real time. So that's one of the keys to be able to actually switch modalities in real time on one platform is really important for our joint all domain operations construct. The idea of how do you actually connect all of these assets in the environment, in the battle space. >> Talk about the challenge and how hard it is to do this. The back haul, you'll go back to the central server, bring data back, connecting things. What if there's insecurity around connectivity? I mean there's a lot of things going, can you just scope the magnitude of how hard it's to actually deploy something at a tactical edge? >> It is. There's a lot of data that comes from all of these sensors, whether they're RF sensors or EO or IR. We're working across multiple domains, right? And so we want to take that data back and train on that and then redeploy to the edge. And so with MicroShift, we're able to do that in a way that's robust, that's repeatable, and that's automated. And that really instills trust in us and our customers that when we deploy new software capabilities to the edge over the air, like we did in this demonstration that they're going to run right on the target hardware. And so that's a huge advantage to what we're doing here that when we push software to the edge in real time we know it's going to run. >> And in realtime is absolutely critical. We talk about it in so many different industries. Oh, it's customers expect realtime access whether it's your banking app or whatnot. But here we're talking about literally life and death situations on the battlefield. So that realtime data access is literally life and death. >> It's paramount to what we're doing. In this case, the aircraft started with one role which was to go find a radio frequency admitter and then switch roles to then go get cameras and eyes on that. So where is that coming from? Are there people on the ground? Are there dangerous people on the ground? And it gives the end user on the ground complete situational awareness of what is actually happening. And that is key for enhanced decision making. Enhanced decision making is critical to what we're doing. And so that's really where we're advancing this technology and where we can save lives. >> I read a report from General Mattis when he was in service that a lot of the deaths are due to not having enough information really at the edge. >> Greg: Friendly fire. >> Friendly fire, a lot of stuff that goes on there. So this is really, really important. Nick, you're sitting there saying this is great. My customer's talking about the product. This is your innovation, Red Hat device edge in action. This is real. This is industrial- >> So it's more than real. Actually this type of use case is what convinced us to transform a technology we had been working on which is a small form factor of Kubernetes to transform it into a product. Because sometimes, US engineers have a tendency to invent stuff that are great on paper, but it's a solution trying to find a problem. And we need customers to work with us to make sure that do solution do solve a real problem. And Lockheed was great. Worked with us upstream on that project. Helped us prove out that the concept was actually worth it and we waited until Lockheed had tested the concept in the air. >> Okay, so Red Hat device edge and MicroShift, explain that, how that works real quick for the folks that don't know. So one of the thing we learned is that Kubernetes is great but it's only part of the journey. In order to get those workloads on those aircraft or in order to get those workloads in a factory, you also need to consider the full life cycle of the device itself. And you don't handle a device that is inside of a UAV or inside of a factory the same way you handle a server. You have to deal with those devices in a way that is much more akin to a setup box. So we had to modify how the OS was behaving to deal with devices and we reduced what we had built in real for each edge aspect and combined it with MicroShift and that's what became with that Red Hat device edge. >> We're in a low SWAP environment, space, weight and power, right? Or very limited, We're on a small UAS in this demonstration. So the ability to spool up and spool down containers and to save computing power and to do that on demand and orchestrate that with MicroShift is paramount to what we're doing. We wouldn't be able to do it without that capability. >> John: That's awesome. >> I want to get both of your opinions. Nick, we'll start with you and then Greg we'll go to you. In terms of MicroShift , what is its superpower? What differentiates it from other competing solutions in the market? >> So MicroShift is Kubernetes but reduced to the strict minimum of a runtime version of Kubernetes so that it takes a minimal footprint so that we maximize the space available for the workload in those very constraints environments. On a board where you have eight or 16 gig of RAM, if you use only two gig of that to run the infrastructure component, you leave the rest for the AI workload that you need on the drone. And that's what is really important. >> And these AI payloads, the inference that we're doing at the edge is very compute intensive. So again, the ability to manage that and orchestrate that is paramount to running on these very small board computers. These are small drones that don't have a lot of weight that don't allow a lot of space. >> John: Got to be efficient >> And be efficient with it. >> How were you guys involved? Talk about the relationship. So you guys were tightly involved. Talk about the roles you guys played together. Was it co-development? Was it customer/partner? Talk about the relationship. >> Yeah, so we started actually with satellite. So you can think of small cube sets in a very similar environment to a low powered UAV. And it started there. And then in the last, I would say year or so, Nick we have worked together to develop MicroShift. We work closely on Slack channels together like we're part of the same team. >> John: That's great. >> And hey Red Hat, this is what we need, this is what we're looking for. These are the constraints that we have. And this team has been amazing and just delivered on everything that we've asked for. >> I mean this is really an example of the innovation at the edge, industrial edge specifically. You got an operating system, you got form factor challenges, you got operating parameters. And just to having that flex, you can't just take this and put it over there. >> But it's what really is a community applied to an industrial context. So what happened there is we worked as part of the MicroShift community together with a real time communication channel, the same slack that anybody developing Kubernetes uses we've been using to identify where the problems were, how to solve them, bring new ideas and that's how we tackle these problems. >> Yeah, a true open source model I mean the Red Hat and the Lockheed teams were in it together on a daily basis communicating like we were part of the same company. And and that's really how you move these things forward. >> Yeah, and of course open source is great but also you got to lock down the security. How did you guys handle that? What's going on with the security? 'Cause you got to make sure no take over the devices. >> So the funny thing is that even though what we produce is highly inclusive of security concern, our development model is completely open. So it's not security biopurification, it's security because we apply the best practices. >> John: You see everything. >> Absolutely. >> Yes. >> And then you harden it in the joint development, there it is. >> Yeah, but what we support, what we offer as a product is the same for Lockheed or for any other customer because there is no domain where security is not important. When you control the recognition on a drone or where you control the behavior of a robot in a factory, security is paramount because you can't immobilize a country by infecting a robot the same way you could immobilize a military operation- >> Greg: That's right. >> By infecting a UAV. >> Not to change the subject, but I got to go on a tangent here cause it pops in my head. You mentioned cube set, not related to theCUBE of course. Where theCube for the video. Cube sets are very powerful. People can launch space right now very inexpensively. So it's a highly contested and congested environment. Any space activity going on around the corner with you guys? 'Cause remember the world's not around, it's edge is now in space. Mars is the edge. >> That's right. >> Our first prototype for MicroShift was actually a cube set. >> Greg: That's where it started. >> And IBM project, the project called Endurance. That's the first time we actually put MicroShift into use. And that was a very interesting project, very early version of MicroShift . And now we have talks with many other people on reproducing that at more industrial level this was more like a cool high school project. >> But to your point, the scalability across different platforms is there. If we're running on top of MicroShift on this common OS, it just eases the development. Behind the scenes, we have a whole AI factory at Lockheed Martin where we have a common ecosystem for how we actually develop and deploy these algorithms to the edge. And now we've got a common ecosystem at the edge. And so it helps that whole process to be able to do that in automated ways, repeatable ways so we can instill trust in our DRD customer that the validation of verification of this is a really important aspect. >> John: Must be a fun place to work. >> It is, it's exciting. There's endless opportunities. >> You must get a lot of young kids applying for those jobs. They're barely into the whole. I mean, AI's a hot feel and people want to get their hands on real applications. I was serious about space. Is there space activity going on with you guys or is it just now military edge, not yet military space? Or is that classified? >> Yeah, so we're working across multiple fronts, absolutely. >> That's awesome. >> What excite, oh, sorry John. What excites you most, never a dull moment with what you're doing, but just the potential to enable a safer, a more secure world, what excites you most about this partnership and the direction and the we'll say the trajectory it's going on? >> Yeah, I think, for me, the safer insecure world is paramount to what we're doing. We're here for national defense and for our allies and that's really critical to what we're doing. That's what motivates me. That's what gets me up in the morning to know that there is a soldier on the ground who will be using this technology and we will give be giving that person the situational awareness to make the right decisions at the right time. So we can go from small UAVs to larger aircraft or we can do it in a small confined edge device like a stalker UAV. We can scale this up to different products different platforms and they don't even have to be Lockheed Martin >> John: And more devices that are going to be imagined. >> More devices that we haven't even imagined yet. >> Right, that aren't even on the frontier yet. Nick, what's next from your perspective? >> In the domain we are in, next is always plenty of things. Sustainability is a huge domain right now on which we're working. We have lots of things going on in the AI space, stuff going on with Lockheed Martin. We have things going on in the radio network domain. We've been very heavily involved in telecommunication and this is constantly evolving. There is not one domain that, in terms of infrastructure Red Hat is not touching >> Well, this is the first of multiple demonstrations. The scenarios will get more complex with multiple aircraft and in the future, we're also looking at bringing a lot of the 5G work. Lockheed has put a large focus on 5G.mil for military applications and running some of those workloads on top of MicroShift as well is things to come in the future that we are already planning and looking at. >> Yeah, and it's needed in theater to have connectivity. Got to have your own connectivity. >> It's paramount, absolutely. >> Absolutely, it's paramount. It's game-changing. Guys, thank you so much for joining John and me on theCube talking about how Red Hat and Lockheed Martin are working together to leverage AI to really improve decision making and save more lives. It was a wonderful conversation. We're going to have to have you back 'cause we got to follow this. >> Yeah, of course. >> This was great, thank you so much. >> Thank you very much for having us. >> Lisa: Our pleasure, thank you. >> Greg: Really appreciate it. >> Excellent. For our guests and John Furrier, I'm Lisa Martin. You're watching theCUBE Live from KubeCon CloudNativeCon '22 from Detroit. Stick around. Next guest is going to join John and Savannah in just a minute. (lighthearted music)

>> Announcer: From around the globe. It's theCUBE covering Data Citizens '21 brought to you by Collibra. >> Everybody, John Walls here on theCUBE, continuing our coverage of Data Citizens '21 with Michael Kuzma, who is a Senior Data Engineer at Lockheed Martin but he has just not any Senior Data Engineer. He is the Collibra Ranger of the Year, an outstanding award that certainly honors Michael's dedication to training and evaluation, and development. He is the top dog. And so it is our real pleasure to welcome Michael in this morning. Michael, first off congratulations on the recognition. I know it is well deserved, but, I'm certainly it's been a long time in the making for you. So congratulations on that. >> Thanks, John, thanks so much. >> Yeah, let's talk about the award a little bit here because you're the top Collibra Ranger. The fact that you've undergone this intensive training and evaluation process, what has that or what is that doing for you in terms of your professional development and what you're able to provide Lockheed Martin? >> Well, I think the ranger program definitely has helped with my understanding of the tool. First of all, we're standing up Collibra as sort of the key pillar of data governance within Lockheed Martin. So it's important to have people who are subject-matter experts on the tool that can help the different business areas to be able to stand up and just extract as much value as they can from it. >> Yeah, why did this matter to you? I mean, a lot of work, I mean, a lot of work that went into this and to reach the pinnacle required I know sacrifice and commitment on your part and on your team's part for that matter. But why was this of paramount importance to you? >> Well, I think it was partially because I was early on in my Collibra journey when I took the ranger certification and went through it. So it definitely helped to solidify my understanding of the tool and get more into it. That way I can just provide that value to the customers. We also wanted to see what would it look like for other people at Lockheed Martin to become rangers and get proficient in the tool. So I was kind of the Guinea pig for Lockheed and we were evaluating just how it would help us with standing it up. >> Yeah, I mean, talk about the process, if you will a little bit and share with us just what you went through in terms of how many hours this required, what kind of work you had to do, what kind of training and the evaluation process. So kind of take us through there from A to Z if you will, on your journey. >> Yeah, well, it started off, we had to get a virtual environment stood up just so that we could do some of the exercises that the ranger certification requires. So that was an intensive process of just making sure we had all the infrastructure in place to run the sandbox environment. And then once we got that up, it was mainly doing the exercises of, you're provided with the data landscape. How are you going to represent it in the tool? That way your users both business and technical users could go in and see the data that's in there and be able to get value, be able to get insights from it. And I think it was challenging for sure, to just figure out what all is required for standing up the Collibra environment 'cause that was a piece of the ranger not only how to work the tool, but how to stand it up, how to administrate it and in an effective way and get the metamodel set up in an effective way that way you have that longterm sustainability. So it was good seeing all of those different pieces come together. And then after you put it all together, I had the interviews with the Collibra team where you go over everything you did. So it definitely helps when you have to explain it to somebody they're asking questions. It sort of provides you with that dry run for when people in your business area and your company are going to be trying to use the tool and they might not understand about it or what value it can provide. So having that interview almost like a dry run that you can then help customers when they have questions and come to you. >> Yeah, how helpful was that? I mean, you raised a point, interesting point and really thought about that. You're basically going before the board, if you will, and answering a lot of how's and why's about your process, your thinking process, and what you put into place and how you implemented the tools, what have you. What did you find interesting about that? Or what did you find out about yourself perhaps in your knowledge base through that process? >> I definitely think it stretched my knowledge base for it. It was definitely nerve wracking having to go in and explain your rationale to people but it turned out well. And I feel like if you can explain something, like if you do your prep work and you're able to explain it to somebody else, it sort of proves that you have the true understanding on your side of it. So it was definitely a lot of prep work to just anticipate all the different questions, figure it out on my side first and then be able to answer it effectively. >> Yeah, we all like softballs, but what about curve balls? Were there any curve balls that perhaps that came up in that evaluation process? They're like, "Oh, no, I hadn't thought of that. Or I didn't anticipate that." You know sometimes it's those curve balls that really keep us on our toes. >> Yeah, I can't remember any specific questions. I do remember getting thrown some of those curve balls where you give the answer you think it's sufficient and then there's the build on follow on questions to that where you're like, "Okay, well, I didn't of that." And so you're trying to think through it on the spot. So I definitely got some of those I don't remember the exact questions but it definitely helps to be prepared. >> Yeah, it keeps you on your toes for sure. You mentioned that the value of this, perhaps within Lockheed Martin and being par, I think a great example for others within your organization. What about just kind of in the data community at large or your colleagues at other enterprises. What would you say to them in terms of the value in pursuing this kind of honor, this kind of recognition and how it could be put into good use in their work on the day-to-day side of operations? >> Well, I think for people who are early on and trying to stand it up, the video curriculum definitely helped me out for sure. Learning about both the administrative side, as well as how to use the tool as an end user. If you can put your mind yourself in the mindset of an end user, that's where you can really figure out where the most value is going to be coming from. And it was also good just getting that hands-on experience in a sandbox environment, that you could build it out and not have to worry about it breaking anything for your organization, but also figuring out how are you going to set up the metamodel and get it working before people populate the tool? 'Cause it's a lot harder to make updates when people are using it. It's good to try to get that as well established upfront as possible. So it's definitely good to get that hands-on experience with standing that up. And I think it helps you sort of think through all the different intricacies and nuances for standing up your own environment and getting the most value for your company. >> You know, let's talk about Lockheed Martin a little bit and obviously I'm going to take, everybody's pretty well familiar obviously with your work. I mean 110,000 employees worldwide footprint and obviously security and data security is a critical importance. What does Collibra do for you in that respect in terms of whatever peace of mind you might get in terms of data privacy and data security and reliability all these things that really factor, I would assume in the Lockheed Martin's operations. >> Yeah, it does and we're still thinking through all of the things especially with classified information, but it being metadata helps a lot. People are a lot less apprehensive knowing that it's just metadata in the tool. You're not actually keeping the data itself in the tool. So that way we can still have our security pieces on the underlying data. It's more for that discovery piece for us and we're able to see what shared reports are out there to be able to get lineage for different systems and help people's just business understanding of the things that are out there and the technical users as well, getting value from the lineage and system setups. So I think being able to lock down the view permissions that helps too, you know, puts people's minds at ease if you're able to say, "Okay, well, we can make sure only certain people are able to see this." You know, we have some of those built-in as well. >> Yeah, I mean, that's something I know you've done a lot at Lockheed in terms of working on the tech side and the non-tech side. And trying to explain policies, governance, and determining accessibility and putting the right governance controls in place. From a data perspective, again, sharing your insights what you have learned in that regard at Lockheed Martin what would you say to your fellow data colleagues if you will, again, at other enterprises in terms of getting that kind of collaboration and feedback and input from just not the, just the tech side but also the non-tech side of your house? >> Yeah, it's definitely important to get that business side as well because the technical users that while they work with it so much they might not understand that business users are not going to know what all of these things mean and that they're going to need some sort of human readable version of it. So we have people from the different business areas both business representatives and technical representatives who we work with on a consistent basis to get that continual feedback. And that way we're getting what are the priorities from both sides and seeing sort of where the synergies are across the different business areas as well. That way we're not duplicating effort, but we're trying to make it a comprehensive tool that everybody can use. >> Now I know that your relationship at Lockheed Martin with Clipper goes back some four years now. So you have a maturing relationship for sure. And the value there seems to be pretty well-documented. What would you say to others in your space, again not only about, just about Collibra, but about the data, evolution of data in general in terms of giving advice to somebody who's looking at this as a career, or maybe somebody who is just now getting into a more sophisticated look at their data footprint? >> Yeah it's definitely a large field. There's always new things to learn. It's always evolving too. So I think that that first step for an individual is to be willing to to learn those new things, to learn those new systems, processes, ways of thinking and take on tasks that sort of stretch you in your career. Things that you might not have said yes to before but saying yes could give you more of a comprehensive view of the business or give you a better data view as well. And from the company, it's just trying to figure out where the most value lies. Trying to get everybody sort of on the same page when it's the wild west it becomes a lot harder to extract value and move towards value. So trying to get everybody standardized but also give them the flexibility for their individual program or business needs but try to keep people to where there's a common understanding of the data. >> Now, spoken by someone who's been there and is doing that, Michael, we appreciate the insights. And once again, congratulations on the honor. It is a well-deserved. >> Thank you. Thank you. >> You bet Michael Kuzma joining us from Lockheed Martin as the Collibra Ranger of the Year. We continue our discussion here, Data Citizens '21 on theCUBE. (upbeat music)

live from Las Vegas it's the cube covering AWS reinvents 2018 brought to you by Amazon Web Services Intel and their ecosystem partners okay welcome back everyone live here at Amazon Web Services reinvent 2018 floor to cubes here wall-to-wall coverage - second day of three days I'm John for a table on that Dave six years and we got Maria d'marie here vice president general manager Lockheed Martin space news yesterday was the announcement of a new satellite ground station you guys are partnering with AWS this is an outside-the-box pioneering like move for amazon covered it yesterday on our blog we were giving commentary this is gonna power the iot edge and so essentially it kills the notion of an edge because if there's connectivity everywhere there is no edge the world is round and it's good space that's exactly right that's what you're doing is truly disruptive my team in lockheed martin we provide ground for satellite systems and it's generally usually a physical place that exists where you know where it is there's a large parabolic antenna this completely disrupts that whole concept it becomes a network node of antennas low-cost antennas for our customers and it's truly disruptive exactly to your point let's talk about how it works you have this thing called verge right what you're doing for the cube stats you did for orbit not related to our cube different cube different cubes overages part talk about how it works at amazon explain the system what was what's gonna how it's gonna work okay wasn't sure so amazon with we together had this collaboration which we rolled out yesterday andrew jesse from amazon AWS rolled out AWS brown station which is 12 parabolic antennas it'll be at amazon locations at there they're global regions thank you and so that allows for download of downlink of satellite data to those our system is complementary to that and separate in its low cost antennas across other areas which allows for more frequent connectivity for the satellites more frequent opportunities to downlink data and all of this is available to customers as a service so you were only paying for it when you're using it yeah it's really key when you think about the cost of entry to have access to space it's very expensive if you have to build these large parabolics this allows startups it makes provisioning a jada Center look like a picnic satellites how did it come about where'd the idea come from how would that collaboration start I'm glad you asked so we had Andrew Jesse and our executive vice president Rick Ambrose you know know each other and they had a conversation one day and they said we should do something together and we actually Teresa Carlson and I work for both of them got together got our teams together out in Denver Colorado for a two-day shark tank type activity and we just brought some of our best and brightest from both teams across all of Amazon not even just AWS but other activities and Amazon young people that just graduated from college some of our senior fellows everybody and we just put them in a room and said what are some things that what do we have that we're working on that we might be able to bring three big things the reinvent exactly I like to think it's like we call it peanut butter and chocolate because they're great separately but when you bring them together they're even better and these systems are really complementary to each other and it's just it's been really neat and the teams have had a lot of fun learning from each other it's certainly chink his connectivity to places that don't have connectivity so edge computing had a limitation between power and connectivity power you get battery low cut low you know low battery power batteries they last a long time too now satellite coverage so there's no excuse to trip the first back all the data so backhaul is huge here great huge advantage right so factory in remote areas as you guys did the announcement yesterday were there developers involved how do you see developers playing with this so let's just say I'm into space and I want to visit some satellites what do I do it so I go to the console and say you know move the satellite like a video game and like start mostly what you do is make sure that you can down link whatever type of data you work with can get to you the point of both these systems it gets data into the cloud and that's where the real magic happens because when you can get that downlink down and start using artificial intelligence machine learning the services that are available on that data now you can take action which is really what our customers missions are about it's not necessarily about the satellites or down-looking data from satellites it's about getting data that you can add and turning into the insights family so talk about space history that you guys have had and big legacy with Lockheed Martin I was seeing you know Theresa Carlson and I love to talk about space force that was announced and just the notion of having a space force it's kind of people love you know seeing you know Blue Origin and SpaceX Rockets landing back on the pads so huge interest in the culture back to space there is I have two kids I'm sorry three kids at home too that are actually interested in space I should say but yeah my kids talk about it you know we just had the Mars Lander the insight Lander Monday and we were at dinner Monday night and my kids are like mom that you know yeah we landed something on Mars like that was us yeah so it's it's really an exciting time do we have hardest space a lot of it's because so much technology has advanced recently to the point where we can do a lot more things than we've been able to do and the cost keep coming down coming down so you know NIT I we can easily envision the the heavy lifting and the before and the after can you describe what a customer's going to go through now and how it's different yes if you were gonna build a parabolic antenna it might cost a million dollars you have to have land you might need to have a fence line you have to maintain it operate it this is available as a service so you could imagine if this exists for our customers that might want to you know maybe there's a fire situation and someone needs rapid access to get imagery down to see where something's happen as a service they can connect we can get them on quickly and have their owns all kinds of other moving vehicles mobility kind of feature well I mean mostly right now we're dealing with satellites but that's a good idea that will take back I was like drone deliveries by John to your next meeting talking about video car the whole thing okay so where's this go next how do you envision it evolving after the parts of the Amazon solid connected to the cloud analytics are in the cloud a lot of horsepower absolutely you know we just went to Mars there's a lot of things they're going to be happening in deep space there's a lot of excitement about what's going on and Mars in the moon etc so I will tell you there were more ideas that came out of the shark tank I think that you know this is the start I think of a really great longer-term relationship I hope and that you know we do have some other ideas that we can't really necessarily everyone knows Jeff Bezos loves space yes joke we always say is maybe they put the data centers in space in Mars be a lot cooler Maria thanks for coming on explaining the relationship as Amazon announcement love it I think it's a super groundbreaking pioneering different but it shows where it's going great it's powering a lot of things just the beginning day one actly congratulation thank you okay live cube coverage here day two wrapping up I'm John Faraday Volante thanks for watching we'll see you tomorrow [Music]

>> Narrator: TheCUBE's live coverage is made possible by funding from Dell Technologies, creating technologies that drive human progress. (upbeat music intro) (logo background tingles) >> Hi everybody, welcome back to day three of MWC23, my name is Dave Vellante and we're here live at the Theater of Barcelona, Lisa Martin, David Nicholson, John Furrier's in our studio in Palo Alto. Lot of buzz at the show, the Mobile World Daily Today, front page, Netflix chief hits back in fair share row, Greg Peters, the co-CEO of Netflix, talking about how, "Hey, you guys want to tax us, the telcos want to tax us, well, maybe you should help us pay for some of the content. Your margins are higher, you have a monopoly, you know, we're delivering all this value, you're bundling Netflix in, from a lot of ISPs so hold on, you know, pump the brakes on that tax," so that's the big news. Lockheed Martin, FOSS issues, AI guidelines, says, "AI's not going to take over your job anytime soon." Although I would say, your job's going to be AI-powered for the next five years. We're going to talk about data, we've been talking about the disaggregation of the telco stack, part of that stack is a data layer. John Kreisa is here, the CMO of Couchbase, John, you know, we've talked about all week, the disaggregation of the telco stacks, they got, you know, Silicon and operating systems that are, you know, real time OS, highly reliable, you know, compute infrastructure all the way up through a telemetry stack, et cetera. And that's a proprietary block that's really exploding, it's like the big bang, like we saw in the enterprise 20 years ago and we haven't had much discussion about that data layer, sort of that horizontal data layer, that's the market you play in. You know, Couchbase obviously has a lot of telco customers- >> John: That's right. >> We've seen, you know, Snowflake and others launch telco businesses. What are you seeing when you talk to customers at the show? What are they doing with that data layer? >> Yeah, so they're building applications to drive and power unique experiences for their users, but of course, it all starts with where the data is. So they're building mobile applications where they're stretching it out to the edge and you have to move the data to the edge, you have to have that capability to deliver that highly interactive experience to their customers or for their own internal use cases out to that edge, so seeing a lot of that with Couchbase and with our customers in telco. >> So what do the telcos want to do with data? I mean, they've got the telemetry data- >> John: Yeah. >> Now they frequently complain about the over-the-top providers that have used that data, again like Netflix, to identify customer demand for content and they're mopping that up in a big way, you know, certainly Amazon and shopping Google and ads, you know, they're all using that network. But what do the telcos do today and what do they want to do in the future? They're all talking about monetization, how do they monetize that data? >> Yeah, well, by taking that data, there's insight to be had, right? So by usage patterns and what's happening, just as you said, so they can deliver a better experience. It's all about getting that edge, if you will, on their competition and so taking that data, using it in a smart way, gives them that edge to deliver a better service and then grow their business. >> We're seeing a lot of action at the edge and, you know, the edge can be a Home Depot or a Lowe's store, but it also could be the far edge, could be a, you know, an oil drilling, an oil rig, it could be a racetrack, you know, certainly hospitals and certain, you know, situations. So let's think about that edge, where there's maybe not a lot of connectivity, there might be private networks going in, in the future- >> John: That's right. >> Private 5G networks. What's the data flow look like there? Do you guys have any customers doing those types of use cases? >> Yeah, absolutely. >> And what are they doing with the data? >> Yeah, absolutely, we've got customers all across, so telco and transportation, all kinds of service delivery and healthcare, for example, we've got customers who are delivering healthcare out at the edge where they have a remote location, they're able to deliver healthcare, but as you said, there's not always connectivity, so they need to have the applications, need to continue to run and then sync back once they have that connectivity. So it's really having the ability to deliver a service, reliably and then know that that will be synced back to some central server when they have connectivity- >> So the processing might occur where the data- >> Compute at the edge. >> How do you sync back? What is that technology? >> Yeah, so there's, so within, so Couchbase and Couchbase's case, we have an autonomous sync capability that brings it back to the cloud once they get back to whether it's a private network that they want to run over, or if they're doing it over a public, you know, wifi network, once it determines that there's connectivity and, it can be peer-to-peer sync, so different edge apps communicating with each other and then ultimately communicating back to a central server. >> I mean, the other theme here, of course, I call it the software-defined telco, right? But you got to have, you got to run on something, got to have hardware. So you see companies like AWS putting Outposts, out to the edge, Outposts, you know, doesn't really run a lot of database to mind, I mean, it runs RDS, you know, maybe they're going to eventually work with companies like... I mean, you're a partner of AWS- >> John: We are. >> Right? So do you see that kind of cloud infrastructure that's moving to the edge? Do you see that as an opportunity for companies like Couchbase? >> Yeah, we do. We see customers wanting to push more and more of that compute out to the edge and so partnering with AWS gives us that opportunity and we are certified on Outpost and- >> Oh, you are? >> We are, yeah. >> Okay. >> Absolutely. >> When did that, go down? >> That was last year, but probably early last year- >> So I can run Couchbase at the edge, on Outpost? >> Yeah, that's right. >> I mean, you know, Outpost adoption has been slow, we've reported on that, but are you seeing any traction there? Are you seeing any nibbles? >> Starting to see some interest, yeah, absolutely. And again, it has to be for the right use case, but again, for service delivery, things like healthcare and in transportation, you know, they're starting to see where they want to have that compute, be very close to where the actions happen. >> And you can run on, in the data center, right? >> That's right. >> You can run in the cloud, you know, you see HPE with GreenLake, you see Dell with Apex, that's essentially their Outposts. >> Yeah. >> They're saying, "Hey, we're going to take our whole infrastructure and make it as a service." >> Yeah, yeah. >> Right? And so you can participate in those environments- >> We do. >> And then so you've got now, you know, we call it supercloud, you've got the on-prem, you've got the, you can run in the public cloud, you can run at the edge and you want that consistent experience- >> That's right. >> You know, from a data layer- >> That's right. >> So is that really the strategy for a data company is taking or should be taking, that horizontal layer across all those use cases? >> You do need to think holistically about it, because you need to be able to deliver as a, you know, as a provider, wherever the customer wants to be able to consume that application. So you do have to think about any of the public clouds or private networks and all the way to the edge. >> What's different John, about the telco business versus the traditional enterprise? >> Well, I mean, there's scale, I mean, one thing they're dealing with, particularly for end user-facing apps, you're dealing at a very very high scale and the expectation that you're going to deliver a very interactive experience. So I'd say one thing in particular that we are focusing on, is making sure we deliver that highly interactive experience but it's the scale of the number of users and customers that they have, and the expectation that your application's always going to work. >> Speaking of applications, I mean, it seems like that's where the innovation is going to come from. We saw yesterday, GSMA announced, I think eight APIs telco APIs, you know, we were talking on theCUBE, one of the analysts was like, "Eight, that's nothing," you know, "What do these guys know about developers?" But you know, as Daniel Royston said, "Eight's better than zero." >> Right? >> So okay, so we're starting there, but the point being, it's all about the apps, that's where the innovation's going to come from- >> That's right. >> So what are you seeing there, in terms of building on top of the data app? >> Right, well you have to provide, I mean, have to provide the APIs and the access because it is really, the rubber meets the road, with the developers and giving them the ability to create those really rich applications where they want and create the experiences and innovate and change the way that they're giving those experiences. >> Yeah, so what's your relationship with developers at Couchbase? >> John: Yeah. >> I mean, talk about that a little bit- >> Yeah, yeah, so we have a great relationship with developers, something we've been investing more and more in, in terms of things like developer relations teams and community, Couchbase started in open source, continue to be based on open source projects and of course, those are very developer centric. So we provide all the consistent APIs for developers to create those applications, whether it's something on Couchbase Lite, which is our kind of edge-based database, or how they can sync that data back and we actually automate a lot of that syncing which is a very difficult developer task which lends them to one of the developer- >> What I'm trying to figure out is, what's the telco developer look like? Is that a developer that comes from the enterprise and somebody comes from the blockchain world, or AI or, you know, there really doesn't seem to be a lot of developer talk here, but there's a huge opportunity. >> Yeah, yeah. >> And, you know, I feel like, the telcos kind of remind me of, you know, a traditional legacy company trying to get into the developer world, you know, even Oracle, okay, they bought Sun, they got Java, so I guess they have developers, but you know, IBM for years tried with Bluemix, they had to end up buying Red Hat, really, and that gave them the developer community. >> Yep. >> EMC used to have a thing called EMC Code, which was a, you know, good effort, but eh. And then, you know, VMware always trying to do that, but, so as you move up the stack obviously, you have greater developer affinity. Where do you think the telco developer's going to come from? How's that going to evolve? >> Yeah, it's interesting, and I think they're... To kind of get to your first question, I think they're fairly traditional enterprise developers and when we break that down, we look at it in terms of what the developer persona is, are they a front-end developer? Like they're writing that front-end app, they don't care so much about the infrastructure behind or are they a full stack developer and they're really involved in the entire application development lifecycle? Or are they living at the backend and they're really wanting to just focus in on that data layer? So we lend towards all of those different personas and we think about them in terms of the APIs that we create, so that's really what the developers are for telcos is, there's a combination of those front-end and full stack developers and so for them to continue to innovate they need to appeal to those developers and that's technology, like Couchbase, is what helps them do that. >> Yeah and you think about the Apples, you know, the app store model or Apple sort of says, "Okay, here's a developer kit, go create." >> John: Yeah. >> "And then if it's successful, you're going to be successful and we're going to take a vig," okay, good model. >> John: Yeah. >> I think I'm hearing, and maybe I misunderstood this, but I think it was the CEO or chairman of Ericsson on the day one keynotes, was saying, "We are going to monetize the, essentially the telemetry data, you know, through APIs, we're going to charge for that," you know, maybe that's not the best approach, I don't know, I think there's got to be some innovation on top. >> John: Yeah. >> Now maybe some of these greenfield telcos are going to do like, you take like a dish networks, what they're doing, they're really trying to drive development layers. So I think it's like this wild west open, you know, community that's got to be formed and right now it's very unclear to me, do you have any insights there? >> I think it is more, like you said, Wild West, I think there's no emerging standard per se for across those different company types and sort of different pieces of the industry. So consequently, it does need to form some more standards in order to really help it grow and I think you're right, you have to have the right APIs and the right access in order to properly monetize, you have to attract those developers or you're not going to be able to monetize properly. >> Do you think that if, in thinking about your business and you know, you've always sold to telcos, but now it's like there's this transformation going on in telcos, will that become an increasingly larger piece of your business or maybe even a more important piece of your business? Or it's kind of be steady state because it's such a slow moving industry? >> No, it is a big and increasing piece of our business, I think telcos like other enterprises, want to continue to innovate and so they look to, you know, technologies like, Couchbase document database that allows them to have more flexibility and deliver the speed that they need to deliver those kinds of applications. So we see a lot of migration off of traditional legacy infrastructure in order to build that new age interface and new age experience that they want to deliver. >> A lot of buzz in Silicon Valley about open AI and Chat GPT- >> Yeah. >> You know, what's your take on all that? >> Yeah, we're looking at it, I think it's exciting technology, I think there's a lot of applications that are kind of, a little, sort of innovate traditional interfaces, so for example, you can train Chat GPT to create code, sample code for Couchbase, right? You can go and get it to give you that sample app which gets you a headstart or you can actually get it to do a better job of, you know, sorting through your documentation, like Chat GPT can do a better job of helping you get access. So it improves the experience overall for developers, so we're excited about, you know, what the prospect of that is. >> So you're playing around with it, like everybody is- >> Yeah. >> And potentially- >> Looking at use cases- >> Ways tO integrate, yeah. >> Hundred percent. >> So are we. John, thanks for coming on theCUBE. Always great to see you, my friend. >> Great, thanks very much. >> All right, you're welcome. All right, keep it right there, theCUBE will be back live from Barcelona at the theater. SiliconANGLE's continuous coverage of MWC23. Go to siliconangle.com for all the news, theCUBE.net is where all the videos are, keep it right there. (cheerful upbeat music outro)

>>Hello and welcome back to the live coverage of the Cube here. Live in Detroit, Michigan for Cub Con, our seventh year covering all seven years. The cube has been here. M John Fur, host of the Cube, co-founder of the Cube. I'm here with Lisa Mart, my co-host, and our new host, Savannah Peterson. Great to see you guys. We're wrapping up day one of three days of coverage, and our guest analyst is Sario Wall, who's the cube analyst who's gonna give us his report. He's been out all day, ear to the ground in the sessions, peeking in, sneaking in, crashing him, getting all the data. Great to see you, Sarvi. Lisa Savannah, let's wrap this puppy up. >>I am so excited to be here. My first coupon with the cube and being here with you and Lisa has just been a treat. I can't wait to hear what you have to say in on the report side. And I mean, I have just been reflecting, it was last year's coupon that brought me to you, so I feel so lucky. So much can change in a year, folks. You never know where you're be. Wherever you're sitting today, you could be living your dreams in just a few >>Months. Lisa, so much has changed. I mean, just look at the past this year. Events we're back in person. Yeah. Yep. This is a big team here. They're still wearing masks, although we can take 'em off with a cube. But mask requirement. Tech has changed. Conversations are upleveling, skill gaps still there. So much has changed. >>So much has changed. There's so much evolution and so much innovation that we've also seen. You know, we started out the keynote this morning, standing room. Only thousands of people are here. Even though there's a mass requirement, the community that is CNCF Co Con is stronger than I, stronger than I saw it last year. This is only my second co con. But the collaboration, what they've done, their devotion to the maintainers, their devotion to really finding mentors for mentees was really a strong message this morning. And we heard a >>Lot of that today. And it's going beyond Kubernetes, even though it's called co con. I also call it cloud native con, which I think we'll probably end up being the name because at the end of day, the cloud native scaling, you're starting to see the pressure points. You're start to see where things are breaking, where automation's coming in, breaking in a good way. And we're gonna break it all down Again. So much going on again, I've overs gonna be in charge. Digital is transformation. If you take it to its conclusion, then you will see that the developers are running the business. It isn't a department, it's not serving the business, it is the business. If that's the case, everything has to change. And we're, we're happy to have Sarib here with us Cube analysts on the badge. I saw that with the press pass. Well, >>Thank you. Thanks for getting me that badge. So I'm here with you guys and >>Well, you got a rapport. Let's get into it. You, I >>Know. Let's hear what you gotta say. I'm excited. >>Yeah. Went around, actually attend some sessions and, and with the analysts were sitting in, in the media slash press, and I spoke to some people at their booth and the, there are a few, few patterns, you know, which are, some are the exaggeration of existing patterns or some are kind of new patterns emerging. So things are getting complex in open source. The lawn more projects, right. They have, the CNCF has graduated some projects even after graduation, they're, they're exploring, right? Kubernetes is one of those projects which has graduated. And on that front, just a side note, the new projects where, which are entering the cncf, they're the, we, we gotta see that process and the three stages and all that stuff. I tweeted all day long, if you wanna know what it is, you can look at my tweets. But when I will look, actually write right on that actually after, after the show ends, what, what I saw there, these new projects need to be curated properly. >>I think they need to be weed. There's a lot of noise in these projects. There's a lot of overlap. So the, the work is cut out for CNCF folks, by the way. They're sort of managerial committee or whatever you call that. The, the people who are leading it, they're try, I think they're doing their best and they're doing a good job of that. And another thing actually, I really liked in the morning's keynote was that lot of women on the stage and minorities represented. I loved it, to be honest with you. So believe me, I'm a minority even though I'm Indian, but from India, I'm a minority. So people who have Punjab either know that I'm a minority, so I, I understand their pain and how hard it is to, to break through the ceiling and all that. So I love that part as well. Yeah, the >>Activity is clear. Yeah. From day one. It's in the, it's in the dna. I mean, they'll reject anything that the opposite >>Representation too. I mean, it's not just that everyone's invited, it's they're celebrated and that's a very big difference. Yeah. It's, you see conferences offer discounts for women for tickets or minorities, but you don't necessarily see them put them running where their mouth is actually recruit the right women to be on stage. Right. Something you know a little bit about John >>Diversity brings better outcomes, better product perspectives. The product is better with all the perspectives involved. Percent, it might go a little slower, maybe a little debates, but it's all good. I mean, it's, to me, the better product comes when everyone's in. >>I hope you didn't just imply that women would make society. So >>I think John men, like slower means a slower, >>More diversity, more debate, >>The worst. Bringing the diversity into picture >>Wine. That's, that's how good groups, which is, which is >>Great. I mean, yeah, yeah, >>Yeah, yeah. I, I take that mulligan back and say, hey, you knows >>That's >>Just, it's gonna go so much faster and better and cheaper, but that not diversity. Absolutely. >>Yes. Well, you make better products faster because you have a variety >>Of perspectives. The bigger the group, there's more debate. More debate is key. But the key to success is aligning and committing. Absolutely. Once you have that, and that's what open sources has been about for. Oh God, yeah. Generations >>Has been a huge theme in the >>Show generations. All right, so, so, >>So you have to add another, like another important, so observation if you will, is that the security is, is paramount right. Requirement, especially for open source. There was a stat which was presented in the morning that 60% of the projects in under CNCF have more vulnerabilities today than they had last year. So that was, That's shocking actually. It's a big jump. It's a big jump. Like big jump means jump, jump means like it can be from from 40 to 60 or or 50 or 60. But still that percentage is high. What, what that means is that lot more people are contributing. It's very sort of di carmic or ironic that we say like, Oh this project has 10,000 contributors. Is that a good thing? Right. We do. Do we know the quality of that, where they're coming from? Are there any back doors being, you know, open there? How stringent is the process of rolling those things, which are being checked in, into production? You know, who is doing that? I've >>Wondered about that. Yeah. The quantity, quality, efficacy game. Yes. And what a balance that must be for someone like CNCF putting in the structure to try and >>That's >>Hard. Curate and regulate and, and you know, provide some bumpers on the bowling lane, so to speak, of, of all of these projects. Yeah. >>Yeah. We thought if anybody thought that the innovation coming from, or the number of services coming from AWS or Google Cloud or likes of them is overwhelming, look at open source, it's even more >>Overwhelming. What's your take on the supply chain discussion? More code more happening. What are you hearing there? >>The supply chain from the software? Yeah. >>Supply chain software, supply chain security pays. Are people talking about that? What are you >>Seeing? Yeah, actually people are talking about that. The creation, the curation, not creation. Curation of suppliers of software I think is best done in the cloud. Marketplaces Ive call biased or what, you know, but curation of open source is hard. It's hard to know which project to pick. It's hard to know which project will pan out. Many of the good projects don't see the day light of the day, but some decent ones like it becomes >>A marketing problem. Exactly. The more you have out there. Exactly. The more you gotta get above the noise. Exactly. And the noise echo that. And you got, you got GitHub stars, you got contributors, you have vanity metrics now coming in to this that are influencing what's real. But sometimes the best project could have smaller groups. >>Yeah, exactly. And another controversial thing a little bit I will say that is that there's a economics of the practitioner, right? I usually talk about that and economics of the, the enterprise, right? So practitioners in our world, in software world especially right in systems world, practitioners are changing jobs every two to three years. And number of developers doubles every three years. That's the stat I've seen from Uncle Bob. He's authority on that software side of things. Wow. So that means there's a lot more new entrance that means a lot of churn. So who is watching out for the enterprise enterprises economics, You know, like are we creating stable enterprises? How stable are our operations? On a side note to that, most of us see the software as like one band, which is not true. When we talk about all these roles and personas, somebody's writing software for, for core layer, which is the infrastructure part. Somebody's writing business applications, somebody's writing, you know, systems of bracket, some somebody's writing systems of differentiation. We talk about those things. We need to distinguish between those and have principle based technology consumption, which I usually write about in our Oh, >>So bottom line in Europe about it, in your opinion. Yeah. What's the top story here at coupon? >>Top story is >>Headline. Yeah, >>The, the headline. Okay. The open source cannot be ignored. That's a headline. >>And what should people be paying attention to if there's a trend coming out? See any kind of trends coming out or any kind of signal, What, what do you see that people should pay attention to here? The put top >>Two, three things. The signal is that, that if you are a big shop, like you'd need to assess your like capacity to absorb open source. You need to be certain size to absorb the open source. If you are below that threshold, I mean we can talk about that at some other time. Like what is that threshold? I will suggest you to go with the managed services from somebody, whoever is providing those managed services around open source. So manage es, right? So from, take it from aws, Google Cloud or Azure or IBM or anybody, right? So use open source as managed offering rather than doing it yourself. Because doing it yourself is a lot more heavy lifting. >>I I, >>There's so many thoughts coming, right? >>Mind it's, >>So I gotta ask you, what's your rapport? You have some swag, What's the swag look >>Like to you? I do. Just as serious of a report as you do on the to floor, but I do, so you know, I come from a marketing background and as I, I know that Lisa does as well. And one of the things that I think about that we touched on in this is, is you know, canceling the noise or standing out from the noise and, and on a show floor, that's actually a huge challenge for these startups, especially when you're up against a rancher or companies or a Cisco with a very large budget. And let's say you've only got a couple grand for an activation here. Like most of my clients, that's how I ended up in the CU County ecosystem, was here with the A client before. So there actually was a booth over there and I, they didn't quite catch me enough, but they had noise canceling headphones. >>So if you just wanted to take a minute on the show floor and just not hear anything, which I thought was a little bit clever, but gonna take you through some of my favorite swag from today and to all the vendors, you know, this is why you should really put some thought into your swag. You never know when you're gonna end up on the cube. So since most swag is injection molded plastic that's gonna end up in the landfill, I really appreciate that garden has given all of us a potable plant. And even the packaging is plantable, which is very exciting. So most sustainable swag goes to garden. Well done >>Rep replicated, I believe is their name. They do a really good job every year. They had some very funny pins that say a word that, I'm not gonna say live on television, but they have created, they brought two things for us, yet it's replicated little etch sketch for your inner child, which is very nice. And given that we are in Detroit, we are in Motor City, we are in the home of Ford. We had Ford on the show. I love that they have done the custom K eight s key chains in the blue oval logo. Like >>Fords right behind us by the way, and are on you >>Interviewed, we had 'em on earlier GitLab taking it one level more personal and actually giving out digital portraits today. Nice. Cool. Which is quite fun. Get lap house multiple booths here. They actually IPOed while they were on the show floor at CubeCon 2021, which is fun to see that whole gang again. And then last but not least, really embracing the ship wheel logo of a Kubernetes is the robusta accrue that is giving out bucket hats. And if you check out my Twitter at sabba Savvy, you can see me holding the ship wheel that they're letting everyone pose with. So we are all in on Kubernetes. That cove gone 2022, that's for sure. Yeah. >>And this is something, day one guys, we've got three. >>I wanna get one of those >>Hats. We we need to, we need a group photo >>By the end of Friday we will have a beverage and hats on to sign off. That's, that's my word. If I can convince John, >>Don, what's your takeaway? You guys did a great kind of kickoff about last week or so about what you were excited about, what your thoughts were going to be. We're only on day one, There's been thousands of people here, we've had great conversations with contributors, the community. What's your take on day one? What's your, what's your tagline? >>Well, Savannah and I had at we up, we, we were talking about what we might see and I think we, we were right. I think we had it right. There's gonna be a lot more people than there were last year. Okay, check. That's definitely true. We're in >>Person, which >>Is refreshing. I was very surprised about the mask mandate that kind of caught me up guard. I was major. Yeah. Cause I've been comfortable without the mask. I'm not a mask person, but I had to wear it and I was like, ah, mask. But I understand I support that. But whatever. It's >>Corporate travel policy. So you know, that's what it is. >>And then, you know, they, I thought that they did an okay job with the gates, but they wasn't slow like last time. But on the content side, definitely Kubernetes security, top line headline, Kubernetes at scale security, that's, that's to me the bumper sticker top things to pay attention to the supply chain and the role of docker and the web assembly was a surprise. You're starting to see containers ecosystem coming back to, I won't say tension growth in the functionality of containers cuz they have to solve the security problem in the container images. Okay, you got scanning technology so it's a little bit in the weeds, but there's a huge movement going on to fix that problem to scale it so it's not a problem area contain. And then Dr sent a great job with productivity interviews. Scott Johnston over a hundred million in revenue so far. That's my number. They have not publicly said that. That's what I'm reporting from sources extremely well financially. And they, and they love their business model. They make productivity for developers. That's a scoop. That's new >>Information. That's a nice scoop we just dropped there on the co casually. >>You're watching that. Pay attention to that. But that, that's proof. But guess what, Red Hat's got developers too. Yes. Other people have to, So developers gonna go where it's the best. Yeah. Developers are voting with their code, they're voting with their feet. You will see the winners with the developers and that's what we've talked about. >>Well and the companies are catering to the developers. Savannah and I had a great conversation with Ford. Yeah. You saw, you showed their fantastic swag was an E for Ev right behind us. They were talking about the, all the cultural changes that they've really focused on to cater towards the developers. The developers becoming the influencers as you say. But to see a company that is as, as historied as Ford Motor Company and what they're doing to attract and retain developer talent was impressive. And honestly that surprised me. Yeah. >>And their head of deb relations has been working for, for, for 29 years. Which I mean first of all, most companies on the show floor haven't been around for 29 years. Right. But what I love is when you put community first, you get employees to stick around. And I think community is one of the biggest themes here at Cuco. >>Great. My, my favorite story that surprised me and was cool was the Red Hat Lockheed Martin interview where they had edge deployments with micro edge, >>Micro shift, >>Micro >>Shift, new projects under, there's, there are three new projects under, >>Under that was so, so cool because it was an edge story in deployment for the military where lives are on the line, they actually had it working. That is a real world example of Kubernetes and tech orchestrating to deploy the industrial edge. And I think that's proof in my mind that Kubernetes and this ecosystem is gonna move faster through this next wave of growth. Because once things start clicking, you get hybrid on premise to super cloud and edge. That was, that was my favorite cause it was real. That was real >>Story that it can make is literally life and death on the battlefield. Yeah, that was amazing. With what they're doing and what >>They're talking check out the Lockheed Martin Red Hat edge story on Silicon Angle and then a press release all pillar. >>Yeah. Another actually it's impressive, which we knew this which is happening, but I didn't know that it was happening at this scale is the finops. The finops is, I saw your is a discipline which most companies are adopting bigger companies, which are spending like hundreds of millions dollars in cloud average. Si a team size of finops for finops is seven people. And average number of tools is I think 3.5 or around 3.7 or something like that. Average number of tools they use to control the cost. So finops is a very generic term for years. It's not financial operations, it's the financial operations for the cloud cost, you know, containing the cloud costs. So that's a finops that is a very emerging sort of discipline >>To keep an eye on. And well, not only is that important, I talked to, well one of the principles over there, it's growing and they have real big players in that foundation. Their, their events are highly attended. It's super important. It's just, it's the cost side of cloud. And, and of course, you know, everyone wants to know what's going on. No one wants to leave there. Their Amazon on Yeah, you wanna leave the lights on the cloud, as we always say, you never know what the bill's gonna look like. >>The cloud is gonna reach $3 billion in next few years. So we might as well control the cost there. Yeah, >>It was, it was funny to get the reaction I found, I don't know if I was, how I react, I dunno how I felt. But we, we did introduce Super Cloud to a couple of guests and a, there were a couple reactions, a couple drawn. There was a couple, right. There was a couple, couple reactions. And what I love about the super cloud is that some people are like, oh, cringing. And some people are like, yeah, go. So it's a, it's a solid debate. It is solid. I saw more in the segments that I did with you together. People leaning in. Yeah. Super fun. We had a couple sum up, we had a couple, we had a couple cringes, I'll say their names, but I'll go back and make sure I, >>I think people >>Get 'em later. I think people, >>I think people cringe on the, on the term not on the idea. Yeah. You know, so the whole idea is that we are building top of the cloud >>And then so I mean you're gonna like this, I did successfully introduce here on the cube, a new term called architectural list. He did? That's right. Okay. And I wanna thank Charles Fitzgerald for that cuz he called super cloud architectural list. And that's exactly the point of super cloud. If you have a great coding environment, you shouldn't have to do an architecture to do. You should code and let the architecture of the Super cloud make it happen. And of course Brian Gracely, who will be on tomorrow at his cloud cast said Super Cloud enables super services. Super Cloud enables what Super services, super service. The microservices underneath the covers have to be different. High performing, automated. So again, the debate and Susan, the goal is to keep it open. And that's our, that's our goal. But we had a lot of fun with that. It was fun to poke the bear a little bit. So >>What is interesting to see just how people respond to it too, with you throwing it out there so consistently, >>You wanna poke the bear, get a conversation going, you know, let let it go. We'll see, it's been positive so far. >>There, there I had a discussion outside somebody who is from Ford but not attending this conference and they have been there for a while. I, I just some moment hit like me, like I said, people, okay, technologists are horizontal, the codes are horizontal. They will go from four to GM to Chrysler to Bank of America to, you know, GE whatever, you know, like cross vertical within vertical different vendors. So, but the culture of a company is local, right? Right. Ford has been building cars for forever. They sort of democratize it. They commercialize it, right? But they have some intense culture. It's hard to change those cultures. And how do we bring in the new thinking? What is, what approach that should be? Is it a sandbox approach for like putting new sensors on the car? They have to compete with te likes our Tesla, right? Yeah. But they cannot, if they are afraid of deluding their existing market or they're afraid of failure there, right? So it's very >>Tricky. Great stuff. Sorry. Great to have you on as our cube analyst breaking down the stories. We'll document that, that we'll roll out a post on it. Lisa Savannah, let's wrap up the show for day one. We got day two and three. We'll start with you. What's your summary? Quick bumper sticker. What's today's show all about? >>I'm a community first gal and this entire experience is about community and it's really nice to see the community come together, celebrate that, share ideas, and to have our community together on stage. >>Yeah. To me, to me it was all real. It's happening. Kubernetes cloud native at scale, it's happening, it's real. And we see proof points and we're gonna have faster time to value. It's gonna accelerate faster from here. >>The proof points, the impact is real. And we saw that in some amazing stories. And this is just a one of the cubes >>Coverage. Ib final word on this segment was well >>Said Lisa. Yeah, I, I think I, I would repeat what I said. I got eight, nine years back at a rack space conference. Open source is amazing for one biggest reason. It gives the ability to the developing nations to be at somewhat at par where the dev develop nations and, and those people to lift up their masses through the automation. Cuz when automation happens, the corruption goes down and the economy blossoms. And I think it's great and, and we need to do more in it, but we have to be careful about the supply chains around the software so that, so our systems are secure and they are robust. Yeah, >>That's it. Okay. To me for SAR B and my two great co-host, Lisa Martin, Savannah Peterson. I'm John Furry. You're watching the Cube Day one in, in the Books. We'll see you tomorrow, day two Cuban Cloud Native live in Detroit. Thanks for watching.

(upbeat techno music) >> Hello, everyone. Welcome to theCUBE here live in Detroit for KubeCon + CloudNativeCon 2022. I'm John Furrier, host of theCUBE. This is our seventh consecutive KubeCon + CloudNativeCon. Since inception, theCube's been there every year. And of course, theCUBE continues to grow. So does the community as well as our host roster. I'm here with my co-host, Lisa Martin. Lisa, great to see you. And our new theCube host, Savannah Peterson. Savannah, welcome to theCUBE. >> Thanks, John. >> Welcome. >> Welcome to the team. >> Thanks, team. It's so wonderful to be here. I met you all last KubeCon and to be sitting on this stage in your company is honestly an honor. >> Well, great to have you. Lisa and I have done a lot of shows together and it's great to have more cadence around. You know, more fluid around the content, and also the people. And I would like you to take a minute to tell people your background. You know the community here. What's the roots? You know the Cloud Native world pretty well. >> I know it as well as someone my age can. As we know, the tools and the tech is always changing. So hello, everyone. I'm Savannah Peterson. You can find me on the internet @SavIsSavvy. Would love to hear from you during the show. Big fan of this space and very passionate about DevOps. I've been working in the Silicon Valley and the Silicon Alley for a long time, helping companies scale internationally as a community builder as well as a international public speaker. And honestly, this is just such a fun evolution for my career and I'm grateful to be here with you both. >> We're looking forward to having you on theCUBE. Appreciate it. Lisa? >> Yes. >> KubeCon. Amazing again this year. Just keeps growing bigger and bigger. >> Yes. >> Keynote review, you were in there. >> Yup. >> I had a chance to peek in a little bit, but you were there and got most of the news. What was the action? >> You know, the action was really a big focus around the maintainers, what they're doing, giving them the props and the kudos and the support that they deserve. Not just physically, but mentally as well. That was a really big focus. It was also a big focus on mentoring and really encouraging more people- >> Love that. >> I did, too. I thought that was fantastic to get involved to help others. And then they showed some folks that had great experiences, really kind of growing up within the community. Probably half of the keynote focus this morning was on that. And then looking at some of the other projects that have graduated from CNCF, some of these successful projects, what they're doing, what folks are doing. Cruise, one of the ones that was featured. You've probably seen their driverless cars around San Francisco. So it was great to see that, the successes that they've had and where that's going. >> Yeah. Lisa, we've done how many shows? Hundreds of shows together. When you see a show like this grow and continue to mature, what's your observation? You've seen many shows we've hosted together. What jumps out this year? Is it just that level of maturization? What's your take on this? >> The maturization of the community and the collaboration of the community. I think those two things jumped out at me even more than last year. Last year, obviously a little bit smaller event in North America. It was Los Angeles. This year you got a much stronger sense of the community, the support that they have for each other. There were a lot of standing ovations particularly when the community came out and talked about what they were doing in Ukraine to support fellow community members in Ukraine and also to support other Ukrainians in terms of getting in to tech. Lot of standing ovations. Lot of- >> Savannah: Love that, yeah. >> Real authenticity around the community. >> Yeah, Savannah, we talked on our intro prior to the event about how inclusive this community is. They are really all in on inclusivity. And the Ukraine highlight, this community is together and they're open. They're open to everybody. >> Absolutely. >> And they're also focused on growing the educational knowledge. >> Yeah, I think there's a real celebration of curiosity within this community that we don't find in certain other sectors. And we saw it at dinner last night. I mean, I was struck just like you Lisa walking in today. The energy in that room is palpably different from last year. I saw on Twitter this morning, people are very excited. Many people, their first KubeCon. And I'm sure we're going to be feeding off of that, that kind of energy and that... Just a general enthusiasm and excitement to be here in Detroit all week. It's a treat. >> Yeah, I even saw Stu Miniman earlier, former theCube host. He's at Red Hat. We were talking on the way in and he made an observation I thought was interesting I'll bring up because this show, it's a lot "What is this show? What isn't this show?" And I think this show is about developers. What it isn't is not a business show. It's not about business. It's not about industry kind of posturing or marketing. All the heavy hitters on the dev side are here and you don't see the big execs. I mean, you got the CEOs of startups here but not the CEOs of the big public companies. We see the doers. So, I mean, I think my take is this show's about creating products for builders and creating products that people can consume. And I think that is the Cloud Native lanes that are starting to form. You're either creating something for builders to build stuff with or you're creating stuff that could be consumed. And that seems for applications. So the whole app side and services seem to be huge. >> They also did a great job this morning of showcasing some of the big companies that we all know and love. Spotify. Obviously, I don't think a day goes by where I don't turn on Spotify. And what it's done- >> Me neither. >> What it's done for the community... Same with Intuit, I'm a user of both. Intuit was given an End User Award this morning during the keynote for their contributions, what they're doing. But it was nice to see some just everyday companies, Cloud Native companies that we all know and love, and to understand their contributions to the community and how those contributions are affecting all of us as end users. >> Yeah, and I think those companies like Intuit... Argo's been popular, Arlo now new, seeing those services, and even enterprises are contributing. You know, Lyft is always here, popular with Envoy. The community isn't just vendors and that's the interesting thing. >> I think that's why it works. To me, this event is really about the celebration of developer relations. I mean, every DevRel from every single one of these companies is here. Like you said, in lieu of the executive, that's essentially who we're attracting. And if you look out over the show floor here, I mean, we've probably got, I don't know, three to four extra vendors that we had last year. It totally is a different tone. This community doesn't like to be sold to. This community likes to be collaborative. They like to learn and they like to help. And I think we see that within the ecosystem inside the room today. >> It's not a top down sales pitch. It's really consensus. >> No. >> Do it out in the open transparency. Don't sell me stuff. And I think the other thing I like about this community is that we're starting to see that... And then we've said this in theCube before. We'll say it again. Maybe be more controversial. Digital transformation is about the developer, right? And I think the power is going to shift in every company to the developer because if you take digital transformation to completion, everything happens the way it's happening, the company is the application. It's not IT who serves the organization- >> I love thinking about it like that. That's a great point, John. >> The old phase was IT was a department that served the business. Well, the business is IT now. So that means developer community is going to grow like crazy and they're going to be in the front lines driving all the change. In my opinion, you going to see this developer community grow like crazy and then the business side on industry will match up with that. I think that's what's going to happen. >> So, the developers are becoming the influencers? >> Developers are the power source for all companies. They're in charge. They're going to dictate terms to how businesses will run because that's going to be natural 'cause digital transformation's about the app and the business is the app. So that mean it has to be coded. So I think you're going to see a lot of innovation around app server-like experiences where the the apps are just being developed faster than the infrastructures enabling that completely invisible. And I think you're going to see this kind of architecture-less, I'll put it out there that term architecture-less, environment where you don't need an architecture. It's just you code away. >> Yeah, yeah. We saw GitHub's mentioned in the keynote this morning. And I mean, low code, no code. I think your fingers right on the pulse there. >> Yeah. What did you guys see? Anything else you see? >> I think just the overall... To your point, Savannah, the energy. Definitely higher than last year. When I saw those standing ovations, people really come in together around the sense of community and what they've accomplished especially in the last two plus years of being remote. They did a great job of involving a lot of folks, some of whom are going to be on the program with us this week that did remote parts of the keynote. One of our guests on today from Vitess was talking about the successes and the graduation of their program so that the sense of community, but also not just the sense of it, the actual demonstration of it was also quite palpable this morning, and I think that's something that I'm excited for us to hear about with our guests on the program this week. >> Yeah, and I think the big story coming out so far as the show starts is the developers are in charge. They're going to set the pace for all the ops, data ops, security ops, all operations. And then the co-located events that were held Monday and Tuesday prior to kickoff today. You saw WebAssembly's come out of the woodwork as it got a lot of attention. Two startups got funded heavily on Series A. You're starting to see that project really work well. That's going to be an additional to the container market. So, interesting to see how Docker reacts to that. Red Hat's doing great. ServiceMeshCon was phenomenal. I saw Solo.iOS got massive traction with those guys. So like Service Mesh, WebAssembly, you can start to see the dots connecting. You're starting to see this layer below Kubernetes and then a layer above Kubernetes developing. So I think it's going to be great for applications and great for the infrastructure. I think we'll see how it comes out and all these companies we have on here are all about faster, more integrated, some very, very interesting to see. So far, so good. >> You guys talked about in your highlight session last week or so. Excited to hear about the end users, the customer stories. That's what I'm interested in understanding as well. It's why it resonates with me when I see brands that I recognize. Well, I use it every day. How are they using containers and Kubernetes? How are they actually not just using it to deploy their app, their technologies, that we all expect are going to be up 24/7, but how are they also contributing to the development of it? So I'm really excited to hear those end users. >> We're going to have Lockheed Martin. And we wrote a story on SiliconANGLE, the Red Hat, Lockheed Martin, real innovation on the edge. You're starting to see educate with the edge. It's really the industrial edge coming to be big. It'd be very interesting to see. >> Absolutely, we got Ford Motor Company coming on as well. I always loved stories, Savannah, that are history of companies. Ford's been around since 1903. How is a company that- >> Well, we're in the home of Ford- as well here. >> We are. How they evolved digitally? What are they doing to enable the developers to be those influencers that John says? It's going to be them. >> They're a great example of a company that's always been on the forefront, too. I mean, they had a head of VRs 25 years ago when most people didn't even know what VR was going to stand for. So, I can't wait for that one. You tease the Docker interview coming up very well, John. I'm excited for that one. One last thing I want to bring up that I think is really refreshing and it's reflected right here on this stage is you talked about the inclusion. I think there's a real commitment to diversity here. You can see the diversity stats on CNCF's website. It's right there on KubeCon. At the bottom, there's a link in every email I've gotten highlighting that. We've got two women on this stage all week which is very exciting. And the opening keynote was a woman. So quite frankly, I am happy as a female in this industry to see a bit more representation. And I do appreciate just on the note of being inclusive, it's not just about gender or age, it's also about the way that CNCF thinks about your experience since we're in this kind of pandemic transitional period. They've got little pins. Last year, we had bracelets depending on your level of comfort. Equivocally like a stoplight which is... I just think it's really nice and sensitive and that attention to detail makes people feel comfortable. Which is why we have the community energy that we have. >> Yeah, and being 12 years in the business... With theCUBE, we've been 12 years in the business, seven years with KubeCon and Cloud Native, I really appreciate the Linux Foundation including me as I get older. (Lisa and Savannah laugh) >> Savannah: That's a good point. >> Ageism were, "Hey!" Thank you. >> There was a lot of representation. You talked about females and so often we go to shows and there's very few females. Some companies are excellent at it. But from an optics perspective, to me it stands out. There was great representation across. There was disabled people on stage, people of color, women, men of all ages. It was very well-orchestrated. >> On the demographic- >> And sincere. >> Yeah, yeah. >> And the demographics, too. On the age side, it's lower too. You're starting to see younger... I mean, high school, college representation. I saw a lot of college students last night. I saw on the agenda sessions targeting universities. I mean, I'm telling you this is reaching down. Open source now is so great. It's growing so fast. It's continuing to thunder away. And with success, it's just getting better and better. In fact, we were talking last night about at some point we might not have to write code. Just glue it together. And that's why I think the supply chain and security thing is an issue. But this is why it's so great. Anyone can code and I think there's a lot of learning to have. So, I think we'll continue to do our job to extract the signal from the noise. So, thanks for the kickoff. Good commentary. Thank you. All right. >> Of course. >> Let's get started. Day one of three days of live coverage here at KubeCon + CloudNativeCon. I'm John Furrier with Lisa Martin, and Savannah Peterson. Be back with more coverage starting right now. (gentle upbeat music)

>>Keon Cloud Native Con kicks off in Detroit on October 24th, and we're pleased to have Stewart Miniman, who's the director of Market Insights, hi, at, for hybrid platforms at Red Hat back in the studio to help us understand the key trends to look for at the events. Do welcome back, like old, old, old >>Home. Thank you, David. It's great to, great to see you and always love doing these previews, even though Dave, come on. How many years have I told you Cloud native con, It's a hoodie crowd. They're gonna totally call you out for where in a tie and things like that. I, I know you want to be an ESPN sportscaster, but you know, I I, I, I still don't think even after, you know, this show's been around for so many years that there's gonna be too many ties into Troy. I >>Know I left the hoodie in my off, I'm sorry folks, but hey, we'll just have to go for it. Okay. Containers generally, and Kubernetes specifically continue to show very strong spending momentum in the ETR survey data. So let's bring up this slide that shows the ETR sectors, all the sectors in the tax taxonomy with net score or spending velocity in the vertical axis and pervasiveness on the horizontal axis. Now, that red dotted line that you see, that marks the elevated 40% mark, anything above that is considered highly elevated in terms of momentum. Now, for years, the big four areas of momentum that shine above all the rest have been cloud containers, rpa, and ML slash ai for the first time in 10 quarters, ML and AI and RPA have dropped below the 40% line, leaving only cloud and containers in rarefied air. Now, Stu, I'm sure this data doesn't surprise you, but what do you make of this? >>Yeah, well, well, Dave, I, I did an interview with at Deepak who owns all the container and open source activity at Amazon earlier this year, and his comment was, the default deployment mechanism in Amazon is containers. So when I look at your data and I see containers and cloud going in sync, yeah, that, that's, that's how we see things. We're helping lots of customers in their overall adoption. And this cloud native ecosystem is still, you know, we're still in that Cambridge explosion of new projects, new opportunities, AI's a great workload for these type type of technologies. So it's really becoming pervasive in the marketplace. >>And, and I feel like the cloud and containers go hand in hand, so it's not surprising to see those two above >>The 40%. You know, there, there's nothing to say that, Look, can I run my containers in my data center and not do the public cloud? Sure. But in the public cloud, the default is the container. And one of the hot discussions we've been having in this ecosystem for a number of years is edge computing. And of course, you know, I want something that that's small and lightweight and can do things really fast. A lot of times it's an AI workload out there, and containers is a great fit at the edge too. So wherever it goes, containers is a good fit, which has been keeping my group at Red Hat pretty busy. >>So let's talk about some of those high level stats that we put together and preview for the event. So it's really around the adoption of open source software and Kubernetes. Here's, you know, a few fun facts. So according to the state of enterprise open source report, which was published by Red Hat, although it was based on a blind survey, nobody knew that that Red Hat was, you know, initiating it. 80% of IT execs expect to increase their use of enterprise open source software. Now, the CNCF community has currently more than 120,000 developers. That's insane when you think about that developer resource. 73% of organizations in the most recent CNCF annual survey are using Kubernetes. Now, despite the momentum, according to that same Red Hat survey, adoption barriers remain for some organizations. Stu, I'd love you to talk about this specifically around skill sets, and then we've highlighted some of the other trends that we expect to see at the event around Stu. I'd love to, again, your, get your thoughts on the preview. You've done a number of these events, automation, security, governance, governance at scale, edge deployments, which you just mentioned among others. Now Kubernetes is eight years old, and I always hear people talking about there's something coming beyond Kubernetes, but it looks like we're just getting started. Yeah, >>Dave, It, it is still relatively early days. The CMC F survey, I think said, you know, 96% of companies when they, when CMC F surveyed them last year, were either deploying Kubernetes or had plans to deploy it. But when I talked to enterprises, nobody has said like, Hey, we've got every group on board and all of our applications are on. It is a multi-year journey for most companies and plenty of them. If you, you look at the general adoption of technology, we're still working through kind of that early majority. We, you know, passed the, the chasm a couple of years ago. But to a point, you and I we're talking about this ecosystem, there are plenty of people in this ecosystem that could care less about containers and Kubernetes. Lots of conversations at this show won't even talk about Kubernetes. You've got, you know, big security group that's in there. >>You've got, you know, certain workloads like we talked about, you know, AI and ml and that are in there. And automation absolutely is playing a, a good role in what's going on here. So in some ways, Kubernetes kind of takes a, a backseat because it is table stakes at this point. So lots of people involved in it, lots of activities still going on. I mean, we're still at a cadence of three times a year now. We slowed it down from four times a year as an industry, but there's, there's still lots of innovation happening, lots of adoption, and oh my gosh, Dave, I mean, there's just no shortage of new projects and new people getting involved. And what's phenomenal about it is there's, you know, end user practitioners that aren't just contributing. But many of the projects were spawned out of work by the likes of Intuit and Spotify and, and many others that created some of the projects that sit alongside or above the, the, you know, the container orchestration itself. >>So before we talked about some of that, it's, it's kind of interesting. It's like Kubernetes is the big dog, right? And it's, it's kind of maturing after, you know, eight years, but it's still important. I wanna share another data point that underscores the traction that containers generally are getting in Kubernetes specifically have, So this is data from the latest ETR survey and shows the spending breakdown for Kubernetes in the ETR data set for it's cut for respondents with 50 or more citations in, in by the IT practitioners that lime green is new adoptions, the forest green is spending 6% or more relative to last year. The gray is flat spending year on year, and those little pink bars, that's 6% or down spending, and the bright red is retirements. So they're leaving the platform. And the blue dots are net score, which is derived by subtracting the reds from the greens. And the yellow dots are pervasiveness in the survey relative to the sector. So the big takeaway here is that there is virtually no red, essentially zero churn across all sectors, large companies, public companies, private firms, telcos, finance, insurance, et cetera. So again, sometimes I hear this things beyond Kubernetes, you've mentioned several, but it feels like Kubernetes is still a driving force, but a lot of other projects around Kubernetes, which we're gonna hear about at the show. >>Yeah. So, so, so Dave, right? First of all, there was for a number of years, like, oh wait, you know, don't waste your time on, on containers because serverless is gonna rule the world. Well, serverless is now a little bit of a broader term. Can I do a serverless viewpoint for my developers that they don't need to think about the infrastructure but still have containers underneath it? Absolutely. So our friends at Amazon have a solution called Fargate, their proprietary offering to kind of hide that piece of it. And in the open source world, there's a project called Can Native, I think it's the second or third can Native Con's gonna happen at the cncf. And even if you use this, I can still call things over on Lambda and use some of those functions. So we know Dave, it is additive and nothing ever dominates the entire world and nothing ever dies. >>So we have, we have a long runway of activities still to go on in containers and Kubernetes. We're always looking for what that next thing is. And what's great about this ecosystem is most of it tends to be additive and plug into the pieces there, there's certain tools that, you know, span beyond what can happen in the container world and aren't limited to it. And there's others that are specific for it. And to talk about the industries, Dave, you know, I love, we we have, we have a community event that we run that's gonna happen at Cubans called OpenShift Commons. And when you look at like, who's speaking there? Oh, we've got, you know, for Lockheed Martin, University of Michigan and I g Bank all speaking there. So you look and it's like, okay, cool, I've got automotive, I've got, you know, public sector, I've got, you know, university education and I've got finance. So all of you know, there is not an industry that is not touched by this. And the general wave of software adoption is the reason why, you know, not just adoption, but the creation of new software is one of the differentiators for companies. And that is what, that's the reason why I do containers, isn't because it's some cool technology and Kubernetes is great to put on my resume, but that it can actually accelerate my developers and help me create technology that makes me respond to my business and my ultimate end users. Well, >>And you know, as you know, we've been talking about the Supercloud a lot and the Kubernetes is clearly enabler to, to Supercloud, but I wanted to go back, you and John Furrier have done so many of, you know, the, the cube cons, but but go back to Docker con before Kubernetes was even a thing. And so you sort of saw this, you know, grow. I think there's what, how many projects are in CNCF now? I mean, hundreds. Hundreds, okay. And so you're, Will we hear things in Detroit, things like, you know, new projects like, you know, Argo and capabilities around SI store and things like that? Well, you're gonna hear a lot about that. Or is it just too much to cover? >>So I, I mean the, the good news, Dave, is that the CNCF really is, is a good steward for this community and new things got in get in. So there's so much going on with the existing projects that some of the new ones sometimes have a little bit of a harder time making a little bit of buzz. One of the more interesting ones is a project that's been around for a while that I think back to the first couple of Cube Cuban that John and I did service Mesh and Istio, which was created by Google, but lived under basically a, I guess you would say a Google dominated governance for a number of years is now finally under the CNCF Foundation. So I talked to a number of companies over the years and definitely many of the contributors over the years that didn't love that it was a Google Run thing, and now it is finally part. >>So just like Kubernetes is, we have SEO and also can Native that I mentioned before also came outta Google and those are all in the cncf. So will there be new projects? Yes. The CNCF is sometimes they, they do matchmaking. So in some of the observability space, there were a couple of projects that they said, Hey, maybe you can go merge down the road. And they ended up doing that. So there's still you, you look at all these projects and if I was an end user saying, Oh my God, there is so much change and so many projects, you know, I can't spend the time in the effort to learn about all of these. And that's one of the challenges and something obviously at Red Hat, we spend a lot of time figuring out, you know, not to make winners, but which are the things that customers need, Where can we help make them run in production for our, our customers and, and help bring some stability and a little bit of security for the overall ecosystem. >>Well, speaking of security, security and, and skill sets, we've talked about those two things and they sort of go hand in hand when I go to security events. I mean, we're at reinforced last summer, we were just recently at the CrowdStrike event. A lot of the discussion is sort of best practice because it's so complicated. And, and, and will you, I presume you're gonna hear a lot of that here because security securing containers now, you know, the whole shift left thing and shield right is, is a complicated matter, especially when you saw with the earlier data from the Red Hat survey, the the gaps are around skill sets. People don't have the skill. So should we expect to hear a lot about that, A lot of sort of how to, how to take advantage of some of these new capabilities? >>Yeah, Dave, absolutely. So, you know, one of the conversations going on in the community right now is, you know, has DevOps maybe played out as we expect to see it? There's a newer term called platform engineering, and how much do I need to do there? Something that I, I know your, your team's written a lot about Dave, is how much do you need to know versus what can you shift to just a platform or a service that I can consume? I've talked a number of times with you since I've been at Red Hat about the cloud services that we offer. So you want to use our offering in the public cloud. Our first recommendation is, hey, we've got cloud services, how much Kubernetes do you really want to learn versus you want to do what you can build on top of it, modernize the pieces and have less running the plumbing and electric and more, you know, taking advantage of the, the technologies there. So that's a big thing we've seen, you know, we've got a big SRE team that can manage that for use so that you have to spend less time worrying about what really is un differentiated heavy lifting and spend more time on what's important to your business and your >>Customers. So, and that's, and that's through a managed service. >>Yeah, absolutely. >>That whole space is just taken off. All right, Stu I'll give you the final word. You know, what are you excited about for, for, for this upcoming event and Detroit? Interesting choice of venue? Yeah, >>Look, first of off, easy flight. I've, I've never been to Detroit, so I'm, I'm willing to give it a shot and hopefully, you know, that awesome airport. There's some, some, some good things there to learn. The show itself is really a choose your own adventure because there's so much going on. The main show of QAN and cloud Native Con is Wednesday through Friday, but a lot of a really interesting stuff happens on Monday and Tuesday. So we talked about things like OpenShift Commons in the security space. There's cloud Native Security Day, which is actually two days and a SIG store event. There, there's a get up show, there's, you know, k native day. There's so many things that if you want to go deep on a topic, you can go spend like a workshop in some of those you can get hands on to. And then at the show itself, there's so much, and again, you can learn from your peers. >>So it was good to see we had, during the pandemic, it tilted a little bit more vendor heavy because I think most practitioners were pretty busy focused on what they could work on and less, okay, hey, I'm gonna put together a presentation and maybe I'm restricted at going to a show. Yeah, not, we definitely saw that last year when I went to LA I was disappointed how few customer sessions there were. It, it's back when I go look through the schedule now there's way more end users sharing their stories and it, it's phenomenal to see that. And the hallway track, Dave, I didn't go to Valencia, but I hear it was really hopping felt way more like it was pre pandemic. And while there's a few people that probably won't come because Detroit, we think there's, what we've heard and what I've heard from the CNCF team is they are expecting a sizable group up there. I know a lot of the hotels right near the, where it's being held are all sold out. So it should be, should be a lot of fun. Good thing I'm speaking on an edge panel. First time I get to be a speaker at the show, Dave, it's kind of interesting to be a little bit of a different role at the show. >>So yeah, Detroit's super convenient, as I said. Awesome. Airports too. Good luck at the show. So it's a full week. The cube will be there for three days, Tuesday, Wednesday, Thursday. Thanks for coming. >>Wednesday, Thursday, Friday, sorry, >>Wednesday, Thursday, Friday is the cube, right? So thank you for that. >>And, and no ties from the host, >>No ties, only hoodies. All right Stu, thanks. Appreciate you coming in. Awesome. And thank you for watching this preview of CubeCon plus cloud Native Con with at Stu, which again starts the 24th of October, three days of broadcasting. Go to the cube.net and you can see all the action. We'll see you there.

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

>>Welcome back everyone to the Cube and Horizon three.ai special presentation. I'm John Furrier, host of the Cube. We with Chris Hill, Sector head for strategic accounts and federal@horizonthree.ai. Great innovative company. Chris, great to see you. Thanks for coming on the Cube. >>Yeah, like I said, you know, great to meet you John. Long time listener. First time call. So excited to be here with >>You guys. Yeah, we were talking before camera. You had Splunk back in 2013 and I think 2012 was our first splunk.com. Yep. And boy man, you know, talk about being in the right place at the right time. Now we're at another inflection point and Splunk continues to be relevant and continuing to have that data driving security and that interplay. And your ceo, former CTO of Splunk as well at Horizons Neha, who's been on before. Really innovative product you guys have, but you know, Yeah, don't wait for a brief to find out if you're locking the right data. This is the topic of this thread. Splunk is very much part of this new international expansion announcement with you guys. Tell us what are some of the challenges that you see where this is relevant for the Splunk and the Horizon AI as you guys expand Node zero out internationally? >>Yeah, well so across, so you know, my role within Splunk was working with our most strategic accounts. And so I look back to 2013 and I think about the sales process like working with, with our small customers. You know, it was, it was still very siloed back then. Like I was selling to an IT team that was either using us for IT operations. We generally would always even say, yeah, although we do security, we weren't really designed for it. We're a log management tool. And you know, we, and I'm sure you remember back then John, we were like sort of stepping into the security space and in the public sector domain that I was in, you know, security was 70% of what we did. When I look back to sort of the transformation that I was, was witnessing in that digital transformation, you know when I, you look at like 2019 to today, you look at how the IT team and the security teams are, have been forced to break down those barriers that they used to sort of be silo away, would not communicate one, you know, the security guys would be like, Oh this is my BA box it, you're not allowed in today. >>You can't get away with that. And I think that the value that we bring to, you know, and of course Splunk has been a huge leader in that space and continues to do innovation across the board. But I think what we've we're seeing in the space that I was talking with Patrick Kauflin, the SVP of security markets about this, is that, you know, what we've been able to do with Splunk is build a purpose built solution that allows Splunk to eat more data. So Splunk itself, as you well know, it's an ingest engine, right? So the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it, but without data it doesn't do anything, right? So how do you drive and how do you bring more data in? And most importantly from a customer perspective, how do you bring the right data in? >>And so if you think about what node zero and what we're doing in a Horizon three is that, sure we do pen testing, but because we're an autonomous pen testing tool, we do it continuously. So this whole thought of being like, Oh, crud like my customers, Oh yeah, we got a pen test coming up, it's gonna be six weeks. The wait. Oh yeah. You know, and everyone's gonna sit on their hands, Call me back in two months, Chris, we'll talk to you then. Right? Not, not a real efficient way to test your environment and shoot, we, we saw that with Uber this week. Right? You know, and that's a case where we could have helped. >>Well just real quick, explain the Uber thing cause it was a contractor. Just give a quick highlight of what happened so you can connect the >>Dots. Yeah, no problem. So there it was, I think it was one of those, you know, games where they would try and test an environment. And what the pen tester did was he kept on calling them MFA guys being like, I need to reset my password re to set my password. And eventually the customer service guy said, Okay, I'm resetting it. Once he had reset and bypassed the multifactor authentication, he then was able to get in and get access to the domain area that he was in or the, not the domain, but he was able to gain access to a partial part of the network. He then paralleled over to what would I assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains. And so within minutes they had access. And that's the sort of stuff that we do under, you know, a lot of these tools. >>Like not, and I'm not, you know, you think about the cacophony of tools that are out there in a CTA orchestra architecture, right? I'm gonna get like a Zscaler, I'm gonna have Okta, I'm gonna have a Splunk, I'm gonna do this sore system. I mean, I don't mean to name names, we're gonna have crowd strike or, or Sentinel one in there. It's just, it's a cacophony of things that don't work together. They weren't designed work together. And so we have seen so many times in our business through our customer support and just working with customers when we do their pen test, that there will be 5,000 servers out there. Three are misconfigured. Those three misconfigurations will create the open door. Cause remember the hacker only needs to be right once, the defender needs to be right all the time. And that's the challenge. And so that's why I'm really passionate about what we're doing here at Horizon three. I see this my digital transformation, migration and security going on, which we're at the tip of the sp, it's why I joined say Hall coming on this journey and just super excited about where the path's going and super excited about the relationship with Splunk. I get into more details on some of the specifics of that. But you know, >>I mean, well you're nailing, I mean we've been doing a lot of things around super cloud and this next gen environment, we're calling it NextGen. You're really seeing DevOps, obviously Dev SecOps has, has already won the IT role has moved to the developer shift left as an indicator of that. It's one of the many examples, higher velocity code software supply chain. You hear these things. That means that it is now in the developer hands, it is replaced by the new ops, data ops teams and security where there's a lot of horizontal thinking. To your point about access, there's no more perimeter. So >>That there is no perimeter. >>Huge. A hundred percent right, is really right on. I don't think it's one time, you know, to get in there. Once you're in, then you can hang out, move around, move laterally. Big problem. Okay, so we get that. Now, the challenges for these teams as they are transitioning organizationally, how do they figure out what to do? Okay, this is the next step. They already have Splunk, so now they're kind of in transition while protecting for a hundred percent ratio of success. So how would you look at that and describe the challenges? What do they do? What is, what are the teams facing with their data and what's next? What do they, what do they, what action do they take? >>So let's do some vernacular that folks will know. So if I think about dev sec ops, right? We both know what that means, that I'm gonna build security into the app, but no one really talks about SEC DevOps, right? How am I building security around the perimeter of what's going inside my ecosystem and what are they doing? And so if you think about what we're able to do with somebody like Splunk is we could pen test the entire environment from soup to nuts, right? So I'm gonna test the end points through to it. So I'm gonna look for misconfigurations, I'm gonna, and I'm gonna look for credential exposed credentials. You know, I'm gonna look for anything I can in the environment. Again, I'm gonna do it at at light speed. And, and what we're, what we're doing for that SEC dev space is to, you know, did you detect that we were in your environment? >>So did we alert Splunk or the SIM that there's someone in the environment laterally moving around? Did they, more importantly, did they log us into their environment? And when did they detect that log to trigger that log? Did they alert on us? And then finally, most importantly, for every CSO out there is gonna be did they stop us? And so that's how we, we, we do this in, I think you, when speaking with Stay Hall, before, you know, we've come up with this boils U Loop, but we call it fine fix verify. So what we do is we go in is we act as the attacker, right? We act in a production environment. So we're not gonna be, we're a passive attacker, but we will go in un credentialed UN agents. But we have to assume, have an assumed breach model, which means we're gonna put a Docker container in your environment and then we're going to fingerprint the environment. >>So we're gonna go out and do an asset survey. Now that's something that's not something that Splunk does super well, you know, so can Splunk see all the assets, do the same assets marry up? We're gonna log all that data and think then put load that into the Splunk sim or the smoke logging tools just to have it in enterprise, right? That's an immediate future ad that they've got. And then we've got the fix. So once we've completed our pen test, we are then gonna generate a report and we could talk about about these in a little bit later. But the reports will show an executive summary the assets that we found, which would be your asset discovery aspect of that, a fixed report. And the fixed report I think is probably the most important one. It will go down and identify what we did, how we did it, and then how to fix that. >>And then from that, the pen tester or the organization should fix those. Then they go back and run another test. And then they validate through like a change detection environment to see, hey, did those fixes taste, play take place? And you know, SNA Hall, when he was the CTO of JS o, he shared with me a number of times about, he's like, Man, there would be 15 more items on next week's punch sheet that we didn't know about. And it's, and it has to do with how we, you know, how they were prioritizing the CVEs and whatnot because they would take all CVS was critical or non-critical. And it's like we are able to create context in that environment that feeds better information into Splunk and whatnot. That >>Was a lot. That brings, that brings up the, the efficiency for Splunk specifically. The teams out there. By the way, the burnout thing is real. I mean, this whole, I just finished my list and I got 15 more or whatever the list just can, keeps, keeps growing. How did Node zero specifically help Splunk teams be more efficient? Now that's the question I want to get at, because this seems like a very scalable way for Splunk customers and teams, service teams to be more efficient. So the question is, how does Node zero help make Splunk specifically their service teams be more efficient? >>So to, so today in our early interactions with building Splunk customers, what we've seen are five things, and I'll start with sort of identifying the blind spots, right? So kind of what I just talked about with you. Did we detect, did we log, did we alert? Did they stop node zero, right? And so I would, I put that at, you know, a a a more layman's third grade term. And if I was gonna beat a fifth grader at this game would be, we can be the sparring partner for a Splunk enterprise customer, a Splunk essentials customer, someone using Splunk soar, or even just an enterprise Splunk customer that may be a small shop with three people and, and just wants to know where am I exposed. So by creating and generating these reports and then having the API that actually generates the dashboard, they can take all of these events that we've logged and log them in. >>And then where that then comes in is number two is how do we prioritize those logs, right? So how do we create visibility to logs that are, have critical impacts? And again, as I mentioned earlier, not all CVEs are high impact regard and also not all are low, right? So if you daisy chain a bunch of low CVEs together, boom, I've got a mission critical AP CVE that needs to be fixed now, such as a credential moving to an NT box that's got a text file with a bunch of passwords on it, that would be very bad. And then third would be verifying that you have all of the hosts. So one of the things that Splunk's not particularly great at, and they, they themselves, they don't do asset discovery. So do what assets do we see and what are they logging from that? And then for, from, for every event that they are able to identify the, one of the cool things that we can do is actually create this low-code, no-code environment. >>So they could let, you know, float customers can use Splunk. So to actually triage events and prioritize that events or where they're being routed within it to optimize the SOX team time to market or time to triage any given event. Obviously reducing mtr. And then finally, I think one of the neatest things that we'll be seeing us develop is our ability to build glass tables. So behind me you'll see one of our triage events and how we build a lock Lockheed Martin kill chain on that with a glass table, which is very familiar to this Splunk community. We're going to have the ability, not too distant future to allow people to search, observe on those IOCs. And if people aren't familiar with an ioc, it's an incident of compromise. So that's a vector that we want to drill into. And of course who's better at drilling in into data and Splunk. >>Yeah, this is a critical, this is awesome synergy there. I mean I can see a Splunk customer going, Man, this just gives me so much more capability. Action actionability. And also real understanding, and I think this is what I wanna dig into, if you don't mind understanding that critical impact, okay. Is kind of where I see this coming. I got the data, data ingest now data's data. But the question is what not to log, You know, where are things misconfigured? These are critical questions. So can you talk about what it means to understand critical impact? >>Yeah, so I think, you know, going back to those things that I just spoke about, a lot of those CVEs where you'll see low, low, low and then you daisy chain together and you're suddenly like, oh, this is high now. But then to your other impact of like if you're a, if you're a a Splunk customer, you know, and I had, I had several of them, I had one customer that, you know, terabytes of McAfee data being brought in and it was like, all right, there's a lot of other data that you probably also wanna bring, but they could only afford, wanted to do certain data sets because that's, and they didn't know how to prioritize or filter those data sets. And so we provide that opportunity to say, Hey, these are the critical ones to bring in. But there's also the ones that you don't necessarily need to bring in because low CVE in this case really does mean low cve. >>Like an ILO server would be one that, that's the print server where the, your admin credentials are on, on like a, a printer. And so there will be credentials on that. That's something that a hacker might go in to look at. So although the CVE on it is low, if you daisy chain was something that's able to get into that, you might say, ah, that's high. And we would then potentially rank it giving our AI logic to say that's a moderate. So put it on the scale and we prioritize though, versus a, a vulner review scanner's just gonna give you a bunch of CVEs and good luck. >>And translating that if I, if I can and tell me if I'm wrong, that kind of speaks to that whole lateral movement. That's it. Challenge, right? Print server, great example, look stupid low end, who's gonna wanna deal with the print server? Oh, but it's connected into a critical system. There's a path. Is that kind of what you're getting at? >>Yeah, I used daisy chain. I think that's from the community they came from. But it's, it's just a lateral movement. It's exactly what they're doing. And those low level, low critical lateral movements is where the hackers are getting in. Right? So that's what the beauty thing about the, the Uber example is that who would've thought, you know, I've got my multifactor authentication going in a human made a mistake. We can't, we can't not expect humans to make mistakes. Were fall, were fallible, right? Yeah. The reality is is once they were in the environment, they could have protected themselves by running enough pen tests to know that they had certain exposed credentials that would've stopped the breach. Yeah. And they did not, had not done that in their environment. And I'm not poking. Yeah, >>They put it's interesting trend though. I mean it's obvious if sometimes those low end items are also not protected well. So it's easy to get at from a hacker standpoint, but also the people in charge of them can be fished easily or spear fished because they're not paying attention. Cause they don't have to. No one ever told them, Hey, be careful of what you collect. >>Yeah. For the community that I came from, John, that's exactly how they, they would meet you at a, an international event introduce themselves as a graduate student. These are national actor states. Would you mind reviewing my thesis on such and such? And I was at Adobe at the time though I was working on this and start off, you get the pdf, they opened the PDF and whoever that customer was launches, and I don't know if you remember back in like 2002, 2008 time frame, there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it. And John, that's >>Or LinkedIn. Hey I wanna get a joke, we wanna hire you double the salary. Oh I'm gonna click on that for sure. You know? Yeah, >>Right. Exactly. Yeah. The one thing I would say to you is like when we look at like sort of, you know, cuz I think we did 10,000 pen test last year is it's probably over that now, you know, we have these sort of top 10 ways that we think then fine people coming into the environment. The funniest thing is that only one of them is a, a CVE related vulnerability. Like, you know, you guys know what they are, right? So it's it, but it's, it's like 2% of the attacks are occurring through the CVEs, but yet there's all that attention spent to that. Yeah. And very little attention spent to this pen testing side. Yeah. Which is sort of this continuous threat, you know, monitoring space and, and, and this vulnerability space where I think we play such an important role and I'm so excited to be a part of the tip of the spear on this one. >>Yeah. I'm old enough to know the movie sneakers, which I love as a, you know, watching that movie, you know, professional hackers are testing, testing, always testing the environment. I love this. I gotta ask you, as we kind of wrap up here, Chris, if you don't mind the benefits to team professional services from this alliance, big news Splunk and you guys work well together. We see that clearly. What are, what other benefits do professional services teams see from the Splunk and Horizon three AI alliance? >>So if you're a, I think for, from our, our, from both of our partners as we bring these guys together and many of them already are the same partner, right? Is that first off, the licensing model is probably one of the key areas that we really excel at. So if you're an end user, you can buy for the enterprise by the enter of IP addresses you're using. But if you're a partner working with this, there's solution ways that you can go in and we'll license as to MSPs and what that business model on our MSPs looks like. But the unique thing that we do here is this c plus license. And so the Consulting Plus license allows like a, somebody a small to midsize to some very large, you know, Fortune 100, you know, consulting firms uses by buying into a license called Consulting Plus where they can have unlimited access to as many ips as they want. >>But you can only run one test at a time. And as you can imagine when we're going and hacking passwords and checking hashes and decrypting hashes, that can take a while. So, but for the right customer, it's, it's a perfect tool. And so I I'm so excited about our ability to go to market with our partners so that we underhand to sell, understand how not to just sell too or not tell just to sell through, but we know how to sell with them as a good vendor partner. I think that that's one thing that we've done a really good job building bringing into market. >>Yeah. I think also the Splunk has had great success how they've enabled partners and professional services. Absolutely. They've, you know, the services that layer on top of Splunk are multifold tons of great benefits. So you guys vector right into that ride, that wave with >>Friction. And, and the cool thing is that in, you know, in one of our reports, which could be totally customized with someone else's logo, we're going to generate, you know, so I, I used to work at another organization, it wasn't Splunk, but we, we did, you know, pen testing as a, as a for, for customers and my pen testers would come on site, they, they do the engagement and they would leave. And then another really, someone would be, oh shoot, we got another sector that was breached and they'd call you back, you know, four weeks later. And so by August our entire pen testings teams would be sold out and it would be like, wow. And in March maybe, and they'd like, No, no, no, I gotta breach now. And, and, and then when they do go in, they go through, do the pen test and they hand over a PDF and they pat you on the back and say, there's where your problems are, you need to fix it. And the reality is, is that what we're gonna generate completely autonomously with no human interaction is we're gonna go and find all the permutations that anything we found and the fix for those permutations and then once you fixed everything, you just go back and run another pen test. Yeah. It's, you know, for what people pay for one pen test, they could have a tool that does that. Every, every pat patch on Tuesday pen test on Wednesday, you know, triage throughout the week, >>Green, yellow, red. I wanted to see colors show me green, green is good, right? Not red. >>And once CIO doesn't want, who doesn't want that dashboard, right? It's, it's, it is exactly it. And we can help bring, I think that, you know, I'm really excited about helping drive this with the Splunk team cuz they get that, they understand that it's the green, yellow, red dashboard and, and how do we help them find more green so that the other guys are >>In Yeah. And get in the data and do the right thing and be efficient with how you use the data, Know what to look at. So many things to pay attention to, you know, the combination of both and then, then go to market strategy. Real brilliant. Congratulations Chris. Thanks for coming on and sharing this news with the detail around this Splunk in action around the alliance. Thanks for sharing, >>John. My pleasure. Thanks. Look forward to seeing you soon. >>All right, great. We'll follow up and do another segment on DevOps and IT and security teams as the new new ops, but, and Super cloud, a bunch of other stuff. So thanks for coming on. And our next segment, the CEO of Verizon, three AA, will break down all the new news for us here on the cube. You're watching the cube, the leader in high tech enterprise coverage.

(upbeat music) >> Welcome back to theCUBE's coverage of AWS re:Invent 2021. I'm John Furrier, host of theCUBE. You're watching CUBE's worldwide leader in tech coverage. We're in person on the show floor. It's also a hybrid event, online as well. CUBE coverage online with Amazon re:Invent site. Great content all around, amazing announcements, transformation in all areas are exploding and in innovation, of course, we have innovation here with Sandy Carter, the worldwide public sector vice-president of partners and programs for Amazon Web Services. Sandy, welcome back, CUBE alumni. Great to see you. Thanks for coming on theCUBE. >> Great to see you and great to see you in person again. It's so exciting. The energy level, oh my God. >> Oh my God. It's so much. Thanks, great keynote. Good to see you again in person. A lot of action, give us the top announcements. What's going on? What are the top 10 AWS announcements? >> Yeah, so we, this year for 2022, as we frame it out, we decided on a 3D strategy, a three-dimensional strategy. So we started with destination then data and then delivery. So if I could do them in that order, does that sound good? >> Yeah. Destination. >> So let's start with destination. So I got this from one of the customers and he said to me, "look, Sandy, I thought it was all going to be about getting to the cloud. But when I got to the cloud, I realized it wasn't about just in the cloud, it was about what you do in the cloud." And so we made some announcements this morning, especially around migration, modernization, and optimization. So for migration, we have the mainframe announcement that Adam made, and then we also echoed it. Cause most of the mainframes today sit in public sector. So this is a managed service, it's working with Micro Focus, one of our partners. And Lockheed Martin one of our partners is one of the first into the mainframe migration, which is a service and services to help customers transform their business with the mainframe. And then as we compliment them, we look at that we also have modernization occurring. So for example, IoT. IDC tells us that IoT and that data has increased four times since COVID because now devices and sensors are tracking a lot of data. So we made an announcement around smart cities and we now have badging for our partners. We have 18 partners solutions now in smart cities. So working backwards from the partners they were talking about given now COVID is kind of in the midst of where it is smart cities and making those cities work better in public transportation and utility, it's just all where it's at. And then the final announcement in that category is containers. So 60% of our customers said that they're going to be using containers. So we announced a Rapid Adoption Assistance program for our partners to be able to help our customers move to containers overall. >> So mainframe migration, I saw that on stage, but Micro Focus, that was a good job. Get that legacy out of the way, move to the cloud. You've got smart cities, which is basically IoT, which brings cloud to the edge. And then containerization for the cloud native, either development or compatibility, interoperability kind of sets that table. That's the destination. >> That's right. That's right. Because all of those things, you know, you've got to get the mainframe to the cloud, but then it's about modernizing, right? Getting rid of all that COBOL code and then, you know, IoT and then making sure that you are ready to go with containers. It's the newest- >> So you've got the 3D, destination, data and delivery. >> That's right. >> Okay. Destination, check. Cloud. Cloud destination. >> Yeah. >> I'm putting dots together in real time. >> Destination cloud. There you go. You've got it. >> I'm still with it after all these interviews. >> Yeah, there you go. >> Data, I'll say killer Swami's onstage today, whole new data, multiple databases. What's the data focus in this area? >> So for our partners, first it's about getting the data to the cloud, which means that we need a way to really migrate it. So we announced an initiative to help get that data to the cloud. We had a set of partners that came on with us early on in this initiative to move that data to the cloud, it's called a Rapid Adoption Assistance, which helps you envision where you want to go with your data. Do you want to put it in a data lake? Do you want data stored as it is? What do you want to visualize? What do you want to do with analytics? So envision that and then get enablement. So all the new announcements, all the new services get enablement and then to pilot it. And then the second announcement in this area is a set of private offers in the marketplace. Our customers told us that they love to go after data, but that there's too many pieces and moving parts. So they need the assessment bundled with the managed service and everything bundled together so it's a solution for them. So those were our two announcements in the data area. >> So take me through the private marketplace thing, because this came up when I was talking with Stephen Orban who's now running the marketplace. What does that mean? So you're saying that this private offer is being enabling the suppliers and in government? >> Yeah. So available in the marketplace, a lot of our government agencies can buy from the marketplace. So if they have a contract, they can come and buy. But instead of having to go and say, okay, here's an assessment to tell me what I should do, now here's the offering, and now here's the managed service, they want it bundled together. So we have a set of offerings that have that bundled together today with the set of our great public sector partners. >> So tons of data action, where's the delivery fit in? >> So delivery. This one is very interesting because our customers are telling us that they no longer want just technology skills, they also need industry skills too. So they're looking for that total package. For example, you know, the state of New Jersey when hurricane Ida hit, category four storm, they wanted someone who obviously could leverage all the data, but they wanted someone who understood disaster response. And so Maxar fits that bill. They have that industry specialty along with the technology specialty. And so for our announcements here, we announced a new competency, which is an industry competency for energy. So think about renewables and sustainability and low carbon. These are the partners that do that. We have 32 different partners who met the needs of that energy competency. So we were able to GA that here today. The other really exciting announcement that we made was for small businesses to get extra training, it's called Think Big for Small Business communities. So we announced last year virtually, Think Big for Small Business. We now have about 200 companies who are part of that program, really getting extra help as diverse companies. Women owned, black owned, brown owned, veteran owned businesses, right? But now what they told us was in addition to the AWS help, what they loved is how we connected them together and we almost just stumbled upon it. I was hosting some meetings and I had Tia from Bellflower, I had Lisa from DLZP together and they got a lot of value just being connected. And we kept hearing that over and over and over again. So now we've programmatized that so it's more scalable than me introducing people to each other. We now have a program to introduce those small business leaders to each other. And then the last one that we announced is our AWS government competency is now the largest competency at AWS. So the government competency, which is pretty powerful. So now we're going to do a focus enhancement for federal. So all of our federal partners with all that opportunity can now take advantage of some private advisory council, some additional training that will go on there, additional go-to market support that they can use to help them. >> Okay. I feel like my brain is going to explode. Those are just the announcements here. There's a lot going. >> Yeah. There's a lot going on. >> I mean it's so much you've got to put them into buckets. Okay. What's the rationale around 3D? Delivery, data... I mean, destination, delivery, data. Destination, meaning cloud. Data, meeting data. And delivery meaning just new ways to get up and running- >> Skills. >> To get this delivery for the services. >> Yep. >> Okay. So is there a pattern emerging? What can you say? Cause remember we talked about this before a year ago, as well as in person at your public sector summit with your partners. Is there a pattern emerging that you're seeing here? Cause lots of the announcements are coming, done with the mainframes. Connect on your watch has been a big explosion. Adam Slansky told me personally, it's on fire. And public sector, we saw a lot of that. >> Well, in fact, you know, if you look at public sector, three factoids that we shared this morning in the keynote. Our public sector partners grew 54% this year, this is after last year we grew 45%. They grew the number of certifications that they had by 40% and the number of new customers by 32%. I mean, those are unreal numbers. Last year we did 28% new customers and we thought that was the cat's meow, now we're at 32%. So our partners are just exploding in this public sector space right now. >> It's almost as if they have an advantage because they dragged their feet for so long. >> It's true. It's true. COVID accelerated their movement to the cloud. >> A lot of slow moving verticals because of the legacy and whether it's regulation or government funding or skills- >> Or mainframes. >> All had to basically move fast, they had no excuses. And then the cloud kind of changes everyone's mindset. How about the culture? I want to ask you about the culture in the public sector, because this is coming up a lot. Again, a lot of your customers that I'm interviewing all talk... and I try to get them to talk about horizontally scalable and machine learning, and they're always, no, it's culture. >> Yeah. It's true. >> Culture is the number one thing. >> It is true. You know, culture eats strategy for lunch. So even if you have a great strategy around the cloud, if you don't have that right culture, you won't win in the marketplace. So we are seeing this a lot. In fact, one of our most popular programs is PTP, Partner Transformation Program. And it lays out a hundred day program on cloud best practices. And guess what's the number one topic? Culture. Culture, governance, technology, all of those things are so important right now. And I think because, you know, a lot of the agencies and governments and countries, they had moved to the cloud now that they're in the cloud, they went through that pain during COVID, now they're seeing all the impact of artificial intelligence and containers and blockchain and all of that, right? It's just crazy. >> That's a great insight. And I'll add to that because I think one of the things I've observed, especially with your partners is the fear of getting eliminated by technology or the fear of having a job change or fear of change in general went away once they started using it because they saw the criticality of the cloud and how it impacted their job, but then what it offered them as new opportunities. In fact, it actually increases more areas to innovate on and do more, whether it's job advancement or cross training or lateral moves, promotion, that's a huge retention piece. >> It really is. And I will tell you that the movement to the cloud enabled people to see it wasn't as scary as they thought it was going to be, and that they could still leverage a lot of the skills that they had and learn new ones. So I think it is. And this is one of the reasons why, I was just talking with Maureen launching that 29 million training program for the cloud, that really touches public sector because there is so many agencies, countries, governments that need to have that training. >> You're talking about Maureen Lonergan, she does the training. She's been working on that for years. >> Yeah. >> That's the only getting better and better. >> Yeah. >> Well Sandy, I've got to ask you, since you have a few minutes left, I want to ask you about your journey. >> Yeah. >> We've interviewed you going back a long time look where we are now. >> I know. It's incredible. >> Look at these two sets going on at CUBE. >> You've been an incredible voice on theCUBE. We really appreciate having you on because you're innovative. You're always moving like a shark. You can't sit still. You're always innovating. Still going on, you had the great women's luncheon from 20 to 200. >> Yeah, we grew. So we started out with 20 people back five years ago and now we had about 200 women and it was incredible because we do different topics. Our topic was around empathy and empathetic leadership. And you know how you can really leverage that today, back with the skills and your people. You know, given that Amazon just announced our new leadership principle about wanting to be the Earth's most employee centric company. It fits right in, empathetic leadership. And we had amazing women at that luncheon that told some great stories about empathy that I think will live in our hearts forever. >> And the other thing I want to point out, we had some of the guests on sitting on theCUBE. We had Linda Jojo from United airlines. >> Oh yeah. >> And a little factoid, yesterday in the keynote, 50% of the speakers were women. >> I know. The first time I did a blog post on it, like we had two amazing women in STEM and we had, you know, the black pilot that was highlighted. So it's showing more diversity. So I was just so excited. Thank you Adam, for doing that because I think that was an amazing, amazing focus here at the conference. >> I wanted to bring up a point. I had a note here to bring up to you. Public sector, you guys doubled the number of partners, large migrations this year. That's a big statoid. You've had 575,000 individuals hold active certifications. Okay. That grew 40% from August 2021, clearly a pandemic impact. A lot of people jumping back in getting their certs, migrating so if they're not... They're in between transitions where they have a tailwind or a headwind, whether you're United Airlines or whether you're Zoom, you got some companies were benefiting from the pandemic and some were retooling. That's something that we talked about actually at the beginning. >> That's right. Absolutely. And I do think that those certifications also demonstrate that customers have raised the bar on what they expect from a partner. It's no longer just like that technology input, it's also that industry side. And so you see the number of certifications going up because customers are demanding higher skill level. And by the way, for the partners we conducted a study with ESG and ESG said that more skilled partners, you drive more margin, profit margin, 42% more profit margin for a higher skilled partner. And we're seeing that really come to fruition with some of these really intense focus on getting more certifications and more training. >> I want to get your thoughts on the healthcare and life science. I just got a note here that tells me that the vertical is one of the fastest growing verticals with 105% year on year growth. Healthcare and life sciences, another important... Again, a lot of legacy, a lot of old silos, forced to expand and innovate with the pandemic growing. >> Yes. You know, government is our largest segment today, our largest competency. Healthcare is our fastest growing segment. So we have a big focus there. And like you said, it's not just around, you know, seeing things stay the same. It's about digital transformation. It's one of the reasons we're also seeing such an increase in our authority to operate program both on the government side and the healthcare side. So we do, you know, FedRAMP and IL5. We had six companies that got IL5, five of them in 2021, which is an amazing achievement. And then, you know, if you think about the healthcare side, our fastest growing compliance is HIPAA and HITRUST. And that ATO program really brings best practices and templates and stronger go to market for those partners too. >> Yeah. I mean, I think it's opportunity recognition and then capture during the pandemic with the cloud. More agility, more speed. >> That's right. >> Sandy, always great to have you on. In the last couple of seconds we have left, summarize the top 10 announcements in a bumper sticker. If you had to kind of put that bumper sticker on the car as it drives away from re:Invent this year, what's on that bumper sticker? What's it say? >> Partners that focus on destination, data and delivery will grow faster and add more value to their customers. >> There it is. The three dimension, DDD. Delivery... Destination, data and delivery. >> There you go. >> Here on theCUBE, bringing you all the data live on the ground here, CUBE studios, two sets wall-to-wall coverage. You're watching theCUBE, the leader in global tech coverage. I'm John Furrier your host. Thanks for watching. (soft techno music)

>> Welcome to theCUBEs, continuing coverage of Splunk's dot conf 21. I'm Dave Nicholson, and I am joined by Chris Faulk, director, cybersecurity policy, and strategic partnerships at MITRE corporation; As well as Mohan Koo, the co-founder and chief technology officer at tech systems. Now, uh, gentlemen, we've heard this before, but I think this is going to be the best example of a conversation on this subject I've ever had. Security is a team sport. So let's talk about how that applies, where MITRE and D techs and Splunk all come together and work as a team. Uh, starting with you, Chris. miter published the, the attack framework. And, just so people are clear on that Ca- all caps, ATT, Ampersand or, AndSign, I should say. Capital C, capital K looks like attack. That's how you say it. Their framework was created by MITRE. Uh, It's a bit of a game changer. Now, enterprise security teams use that pretty religiously. So, so tell us about that, and tell us what we can expect next from MITRE. >> So thank you David, uh, pleasure to be here. You know, I think that the, um, what made attack resonate with users is it's based on data; It started with data that we observed in our networks and organized around at that time, the emergent principle that Lockheed Martin had put out on the kill chain. Uh, so it gave it structure. And we have, we have been lucky that the community has sort of embraced that concept of what we started off. We got the numbers completely wrong. Uh, we, we started off with like 41 TTPs. And, um, that was because that was based on a small subset of data that we had, uh, and what's been powerful and what's made it truly wonderful as the community's adopted it. And it's, that's, what's it's added to it. It's an additive approach. Um, and but it's all based on data and it's all just a fabulous, um, opportunity for the community to come together. So, what Myers really focused on is understanding how data, and those, uh, problems come together. And then, we surround the ecosystem of that problem with things like language. So we give it a framework and we give it, um, we give it operational data so that it actually has resonance with the users of that community. >> So give me an example, uh, of the language that's used. You know, there are, there are things that are, that are under the heading of tactics as an example. Give me an example of some of those things. What did, what's the term in plain English, and what does it mean? >> So tactics are a way for, um, an adversary to go about taking care of their business. So, in the day, uh, when we were first thinking about this, we thought about it as, um, the old cartoons where you'd have the-the-the coyote and the-the sheep would check in, you know, the coyote was given his lunchbox. He was given it, um, if you think about it, as a, uh, the adversary target list. And he was given his tools, he was, he would open up his toolbox, and he would go after those targets for the day. And he would use those tools. What we realized is that in most cases, a lot of those tools were expensive to create. They were, uh, hard to, um, train up on. And so they tended to use the same basic toolkit over and over again. What changed was, perhaps one little thing that they would exploit that was always changing. And so what, you know, what I likened it to was a burglar. A burglar would show up with his bag of- of, uh, tools. He would have a crowbar, and he would have a flashlight, and he would have a bag. And what he would do is he sometimes choose to go in through the windows. Sometimes they choose to go in through the door. Sometimes he choose to go in through the basement. It didn't matter. But once he got in the house, he had that flashlight, he had that bag, and he had that crowbar, I could figure out through my sensors, what he had in his bag or with, with him, I could catch that. And then I could alert on that, and find the other pieces of that. And so that's what really tactics, um, are about and getting that-that concept boiled down to a language that, uh, cyber defenders could readily understand and put into practice in their businesses. >> So Mohan, tell us about Dtex; And I'm particularly interested in the, in the connection between DTex and what Chris was just talking about; That MITRE has provided us, uh, this language that attack provides us. Um, essentially, you're- You're looking- you're listening for those things that go bump in the night. Chris has given us a language to describe them. Tell- tell us how Dtex fits here. >> Yeah. So, so what we're doing, David, um, and thank you for having me as well, um, what we're doing is we're bringing to the table a whole different type of telemetry, and it's all around human behavior. And, and how we got together with MITRE, um, is actually a direct connection to how we got together with Splunk as well. I'm actually sitting here in Adelaide, in Australia, at the Australian Cyber Collaboration Center. And this is an initiative we put together with the state government of South Australia, and federal government as well, um, to actually bring everybody onto one trusted group. So we could break down the silos and collaborate a hell of a lot better. As we all know, the bad guys collaborate extremely well. You know, they share everything, including their IP and their tactics, and their techniques, everything is shared. And that puts them at an extreme advantage to the good guys, and girls, right? And-and so we have to do a much better job at that collaboration. And-and when we came together and were introduced to MITRE here at the Australian Cyber Collaboration Center, we decided that taking MITREs expertise, and they've got like 15, more than 15 years, worth of dedicated experience around behavioral science, and how it contributes to insider threats and studying that in some depth. Putting that together with the data that we're collecting for our enterprise customers was something that was really, really important, and actually, you know, it was here in the Australian Cyber Collaboration Center that we first kept locked together with Splunk. And Splunk started to identify a problem statement amongst their customers too, That, you know, the data that exists out there for security operations teams just doesn't have that cleanliness and, it doesn't have the context when it comes to human behavior. And that's really what we're bringing to the, to the table here. >> So give me an example of a human behavior that you're looking for, or, you know, so, so Splunk is- Splunk is providing this data that's being gathered from logs. These events are being rolled up and, uh, and-and DTex is analyzing them. Can you give us an example that doesn't educate adversaries of-of behaviors that you look at? >> Yeah, absolutely. And I'll-I'll just touch on it. And then I'll hand over to Chris cause, cause uh, MITRE are truly the experts of this stuff. But- but what I will say is that a lot of organizations, when they think about human behavior and the insider threat, per se, they always think about the malicious actor, right? The, the Snowden type character that's, that's maliciously, and intentionally, trying to get access to take stuff. But it's, it's much more than that. It's, it's also insiders that do negligent things, and it's insider's that are victims of-of their own lack of understanding of things that they're facing. And when outsiders are cleverer, or more technically proficient, they can find ways to-to usurp the insider, and get them to do bad things without them even knowing they're doing it. And so understanding intent, and we call it, at Dtex, we call it, indicators of intent, are really important for us to know. Those indicators are what we've been working with MITRE on for the last year or so; Kind of understanding what the newest, most complicated indicators of intent are. And how do we determine those to be able to know the difference between a malicious insider, versus somebody that's just doing the wrong thing without even knowing about it? I-I don't know, Chris, if-if you wanted to touch on that a little bit. >> Yeah, yeah, yeah Chris, absolutely. You've, you know, uh, Mohan's joining us from Australia, Chris, you and MITRE have done a ton of work with the U.S. Federal Government around detection, and prevention of those insider threats. Talk to us, talk us through that. And, and more specifically, tell us how that is applicable to nongovernmental agencies. >> Yeah, well, so I mean, think at the, at the core of it, human behavior is human cue and behavior. And whether those are being applied to, uh, critical infrastructures, whether they're being applied to working at a federal government organization, or a state, local, uh, government organization, it doesn't matter. Humans, humans have behaviors. Every human has behaviors. What makes them unique, is understanding the context behind those behaviors. And then looking for, uh, indicators that are distinguishable from an individual doing his, or her, job. Right? So, one of the challenges that you have with insider behavior is that, you know, data collection is everyone's job, at every organization, right? You're always trying to put together the numbers for the spreadsheet to-to brief to your boss. Well, when you're doing that data collection, it can look like normal work. And you can't trigger on something like that, because otherwise you're going to be triggering, uh, every individual doing their job every day. So you have to add additional context, and behavioral indicators to that, to understand how the individual is doing that differently in a case where they are up to-up to no good, we'll say, as opposed to under circumstances of doing their job in a regular course of action. So, what we have long held as beliefs about how people behave are actually manifesting themselves differently in online behavior; How fast they click, um, what kinds of tools they use to do legitimate work, versus the kinds of tools that they do-to do, uh, I'll call it elicit collection. Uh, literally those kinds of subtle nuances. So while they might do the same collection activities, how fast they do it, um, where they put that information, um, how they, how often they go back to the same site, those are indicators that when taken with that behavioral context really matter. And that's what distinguishes them from just normal, typical user behavior. >> So how much does that context vary between private entities, governmental entities, and across private entities? Is this the classic 80/20 situation where, you know, 80-80% of it's the same, 20% very different? What, what does that look like? >> Yeah, I would say that, you know, an 80/20 is a very good rule. I'd probably put it up closer to 90 to 95 to five, right? So behaviors work the same. Now, the protocols that organizations have are going to drive some of that, right? So a-a government organization is going to have certain things in place that a private company may or may not. So, you know, how, how locked down the systems are, the kinds of access, um, things that, that you allow. So do you allow USB drives? Do you allow, um, those kinds of-of capabilities in your organization? So, if you're a private sector organization, but even within a private sector organization, they'd run the gamut, right? You have very locked down environments like banks, and regulated industries and then, you have very unregulated industries as well. So it really isn't about government and industry. It's about the kind of, um, protocols that are already in place for other reasons that really drive the differences between that. And then you have, again, you have those additional safeguards that you have, say with a-with a government organization and that you've got, uh, security vetting, right? So you've done security vetting of a lot of your employees, whether even if it's not security clearance, it's a- it's a personnel vetting. And so, it's an additional level, um, but all it does is change the-the emphasis of-of where you place the value in your security mechanisms. >> So, you mentioned a variety of contexts. Mohan, We've had a mass shift to remote working, obviously. Um, Splunk has shared with us that, uh, that the customers are concerned about, you know, giving- giving people visibility without compromising privacy. And I, and I-I say Splunk like Splunk is a person (man laughing) We like to personalize everything here at theCUBE, but how is DTex helping with this challenge, this challenge of not being intrusive, yet, uh, getting the important work done that needs to be done? >> Yeah, that's a, that's a great question. And-and for us, you know, we, as DTex, we kind of grew up in-in Europe, that's kind of where we became an international organization. So, employee privacy is at the heart of everything that we do. And-and, we make privacy by designing into everything that we do. So, we're actually able to, uh, pseudo anonymize every bit of data that we're collecting, so that you're actually really, truly looking for bad behaviors or unusual behaviors. You're not looking for bad people or unusual people, right? Like it's, it's a very clear distinction; and being able to do it in a way that gives you the visibility, gives the organization, the visibility to prevent against risk and to de-risk the organization without infringing on anyone's privacy is, is really critical. And, you know, as Chris was mentioning, even if you go to the private sector, you know, you've got those very regulated banks or healthcare organizations that are typically quite locked down, but we're dealing more and more with, with high-tech companies, right? A lot of bay area firms, Silicon valley companies, which have always required the flexibility for their workforce, right? They want them to be innovative. They want them to do different things. And in order to do that, they need the ability to have any tools they need to get their job done. But in those environments, you can't have too many hard and fast controls. So how do we actually provide that visibility to the organization without infringing privacy? That is absolutely what the game is about. And so, you know, not kind of having to scrape screens, and type key strokes and type video capture, you know, that's the old school way of doing it. You know, in some cases maybe you do need that level of surveillance, but in most cases you absolutely do not. And so, you know, for many, many years, a lot of enterprise security organizations have been collecting way more data than they need to and taking way more intrusive approaches. And we're about backing that off and kind of getting the right balance between security and privacy, because what we truly believe is where you overlap security and privacy, that Venn diagram that you get in the middle is where you get safety. And we really see it as, as an extension of health and safety. >> So Mohan, if we do all of these things correctly, between Splunk, MITRE, and DTex, you get the perfect scenario where you're catching bad actors and you're not inconveniencing good actors. So what's your view of this? Dystopian future, Utopian future, a mix of both? >> Well, uh, look, I think-I think that the future really is, you know, as the title to this discussion is it's a team sport, right? Like, and, and I think the, the approach that Splunk is taking right now is absolutely the right one. Like we, we need to all come together. We can't be everything to everyone. I don't think there is a one size fits all solution in enterprise security today. And those organizations that understand that and recognize that, but neither is it, are we able to continue just kind of investing in hundreds of point solutions across the enterprise and layering them across the business. Like, band-aids, we need that consolidation, but we do need to take best of breed solution providers to, to focus on those integrations and doing it properly. And that's what we've really enjoyed about working with Splunk over the last couple of years is kind of taking a very holistic approach and realizing that we all need to come together to play these teams sport because, you know, we, as detects, we bring together a very clean data set that gives you that human telemetry and then MITRE brings to get brings the behavioral science capability and behavioral science understanding. And Splunk provides that big data platform to bring everything together and show it and visualize it. And, and really that's, that's, that's, that's one way of looking at it. And I, and I think, you know, going forward those vendors or those organizations that don't recognize that that proper integration actual true integration has to be done collectively. And it has to be done in a way that's light and easy for anybody to consume. >> Perfect way to wrap this cube conversation. Thank you, Mohan. Thank you, Chris. And thank all of you for joining us on this cube conversation or continuing coverage of splunk.com 21 continues. I'm Dave Nicholson. Thanks for joining.

>>Yeah. Hello and welcome back to the cubes coverage of AWS public sector summit here in Washington D. C. We're live on the ground for two days. Face to face conference and expo hall and everything here but keith brooks who is the director and head of technical business development for a dress government Govcloud selling brains 10th birthday. Congratulations. Welcome to the cube. Thank you john happy to be E. C. 2 15 S three is 9.5 or no, that maybe they're 10 because that's the same day as sqs So Govcloud. 10 years, 20 years. What time >>flies? 10 years? >>Big milestone. Congratulations. A lot of history involved in Govcloud. Yes. Take us through what's the current situation? >>Yeah. So um let's start with what it is just for the viewers that may not be familiar. So AWS Govcloud is isolated. AWS cloud infrastructure and services that were purposely built for our U. S. Government customers that had highly sensitive data or highly regulated data or applications and workloads that they wanted to move to the cloud. So we gave customers the ability to do that with AWS Govcloud. It is subject to the fed ramp I and D O D S R G I L four L five baselines. It gives customers the ability to address ITAR requirements as well as Seaga's N'est ce MMC and Phipps requirements and gives customers a multi region architecture that allows them to also designed for disaster recovery and high availability in terms of why we built it. It starts with our customers. It was pretty clear from the government that they needed a highly secure and highly compliant cloud infrastructure to innovate ahead of demand and that's what we delivered. So back in august of 2011 we launched AWS GovCloud which gave customers the best of breed in terms of high technology, high security, high compliance in the cloud to allow them to innovate for their mission critical workloads. Who >>was some of the early customers when you guys launched after the C. I. A deal intelligence community is a big one but some of the early customers. >>So the Department of Health and Human Services, the Department of Veterans Affairs, the Department of Justice and the Department of Defense were all early users of AWS GovCloud. But one of our earliest lighthouse customers was the Nasa jet propulsion laboratory and Nasa Jpl used AWS GovCloud to procure Procure resources ahead of demand which allowed them to save money and also take advantage of being efficient and only paying for what they needed. But they went beyond just I. T. Operations. They also looked at how do they use the cloud and specifically GovCloud for their mission programs. So if you think back to all the way to 2012 with the mars curiosity rover, Nasa Jpl actually streamed and processed and stored that data from the curiosity rover on AWS Govcloud They actually streamed over 150 terabytes of data responded to over 80,000 requests per second and took it beyond just imagery. They actually did high performance compute and data analytics on the data as well. That led to additional efficiencies for future. Over there >>were entire kicking they were actually >>hard core missing into it. Mission critical workloads that also adhere to itar compliance which is why they used AWS GovCloud. >>All these compliance. So there's also these levels. I remember when I was working on the jetty uh stories that were out there was always like level for those different classifications. What does all that mean like? And then this highly available data and highly high availability all these words mean something in these top secret clouds. Can you take us through kind of meetings >>of those? Yeah absolutely. So it starts with the federal compliance program and the two most popular programs are Fed ramp and Dodi srg fed ramp is more general for federal government agencies. There are three levels low moderate and high in the short and skinny of those levels is how they align to the fisma requirements of the government. So there's fisma low fisma moderate fisma high depending on the sensitivity of the government data you will have to align to those levels of Fed ramp to use workloads and store data in the cloud. Similar story for D. O. D. With srg impact levels to 45 and six uh impacts levels to four and five are all for unclassified data. Level two is for less sensitive public defense data levels. Four and five cover more sensitive defense data to include mission critical national security systems and impact level six is for classified information. So those form the basis of security and compliance, luckily with AWS GovCloud celebrating our 10th anniversary, we address Fed ramp high for our customers that require that and D. O. D impact levels to four and five for a sensitive defense guy. >>And that was a real nuanced point and a lot of the competition can't do that. That's real people don't understand, you know, this company, which is that company and all the lobbying and all the mudslinging that goes on. We've seen that in the industry. It's unfortunate, but it happens. Um, I do want to ask you about the Fed ramp because what I'm seeing on the commercial side in the cloud ecosystem, a lot of companies that aren't quote targeting public sector are coming in on the Fed ramp. So there's some good traction there. You guys have done a lot of work to accelerate that. Any new, any new information to share their. >>Yes. So we've been committed to supporting the federal government compliance requirements effectively since the launch of GovCloud. And we've demonstrated our commitment to Fed ramp over the last number of years and GovCloud specifically, we've taken dozens of services through Fed ramp high and we're 100% committed to it because we have great relationships with the Fed ramp, Jabor the joint authorization board. We work with individual government agencies to secure agency A. T. O. S. And in fact we actually have more agency A. T. O. S. With AWS GovCloud than any other cloud provider. And the short and skinny is that represents the baseline for cloud security to address sensitive government workloads and sensitive government data. And what we're seeing from industry and specifically highly regulated industries is the standard that the U. S. Government set means that they have the assurance to run control and classified information or other levels of highly sensitive data on the cloud as well. So Fed ramp set that standard. It's interesting >>that the cloud, this is the ecosystem within an ecosystem again within crossover section. So for instance um the impact of not getting Fed ramp certified is basically money. Right. If you're a supplier vendor uh software developer or whatever used to being a miracle, no one no one would know right bed ramp. I'm gonna have to hire a whole department right now. You guys have a really easy, this is a key value proposition, isn't it? >>Correct. And you see it with a number of I. S. V. S. And software as the service providers. If you visit the federal marketplace website, you'll see dozens of providers that have Fed ramp authorized third party SAAS products running on GovCloud industry leading SAAS companies like Salesforce dot com driven technology Splunk essay PNS to effectively they're bringing their best of breed capabilities, building on top of AWS GovCloud and offering those highly compliant fed ramp, moderate fed ramp high capabilities to customers both in government and private industry that need that level of compliance. >>Just as an aside, I saw they've got a nice tweet from Teresa Carlson now it's plunk Govcloud yesterday. That was a nice little positive gesture uh, for you guys at GovCloud, what other areas are you guys moving the needle on because architecturally this is a big deal. What are some areas that you're moving the needle on for the GovCloud? >>Well, when I look back across the last 10 years, there were some pretty important developments that stand out. The first is us launching the second Govcloud infrastructure region in 2018 And that gave customers that use GovCloud specifically customers that have highly sensitive data and high levels of compliance. The ability to build fault tolerant, highly available and mission critical workloads in the cloud in a region that also gives them an additional three availability zones. So the launch of GovCloud East, which is named AWS GovCloud Us East gave customers to regions a total of six availability zones that allowed them accelerate and build more scalable solutions in the cloud. More recently, there is an emergence of another D O D program called the cybersecurity maturity model, C M M C and C M M C is something where we looked around the corner and said we need to Innovate to help our customers, particularly defense customers and the defense industrial based customers address see MMC requirements in the cloud. So with Govcloud back in December of 2020, we actually launched the AWS compliant framework for federal defense workloads, which gives customers a turnkey capability and tooling and resources to spin up environments that are configured to meet see MMC controls and D. O. D. Srg control. So those things represent some of the >>evolution keith. I'm interested also in your thoughts on how you see the progression of Govcloud outside the United States. Tactical Edge get wavelength coming on board. How does how do you guys look at that? Obviously us is global, it's not just the jet, I think it's more of in general. Edge deployments, sovereignty is also going to be world's flat, Right? I mean, so how does that >>work? So it starts back with customer requirements and I tie it back to the first question effectively we built Govcloud to respond to our U. S. Government customers and are highly regulated industry customers that had highly sensitive data and a high bar to meet in terms of regulatory compliance and that's the foundation of it. So as we look to other customers to include those outside of the US. It starts with those requirements. You mentioned things like edge and hybrid and a good example of how we marry the two is when we launched a W. S. Outpost in Govcloud last year. So outpost brings the power of the AWS cloud to on premises environments of our customers, whether it's their data centers or Coehlo environments by bringing AWS services, a. P. I. S and service and points to the customer's on premises facilities >>even outside the United States. >>Well, for Govcloud is focused on us right now. Outside of the U. S. Customers also have availability to use outpost. It's just for us customers, it's focused on outpost availability, geography >>right now us. Right. But other governments gonna want their Govcloud too. Right, Right, that's what you're getting at, >>Right? And it starts with the data. Right? So we we we spent a lot of time working with government agencies across the globe to understand their regulations and their requirements and we use that to drive our decisions. And again, just like we started with govcloud 10 years ago, it starts with our customer requirements and we innovate from there. Well, >>I've been, I love the D. O. D. S vision on this. I know jet I didn't come through and kind of went scuttled, got thrown under the bus or whatever however you want to call it. But that whole idea of a tactical edge, it was pretty brilliant idea. Um so I'm looking forward to seeing more of that. That's where I was supposed to come in, get snowball, snowmobile, little snow snow products as well, how are they doing? And because they're all part of the family to, >>they are and they're available in Govcloud and they're also authorized that fed ramp and Gov srg levels and it's really, it's really fascinating to see D. O. D innovate with the cloud. Right. So you mentioned tactical edge. So whether it's snowball devices or using outposts in the future, I think the D. O. D. And our defense customers are going to continue to innovate. And quite frankly for us, it represents our commitment to the space we want to make sure our defense customers and the defense industrial base defense contractors have access to the best debris capabilities like those edge devices and edge capable. I >>think about the impact of certification, which is good because I just thought of a clean crows. We've got aerospace coming in now you've got D O. D, a little bit of a cross colonization if you will. So nice to have that flexibility. I got to ask you about just how you view just in general, the intelligence community a lot of uptake since the CIA deal with amazon Just overall good health for eight of his gum cloud. >>Absolutely. And again, it starts with our commitment to our customers. We want to make sure that our national security customers are defense customers and all of the customers and the federal government that have a responsibility for securing the country have access to the best of breed capability. So whether it's the intelligence community, the Department of Defense are the federal agencies and quite frankly we see them innovating and driving things forward to include with their sensitive workloads that run in Govcloud, >>what's your strategy for partnerships as you work on the ecosystem? You do a lot with strategy. Go to market partnerships. Um, it's got its public sector pretty much people all know each other. Our new firms popping up new brands. What's the, what's the ecosystem looks like? >>Yeah, it's pretty diverse. So for Govcloud specifically, if you look at partners in the defense community, we work with aerospace companies like Lockheed martin and Raytheon Technologies to help them build I tar compliant E. R. P. Application, software development environments etcetera. We work with software companies I mentioned salesforce dot com. Splunk and S. A. P. And S. To uh and then even at the state and local government level, there's a company called Pay It that actually worked with the state of Kansas to develop the Icann app, which is pretty fascinating. It's a app that is the official app of the state of Kansas that allow citizens to interact with citizens services. That's all through a partner. So we continue to work with our partner uh broad the AWS partner network to bring those type of people >>You got a lot of MST is that are doing good work here. I saw someone out here uh 10 years. Congratulations. What's the coolest thing uh you've done or seen. >>Oh wow, it's hard to name anything in particular. I just think for us it's just seeing the customers and the federal government innovate right? And, and tie that innovation to mission critical workloads that are highly important. Again, it reflects our commitment to give these government customers and the government contractors the best of breed capabilities and some of the innovation we just see coming from the federal government leveraging the count now. It's just super cool. So hard to pinpoint one specific thing. But I love the innovation and it's hard to pick a favorite >>Child that we always say. It's kind of a trick question I do have to ask you about just in general, the just in 10 years. Just look at the agility. Yeah, I mean if you told me 10 years ago the government would be moving at any, any agile anything. They were a glacier in terms of change, right? Procure Man, you name it. It's just like, it's a racket. It's a racket. So, so, but they weren't, they were slow and money now. Pandemic hits this year. Last year, everything's up for grabs. The script has been flipped >>exactly. And you know what, what's interesting is there were actually a few federal government agencies that really paved the way for what you're seeing today. I'll give you some examples. So the Department of Veterans Affairs, they were an early Govcloud user and way back in 2015 they launched vets dot gov on gov cloud, which is an online platform that gave veterans the ability to apply for manage and track their benefits. Those type of initiatives paved the way for what you're seeing today, even as soon as last year with the U. S. Census, right? They brought the decennial count online for the first time in history last year, during 2020 during the pandemic and the Census Bureau was able to use Govcloud to launch and run 2020 census dot gov in the cloud at scale to secure that data. So those are examples of federal agencies that really kind of paved the way and leading to what you're saying is it's kind >>of an awakening. It is and I think one of the things that no one's reporting is kind of a cultural revolution is the talent underneath that way, the younger people like finally like and so it's cooler. It is when you go fast and you can make things change, skeptics turned into naysayers turned into like out of a job or they don't transform so like that whole blocker mentality gets exposed just like shelf where software you don't know what it does until the cloud is not performing, its not good. Right, right. >>Right. Into that point. That's why we spend a lot of time focused on education programs and up skilling the workforce to, because we want to ensure that as our customers mature and as they innovate, we're providing the right training and resources to help them along their journey, >>keith brooks great conversation, great insight and historian to taking us to the early days of Govcloud. Thanks for coming on the cube. Thanks thanks for having me cubes coverage here and address public sector summit. We'll be back with more coverage after this short break. Mhm. Mhm mm.

>>From around the globe. It's the cube with digital coverage of AWS reinvent 2020 special coverage sponsored by AWS global partner network. >>Welcome everyone to the cube live covering AWS reinvent 2020. I'm your host Rebecca Knight. Today. We are joined by Joshua Virgin. He is the general manager at AWS outposts. Thanks so much for coming on the cube. Joshua, >>Thank you for having me. It's great to be here. >>It's great to have you, so tell our viewers a little bit about AWS, AWS outposts. >>Oh sure. It's one of my favorite subjects, obviously. So outposts is a service from AWS that allows you to use the same tools, technology, API APIs, programming interfaces that you do in the cloud, but install this and run it on your own premises or in a co-location facility. So it really extends the reach of AWS to far more locations than you could otherwise use it. >>So what are some of the advancements, uh, this year >>It's, it's been an amazingly busy year, even under unprecedented kind of circumstances where we've tried to turn the crank really hard and deliver value for our customers. We increased the number of countries you could order outposts in up to 51 countries. You can now connect outpost to all 22 AWS regions and our gov cloud regions, everything outside of China. And we delivered 15 new services or incremental features, including a S3 on outposts, which was the top thing that customers asked for, but also our application load balancer, Alasta cash, our relational database service RDS. Uh, you know, there's probably more than I'm missing here, but, um, you know, and we're definitely not slowing down in that regard. 2021 will probably be an even bigger year. >>So tell us a little bit about the, the response from customers since the launch of AWS outpost last year. What are, what are you hearing? >>Yeah, I mean, we're, we're hearing a lot, uh, I think we've been pleasantly surprised by the, the breadth and the depth of the customer use cases. One of the biggest things we heard from people was, you know, the, the outposts are great, but it's a, it's a full rack of compute or many racks of compute in some cases and storage, you know, their locations that people wanted to put it in that were smaller where their space constrained, maybe a restaurant or a factory floor or a small medical facility, uh, you know, a telco like a cell site. And so what we did based on that is something that we actually just announced in Andy's keynote. Uh, just a few days ago here, which is the new small form factor outposts that are one you and two use size, uh, servers. It's about the size of one or two pizza boxes stacked on top of each other. >>So that's even going to make outposts available to even more use cases, uh, you know, early on, uh, we kind of said to ourselves that it's important to kind of give people that consistent experience wherever they might need the compute and the storage and the other services. And so I've been, I've been really pleasantly surprised, as I mentioned earlier, by how many people have talked to us. We have customers like Phillips healthcare. They are, uh, they're bringing their medical imaging solution to outposts and it allows them to kind of modernize the way they deliver services to hospitals and medical research centers around the world. Something that really wouldn't be possible without having AWS everywhere. >>And that is much, much needed today. Um, tell us a little bit about more about this year in particular, you said it yourself at the beginning of our conversation, this is an unprecedented year for so many different reasons. How has the COVID-19 pandemic effected AWS outposts and how your team interacts with customers and, and gets your job done? >>Yeah, we, I think we have some unique challenges in that regard, obviously, as I mentioned earlier, AWS outposts are installed in a co-location facility or on a customer's own premises in a data center, you know, other things like that. So obviously we have to get our technicians out there to roll them in and hook them up to your network and, you know, to get them powered up. So that means that we are complying with, uh, COVID restrictions. And as I mentioned, 51 different countries. So there was even an install earlier this year at a mining location, uh, you know, far outside the U S where we had to get technicians working with, uh, local technicians from the customer following COVID guidelines, wearing protective gear, and actually installing the outpost, uh, you know, using kind of satellite conductivity and phones to phone home, and talk to us during the installation of course, cause it's not hooked up yet. So those are just kind of examples of the, the links to which we'll go to make sure that, of course we're safe, the customers are safe, but that they can kind of continue to modernize their application portfolio and get benefits from the outposts. >>And what are you hearing from clients and customers in terms of how they're thinking about their technology needs now and in the coming year? >>Yeah, that's a, that's a great question. I mean, it, it really varies by market segment. So you have customers like Ericsson and Telefonica. They're going to be using outpost to, uh, kind of run their 5g packet core technology, Abe it's, it's gotta be run at the edge right there, telcos, they need to minimize latency single digit milliseconds, or you might have a customer like Lockheed Martin. And what they've told us is they have projects that are subject to government contracts and regulations. And not only do they have of course compliance regimes, like fed ramp that they need to be aware of, but there's data residency requirements. So whether they're deploying in the United States or, you know, with our allies all around the world, the compute and the storage, they need to run in specific locations. So now outposts are going to be a key, uh, advancement and kind of a key differentiator for them in how they deliver services to their customers and still meet those data residency or compliance requirement. >>Joshua, tell our viewers more about AWS outpost ready? >>Oh, that's a, it's another thing I'm really glad you mentioned. So the outposts ready program, these are solutions from our APN and our Amazon AWS partner network that are, uh, validated and following our best practices on AWS outposts. They're certified to work and, you know, they're generally available to customers. And so it's a program where, you know, ISV and SAS providers can ensure that the technology that they provide that this third-party technology is going to work in the outpost environment. And there's, there's something about outposts that I think makes this, uh, a differentiator and uniquely valuable when I mentioned kind of that consistent hybrid experience. When you think about how outposts are deployed, you know, in a customer's data center, maybe alongside other technology they're already using. And so customers say, look, these AWS services are great, but I already use a variety of third party technology maybe from Veritas or trend micro Palo Alto networks Convolt size sense, PagerDuty, pure storage NetApp, or the, you know, the list is actually pretty extensive of what people are already using. >>And so they've said, you know, I do plan on using AWS services, but I also don't want to give up, uh, you know, what my team is already familiar with. So can you make sure that's going to work for me, whether I'm using it in the region or on the AWS outposts. And so the, the, the interest in kind of demand for this, both from customers and the enthusiasm from the partners has been off the charts. We started the program in just September, which is not that long ago, and we had 32 partners. And, uh, as of today we have an additional, uh, additional 25 partners, right? It's 57 partners, total 64 certified solutions. So that's a lot of momentum and just kind of a, a short amount of time. And I'm really happy that we can deliver that to the customer. >>So it does, it's already showing tremendous momentum. How do you think about it in terms of the primary benefits that it gives to customers and how it helps customers and partners, >>You know, in order to qualify, the solution has to be tested and validated upon, uh, against a bunch of, uh, criteria that we have very specific technical criteria, security requirements, operational, and, you know, they're, they're supported for customers with clear deployment guidelines. So, you know, the customers can kind of think of this as a guarantee that we're not just saying maybe this could work, but, but this will work. If you're already using it, it's going to continue to work in a way that's familiar to you. And again, that's important that consistent hybrid experience, whether you're using a solution from a third party or from AWS, whether you're using it in the region or on a local zone or in a wavelength zone, and some of our other kind of innovative infrastructure deployments or using it on an outpost, no matter where you're using it, it has to work the same way. >>And so this is something that customers have said, I want to be able to get up and running quickly. We had a customer riot games, uh, th they're the maker of league of legends, but also when they were launching their new game, Valerie hunt, uh, in, in June of 2020, they deployed outposts in four different locations to kind of ensure a level playing field in terms of latency and what they told us, uh, you know, very much like the service ready program is they were able to get up and running in just a matter of days once the outpost was deployed. And it's because we gave them those same API APIs, that same tooling. So I think that's really important for people and, you know, I hope we can continue to deliver on that promise. >>So to close this out here, I want you to look into your crystal ball and think ahead, 12 and 24 months, when you know, fingers crossed, things are back to somewhat more normal. Uh, what's in store for AWS outposts. >>Yeah. I mean, we're going to deliver on what we announced here at reinvent, which has the new small form factor outposts. And I think what we're going to continue to do is listen to customers. We develop outposts from the very beginning because customer said, could, could you deploy outposts in our, in our data center or, sorry, can you deploy AWS? And our data center didn't have a name back then. And so that's really the hallmark of AWS. You know, somewhere around 90% of our roadmaps are based on what customers tell us they want. And the other 10% is when we kind of look around the corner and hopefully delight people with something they didn't even know they needed. And I really hope for my team and that that's what 2021 and 2022 brings is more countries, more services, more value, more compliance, certifications, you know, all the things that people tell us they want. We're going to keep turning the crank as hard as we can. And delivering that as quickly as possible >>With the trademark Amazon customer delight. Yes, absolutely. Excellent. Well, Joshua, Virgin, thank you so much for coming on the cube. It was a pleasure having you. >>It was a pleasure talking to you. Thank you very much. >>I'm Rebecca Knight for more of the cubes coverage of AWS reinvent 2020 stay tuned.

>>from >>around the globe. It's the Cube with digital coverage of AWS reinvent 2020. Special coverage sponsored by AWS Global Partner Network >>Right. Welcome, everyone to the Cube. Live covering aws reinvent 2020. I'm your host, Rebecca Knight. Today we're joined by Joshua Virgin. He is the general manager at AWS Outpost. Thanks so much for coming on the Cube. Joshua, >>thank you for having me. It's great to be here. >>Well, it's great to have you So tell our viewers a little bit about aws out AWS Outpost. >>Sure, it's the one of my favorite subjects, obviously. So outpost is a service from AWS that allows you to use the same tools technology ap ice. You know, programming interfaces that you do in the cloud, but install this and run it on your own premises or in a co location facility. So it really extends the reach of A W S two far more locations than you could otherwise use it. >>So what are some of the advancements this year? >>It's been an amazingly you know, busy year, even under unprecedented kind of circumstances, where we've tried to turn the crank really hard and deliver value for our customers. We increase the number of countries you could order outposts in up to 51 countries. You can now connect outpost all 22 AWS regions and or govcloud regions everything outside of China. On we delivered 15 new services or incremental features, including S three on outpost, which was the top thing that customers asked for. But also our application load balancer, elastic cash are relational database service RDS. You know, there's probably more that I'm missing here, but, you know, and we're definitely not slowing down in that regard. 2021 will probably be an even bigger year. >>So tell us a little bit about the response from customers since the launch of a W s outpost last year. What are you hearing? >>Yeah, I mean, we're hearing a lot. I think we've been pleasantly surprised by the breadth and the depth of the customer use cases. One >>of the >>biggest things we heard from people was, you know, the the outposts are great, but it's a it's a full rack of compute or many racks of compute in some cases in storage, you know, their locations that people wanted to put it in that were smaller where their space constrained. Maybe a restaurant or a factory floor or ah, you know, small medical facility. You know, a telco like a cell site. And and so what we did, based on that is something that we actually just announced and Andy's keynote just a few days ago here, which is the new small form factor outposts that are one you and to you size servers. It's about the size of one or two pizza boxes stacked on top of each other. So that's even going to make outposts available toe even Mawr use cases. Uh, you know, early on we kind of said to ourselves that it's important to kind of give people that consistent experience wherever they might need the compute and storage and the other services. And so I've been I've been really pleasantly surprised, as I mentioned earlier by how many people have talked to us. We have customers like Philips Healthcare. They are. They're bringing their medical imaging solution toe outposts, and it allows them to kind of modernize the way they deliver services, the hospitals and medical research centers around the world, something that really wouldn't be possible without having A W s everywhere, >>and that is much, much needed today. Um, tell us a little bit about Maura. About this year in particular. You said it yourself at the beginning of our conversation. This is an unprecedented year for so many different reasons. How has the cove in 19 pandemic affected AWS outpost and how your team interacts with customers and get your job done? >>Yeah, we I >>think we have >>some unique, you know, challenges in that regard. Obviously, as I mentioned earlier, a W s outposts are installed in a co location, facility or on a customer's own premises in a data center. You know, other things like that. So obviously we have to get our technicians out there toe, roll them in and hook them up to your network and, you know, to get them powered up. So that means that we are complying with, uh, covert restrictions. And as I mentioned 51 different countries. So there was even an install earlier this year at a mining location, you know, far outside the U. S. Where we had to get technicians working with, uh, local technicians from the customer following Kobe guidelines wearing protective gear and actually installing the outpost. You know, using kind of satellite connectivity and phones, toe phone home and talk to us during the installation, of course, because it's not hooked up yet. So those were just kind of examples of the lengths to which will go to make sure that, of course, we're safe. The customers were safe, but that they can kind of continue to modernize their application portfolio and get benefits from the outpost. >>And what are you hearing from clients and customers in terms of how they're thinking about their technology needs now and in the coming year? >>Yeah, that's a That's a great question. I mean, it really varies by market segment. So you have customers like Cisco and Ericsson and Telefonica. They're gonna be using Outpost Thio kind of run their five g packet core technology. It it's got to be run at the edge right there. Telcos. They need to minimize Leighton, see single digit milliseconds, or you might have a customer like Lockheed Martin, And what they've told us is they have projects that are subject to government contracts and regulations. And not only do they have, of course, compliance regimes like Fed ramp that they need to be aware of. But there's data residency requirements. So whether they're deploying in the United States or, you know, with our allies all around the world, the compute in the storage that they need to run in specific locations. So now outposts are going to be a key advancement and kind of a key differentiator for them in how they deliver services to their customers and still meet those data residency or compliance requirements. >>Joshua, tell our viewers more about AWS Outpost ready? >>Oh, that zits. Another thing. I'm really glad you mentioned. So the Outpost Ready program. These are solutions from our a Pienaar Amazon AWS partner Network that are validated in following our best practices on AWS outposts. They're certified toe work and you know they're generally available to customers. And so it's a program where, you know, I SVs and saz providers can ensure that the technology that they provide this third party technology is going to work in the outpost environment. And and there's there's something about outpost that I think makes this, uh, differentiator and uniquely valuable. When I mentioned kind of that consistent hybrid experience. When you think about how outposts are deployed, you know, in a customer's data center, Mike. Maybe alongside other technology they're already using. And so customers say, Look, these AWS services are great, but I already use a variety of, you know, third party technology, maybe from Veritas or Trend Micro Palo Alto Networks. Con vault sigh since pager duty Pure storage Netapp. You know, the list is actually pretty extensive of what people are already using. And so they said, you know, I do plan on using AWS services, but I also don't want to give up. You know what what my team is already familiar with, So can you make sure that's gonna work for me, whether I'm using it in the region or on the AWS outposts? And so the interest and kind of demand for this both from customers and the enthusiasm from the partners has been off the charts. We started the program in just September, which is not that long ago, and we had 32 partners, and as of today we have an additional, uh, additional 25 partners, right? It's 57 partners, total 64 certified solutions so that that's a lot of momentum in just kind of, ah, short amount of time. And I'm really happy that we can deliver that to the customers >>so it doesn't. It's already showing tremendous momentum. How do you think about it in terms of the primary benefits that it gives to customers and how it helps customers and partners? >>Yeah, I think, you know, in order to qualify, the solution has to be tested and validated upon against a bunch of criteria that we have very specific technical criteria, security requirements operational and you know, they're they're supported for customers with clear deployment guidelines. So you know, the customers can kind of think of this as a guarantee that we're not just saying maybe this could work, but but this will work. If you're already using it, it's going to continue to work in a way that's familiar to you and and again, that's important. That consistent hybrid experience, whether you're using a solution from a third party or from AWS, whether you're using it in the region or on a local zone or in a wavelength zone, some of our other, you know, kind of innovative infrastructure deployments or using it on outpost, no matter where you're using it, it has to work the same way. And so this is something that customers have said. I want to be able to get up and running quickly. We had a customer riot games. They're the maker of league of Legends. But also when they were launching their new game, Valerie Int, in June of 2020 they deployed outpost in four different locations to kind of ensure a level playing field in terms of latency. What they told us, you know, very much like this service ready program is they were able to get up and running in just a matter of days once the outpost was deployed. And it's because we gave them those same a p I s that same tooling. So I think that's really important for people. And, you know, I hope we can continue to deliver on that promise. >>So the closest out here, I want you to look into your crystal ball and think ahead 12 and 24 months when you know, fingers crossed things are back to somewhat more normal. What? What's in store for AWS Outpost? >>Yeah, I mean, we're going to deliver on what we announced here at reinvent, which is the new small form factor outposts on. I think what we're going to continue to do is listen to customers. We developed outpost from the very beginning because customers said Could could you deploy outposts in our in our data center or Sorry, can you deploy eight of us? And our data center didn't have a name back then. And so that's really the hallmark of AWS, you know, somewhere around 90% of our road maps or based on what customers tell us they want, then the other 10% is when we kind of look around the corner and hopefully delight people with something they didn't even know they needed. And I really hope for my team. And that that's what 2021 2022 brings is, you know, more countries, more services, more value, more compliance certifications. You know, all the things that people tell us they want. We're going to keep turning the crank as hard as we can and delivering that as quickly as possible >>with the trademark Amazon customer delight. >>Yes, absolutely >>excellent. Well, Joshua Virgin. Thank you so much for coming on the Cube. It was a pleasure having you. >>That was a pleasure talking to you. Thank you very much. >>I'm Rebecca night for more of the cubes. Coverage of AWS reinvent 2020. Stay tuned. >>Yeah.